diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml index 9a58103..5bd3a4c 100644 --- a/.gitea/workflows/ci-cd.yml +++ b/.gitea/workflows/ci-cd.yml @@ -14,64 +14,64 @@ env: jobs: # Job 1: Lint and Test - test: - name: ๐Ÿงช Test & Lint - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 + # test: + # name: ๐Ÿงช Test & Lint + # runs-on: ubuntu-latest + # steps: + # - name: Checkout code + # uses: actions/checkout@v4 - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: ${{ env.NODE_VERSION }} - cache: 'npm' + # - name: Setup Node.js + # uses: actions/setup-node@v4 + # with: + # node-version: ${{ env.NODE_VERSION }} + # cache: 'npm' - - name: Install dependencies - run: npm ci + # - name: Install dependencies + # run: npm ci - - name: Run linting - run: npm run lint + # - name: Run linting + # run: npm run lint - - name: Run tests - run: npm run test:coverage + # - name: Run tests + # run: npm run test:coverage - - name: Upload test results - uses: actions/upload-artifact@v3 - if: always() - with: - name: test-results - path: | - coverage/ - test-results.xml + # - name: Upload test results + # uses: actions/upload-artifact@v3 + # if: always() + # with: + # name: test-results + # path: | + # coverage/ + # test-results.xml - # Job 2: Security Scan - security: - name: ๐Ÿ”’ Security Scan - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 + # # Job 2: Security Scan + # security: + # name: ๐Ÿ”’ Security Scan + # runs-on: ubuntu-latest + # steps: + # - name: Checkout code + # uses: actions/checkout@v4 - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: ${{ env.NODE_VERSION }} - cache: 'npm' + # - name: Setup Node.js + # uses: actions/setup-node@v4 + # with: + # node-version: ${{ env.NODE_VERSION }} + # cache: 'npm' - - name: Install dependencies - run: npm ci + # - name: Install dependencies + # run: npm ci - - name: Run security audit - run: npm audit --audit-level=high + # - name: Run security audit + # run: npm audit --audit-level=high - - name: Check for vulnerabilities - run: | - if npm audit --audit-level=moderate --json | jq '.vulnerabilities | length' | grep -v '^0$'; then - echo "Vulnerabilities found!" - npm audit --audit-level=moderate - exit 1 - fi + # - name: Check for vulnerabilities + # run: | + # if npm audit --audit-level=moderate --json | jq '.vulnerabilities | length' | grep -v '^0$'; then + # echo "Vulnerabilities found!" + # npm audit --audit-level=moderate + # exit 1 + # fi # Job 3: Build and Push Docker Image build: @@ -124,8 +124,12 @@ jobs: run: | # Install syft curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin - - # Login to registry (if needed) + echo "${{ secrets.HARBOR_TOKEN }}" + echo "${{ env.REGISTRY }}" + echo "${{ secrets.HARBOR_USERNAME }}" + echo "${{ env.IMAGE_NAME }}" + + # Login to registry - use the REGISTRY variable for the URL echo "${{ secrets.HARBOR_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.HARBOR_USERNAME }} --password-stdin # Generate SBOM using latest tag @@ -146,93 +150,93 @@ jobs: path: sbom.spdx.json # Job 4: Image Security Scan - scan: - name: ๐Ÿ›ก๏ธ Image Security Scan - runs-on: ubuntu-latest - needs: build - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - steps: - - name: Login to Harbor Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.HARBOR_USERNAME }} - password: ${{ secrets.HARBOR_TOKEN }} + # scan: + # name: ๐Ÿ›ก๏ธ Image Security Scan + # runs-on: ubuntu-latest + # needs: build + # if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + # steps: + # - name: Login to Harbor Registry + # uses: docker/login-action@v3 + # with: + # registry: ${{ env.REGISTRY }} + # username: ${{ secrets.HARBOR_USERNAME }} + # password: ${{ secrets.HARBOR_TOKEN }} - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} - format: 'sarif' - output: 'trivy-results.sarif' + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} + # format: 'sarif' + # output: 'trivy-results.sarif' - - name: Upload Trivy scan results - uses: actions/upload-artifact@v3 - with: - name: trivy-scan-results - path: trivy-results.sarif + # - name: Upload Trivy scan results + # uses: actions/upload-artifact@v3 + # with: + # name: trivy-scan-results + # path: trivy-results.sarif - - name: Check for HIGH/CRITICAL vulnerabilities - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} - format: 'json' - output: 'trivy-results.json' - exit-code: '1' - severity: 'HIGH,CRITICAL' + # - name: Check for HIGH/CRITICAL vulnerabilities + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} + # format: 'json' + # output: 'trivy-results.json' + # exit-code: '1' + # severity: 'HIGH,CRITICAL' - # Job 5: Deploy to Development - deploy-dev: - name: ๐Ÿš€ Deploy to Development - runs-on: ubuntu-latest - needs: [build, scan] - if: github.ref == 'refs/heads/develop' - environment: development - steps: - - name: Deploy to development environment - run: | - echo "๐Ÿš€ Deploying to development environment" - echo "Image: ${{ needs.build.outputs.image-tag }}" - echo "Digest: ${{ needs.build.outputs.image-digest }}" - # Add actual deployment commands here - # For example: kubectl, docker-compose, or API calls + # # Job 5: Deploy to Development + # deploy-dev: + # name: ๐Ÿš€ Deploy to Development + # runs-on: ubuntu-latest + # needs: [build, scan] + # if: github.ref == 'refs/heads/develop' + # environment: development + # steps: + # - name: Deploy to development environment + # run: | + # echo "๐Ÿš€ Deploying to development environment" + # echo "Image: ${{ needs.build.outputs.image-tag }}" + # echo "Digest: ${{ needs.build.outputs.image-digest }}" + # # Add actual deployment commands here + # # For example: kubectl, docker-compose, or API calls - # Job 6: Deploy to Production - deploy-prod: - name: ๐Ÿญ Deploy to Production - runs-on: ubuntu-latest - needs: [build, scan] - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' - environment: production - steps: - - name: Checkout code - uses: actions/checkout@v4 + # # Job 6: Deploy to Production + # deploy-prod: + # name: ๐Ÿญ Deploy to Production + # runs-on: ubuntu-latest + # needs: [build, scan] + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' + # environment: production + # steps: + # - name: Checkout code + # uses: actions/checkout@v4 - - name: Deploy to production - run: | - echo "๐Ÿญ Deploying to production environment" - echo "Image: ${{ needs.build.outputs.image-tag }}" - echo "Digest: ${{ needs.build.outputs.image-digest }}" + # - name: Deploy to production + # run: | + # echo "๐Ÿญ Deploying to production environment" + # echo "Image: ${{ needs.build.outputs.image-tag }}" + # echo "Digest: ${{ needs.build.outputs.image-digest }}" - # Example deployment script - # In a real scenario, you might: - # 1. SSH to your server - # 2. Pull the new image - # 3. Update docker-compose.yml - # 4. Restart the service - # 5. Run health checks + # # Example deployment script + # # In a real scenario, you might: + # # 1. SSH to your server + # # 2. Pull the new image + # # 3. Update docker-compose.yml + # # 4. Restart the service + # # 5. Run health checks - - name: Health check after deployment - run: | - echo "๐Ÿ” Running post-deployment health checks" - # Add health check commands here - # curl -f http://your-app-url/health || exit 1 + # - name: Health check after deployment + # run: | + # echo "๐Ÿ” Running post-deployment health checks" + # # Add health check commands here + # # curl -f http://your-app-url/health || exit 1 - - name: Notify deployment success - run: | - echo "โœ… Deployment completed successfully!" - echo "๐ŸŒ Application URL: https://your-domain.com" - echo "๐Ÿ“Š Monitoring: https://your-domain.com/health/detailed" + # - name: Notify deployment success + # run: | + # echo "โœ… Deployment completed successfully!" + # echo "๐ŸŒ Application URL: https://your-domain.com" + # echo "๐Ÿ“Š Monitoring: https://your-domain.com/health/detailed" # Job 7: Cleanup cleanup: