Skip to content
CI/CD Pipeline

Merge pull request #52 from smartlabsAT/release/v0.3.0 #44

Sign in to view logs

Merge pull request #52 from smartlabsAT/release/v0.3.0

Merge pull request #52 from smartlabsAT/release/v0.3.0 #44

Workflow file for this run

.github/workflows/ci.yml at a2253ae
name: CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
workflow_dispatch:
jobs:
test:
name: Test & Quality Checks
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [20.x, 22.x]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v3
with:
version: 10
- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Run TypeScript check
run: pnpm run type-check
- name: Run ESLint
run: pnpm run lint
- name: Check Prettier formatting
run: pnpm run format:check
- name: Run tests
run: pnpm test -- --run --reporter=verbose
- name: Upload coverage to Codecov
if: matrix.node-version == '22.x'
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./coverage/lcov.info
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
build:
name: Build Extension
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v3
with:
version: 10
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22.x'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Build extension
run: pnpm build
- name: Check build artifacts
run: |
echo "Build artifacts:"
ls -la index.js
echo "Extension built successfully"
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: |
index.js
package.json
retention-days: 30
security:
name: Security Audit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v3
with:
version: 10
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22.x'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Run security audit
run: pnpm audit --audit-level moderate
continue-on-error: true
- name: Check for known vulnerabilities
run: |
echo "Checking for critical vulnerabilities..."
pnpm audit --audit-level high --json > audit-result.json || true
if [ -s audit-result.json ]; then
echo "Security audit completed - check results"
cat audit-result.json | head -20
fi
integration:
name: Integration Tests
runs-on: ubuntu-latest
needs: [test, build]
if: github.ref == 'refs/heads/main' || contains(github.event.pull_request.labels.*.name, 'integration-test')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v3
with:
version: 10
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22.x'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: ./
- name: Install Playwright
run: |
if [ -f "playwright-tools/package.json" ]; then
cd playwright-tools
npm install
npx playwright install --with-deps chromium
cd ..
fi
- name: Run integration tests
run: |
echo "Running integration tests..."
if [ -f "playwright-tools/test-extension.js" ]; then
cd playwright-tools
timeout 300 node test-extension.js || echo "Integration tests completed"
cd ..
else
echo "No integration tests configured"
fi
release-check:
name: Release Readiness Check
runs-on: ubuntu-latest
needs: [test, build, security]
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check version consistency
run: |
echo "Checking package.json version..."
VERSION=$(node -p "require('./package.json').version")
echo "Current version: $VERSION"
echo "Checking if version is tagged..."
if git tag --list | grep -q "^v$VERSION$"; then
echo "✓ Version $VERSION is already tagged"
else
echo "ℹ Version $VERSION is not yet tagged"
fi
- name: Validate CHANGELOG
run: |
if [ -f "CHANGELOG.md" ]; then
echo "✓ CHANGELOG.md exists"
if grep -q "$(node -p "require('./package.json').version")" CHANGELOG.md; then
echo "✓ Current version found in CHANGELOG"
else
echo "⚠ Current version not found in CHANGELOG"
fi
else
echo "⚠ No CHANGELOG.md found"
fi
- name: Check release workflow
run: |
if [ -f ".github/workflows/release.yml" ]; then
echo "✓ Release workflow exists"
else
echo "ℹ No release workflow configured"
fi
notification:
name: Notification
runs-on: ubuntu-latest
needs: [test, build, security]
if: always()
steps:
- name: Check job results
run: |
echo "Pipeline Status Summary:"
echo "Test job: ${{ needs.test.result }}"
echo "Build job: ${{ needs.build.result }}"
echo "Security job: ${{ needs.security.result }}"
if [ "${{ needs.test.result }}" == "success" ] && [ "${{ needs.build.result }}" == "success" ]; then
echo "✅ All critical jobs passed!"
# Security job allowed to fail (continue-on-error: true)
if [ "${{ needs.security.result }}" == "success" ]; then
echo "🔒 Security audit also passed"
else
echo "⚠️ Security audit completed with warnings (non-critical)"
fi
else
echo "❌ Some critical jobs failed!"
echo "Critical jobs (test, build) must pass for pipeline success"
exit 1
fi