Merge dotnet+jest coverage via reportgenerator, publish a self-hosted coverage badge and build-status badges on the readme. Gitea remains the full pipeline (build/test/docker push/deploy-qa/smoke); GitHub only builds and tests since it has no registry secrets or qa runner. Reviewed-on: #5
96 lines
3.4 KiB
YAML
96 lines
3.4 KiB
YAML
# CI/CD pipeline for MicCheck. Read by both Gitea Actions and GitHub Actions
|
|
# (both look under .github/workflows/). Every non-checkout step just invokes a
|
|
# bash script under scripts/ci/, so the entire pipeline is reproducible by
|
|
# running the same scripts locally - no marketplace build/test/push actions.
|
|
#
|
|
# Gitea (origin) is the internal/testing remote and runs the full pipeline:
|
|
# build, test, docker push, deploy-to-qa, smoke test. GitHub is the public
|
|
# mirror and only needs to prove the code builds and tests pass - it has no
|
|
# registry secrets and no [self-hosted, qa] runner, so the docker push and
|
|
# deploy/smoke jobs are skipped there via the `github.server_url` check
|
|
# below (identical on both engines: https://github.com on GitHub, the Gitea
|
|
# instance URL on Gitea).
|
|
name: CI
|
|
|
|
on:
|
|
push:
|
|
paths-ignore: [badges/**]
|
|
|
|
jobs:
|
|
build-and-push:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
env:
|
|
REGISTRY: ${{ secrets.REGISTRY }}
|
|
REGISTRY_OWNER: ${{ secrets.REGISTRY_OWNER }}
|
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Build
|
|
run: ./scripts/ci/build.sh
|
|
|
|
- name: Test
|
|
run: ./scripts/ci/test.sh
|
|
|
|
- name: Coverage report
|
|
run: ./scripts/ci/coverage.sh
|
|
|
|
- name: Publish coverage badge
|
|
env:
|
|
GITHUB_TOKEN: ${{ github.token }}
|
|
run: ./scripts/ci/publish-coverage-badge.sh
|
|
|
|
- name: Build Docker images
|
|
if: github.server_url != 'https://github.com' && github.ref_name == 'main'
|
|
run: ./scripts/ci/docker-build.sh
|
|
|
|
- name: Push Docker images
|
|
if: github.server_url != 'https://github.com' && github.ref_name == 'main'
|
|
run: ./scripts/ci/docker-push.sh
|
|
|
|
deploy-qa:
|
|
needs: build-and-push
|
|
if: github.server_url != 'https://github.com' && github.ref_name == 'main'
|
|
runs-on: [self-hosted, qa]
|
|
env:
|
|
REGISTRY: ${{ secrets.REGISTRY }}
|
|
REGISTRY_OWNER: ${{ secrets.REGISTRY_OWNER }}
|
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }}
|
|
QA_ADMIN_PORT: ${{ vars.QA_ADMIN_PORT }}
|
|
steps:
|
|
# actions/checkout@v4 is a Node-based action; this runner has no node
|
|
# in PATH, so checkout plain git instead of via marketplace action.
|
|
- name: Checkout
|
|
run: |
|
|
git init -q .
|
|
git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
|
|
git -c http.extraheader="AUTHORIZATION: bearer ${{ github.token }}" fetch --depth=1 origin "${{ github.sha }}"
|
|
git checkout -q FETCH_HEAD
|
|
|
|
- name: Deploy to QA
|
|
run: ./scripts/ci/deploy-qa.sh
|
|
|
|
smoke-qa:
|
|
needs: deploy-qa
|
|
if: github.server_url != 'https://github.com'
|
|
runs-on: [self-hosted, qa]
|
|
env:
|
|
QA_ADMIN_PORT: ${{ vars.QA_ADMIN_PORT }}
|
|
steps:
|
|
# actions/checkout@v4 is a Node-based action; this runner has no node
|
|
# in PATH, so checkout plain git instead of via marketplace action.
|
|
- name: Checkout
|
|
run: |
|
|
git init -q .
|
|
git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
|
|
git -c http.extraheader="AUTHORIZATION: bearer ${{ github.token }}" fetch --depth=1 origin "${{ github.sha }}"
|
|
git checkout -q FETCH_HEAD
|
|
|
|
- name: Smoke test QA deployment
|
|
run: ./scripts/ci/smoke-qa.sh
|