# LocalGreenChain CI Pipeline # Combined: Agent 4 (Production Deployment) + Agent 5 (Testing) # # Runs on every push and pull request: # - Linting, formatting, and type checking # - Unit and integration tests # - E2E tests with Cypress # - Build verification # - Docker build (main branch only) # - Security scanning name: CI on: push: branches: [main, develop] pull_request: branches: [main, develop] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: NODE_ENV: test NODE_VERSION: '18' jobs: # ========================================================================== # Lint and Type Check # ========================================================================== lint: name: Lint & Format runs-on: ubuntu-latest timeout-minutes: 10 steps: - uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v1 with: bun-version: latest - name: Install dependencies run: bun install --frozen-lockfile - name: Run ESLint run: bun run lint - name: Check formatting run: bun run format:check type-check: name: Type Check runs-on: ubuntu-latest timeout-minutes: 10 steps: - uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v1 with: bun-version: latest - name: Install dependencies run: bun install --frozen-lockfile - name: Run TypeScript type checking run: bun run type-check # ========================================================================== # Unit Tests # ========================================================================== test: name: Unit & Integration Tests runs-on: ubuntu-latest timeout-minutes: 15 steps: - uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v1 with: bun-version: latest - name: Install dependencies run: bun install --frozen-lockfile - name: Run tests with coverage run: bun run test:ci - name: Upload test results uses: actions/upload-artifact@v4 if: always() with: name: test-results path: | coverage/ junit.xml retention-days: 30 # ========================================================================== # Build # ========================================================================== build: name: Build runs-on: ubuntu-latest timeout-minutes: 15 needs: [lint, type-check, test] steps: - uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v1 with: bun-version: latest - name: Install dependencies run: bun install --frozen-lockfile - name: Build application run: bun run build env: NEXT_TELEMETRY_DISABLED: 1 - name: Upload build artifacts uses: actions/upload-artifact@v4 with: name: build-output path: .next/ retention-days: 7 # ========================================================================== # E2E Tests # ========================================================================== e2e: name: E2E Tests runs-on: ubuntu-latest timeout-minutes: 20 needs: build steps: - uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v1 with: bun-version: latest - name: Install dependencies run: bun install --frozen-lockfile - name: Download build artifacts uses: actions/download-artifact@v4 with: name: build-output path: .next/ - name: Run Cypress tests uses: cypress-io/github-action@v6 with: start: bun run start wait-on: 'http://localhost:3001' wait-on-timeout: 120 browser: chrome record: false - name: Upload Cypress screenshots uses: actions/upload-artifact@v4 if: failure() with: name: cypress-screenshots path: cypress/screenshots retention-days: 7 - name: Upload Cypress videos uses: actions/upload-artifact@v4 if: failure() with: name: cypress-videos path: cypress/videos retention-days: 7 # ========================================================================== # Docker Build (only on main branch) # ========================================================================== docker: name: Docker Build runs-on: ubuntu-latest timeout-minutes: 20 needs: [build] if: github.ref == 'refs/heads/main' steps: - uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build Docker image uses: docker/build-push-action@v5 with: context: . push: false tags: localgreenchain:${{ github.sha }} cache-from: type=gha cache-to: type=gha,mode=max # ========================================================================== # Security Scan # ========================================================================== security: name: Security Scan runs-on: ubuntu-latest timeout-minutes: 10 needs: [lint] steps: - uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v1 with: bun-version: latest - name: Install dependencies run: bun install --frozen-lockfile - name: Run security audit run: bun pm audit || true continue-on-error: true - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: '.' severity: 'CRITICAL,HIGH' exit-code: '0'