Skip to content
CI

Fix Prometheus config mount for deployment #230

Sign in to view logs

Fix Prometheus config mount for deployment

Fix Prometheus config mount for deployment #230

Workflow file for this run

.github/workflows/ci.yml at 9c88ae3
name: CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
jobs:
lint-backend:
name: Lint Backend (Go)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.23'
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
version: latest
working-directory: backend
args: --timeout=5m
build-backend:
name: Build Backend
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.23'
- name: Build backend
working-directory: ./backend
run: go build -v -o sidechain-backend ./cmd/server
- name: Upload backend artifact
uses: actions/upload-artifact@v4
with:
name: sidechain-backend
path: backend/sidechain-backend
retention-days: 5
test-backend:
name: Test Backend
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Start Docker Compose Services
run: |
cd backend
docker compose up -d
# Wait for all services to be healthy (30 second timeout)
echo "Waiting for services to be healthy..."
for i in {1..30}; do
HEALTHY=$(docker compose ps | grep -c "healthy" || true)
if [ "$HEALTHY" -ge 4 ]; then
echo "✅ Services are healthy"
break
fi
echo "Waiting... ($i/30)"
sleep 1
done
# List running services
echo ""
echo "Running services:"
docker compose ps
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.23'
- name: Run Backend Tests
working-directory: ./backend
run: |
# Fix vendor directory if it exists
if [ -d "vendor" ]; then
go mod vendor
fi
go test ./... -v -race -coverprofile=coverage.out -covermode=atomic
- name: Stop Docker Compose Services
if: always()
run: |
cd backend
docker compose down -v
- name: Upload Coverage to Codecov
uses: codecov/codecov-action@v5
if: always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: backend/coverage.out
flags: backend
name: backend-coverage
fail_ci_if_error: false
verbose: true
build-plugin-debug:
name: Build Plugin (Debug)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Dependencies
uses: ./.github/actions/install-deps
- name: Restore Build Cache
uses: ./.github/actions/restore-build-cache
with:
arch: x86_64
- name: Configure CMake
run: cmake -S plugin -B plugin/build -G Ninja -DCMAKE_BUILD_TYPE=Debug
- name: Build Plugin
run: |
# Limit parallel jobs on Linux to avoid OOM
cmake --build plugin/build --config Debug --parallel 2
- name: Save Build Cache
if: always()
uses: ./.github/actions/save-build-cache
with:
arch: x86_64
static-analysis-cpp:
name: Static Analysis (C++)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install cppcheck
run: sudo apt-get install -y cppcheck
- name: Run cppcheck
run: |
cppcheck --version
cppcheck plugin/src \
--enable=all \
--suppress=missingIncludeSystem \
--suppress=unusedFunction \
--error-exitcode=1
continue-on-error: true
code-quality:
name: Code Quality Checks
runs-on: ubuntu-latest
needs: [test-backend, build-backend]
steps:
- uses: actions/checkout@v4
- name: Check for large files
run: |
# Warn if any file is larger than 1MB
find . -type f -size +1M \
! -path "./.git/*" \
! -path "./.github/*" \
! -path "./plugin/build/*" \
! -path "./backend/build/*" \
! -path "./vendor/*" \
! -path "./node_modules/*" \
-exec echo "Large file: {}" \;
continue-on-error: true
- name: Check for TODO comments
working-directory: ./
run: |
echo "=== TODO comments in code ==="
grep -r "TODO\|FIXME\|HACK" plugin/src/ backend/internal backend/cmd web/src cli/internal cli/pkg || echo "None found"
continue-on-error: true
- name: Check for hardcoded secrets
run: |
if grep -r "password\s*=" . --include="*.go" --include="*.cpp" --include="*.h" | \
grep -v ".env.example" | grep -v "vendor/" | grep -v "test"; then
echo "Warning: Potential hardcoded secrets found"
exit 1
fi
continue-on-error: true
security:
name: Security Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
continue-on-error: true
- name: Upload Trivy results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
continue-on-error: true
# Final status check
ci-status:
name: CI Status
runs-on: ubuntu-latest
needs: [test-backend, lint-backend, build-backend, build-plugin-debug]
if: always()
steps:
- name: Check CI Status
run: |
if [ "${{ needs.test-backend.result }}" != "success" ]; then
echo "❌ Backend tests failed"
exit 1
fi
if [ "${{ needs.lint-backend.result }}" != "success" ]; then
echo "❌ Linting failed"
exit 1
fi
if [ "${{ needs.build-backend.result }}" != "success" ]; then
echo "❌ Backend build failed"
exit 1
fi
if [ "${{ needs.build-plugin-debug.result }}" != "success" ]; then
echo "❌ Plugin build failed"
exit 1
fi
echo "✅ All CI checks passed"