feat(frontend): implement comprehensive multi-language support (REQ-0… #90
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| env: | |
| GO_VERSION: "1.25" | |
| BUN_VERSION: "latest" | |
| REGISTRY: ghcr.io | |
| AZURE_LOCATION: westeurope | |
| jobs: | |
| # ============================================================================ | |
| # Backend CI - Go build, test, lint, security, coverage | |
| # ============================================================================ | |
| backend-ci: | |
| name: Backend CI | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: backend | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Build | |
| run: go build -v ./... | |
| - name: Run tests with coverage | |
| run: go test -race -coverprofile=coverage.out -covermode=atomic ./... | |
| - name: Upload coverage artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: backend-coverage | |
| path: backend/coverage.out | |
| - name: Run go vet | |
| run: go vet ./... | |
| - name: Install staticcheck | |
| run: go install honnef.co/go/tools/cmd/staticcheck@latest | |
| - name: Run staticcheck | |
| run: staticcheck ./... | |
| - name: Install gosec | |
| run: go install github.com/securego/gosec/v2/cmd/gosec@latest | |
| - name: Run security scan (gosec) | |
| run: gosec -fmt=json -out=gosec-report.json ./... | |
| - name: Upload security report | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: backend-security-report | |
| path: backend/gosec-report.json | |
| # ============================================================================ | |
| # Frontend CI - Bun build, test, lint, security, coverage | |
| # ============================================================================ | |
| frontend-ci: | |
| name: Frontend CI | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: frontend | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: ${{ env.BUN_VERSION }} | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Lint | |
| run: bun run lint | |
| - name: Type check | |
| run: bun run tsc --noEmit | |
| - name: Build | |
| run: bun run build | |
| - name: Run tests with coverage | |
| run: bun run test:run -- --coverage | |
| # - name: Run E2E tests (headless) | |
| # run: bun run test:e2e:run | |
| - name: Upload coverage artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: frontend-coverage | |
| path: frontend/coverage/ | |
| - name: Security audit | |
| run: bun pm scan | |
| # ============================================================================ | |
| # Infrastructure Validation - Bicep syntax and linting | |
| # ============================================================================ | |
| infra-validate: | |
| name: Validate Infrastructure | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Validate Bicep files | |
| run: | | |
| az bicep build --file infra/main.bicep --stdout > /dev/null | |
| echo "✓ Bicep syntax validation passed" | |
| - name: Lint Bicep files | |
| run: | | |
| az bicep lint --file infra/main.bicep | |
| echo "✓ Bicep linting passed" | |
| # ============================================================================ | |
| # Docker Build & Push to GitHub Container Registry | |
| # ============================================================================ | |
| docker-build-push: | |
| name: Docker Build & Push | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| needs: [backend-ci, frontend-ci] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set lowercase image name | |
| run: echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata for Docker | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=sha,prefix=,format=long | |
| type=raw,value=latest | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # ============================================================================ | |
| # Deploy to Azure Container Apps | |
| # ============================================================================ | |
| deploy: | |
| name: Deploy to Azure | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| needs: [docker-build-push, infra-validate] | |
| environment: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set lowercase image name | |
| run: echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV | |
| - name: Log in to Azure | |
| uses: azure/login@v3 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Deploy infrastructure with Bicep | |
| run: | | |
| az deployment group create \ | |
| --name "deploy-${{ github.sha }}" \ | |
| --resource-group togetherlist-rg \ | |
| --template-file infra/main.bicep \ | |
| --parameters infra/parameters/production.bicepparam \ | |
| --parameters \ | |
| containerImage=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \ | |
| registryUsername=${{ github.actor }} \ | |
| registryPassword=${{ secrets.GHCR_PAT }} | |