feat: enhance CI/CD pipeline with PostgreSQL health checks and coverage reporting

Author: AdamLBS

.github/workflows/rust.yml

@@ -1,62 +1,206 @@
-name: Rust
+name: CI/CD Pipeline
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
 
 env:
   CARGO_TERM_COLOR: always
-  DATABASE_URL: postgres://postgres:dev@localhost:5432/e2ee
+  RUST_BACKTRACE: 1
 
 jobs:
-  build:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres:17-alpine
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: dev
+          POSTGRES_DB: e2ee
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt, clippy
+
+      - name: Cache Cargo dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin
+            ~/.cargo/registry/index
+            ~/.cargo/registry/cache
+            ~/.cargo/git/db
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-
+
+      - name: Install PostgreSQL client
+        run: sudo apt-get update && sudo apt-get install -y postgresql-client
+
+      - name: Wait for PostgreSQL
+        run: |
+          until pg_isready -h localhost -p 5432 -U postgres; do
+            echo "Waiting for PostgreSQL..."
+            sleep 2
+          done
+
+      - name: Setup database schema
+        env:
+          PGPASSWORD: dev
+        run: |
+          psql -h localhost -U postgres -d e2ee -f sql_models/seed.sql
+
+      - name: Check formatting
+        run: cargo fmt --all -- --check
+
+      - name: Clippy
+        run: cargo clippy --all-targets --all-features -- -D warnings
+
+      - name: Build
+        env:
+          DATABASE_URL: postgres://postgres:dev@localhost:5432/e2ee
+        run: cargo build --verbose
+
+      - name: Run tests
+        env:
+          DATABASE_URL: postgres://postgres:dev@localhost:5432/e2ee
+        run: cargo test --verbose
+
+  docker:
+    name: Build Docker Image
+    runs-on: ubuntu-latest
+    needs: test
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: false
+          tags: hushnet-backend:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Test Docker Compose
+        run: |
+          docker compose up -d
 
+          # Wait for services to be healthy
+          echo "Waiting for services to be healthy..."
+          timeout 60 bash -c 'until docker compose ps | grep -q "healthy"; do sleep 2; done'
+
+          # Test backend health
+          curl -f http://localhost:8080/ || exit 1
+
+          echo "✅ Docker Compose test passed"
+
+          # Cleanup
+          docker compose down -v
+
+  security:
+    name: Security Audit
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache Cargo dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin
+            ~/.cargo/registry/index
+            ~/.cargo/registry/cache
+            ~/.cargo/git/db
+          key: ${{ runner.os }}-cargo-audit-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit || true
+
+      - name: Run security audit
+        run: cargo audit
+
+  coverage:
+    name: Code Coverage
     runs-on: ubuntu-latest
 
+    services:
+      postgres:
+        image: postgres:17-alpine
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: dev
+          POSTGRES_DB: e2ee
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
     steps:
-    - uses: actions/checkout@v4
-    - name: Build Postgres image
-      run: docker build -t postgres-ee -f Dockerfile .
-
-    - name: Start Postgres container
-      run: |
-        docker run -d --name postgres-ee \
-          -p 5432:5432 \
-          -e POSTGRES_USER=postgres \
-          -e POSTGRES_PASSWORD=dev \
-          -e POSTGRES_DB=e2ee \
-          postgres
-
-        until docker exec postgres-ee pg_isready -U postgres > /dev/null 2>&1; do
-          echo "Waiting for Postgres to be ready..."
-          sleep 2
-        done
-        echo "Postgres is ready."
-    - name: Cache Cargo
-      uses: actions/cache@v4
-      with:
-        path: |
-          ~/.cargo/bin
-          ~/.cargo/registry/index
-          ~/.cargo/registry/cache
-          ~/.cargo/git/db
-          target
-        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-        restore-keys: |
-          ${{ runner.os }}-cargo-
-    - name: Build
-      run: cargo build --verbose
-    - name: Run tests
-      run: cargo test --verbose
-    - name: Stop Postgres container
-      if: always()
-      run: docker rm -f postgres-ee
-    - name: Format code
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        cargo fmt
-        git diff --exit-code || { git config user.name "GitHub Actions"; git config user.email "actions@github.com"; git add .; git commit -m "Auto-fix ESLint issues"; git push origin $GITHUB_REF; }
-    
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install PostgreSQL client
+        run: sudo apt-get update && sudo apt-get install -y postgresql-client
+
+      - name: Install tarpaulin
+        run: cargo install cargo-tarpaulin || true
+
+      - name: Wait for PostgreSQL
+        run: |
+          until pg_isready -h localhost -p 5432 -U postgres; do
+            echo "Waiting for PostgreSQL..."
+            sleep 2
+          done
+
+      - name: Setup database schema
+        env:
+          PGPASSWORD: dev
+        run: |
+          psql -h localhost -U postgres -d e2ee -f sql_models/seed.sql
+
+      - name: Generate coverage
+        env:
+          DATABASE_URL: postgres://postgres:dev@localhost:5432/e2ee
+        run: cargo tarpaulin --verbose --all-features --workspace --timeout 300 --out xml
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          files: ./cobertura.xml
+          fail_ci_if_error: false