From 1e3fbeeddc1ab064d3c986d6099e0534590d9681 Mon Sep 17 00:00:00 2001 From: Flea Flicker Date: Sat, 23 May 2026 21:46:25 +0000 Subject: [PATCH] Delete stale .github/workflows/ci.yml from uat branch The CI workflow has been migrated to .github/workflows/ directory with proper branch-specific configuration. The legacy ci.yml on uat is stale and no longer needed. Co-Authored-By: Paperclip --- .github/workflows/ci.yml | 302 --------------------------------------- 1 file changed, 302 deletions(-) delete mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 9b6153a..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,302 +0,0 @@ -name: CI - -on: - push: - branches: [main, dev, uat] - pull_request: - branches: [main, dev, uat] - -concurrency: - group: ci-${{ github.ref }} - cancel-in-progress: true - -permissions: - contents: write - packages: write - security-events: write - -env: - REGISTRY: ghcr.io - IMAGE_NAME: cartsnitch/app - -jobs: - lint: - runs-on: runners-cartsnitch - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: "20" - cache: npm - - run: npm ci - - name: ESLint - run: npx eslint . - - name: Type check - run: npx tsc --noEmit - - test: - runs-on: runners-cartsnitch - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: "20" - cache: npm - - run: npm ci - - name: Run tests - run: npx vitest run - - audit: - runs-on: runners-cartsnitch - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: "20" - cache: npm - - run: npm ci - - name: Check for vulnerabilities - run: npm audit --audit-level=high - - e2e: - runs-on: runners-cartsnitch - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: "20" - cache: npm - - run: npm ci - - run: npx playwright install --with-deps chromium - - run: npx playwright test - - lighthouse: - runs-on: runners-cartsnitch - needs: [test] - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: "20" - cache: npm - - run: npm ci - - run: npm run build - - name: Install Chromium for Lighthouse - run: | - npm install -g playwright - npx playwright install --with-deps chromium - - name: Start preview server - run: | - npm run preview & - npx wait-on http://localhost:4173/ --timeout 30000 - - name: Run Lighthouse CI - run: | - CHROME_PATH=$(find /home/runner/.cache/ms-playwright -name chrome -type f 2>/dev/null | head -1) - npm install -g @lhci/cli - CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage" - - build-and-push: - runs-on: runners-cartsnitch - if: github.event_name == 'push' - needs: [lint, test, e2e] - outputs: - calver_tag: ${{ steps.calver.outputs.version }} - sha_tag: sha-${{ github.sha }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Generate CalVer tag - id: calver - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - run: | - DATE_TAG=$(date -u +%Y.%m.%d) - EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1) - if [ -z "$EXISTING" ]; then - VERSION="$DATE_TAG" - elif [ "$EXISTING" = "v${DATE_TAG}" ]; then - VERSION="${DATE_TAG}.2" - else - BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//") - VERSION="${DATE_TAG}.$((BUILD_NUM + 1))" - fi - echo "version=$VERSION" >> "$GITHUB_OUTPUT" - echo "CalVer tag: $VERSION" - - - name: Log in to Docker Hub - if: github.event_name == 'push' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Log in to GHCR - if: github.event_name == 'push' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=sha,prefix=sha-,format=long - type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} - type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} - - - name: Build Docker image - uses: docker/build-push-action@v6 - with: - context: . - load: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - target: prod - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Scan frontend image for vulnerabilities - uses: anchore/scan-action@v5 - id: scan - env: - GRYPE_CONFIG: .grype.yaml - with: - image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}" - fail-build: true - severity-cutoff: high - only-fixed: "true" - output-format: sarif - - - name: Upload frontend scan results to GitHub Security - uses: github/codeql-action/upload-sarif@v3 - if: always() - with: - sarif_file: ${{ steps.scan.outputs.sarif }} - - - name: Push Docker image - if: github.event_name == 'push' - uses: docker/build-push-action@v6 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - target: prod - cache-from: type=gha - - - name: Create git tag - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - run: | - git tag "v${{ steps.calver.outputs.version }}" - git push origin "v${{ steps.calver.outputs.version }}" - - deploy-dev: - runs-on: runners-cartsnitch - needs: [build-and-push] - if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main') - steps: - - name: Generate GitHub App token - id: app-token - uses: actions/create-github-app-token@v1 - with: - app-id: ${{ secrets.CARTSNITCH_APP_ID }} - private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - repositories: infra - - - name: Checkout infra repo - uses: actions/checkout@v4 - with: - repository: cartsnitch/infra - token: ${{ steps.app-token.outputs.token }} - ref: main - path: infra - - - name: Install kubectl - uses: azure/setup-kubectl@v4 - - - name: Install kustomize - uses: imranismail/setup-kustomize@v2 - - - name: Determine image tag for frontend - id: frontend_tag - run: | - if [ "${{ github.ref }}" == "refs/heads/main" ]; then - echo "tag=${{ needs.build-and-push.outputs.calver_tag }}" >> "$GITHUB_OUTPUT" - else - echo "tag=${{ needs.build-and-push.outputs.sha_tag }}" >> "$GITHUB_OUTPUT" - fi - - - name: Update frontend image tag - if: needs.build-and-push.result == 'success' - run: | - cd infra/apps/overlays/dev - kustomize edit set image ghcr.io/cartsnitch/app:${{ steps.frontend_tag.outputs.tag }} - - - name: Commit and push to infra - run: | - cd infra - git config user.name "cartsnitch-ci[bot]" - git config user.email "cartsnitch-ci[bot]@users.noreply.github.com" - git add apps/overlays/dev/kustomization.yaml - git commit -m "ci(dev): update cartsnitch/app image" - git pull --rebase origin main - git push origin main - - deploy-uat: - runs-on: runners-cartsnitch - needs: [build-and-push] - if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main') - steps: - - name: Generate GitHub App token - id: app-token - uses: actions/create-github-app-token@v1 - with: - app-id: ${{ secrets.CARTSNITCH_APP_ID }} - private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - repositories: infra - - - name: Checkout infra repo - uses: actions/checkout@v4 - with: - repository: cartsnitch/infra - token: ${{ steps.app-token.outputs.token }} - ref: main - path: infra - - - name: Install kubectl - uses: azure/setup-kubectl@v4 - - - name: Install kustomize - uses: imranismail/setup-kustomize@v2 - - - name: Determine image tag for frontend - id: frontend_tag - run: | - if [ "${{ github.ref }}" == "refs/heads/main" ]; then - echo "tag=${{ needs.build-and-push.outputs.calver_tag }}" >> "$GITHUB_OUTPUT" - else - echo "tag=${{ needs.build-and-push.outputs.sha_tag }}" >> "$GITHUB_OUTPUT" - fi - - - name: Update frontend image tag - if: needs.build-and-push.result == 'success' - run: | - cd infra/apps/overlays/uat - kustomize edit set image ghcr.io/cartsnitch/app:${{ steps.frontend_tag.outputs.tag }} - - - name: Commit and push to infra - run: | - cd infra - git config user.name "cartsnitch-ci[bot]" - git config user.email "cartsnitch-ci[bot]@users.noreply.github.com" - git add apps/overlays/uat/kustomization.yaml - git commit -m "ci(uat): update cartsnitch/app image" - git pull --rebase origin main - git push origin main \ No newline at end of file -- 2.52.0