gui.do
Barazo AppView backend
barazo.forum
1name: CI
2
3on:
4 pull_request:
5 branches: [main]
6 paths:
7 - 'src/**'
8 - 'tests/**'
9 - 'package.json'
10 - 'pnpm-lock.yaml'
11 - 'tsconfig.json'
12 - 'vitest.config*.ts'
13 - 'drizzle/**'
14 - 'drizzle.config.ts'
15 - '.github/workflows/ci.yml'
16 - '.github/actions/**'
17 push:
18 branches: [main]
19
20concurrency:
21 group: ${{ github.workflow }}-${{ github.ref }}
22 cancel-in-progress: true
23
24permissions:
25 contents: read
26
27jobs:
28 lint:
29 name: Lint
30 runs-on: ubuntu-latest
31 timeout-minutes: 10
32 steps:
33 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
34 - uses: ./.github/actions/setup
35 - run: pnpm lint
36
37 typecheck:
38 name: Type Check
39 runs-on: ubuntu-latest
40 timeout-minutes: 10
41 steps:
42 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
43 - uses: ./.github/actions/setup
44 - run: pnpm typecheck
45
46 test:
47 name: Unit Tests (${{ matrix.shard }}/3)
48 runs-on: ubuntu-latest
49 timeout-minutes: 15
50 needs: [lint, typecheck]
51 strategy:
52 fail-fast: false
53 matrix:
54 shard: [1, 2, 3]
55 steps:
56 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
57 - uses: ./.github/actions/setup
58 - run: pnpm vitest run --shard=${{ matrix.shard }}/3
59
60 test-integration:
61 name: Integration Tests
62 runs-on: ubuntu-latest
63 timeout-minutes: 30
64 needs: [test]
65 services:
66 postgres:
67 image: pgvector/pgvector:pg16
68 env:
69 POSTGRES_USER: barazo
70 POSTGRES_PASSWORD: barazo_dev
71 POSTGRES_DB: barazo
72 ports:
73 - 5432:5432
74 options: >-
75 --health-cmd "pg_isready -U barazo"
76 --health-interval 10s
77 --health-timeout 5s
78 --health-retries 5
79 valkey:
80 image: valkey/valkey:8-alpine
81 ports:
82 - 6379:6379
83 options: >-
84 --health-cmd "valkey-cli ping"
85 --health-interval 10s
86 --health-timeout 5s
87 --health-retries 3
88 steps:
89 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
90 - uses: ./.github/actions/setup
91 - run: pnpm db:migrate
92 env:
93 DATABASE_URL: postgresql://barazo:barazo_dev@localhost:5432/barazo
94 - run: pnpm test:integration
95 env:
96 DATABASE_URL: postgresql://barazo:barazo_dev@localhost:5432/barazo
97 VALKEY_URL: redis://localhost:6379
98 TAP_URL: http://localhost:2480
99 TAP_ADMIN_PASSWORD: tap_dev_secret
100
101 build:
102 name: Build
103 runs-on: ubuntu-latest
104 timeout-minutes: 15
105 steps:
106 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
107 - uses: ./.github/actions/setup
108 - run: pnpm build
109
110 schema-check:
111 name: Schema Drift Check
112 runs-on: ubuntu-latest
113 timeout-minutes: 10
114 needs: [lint]
115 steps:
116 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
117 - uses: ./.github/actions/setup
118 - name: Check for uncommitted schema changes
119 run: |
120 pnpm db:generate --name=ci-check
121 if [ -n "$(git status --porcelain drizzle/)" ]; then
122 echo "::error::Schema changes detected but no migration committed."
123 echo "Run 'pnpm db:generate' locally and commit the result."
124 git diff drizzle/
125 exit 1
126 fi
127 echo "Schema is in sync with migrations."
128
129 security:
130 name: Security Scan
131 runs-on: ubuntu-latest
132 timeout-minutes: 10
133 steps:
134 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
135 - uses: ./.github/actions/setup
136 - name: Security audit with retry
137 run: |
138 for attempt in 1 2 3; do
139 output=$(pnpm audit --audit-level=high --prod 2>&1) && { echo "$output"; exit 0; }
140 if echo "$output" | grep -q "ERR_PNPM_AUDIT_BAD_RESPONSE\|ECONNREFUSED\|ETIMEDOUT\|EAI_AGAIN"; then
141 echo "::warning::Audit registry unavailable (attempt $attempt/3), retrying in 15s..."
142 sleep 15
143 else
144 echo "$output"
145 exit 1
146 fi
147 done
148 echo "::warning::Audit registry unavailable after 3 attempts, skipping"