fix: create log directory with proper permissions #242
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| jobs: | |
| lint-backend: | |
| name: Lint Backend (Go) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.23' | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| version: latest | |
| working-directory: backend | |
| args: --timeout=5m | |
| build-backend: | |
| name: Build Backend | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.23' | |
| - name: Build backend | |
| working-directory: ./backend | |
| run: go build -v -o sidechain-backend ./cmd/server | |
| - name: Upload backend artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sidechain-backend | |
| path: backend/sidechain-backend | |
| retention-days: 5 | |
| test-backend: | |
| name: Test Backend | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Start Docker Compose Services | |
| run: | | |
| cd backend | |
| docker compose up -d | |
| # Wait for all services to be healthy (30 second timeout) | |
| echo "Waiting for services to be healthy..." | |
| for i in {1..30}; do | |
| HEALTHY=$(docker compose ps | grep -c "healthy" || true) | |
| if [ "$HEALTHY" -ge 4 ]; then | |
| echo "✅ Services are healthy" | |
| break | |
| fi | |
| echo "Waiting... ($i/30)" | |
| sleep 1 | |
| done | |
| # List running services | |
| echo "" | |
| echo "Running services:" | |
| docker compose ps | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.23' | |
| - name: Run Backend Tests | |
| working-directory: ./backend | |
| run: | | |
| # Fix vendor directory if it exists | |
| if [ -d "vendor" ]; then | |
| go mod vendor | |
| fi | |
| go test ./... -v -race -coverprofile=coverage.out -covermode=atomic | |
| - name: Stop Docker Compose Services | |
| if: always() | |
| run: | | |
| cd backend | |
| docker compose down -v | |
| - name: Upload Coverage to Codecov | |
| uses: codecov/codecov-action@v5 | |
| if: always() | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: backend/coverage.out | |
| flags: backend | |
| name: backend-coverage | |
| fail_ci_if_error: false | |
| verbose: true | |
| build-plugin-debug: | |
| name: Build Plugin (Debug) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Install Dependencies | |
| uses: ./.github/actions/install-deps | |
| - name: Restore Build Cache | |
| uses: ./.github/actions/restore-build-cache | |
| with: | |
| arch: x86_64 | |
| - name: Configure CMake | |
| run: cmake -S plugin -B plugin/build -G Ninja -DCMAKE_BUILD_TYPE=Debug | |
| - name: Build Plugin | |
| run: | | |
| # Limit parallel jobs on Linux to avoid OOM | |
| cmake --build plugin/build --config Debug --parallel 2 | |
| - name: Save Build Cache | |
| if: always() | |
| uses: ./.github/actions/save-build-cache | |
| with: | |
| arch: x86_64 | |
| static-analysis-cpp: | |
| name: Static Analysis (C++) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install cppcheck | |
| run: sudo apt-get install -y cppcheck | |
| - name: Run cppcheck | |
| run: | | |
| cppcheck --version | |
| cppcheck plugin/src \ | |
| --enable=all \ | |
| --suppress=missingIncludeSystem \ | |
| --suppress=unusedFunction \ | |
| --error-exitcode=1 | |
| continue-on-error: true | |
| code-quality: | |
| name: Code Quality Checks | |
| runs-on: ubuntu-latest | |
| needs: [test-backend, build-backend] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Check for large files | |
| run: | | |
| # Warn if any file is larger than 1MB | |
| find . -type f -size +1M \ | |
| ! -path "./.git/*" \ | |
| ! -path "./.github/*" \ | |
| ! -path "./plugin/build/*" \ | |
| ! -path "./backend/build/*" \ | |
| ! -path "./vendor/*" \ | |
| ! -path "./node_modules/*" \ | |
| -exec echo "Large file: {}" \; | |
| continue-on-error: true | |
| - name: Check for TODO comments | |
| working-directory: ./ | |
| run: | | |
| echo "=== TODO comments in code ===" | |
| grep -r "TODO\|FIXME\|HACK" plugin/src/ backend/internal backend/cmd web/src cli/internal cli/pkg || echo "None found" | |
| continue-on-error: true | |
| - name: Check for hardcoded secrets | |
| run: | | |
| if grep -r "password\s*=" . --include="*.go" --include="*.cpp" --include="*.h" | \ | |
| grep -v ".env.example" | grep -v "vendor/" | grep -v "test"; then | |
| echo "Warning: Potential hardcoded secrets found" | |
| exit 1 | |
| fi | |
| continue-on-error: true | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| continue-on-error: true | |
| - name: Upload Trivy results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| continue-on-error: true | |
| # Final status check | |
| ci-status: | |
| name: CI Status | |
| runs-on: ubuntu-latest | |
| needs: [test-backend, lint-backend, build-backend, build-plugin-debug] | |
| if: always() | |
| steps: | |
| - name: Check CI Status | |
| run: | | |
| if [ "${{ needs.test-backend.result }}" != "success" ]; then | |
| echo "❌ Backend tests failed" | |
| exit 1 | |
| fi | |
| if [ "${{ needs.lint-backend.result }}" != "success" ]; then | |
| echo "❌ Linting failed" | |
| exit 1 | |
| fi | |
| if [ "${{ needs.build-backend.result }}" != "success" ]; then | |
| echo "❌ Backend build failed" | |
| exit 1 | |
| fi | |
| if [ "${{ needs.build-plugin-debug.result }}" != "success" ]; then | |
| echo "❌ Plugin build failed" | |
| exit 1 | |
| fi | |
| echo "✅ All CI checks passed" |