name: CI/CD Pipeline on: push: branches: [main, develop] pull_request: branches: [main, develop] permissions: contents: read jobs: test: name: Test & Lint runs-on: ubuntu-latest env: DATABASE_URL: "postgresql://postgres:password@localhost:5432/widgetdc_test" REDIS_URL: "redis://localhost:6379" services: postgres: image: pgvector/pgvector:pg16 env: POSTGRES_USER: postgres POSTGRES_PASSWORD: password POSTGRES_DB: widgetdc_test ports: - 5432:5432 options: >- --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 redis: image: redis:alpine ports: - 6379:6379 options: >- --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5 permissions: contents: read strategy: matrix: node-version: [20.x] fail-fast: false steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: "npm" - name: Install dependencies run: npm ci --legacy-peer-deps - name: Generate Prisma Client run: cd apps/backend && npx prisma generate - name: Run linter continue-on-error: true run: npm run lint - name: Check formatting continue-on-error: true run: npm run format:check - name: Run tests run: npm run test:run - name: Report Test Failure if: failure() run: echo "::error::Tests failed on Node ${{ matrix.node-version }}" build: name: Build runs-on: ubuntu-latest if: always() permissions: contents: read steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: "20.x" cache: "npm" - name: Install dependencies run: npm ci --legacy-peer-deps - name: Generate Prisma Client run: cd apps/backend && npx prisma generate - name: Build application run: npm run build - name: Report Build Failure if: failure() run: echo "::error::Build failed - check logs for details" frontend-ci: name: Frontend CI (Lint + TypeCheck + Build) runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: "20.x" cache: "npm" - name: Install dependencies run: npm ci --legacy-peer-deps - name: TypeCheck frontend run: npm run typecheck:frontend # Note: continue-on-error allows warnings while maintaining visibility. # Existing warnings are tracked; new lint errors will show in PR annotations. - name: Lint frontend continue-on-error: true run: npm run lint:frontend - name: Build frontend run: npm run build:frontend - name: Report Frontend Build Failure if: failure() run: echo "::error::Frontend build failed" security: name: Security Scan runs-on: ubuntu-latest if: always() permissions: contents: read security-events: write steps: - name: Checkout code uses: actions/checkout@v4 - name: Run npm audit run: npm audit --audit-level=moderate --legacy-peer-deps || true - name: Upload audit results if: always() run: npm audit --json --legacy-peer-deps > audit-results.json || true - name: Upload audit artifacts if: always() uses: actions/upload-artifact@v4 with: name: security-audit path: audit-results.json retention-days: 30