-
Notifications
You must be signed in to change notification settings - Fork 0
125 lines (104 loc) · 3.76 KB
/
ci.yml
File metadata and controls
125 lines (104 loc) · 3.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
name: CI
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
jobs:
# ── 1. Backend: audit deps + verify the server starts cleanly ──────────────
backend:
name: Backend – audit & smoke test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18"
cache: "npm"
cache-dependency-path: package-lock.json
- name: Install dependencies
# Full install (not --omit=dev) so all runtime deps are present
run: npm ci
- name: Audit for vulnerabilities
# Fail the build on any high or critical CVE
run: npm audit --audit-level=high
- name: Smoke test – server boots and /api/health responds
run: |
# Supply the minimum env vars server.js requires to start
export JWT_SECRET=ci-test-secret-not-real
export STRIPE_SECRET_KEY=sk_test_ci_placeholder
export STRIPE_WEBHOOK_SECRET=whsec_ci_placeholder
export STRIPE_CREATOR_PRICE_ID=price_ci_creator
export STRIPE_STUDIO_PRICE_ID=price_ci_studio
export FRONTEND_URL=http://localhost:5173
export DB_PATH=/tmp/spectra-ci.db
export PORT=3001
# Redirect output to a log file so we can print it on failure
node server.js > /tmp/server.log 2>&1 &
SERVER_PID=$!
# Wait up to 15 s for the server to be ready
for i in $(seq 1 15); do
sleep 1
if curl -sf http://localhost:3001/api/health; then
echo "Server healthy"
kill $SERVER_PID 2>/dev/null || true
exit 0
fi
done
# If we get here the server never responded — print logs and fail
echo "=== Server failed to start. Logs: ===" >&2
cat /tmp/server.log >&2
kill $SERVER_PID 2>/dev/null || true
exit 1
# ── 2. Frontend: type-check + build ───────────────────────────────────────
frontend:
name: Frontend – type-check & build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
# Vite 4 requires Node 18; if you upgrade to Vite 5 bump this to 20
node-version: "18"
cache: "npm"
cache-dependency-path: package-lock.json
- name: Install all dependencies (including devDependencies for build)
run: npm ci
- name: Type-check
run: npx tsc --noEmit
- name: Build
env:
# Placeholder – real URL is injected at deploy time via Hyperlift env
VITE_BACKEND_URL: https://spectracleanse.com
run: npx vite build
- name: Upload build artifact
uses: actions/upload-artifact@v4
with:
name: frontend-dist
path: dist/
retention-days: 3
# ── 3. Docker: build the image (every push; push to registry only on main) ─
docker:
name: Docker – build image
runs-on: ubuntu-latest
# Only runs after backend passes
needs: [backend]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build image (no push on PRs)
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile
push: false
tags: spectracleanse-api:ci
# Enable layer caching so repeat builds are fast
cache-from: type=gha
cache-to: type=gha,mode=max