security #56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Fullstack Tasks Application Pipeline | |
# Trigger the workflow | |
on: | |
push: | |
branches: | |
- "**" # Matches every branch for push events | |
pull_request: | |
branches: | |
- "**" # Matches every branch for pull request events | |
jobs: | |
# Step: Cache and Install Frontend Dependencies | |
npm-frontend: | |
uses: SAINIAbhishek/shared-workflows/.github/workflows/cache-install-dependencies.yml@main | |
with: | |
node-version: "20.17.0" | |
lock-file: "frontend/package-lock.json" | |
cache-path: "frontend/node_modules" | |
cache-key-prefix: "frontend" | |
working-directory: "./frontend" | |
# Step: Cache and Install Server Dependencies | |
npm-server: | |
uses: SAINIAbhishek/shared-workflows/.github/workflows/cache-install-dependencies.yml@main | |
with: | |
node-version: "20.17.0" | |
lock-file: "server/package-lock.json" | |
cache-path: "server/node_modules" | |
cache-key-prefix: "server" | |
working-directory: "./server" | |
# Step: Lint the Frontnend code | |
lint-frontend: | |
needs: [npm-frontend] # Wait for dependencies to be installed before linting | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
# Restore Frontend Node.js Modules cache | |
- name: Restore Frontend Node.js Modules Cache | |
uses: actions/cache@v3 | |
with: | |
path: frontend/node_modules | |
key: ${{ runner.os }}-frontend-${{ hashFiles('frontend/package-lock.json') }} | |
# Lint the frontend code | |
- name: Lint Frontend Code | |
run: npm run lint | |
working-directory: ./frontend | |
# Step: Lint the Server code | |
lint-server: | |
needs: [npm-server] # Wait for dependencies to be installed before linting | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
# Restore Server Node.js Modules cache | |
- name: Restore Server Node.js Modules Cache | |
uses: actions/cache@v3 | |
with: | |
path: server/node_modules | |
key: ${{ runner.os }}-server-${{ hashFiles('server/package-lock.json') }} | |
# Lint the server code | |
- name: Lint Server Code | |
run: npm run eslint | |
working-directory: ./server | |
# Step: Formatting Frontend job | |
format-frontend: | |
needs: [npm-frontend] # Dependencies must be installed before formatting | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
# Restore Frontend Node.js Modules cache | |
- name: Restore Frontend Node.js Modules Cache | |
uses: actions/cache@v3 | |
with: | |
path: frontend/node_modules | |
key: ${{ runner.os }}-frontend-${{ hashFiles('frontend/package-lock.json') }} | |
# Format the frontend code with Prettier | |
- name: Check Frontend Code Formatting with Prettier | |
run: npm run prettier | |
working-directory: ./frontend | |
# Step: Security audit Frontend | |
security-frontend: | |
needs: [npm-frontend] | |
uses: SAINIAbhishek/shared-workflows/.github/workflows/security-audit.yml@main | |
with: | |
node-version: "20.17.0" | |
lock-file: "frontend/package-lock.json" | |
cache-path: "frontend/node_modules" | |
cache-key-prefix: "frontend" | |
working-directory: "./frontend" | |
# Step: Security audit Server | |
security-server: | |
needs: [npm-server] | |
uses: SAINIAbhishek/shared-workflows/.github/workflows/security-audit.yml@main | |
with: | |
node-version: "20.17.0" | |
lock-file: "server/package-lock.json" | |
cache-path: "server/node_modules" | |
cache-key-prefix: "server" | |
working-directory: "./server" | |
# Step: Run unit tests | |
test-frontend: | |
needs: [lint-frontend, format-frontend] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
# Restore Frontend Node.js Modules cache | |
- name: Restore Frontend Node.js Modules Cache | |
uses: actions/cache@v3 | |
with: | |
path: frontend/node_modules | |
key: ${{ runner.os }}-frontend-${{ hashFiles('frontend/package-lock.json') }} | |
# Run frontend unit tests | |
- name: Run Frontend Unit Tests | |
run: npm run test:coverage | |
working-directory: ./frontend | |
env: | |
CI: true # Ensures Vitest runs in Continuous Integration mode | |
# Step: Build the Frontend project | |
build-frontend: | |
needs: test-frontend | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
# Restore Frontend Node.js Modules cache | |
- name: Restore Frontend Node.js Modules Cache | |
uses: actions/cache@v3 | |
with: | |
path: frontend/node_modules | |
key: ${{ runner.os }}-frontend-${{ hashFiles('frontend/package-lock.json') }} | |
- name: Build Frontend for Production | |
run: npm run build:prod | |
working-directory: ./frontend | |
env: | |
NODE_ENV: production | |
APP_API_BASE_URL: ${{ vars.APP_API_BASE_URL }} | |
APP_LOGGING: ${{ vars.APP_LOGGING }} | |
APP_PORT: ${{ vars.FRONTEND_APP_PORT }} | |
- name: Save Frontend Build Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: frontend-build | |
path: frontend/dist | |
# Step: Build the Server project | |
build-server: | |
needs: [lint-server] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
# Restore Server Node.js Modules cache | |
- name: Restore Server Node.js Modules Cache | |
uses: actions/cache@v3 | |
with: | |
path: server/node_modules | |
key: ${{ runner.os }}-server-${{ hashFiles('server/package-lock.json') }} | |
- name: Build Server for Production | |
run: npm run build | |
working-directory: ./server | |
env: | |
NODE_ENV: production | |
PORT: ${{ vars.API_PORT }} | |
MONGO_URI: ${{ vars.MONGO_URI }} | |
MONGO_DB_HOST: ${{ vars.MONGO_DB_HOST }} | |
TOKEN_ISSUER: ${{ vars.TOKEN_ISSUER}} | |
TOKEN_AUDIENCE: ${{ vars.TOKEN_AUDIENCE}} | |
CORS_URL: ${{ vars.CORS_URL}} | |
FRONTEND_RESET_URL: ${{ vars.FRONTEND_RESET_URL}} | |
API_VERSION: ${{ vars.API_VERSION}} | |
ACCESS_TOKEN_SECRET_KEY: ${{ secrets.ACCESS_TOKEN_SECRET_KEY}} | |
MAILTRAP_TESTING_PASSWORD: ${{ secrets.MAILTRAP_TESTING_PASSWORD}} | |
MAILTRAP_TESTING_USERNAME: ${{ secrets.MAILTRAP_TESTING_USERNAME}} | |
REFRESH_TOKEN_SECRET_KEY: ${{ secrets.REFRESH_TOKEN_SECRET_KEY}} | |
- name: Save Server Build Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: server-build | |
path: server/build |