CI and Dependabot workflows #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request CI | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| types: [opened, synchronize, reopened] | |
| # Cancel in-progress runs when a new push is made | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # Install and cache dependencies | |
| setup: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Cache dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-node-modules-${{ hashFiles('**/package-lock.json') }} | |
| # Lint the code | |
| lint: | |
| runs-on: ubuntu-latest | |
| needs: setup | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Restore dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-node-modules-${{ hashFiles('**/package-lock.json') }} | |
| - name: Install dependencies if cache miss | |
| run: npm ci | |
| - name: Run ESLint | |
| run: npm run lint | |
| # Run tests (if you have any) | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: setup | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Restore dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-node-modules-${{ hashFiles('**/package-lock.json') }} | |
| - name: Install dependencies if cache miss | |
| run: npm ci | |
| # Uncomment when you have tests | |
| # - name: Run tests | |
| # run: npm test -- --coverage --watchAll=false | |
| # For now, just validate that test dependencies work | |
| - name: Validate test setup | |
| run: echo "Test setup validated - no tests currently defined" | |
| # Build the application | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: setup | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Restore dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-node-modules-${{ hashFiles('**/package-lock.json') }} | |
| - name: Install dependencies if cache miss | |
| run: npm ci | |
| - name: Build Next.js app | |
| run: npm run build | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-output | |
| path: ./build | |
| retention-days: 1 | |
| # Test deployment (verify build can be served) | |
| test-deployment: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build-output | |
| path: ./build | |
| - name: Test static file serving | |
| run: | | |
| # Install a simple static server | |
| npm install -g http-server | |
| # Start server in background | |
| http-server ./build -p 8080 & | |
| # Wait for server to start | |
| sleep 5 | |
| # Test that the main page loads | |
| curl -f http://localhost:8080/index.html || exit 1 | |
| echo "✅ Build can be served successfully" | |
| # Security audit | |
| security: | |
| runs-on: ubuntu-latest | |
| needs: setup | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| - name: Run security audit | |
| run: npm audit --audit-level high | |
| - name: Check for known vulnerabilities | |
| run: npm audit --audit-level moderate | |
| # All checks must pass | |
| all-checks: | |
| runs-on: ubuntu-latest | |
| needs: [lint, test, build, test-deployment, security] | |
| if: always() | |
| steps: | |
| - name: Check all jobs | |
| run: | | |
| if [[ "${{ needs.lint.result }}" != "success" ]]; then | |
| echo "❌ Linting failed" | |
| exit 1 | |
| fi | |
| if [[ "${{ needs.test.result }}" != "success" ]]; then | |
| echo "❌ Tests failed" | |
| exit 1 | |
| fi | |
| if [[ "${{ needs.build.result }}" != "success" ]]; then | |
| echo "❌ Build failed" | |
| exit 1 | |
| fi | |
| if [[ "${{ needs.test-deployment.result }}" != "success" ]]; then | |
| echo "❌ Deployment test failed" | |
| exit 1 | |
| fi | |
| if [[ "${{ needs.security.result }}" != "success" ]]; then | |
| echo "❌ Security audit failed" | |
| exit 1 | |
| fi | |
| echo "✅ All checks passed!" |