1- name : CI
1+ name : CI/CD Pipeline
22
33on :
44 push :
77 pull_request :
88 branches :
99 - main
10+ workflow_dispatch :
1011
1112permissions :
1213 contents : write
14+ pull-requests : write
15+ checks : write
16+ statuses : write
17+ pages : write
18+ id-token : write
19+
20+ concurrency :
21+ group : ${{ github.workflow }}-${{ github.ref }}
22+ cancel-in-progress : true
1323
1424jobs :
15- build-and-test :
25+ # ------------------------------------------------------------------
26+ # 1. Quality Control (Parallel Jobs)
27+ # ------------------------------------------------------------------
28+ quality-check :
29+ name : Quality Gates
1630 runs-on : ubuntu-latest
17-
1831 steps :
1932 - name : Checkout
2033 uses : actions/checkout@v4
34+ with :
35+ fetch-depth : 0
2136
2237 - name : Install pnpm
2338 uses : pnpm/action-setup@v4
@@ -31,28 +46,174 @@ jobs:
3146 - name : Install dependencies
3247 run : pnpm install --frozen-lockfile
3348
34- - name : Lint
49+ - name : Lint Code
3550 run : pnpm lint
3651
3752 - name : Type Check
3853 run : pnpm type-check
3954
40- - name : Test
55+ - name : Security Audit
56+ # Fails if vulnerabilities with 'high' severity or above are found
57+ run : pnpm audit --audit-level=high
58+ continue-on-error : true # Warning only for now to avoid blocking, user can change to false
59+
60+ # ------------------------------------------------------------------
61+ # 2. Testing
62+ # ------------------------------------------------------------------
63+ unit-test :
64+ name : Unit Tests
65+ runs-on : ubuntu-latest
66+ steps :
67+ - name : Checkout
68+ uses : actions/checkout@v4
69+
70+ - name : Install pnpm
71+ uses : pnpm/action-setup@v4
72+
73+ - name : Install Node.js
74+ uses : actions/setup-node@v4
75+ with :
76+ node-version : 20
77+ cache : " pnpm"
78+
79+ - name : Install dependencies
80+ run : pnpm install --frozen-lockfile
81+
82+ - name : Run Unit Tests
4183 run : pnpm test:coverage
4284
85+ - name : Upload Coverage
86+ uses : actions/upload-artifact@v4
87+ with :
88+ name : coverage-report
89+ path : coverage/
90+ retention-days : 7
91+
92+ e2e-test :
93+ name : E2E Tests
94+ runs-on : ubuntu-latest
95+ steps :
96+ - name : Checkout
97+ uses : actions/checkout@v4
98+
99+ - name : Install pnpm
100+ uses : pnpm/action-setup@v4
101+
102+ - name : Install Node.js
103+ uses : actions/setup-node@v4
104+ with :
105+ node-version : 20
106+ cache : " pnpm"
107+
108+ - name : Install dependencies
109+ run : pnpm install --frozen-lockfile
110+
111+ - name : Install Playwright Browsers
112+ run : pnpm exec playwright install --with-deps
113+
114+ - name : Run E2E Tests
115+ run : pnpm e2e
116+
117+ - name : Upload Playwright Report
118+ if : always()
119+ uses : actions/upload-artifact@v4
120+ with :
121+ name : playwright-report
122+ path : playwright-report/
123+ retention-days : 7
124+
125+ # ------------------------------------------------------------------
126+ # 3. Build & Performance
127+ # ------------------------------------------------------------------
128+ build :
129+ name : Build
130+ needs : [quality-check, unit-test] # Run build after quality checks pass
131+ runs-on : ubuntu-latest
132+ steps :
133+ - name : Checkout
134+ uses : actions/checkout@v4
135+
136+ - name : Install pnpm
137+ uses : pnpm/action-setup@v4
138+
139+ - name : Install Node.js
140+ uses : actions/setup-node@v4
141+ with :
142+ node-version : 20
143+ cache : " pnpm"
144+
145+ - name : Install dependencies
146+ run : pnpm install --frozen-lockfile
147+
43148 - name : Build
44149 run : pnpm build
45150
46- - name : Upload coverage reports
151+ - name : Performance Check (Bundle Size)
152+ # Placeholder for performance benchmarking
153+ run : |
154+ echo "Checking bundle size..."
155+ du -sh apps/cafe/dist
156+
157+ name : Upload Build Artifacts
47158 uses : actions/upload-artifact@v4
48159 with :
49- name : coverage
50- path : " **/coverage/"
160+ name : dist-apps-cafe
161+ path : apps/cafe/dist
162+ retention-days : 7
163+
164+ # ------------------------------------------------------------------
165+ # 4. Deployment (Production)
166+ # ------------------------------------------------------------------
167+ deploy-production :
168+ name : Deploy to Production
169+ needs : [build, e2e-test]
170+ if : github.event_name == 'push' && github.ref == 'refs/heads/main'
171+ runs-on : ubuntu-latest
172+ environment :
173+ name : production
174+ url : ${{ steps.deployment.outputs.page_url }}
175+ steps :
176+ - name : Download Artifact
177+ uses : actions/download-artifact@v4
178+ with :
179+ name : dist-apps-cafe
180+ path : apps/cafe/dist
51181
52182 - name : Deploy to GitHub Pages
53- if : github.event_name == 'push' && github.ref == 'refs/heads/main'
54183 uses : peaceiris/actions-gh-pages@v4
55184 with :
56185 github_token : ${{ secrets.GITHUB_TOKEN }}
57186 publish_dir : ./apps/cafe/dist
58187 force_orphan : true
188+
189+ # ------------------------------------------------------------------
190+ # 5. Release Automation
191+ # ------------------------------------------------------------------
192+ release :
193+ name : Release
194+ needs : [deploy-production]
195+ if : github.event_name == 'push' && github.ref == 'refs/heads/main'
196+ runs-on : ubuntu-latest
197+ steps :
198+ - name : Checkout
199+ uses : actions/checkout@v4
200+ with :
201+ fetch-depth : 0
202+
203+ - name : Create Release
204+ uses : softprops/action-gh-release@v1
205+ with :
206+ generate_release_notes : true
207+ token : ${{ secrets.GITHUB_TOKEN }}
208+
209+ # ------------------------------------------------------------------
210+ # 6. Notifications (Placeholder)
211+ # ------------------------------------------------------------------
212+ notify :
213+ name : Notifications
214+ needs : [deploy-production]
215+ if : always()
216+ runs-on : ubuntu-latest
217+ steps :
218+ - name : Notify
219+ run : echo "Sending notifications... (Configure Slack/Email webhook here)"
0 commit comments