name: LabFusion CI/CD Pipeline on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] env: REGISTRY: gitea.example.com IMAGE_PREFIX: labfusion jobs: # Java Spring Boot API Gateway api-gateway: runs-on: [self-hosted, heavy, java] defaults: run: working-directory: ./services/api-gateway steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v4 with: java-version: '17' distribution: 'temurin' - name: Cache Maven dependencies uses: actions/cache@v4 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 - name: Run tests run: mvn test - name: Run code quality checks run: mvn spotbugs:check checkstyle:check - name: Build application run: mvn clean package -DskipTests - name: Build Docker image (test only) run: docker build -t api-gateway:test . # Python FastAPI Service Adapters service-adapters: runs-on: [self-hosted, heavy, python] defaults: run: working-directory: ./services/service-adapters steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python 3.11 uses: actions/setup-python@v4 with: python-version: '3.11' - name: Cache pip dependencies uses: actions/cache@v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} restore-keys: ${{ runner.os }}-pip - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt pip install pytest pytest-cov flake8 black isort - name: Run code formatting check run: | black --check . isort --check-only . - name: Run linting run: flake8 . --count --max-complexity=10 --max-line-length=150 - name: Run tests run: | pytest --cov=. --cov-report=xml --cov-report=html - name: Upload coverage reports uses: codecov/codecov-action@v3 with: file: ./coverage.xml flags: service-adapters - name: Build Docker image (test only) run: docker build -t service-adapters:test . # Node.js API Documentation Service api-docs: runs-on: [self-hosted, light, nodejs] defaults: run: working-directory: ./services/api-docs steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Node.js 18 uses: actions/setup-node@v4 with: node-version: '18' - name: Cache npm dependencies uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-node-18-${{ hashFiles('services/api-docs/package-lock.json') }} restore-keys: | ${{ runner.os }}-node-18- ${{ runner.os }}-node- - name: Install dependencies run: | if [ -f package-lock.json ]; then npm ci else npm install fi - name: Run linting run: npm run lint - name: Run tests run: npm test - name: Build application run: npm run build - name: Build Docker image (test only) run: docker build -t api-docs:test . # React Frontend frontend: runs-on: [self-hosted, light, frontend] defaults: run: working-directory: ./frontend steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Node.js 18 uses: actions/setup-node@v4 with: node-version: '18' - name: Cache npm dependencies uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-node-18-${{ hashFiles('frontend/package-lock.json') }} restore-keys: | ${{ runner.os }}-node-18- ${{ runner.os }}-node- - name: Install dependencies run: | if [ -f package-lock.json ]; then npm ci else npm install fi - name: Run linting run: npm run lint - name: Run tests run: npm test -- --coverage --watchAll=false - name: Build application run: npm run build - name: Build Docker image (test only) run: docker build -t frontend:test . # Integration Tests integration-tests: runs-on: [self-hosted, docker, integration] needs: [api-gateway, service-adapters, api-docs, frontend] steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Start services with Docker Compose run: | docker-compose -f docker-compose.dev.yml up -d sleep 30 # Wait for services to start - name: Run integration tests run: | # Test API Gateway health curl -f http://localhost:8080/actuator/health || exit 1 # Test Service Adapters health curl -f http://localhost:8000/health || exit 1 # Test API Docs health curl -f http://localhost:3000/health || exit 1 # Test Frontend build curl -f http://localhost:3001 || exit 1 - name: Stop services if: always() run: docker-compose -f docker-compose.dev.yml down # Security and Quality Gates security-scan: runs-on: [self-hosted, security, scan] needs: [api-gateway, service-adapters, api-docs, frontend] steps: - name: Checkout code uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy scan results uses: github/codeql-action/upload-sarif@v2 if: always() with: sarif_file: 'trivy-results.sarif'