Groom Book CTO
095c2c80e5
The deploy job required INFRA_DEPLOY_TOKEN (a GitHub PAT) stored as a repo secret, which violates the board directive against storing tokens in repo secrets. Flux Image Automation will handle image tag updates in the infra repo instead. Fixes #72 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
188 lines
4.5 KiB
YAML
188 lines
4.5 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
lint-typecheck:
|
|
name: Lint & Typecheck
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: pnpm/action-setup@v4
|
|
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
cache: pnpm
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Typecheck
|
|
run: pnpm typecheck
|
|
|
|
- name: Lint
|
|
run: pnpm lint
|
|
|
|
test:
|
|
name: Test
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: pnpm/action-setup@v4
|
|
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
cache: pnpm
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Run tests
|
|
run: pnpm test
|
|
|
|
e2e:
|
|
name: E2E Tests
|
|
runs-on: ubuntu-latest
|
|
needs: [lint-typecheck, test]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: pnpm/action-setup@v4
|
|
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
cache: pnpm
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Install Playwright browsers
|
|
run: pnpm --filter @groombook/e2e exec playwright install --with-deps chromium
|
|
|
|
- name: Start Docker Compose stack
|
|
run: docker compose up -d --wait
|
|
timeout-minutes: 5
|
|
|
|
- name: Run E2E tests
|
|
run: pnpm --filter @groombook/e2e test
|
|
|
|
- name: Upload Playwright report
|
|
if: failure()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: playwright-report
|
|
path: apps/e2e/playwright-report/
|
|
retention-days: 7
|
|
|
|
- name: Stop Docker Compose stack
|
|
if: always()
|
|
run: docker compose down
|
|
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
needs: [lint-typecheck, test]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: pnpm/action-setup@v4
|
|
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
cache: pnpm
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Build all packages
|
|
run: pnpm build
|
|
|
|
docker:
|
|
name: Build & Push Docker Images
|
|
runs-on: ubuntu-latest
|
|
needs: [build]
|
|
if: github.ref == 'refs/heads/main'
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Generate version tag
|
|
id: version
|
|
run: |
|
|
TAG="$(date -u +%Y.%m.%d)-${GITHUB_SHA::7}"
|
|
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
|
|
echo "Image version: $TAG"
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build and push API image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: apps/api/Dockerfile
|
|
target: runner
|
|
push: true
|
|
tags: |
|
|
ghcr.io/groombook/api:${{ steps.version.outputs.tag }}
|
|
ghcr.io/groombook/api:latest
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
- name: Build and push Migrate image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: apps/api/Dockerfile
|
|
target: migrate
|
|
push: true
|
|
tags: |
|
|
ghcr.io/groombook/migrate:${{ steps.version.outputs.tag }}
|
|
ghcr.io/groombook/migrate:latest
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
- name: Build and push Seed image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: apps/api/Dockerfile
|
|
target: seed
|
|
push: true
|
|
tags: |
|
|
ghcr.io/groombook/seed:${{ steps.version.outputs.tag }}
|
|
ghcr.io/groombook/seed:latest
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
- name: Build and push Web image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: apps/web/Dockerfile
|
|
push: true
|
|
tags: |
|
|
ghcr.io/groombook/web:${{ steps.version.outputs.tag }}
|
|
ghcr.io/groombook/web:latest
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|