CI/CD Pipeline #317
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| # This workflow runs AFTER the auto-fix workflow completes to ensure code quality fixes are applied first | |
| on: | |
| # Primary trigger: Run after auto-fix workflow completes | |
| workflow_run: | |
| workflows: ["Auto-Fix Code Quality"] | |
| types: | |
| - completed | |
| branches: | |
| - main | |
| # Fallback trigger: Run directly on push/PR if auto-fix doesn't run | |
| # This handles cases where auto-fix is skipped (e.g., [auto-fix] commits) | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| # Wait for auto-fix completion (only for workflow_run triggers) | |
| wait-for-auto-fix: | |
| if: github.event_name == 'workflow_run' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| auto-fix-status: ${{ steps.check-status.outputs.status }} | |
| steps: | |
| - name: Check auto-fix workflow status | |
| id: check-status | |
| run: | | |
| echo "🔍 Checking auto-fix workflow status..." | |
| if [ "${{ github.event.workflow_run.conclusion }}" == "success" ]; then | |
| echo "✅ Auto-fix workflow completed successfully" | |
| echo "status=success" >> $GITHUB_OUTPUT | |
| elif [ "${{ github.event.workflow_run.conclusion }}" == "skipped" ]; then | |
| echo "⏭️ Auto-fix workflow was skipped (no fixes needed)" | |
| echo "status=success" >> $GITHUB_OUTPUT | |
| else | |
| echo "❌ Auto-fix workflow failed with status: ${{ github.event.workflow_run.conclusion }}" | |
| echo "status=failure" >> $GITHUB_OUTPUT | |
| exit 1 | |
| fi | |
| # Main CI/CD pipeline | |
| build: | |
| # Run after auto-fix check (for workflow_run) or directly (for push/PR) | |
| needs: [wait-for-auto-fix] | |
| if: always() && (needs.wait-for-auto-fix.result == 'success' || github.event_name != 'workflow_run') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Workflow execution context | |
| run: | | |
| echo "🚀 Starting CI/CD Pipeline" | |
| echo "Trigger: ${{ github.event_name }}" | |
| if [ "${{ github.event_name }}" == "workflow_run" ]; then | |
| echo "Auto-fix status: ${{ needs.wait-for-auto-fix.outputs.auto-fix-status }}" | |
| echo "Workflow run ID: ${{ github.event.workflow_run.id }}" | |
| echo "Head branch: ${{ github.event.workflow_run.head_branch }}" | |
| echo "Head SHA: ${{ github.event.workflow_run.head_sha }}" | |
| echo "Conclusion: ${{ github.event.workflow_run.conclusion }}" | |
| echo "✅ Auto-fix workflow completed - proceeding with CI/CD" | |
| else | |
| echo "📝 Direct trigger - auto-fix may run concurrently" | |
| fi | |
| echo "" | |
| - uses: actions/checkout@v4 | |
| with: | |
| # For workflow_run, checkout the latest commit on the branch (includes auto-fixes) | |
| # For direct triggers, checkout the triggering commit | |
| ref: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_branch || github.ref }} | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Synchronize with auto-fix commits | |
| if: github.event_name == 'workflow_run' | |
| run: | | |
| echo "🔄 Synchronizing repository with auto-fix commits..." | |
| echo "Target branch: ${{ github.event.workflow_run.head_branch }}" | |
| echo "Trigger SHA: ${{ github.event.workflow_run.head_sha }}" | |
| # Force fetch latest changes | |
| git fetch origin ${{ github.event.workflow_run.head_branch }} | |
| # Check for new commits beyond trigger SHA | |
| LATEST_SHA=$(git rev-parse origin/${{ github.event.workflow_run.head_branch }}) | |
| TRIGGER_SHA="${{ github.event.workflow_run.head_sha }}" | |
| echo "Latest SHA: $LATEST_SHA" | |
| echo "Trigger SHA: $TRIGGER_SHA" | |
| if [ "$LATEST_SHA" != "$TRIGGER_SHA" ]; then | |
| echo "✅ Auto-fix commits detected - synchronizing..." | |
| git reset --hard origin/${{ github.event.workflow_run.head_branch }} | |
| echo "Repository synchronized to: $(git rev-parse HEAD)" | |
| else | |
| echo "ℹ️ No auto-fix commits found - proceeding with trigger SHA" | |
| fi | |
| # Verify we have the latest code | |
| echo "Final commit: $(git log -1 --oneline)" | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install dependencies | |
| run: | | |
| echo "📦 Installing npm dependencies..." | |
| npm install --verbose | |
| echo "✅ Dependencies installed successfully" | |
| - name: Verify auto-fix synchronization (post-install) | |
| if: github.event_name == 'workflow_run' | |
| run: | | |
| echo "🔍 Verifying auto-fix synchronization after dependency installation..." | |
| # Now that dependencies are installed, we can run lint to verify fixes | |
| if npm run lint --silent; then | |
| echo "✅ Code quality verified - auto-fixes are properly synchronized" | |
| else | |
| echo "⚠️ Lint issues detected - checking for delayed propagation..." | |
| # Wait up to 30 seconds for any remaining commit propagation | |
| for i in {1..6}; do | |
| echo "Attempt $i/6: Re-fetching latest changes..." | |
| git fetch origin ${{ github.event.workflow_run.head_branch }} | |
| git reset --hard origin/${{ github.event.workflow_run.head_branch }} | |
| if npm run lint --silent; then | |
| echo "✅ Auto-fixes synchronized successfully after retry" | |
| break | |
| fi | |
| if [ $i -eq 6 ]; then | |
| echo "❌ Auto-fix synchronization verification failed after 30 seconds" | |
| echo "This indicates either:" | |
| echo " 1. Auto-fix workflow didn't actually fix the issues" | |
| echo " 2. There are new lint issues not covered by auto-fix" | |
| echo " 3. Synchronization is still incomplete" | |
| echo "" | |
| echo "Running lint with full output for debugging:" | |
| npm run lint || true | |
| exit 1 | |
| fi | |
| sleep 5 | |
| done | |
| fi | |
| - name: Display dependency tree | |
| run: | | |
| echo "📳 Dependency tree overview:" | |
| npm list --depth=0 || true | |
| echo "" | |
| - name: Security Audit | |
| run: | | |
| echo "🔒 Running comprehensive npm security audit..." | |
| echo "🔍 Audit level: moderate (catches moderate and high severity)" | |
| npm audit --audit-level=moderate | |
| echo "✅ Security audit completed - no vulnerabilities found" | |
| - name: Show npm audit summary | |
| if: failure() | |
| run: | | |
| echo "⚠️ Security audit failed - showing detailed report:" | |
| npm audit || true | |
| echo "" | |
| echo "🔧 Available fixes:" | |
| npm audit fix --dry-run || true | |
| - name: Run tests | |
| run: | | |
| echo "🧪 Running test suite..." | |
| npm test | |
| echo "✅ All tests passed" | |
| - name: Run lint | |
| run: | | |
| echo "🔍 Running ESLint code quality checks..." | |
| npm run lint | |
| echo "✅ Code quality checks passed" | |
| - name: Build summary | |
| if: success() | |
| run: | | |
| echo "🎉 Build completed successfully!" | |
| echo "✅ Dependencies: Installed" | |
| echo "✅ Security: No vulnerabilities" | |
| echo "✅ Tests: All passing" | |
| echo "✅ Linting: No issues" | |
| if [ "${{ github.event_name }}" == "workflow_run" ]; then | |
| echo "✅ Auto-fix: Completed before CI/CD" | |
| fi |