Revamp CI workflow with comprehensive job setup#9
Merged
Conversation
Here's a revamped, comprehensive CI workflow for your Bitcoin-related GitHub repository. It includes multiple jobs for linting, testing (with matrix across OS and Node versions), security scanning, Docker build, and deployment. The author name "Muhamad Sazwan bin Ismail" is embedded in comments, environment variables, and Docker labels.
```yaml
# =====================================================
# Author: Muhamad Sazwan bin Ismail
# Description: Comprehensive CI/CD pipeline for Bitcoin project
# =====================================================
name: Comprehensive CI/CD
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
workflow_dispatch: # Allow manual trigger
env:
AUTHOR_NAME: "Muhamad Sazwan bin Ismail"
AUTHOR_EMAIL: "muhamad.sazwan@example.com" # Replace with actual email
NODE_VERSION: '18'
jobs:
# 1. Lint and code style
lint:
name: Lint & Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- run: npm ci
- name: Run ESLint
run: npm run lint # Ensure you have a lint script
- name: Check Prettier formatting
run: npm run format:check # If you use Prettier
# 2. Test matrix (Node versions and OS)
test:
name: Test on Node ${{ matrix.node-version }} / ${{ matrix.os }}
needs: lint
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
node-version: [16.x, 18.x, 20.x]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci
- name: Run unit tests
run: npm test # Your test command
- name: Upload coverage to Codecov (optional)
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage/lcov.info
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
# 3. Security scan with Trivy
security:
name: Security Scan
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.19.0
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
exit-code: '1' # Fail if vulnerabilities found
- name: Upload Trivy results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
# 4. Build Docker image and push (only on main branch push)
docker-build:
name: Build & Push Docker Image
runs-on: ubuntu-latest
needs: security
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}/bitcoin-app
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=sha,format=short
labels: |
maintainer=${{ env.AUTHOR_NAME }}
org.opencontainers.image.authors=${{ env.AUTHOR_NAME }}
org.opencontainers.image.version=${{ github.sha }}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# 5. Deploy to staging (optional)
deploy-staging:
name: Deploy to Staging
runs-on: ubuntu-latest
needs: docker-build
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
environment: staging
steps:
- name: Configure Git user (if needed for deployment commits)
run: |
git config --global user.name "${{ env.AUTHOR_NAME }}"
git config --global user.email "${{ env.AUTHOR_EMAIL }}"
- name: Deploy via SSH
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.STAGING_HOST }}
username: ${{ secrets.STAGING_USER }}
key: ${{ secrets.STAGING_SSH_KEY }}
script: |
docker pull ghcr.io/${{ github.repository }}/bitcoin-app:latest
docker stop bitcoin-app || true
docker rm bitcoin-app || true
docker run -d --name bitcoin-app -p 3000:3000 ghcr.io/${{ github.repository }}/bitcoin-app:latest
echo "Deployment complete by ${{ env.AUTHOR_NAME }}"
# 6. Bitcoin-specific check: run regtest node and test RPC
bitcoin-regtest:
name: Bitcoin Regtest Test
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
- name: Install Bitcoin Core
run: |
wget https://bitcoincore.org/bin/bitcoin-core-25.0/bitcoin-25.0-x86_64-linux-gnu.tar.gz
tar -xzf bitcoin-25.0-x86_64-linux-gnu.tar.gz
sudo mv bitcoin-25.0/bin/* /usr/local/bin/
- name: Start bitcoind in regtest mode
run: |
bitcoind -regtest -daemon -server -rpcuser=test -rpcpassword=test -rpcallowip=0.0.0.0/0
sleep 5
- name: Run RPC commands
run: |
bitcoin-cli -regtest -rpcuser=test -rpcpassword=test createwallet test
ADDR=$(bitcoin-cli -regtest -rpcuser=test -rpcpassword=test getnewaddress)
bitcoin-cli -regtest -rpcuser=test -rpcpassword=test generatetoaddress 101 $ADDR
BALANCE=$(bitcoin-cli -regtest -rpcuser=test -rpcpassword=test getbalance)
echo "Balance: $BALANCE"
# Add your app's integration test using the regtest node
- name: Run integration tests against regtest
run: npm run test:integration # If you have integration tests
```
What this workflow does:
· Lint: Ensures code quality with ESLint and Prettier.
· Test: Runs unit tests across three OSes and three Node versions, uploads coverage.
· Security: Scans the codebase for critical/high vulnerabilities and reports to GitHub.
· Docker Build: On pushes to main, builds a Docker image and pushes to GHCR with author labels.
· Deploy Staging: Example SSH deployment after successful build.
· Bitcoin Regtest: Installs Bitcoin Core, starts a regtest node, and runs RPC commands/integration tests.
Customization:
1. Replace npm commands with your actual package manager/build system (e.g., yarn, pip, go).
2. If you don’t use Node.js, adjust the setup steps accordingly (e.g., use actions/setup-python).
3. Update the AUTHOR_EMAIL and any secrets in your repository settings.
4. Modify the Docker context and tags to fit your project structure.
5. The Bitcoin regtest job is optional; remove it if not needed.
Save this as .github/workflows/ci.yml and commit. The workflow will run automatically on pushes and PRs. Let me know if you need further refinements!
Sazwanend
added
documentation
|
Note Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported. |
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Here's a revamped, comprehensive CI workflow for your Bitcoin-related GitHub repository. It includes multiple jobs for linting, testing (with matrix across OS and Node versions), security scanning, Docker build, and deployment. The author name "Muhamad Sazwan bin Ismail" is embedded in comments, environment variables, and Docker labels.
What this workflow does:
· Lint: Ensures code quality with ESLint and Prettier.
· Test: Runs unit tests across three OSes and three Node versions, uploads coverage.
· Security: Scans the codebase for critical/high vulnerabilities and reports to GitHub.
· Docker Build: On pushes to main, builds a Docker image and pushes to GHCR with author labels.
· Deploy Staging: Example SSH deployment after successful build.
· Bitcoin Regtest: Installs Bitcoin Core, starts a regtest node, and runs RPC commands/integration tests.
Customization:
Save this as .github/workflows/ci.yml and commit. The workflow will run automatically on pushes and PRs. Let me know if you need further refinements!