Skip to content

CI/CD Pipeline

CI/CD Pipeline #317

Workflow file for this run

name: CI/CD Pipeline
# This workflow runs AFTER the auto-fix workflow completes to ensure code quality fixes are applied first
on:
# Primary trigger: Run after auto-fix workflow completes
workflow_run:
workflows: ["Auto-Fix Code Quality"]
types:
- completed
branches:
- main
# Fallback trigger: Run directly on push/PR if auto-fix doesn't run
# This handles cases where auto-fix is skipped (e.g., [auto-fix] commits)
push:
branches:
- main
pull_request:
branches:
- main
jobs:
# Wait for auto-fix completion (only for workflow_run triggers)
wait-for-auto-fix:
if: github.event_name == 'workflow_run'
runs-on: ubuntu-latest
outputs:
auto-fix-status: ${{ steps.check-status.outputs.status }}
steps:
- name: Check auto-fix workflow status
id: check-status
run: |
echo "🔍 Checking auto-fix workflow status..."
if [ "${{ github.event.workflow_run.conclusion }}" == "success" ]; then
echo "✅ Auto-fix workflow completed successfully"
echo "status=success" >> $GITHUB_OUTPUT
elif [ "${{ github.event.workflow_run.conclusion }}" == "skipped" ]; then
echo "⏭️ Auto-fix workflow was skipped (no fixes needed)"
echo "status=success" >> $GITHUB_OUTPUT
else
echo "❌ Auto-fix workflow failed with status: ${{ github.event.workflow_run.conclusion }}"
echo "status=failure" >> $GITHUB_OUTPUT
exit 1
fi
# Main CI/CD pipeline
build:
# Run after auto-fix check (for workflow_run) or directly (for push/PR)
needs: [wait-for-auto-fix]
if: always() && (needs.wait-for-auto-fix.result == 'success' || github.event_name != 'workflow_run')
runs-on: ubuntu-latest
steps:
- name: Workflow execution context
run: |
echo "🚀 Starting CI/CD Pipeline"
echo "Trigger: ${{ github.event_name }}"
if [ "${{ github.event_name }}" == "workflow_run" ]; then
echo "Auto-fix status: ${{ needs.wait-for-auto-fix.outputs.auto-fix-status }}"
echo "Workflow run ID: ${{ github.event.workflow_run.id }}"
echo "Head branch: ${{ github.event.workflow_run.head_branch }}"
echo "Head SHA: ${{ github.event.workflow_run.head_sha }}"
echo "Conclusion: ${{ github.event.workflow_run.conclusion }}"
echo "✅ Auto-fix workflow completed - proceeding with CI/CD"
else
echo "📝 Direct trigger - auto-fix may run concurrently"
fi
echo ""
- uses: actions/checkout@v4
with:
# For workflow_run, checkout the latest commit on the branch (includes auto-fixes)
# For direct triggers, checkout the triggering commit
ref: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_branch || github.ref }}
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Synchronize with auto-fix commits
if: github.event_name == 'workflow_run'
run: |
echo "🔄 Synchronizing repository with auto-fix commits..."
echo "Target branch: ${{ github.event.workflow_run.head_branch }}"
echo "Trigger SHA: ${{ github.event.workflow_run.head_sha }}"
# Force fetch latest changes
git fetch origin ${{ github.event.workflow_run.head_branch }}
# Check for new commits beyond trigger SHA
LATEST_SHA=$(git rev-parse origin/${{ github.event.workflow_run.head_branch }})
TRIGGER_SHA="${{ github.event.workflow_run.head_sha }}"
echo "Latest SHA: $LATEST_SHA"
echo "Trigger SHA: $TRIGGER_SHA"
if [ "$LATEST_SHA" != "$TRIGGER_SHA" ]; then
echo "✅ Auto-fix commits detected - synchronizing..."
git reset --hard origin/${{ github.event.workflow_run.head_branch }}
echo "Repository synchronized to: $(git rev-parse HEAD)"
else
echo "ℹ️ No auto-fix commits found - proceeding with trigger SHA"
fi
# Verify we have the latest code
echo "Final commit: $(git log -1 --oneline)"
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install dependencies
run: |
echo "📦 Installing npm dependencies..."
npm install --verbose
echo "✅ Dependencies installed successfully"
- name: Verify auto-fix synchronization (post-install)
if: github.event_name == 'workflow_run'
run: |
echo "🔍 Verifying auto-fix synchronization after dependency installation..."
# Now that dependencies are installed, we can run lint to verify fixes
if npm run lint --silent; then
echo "✅ Code quality verified - auto-fixes are properly synchronized"
else
echo "⚠️ Lint issues detected - checking for delayed propagation..."
# Wait up to 30 seconds for any remaining commit propagation
for i in {1..6}; do
echo "Attempt $i/6: Re-fetching latest changes..."
git fetch origin ${{ github.event.workflow_run.head_branch }}
git reset --hard origin/${{ github.event.workflow_run.head_branch }}
if npm run lint --silent; then
echo "✅ Auto-fixes synchronized successfully after retry"
break
fi
if [ $i -eq 6 ]; then
echo "❌ Auto-fix synchronization verification failed after 30 seconds"
echo "This indicates either:"
echo " 1. Auto-fix workflow didn't actually fix the issues"
echo " 2. There are new lint issues not covered by auto-fix"
echo " 3. Synchronization is still incomplete"
echo ""
echo "Running lint with full output for debugging:"
npm run lint || true
exit 1
fi
sleep 5
done
fi
- name: Display dependency tree
run: |
echo "📳 Dependency tree overview:"
npm list --depth=0 || true
echo ""
- name: Security Audit
run: |
echo "🔒 Running comprehensive npm security audit..."
echo "🔍 Audit level: moderate (catches moderate and high severity)"
npm audit --audit-level=moderate
echo "✅ Security audit completed - no vulnerabilities found"
- name: Show npm audit summary
if: failure()
run: |
echo "⚠️ Security audit failed - showing detailed report:"
npm audit || true
echo ""
echo "🔧 Available fixes:"
npm audit fix --dry-run || true
- name: Run tests
run: |
echo "🧪 Running test suite..."
npm test
echo "✅ All tests passed"
- name: Run lint
run: |
echo "🔍 Running ESLint code quality checks..."
npm run lint
echo "✅ Code quality checks passed"
- name: Build summary
if: success()
run: |
echo "🎉 Build completed successfully!"
echo "✅ Dependencies: Installed"
echo "✅ Security: No vulnerabilities"
echo "✅ Tests: All passing"
echo "✅ Linting: No issues"
if [ "${{ github.event_name }}" == "workflow_run" ]; then
echo "✅ Auto-fix: Completed before CI/CD"
fi