ihm_client/.gitea/workflows/ci.yml

name: CI/CD Pipeline

on:
  push:
    branches: [ main, develop, 4nk-node-integration ]
  pull_request:
    branches: [ main, develop ]

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
    - name: Setup SSH for Gitea
      run: |
        mkdir -p ~/.ssh
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
        chmod 600 ~/.ssh/id_rsa
        ssh-keyscan -H git.4nkweb.com >> ~/.ssh/known_hosts
        git config --global url."git@git.4nkweb.com:".insteadOf "https://git.4nkweb.com/"

    - name: Checkout code
      uses: actions/checkout@v3
      with:
        ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
        submodules: recursive

    - name: Setup Node.js
      uses: actions/setup-node@v3
      with:
        node-version: '20'
        cache: 'npm'

    - name: Install dependencies
      run: npm ci

    - name: Run linting
      run: npm run lint

    - name: Run type checking
      run: npm run type-check

    - name: Run tests
      run: npm run test

    - name: Build application
      run: npm run build

    - name: Test Docker build
      run: |
        docker build -f Dockerfile.4nk-node -t ihm-client:test .
        docker rmi ihm-client:test

  security:
    runs-on: ubuntu-latest
    needs: test

    steps:
    - name: Setup SSH for Gitea
      run: |
        mkdir -p ~/.ssh
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
        chmod 600 ~/.ssh/id_rsa
        ssh-keyscan -H git.4nkweb.com >> ~/.ssh/known_hosts
        git config --global url."git@git.4nkweb.com:".insteadOf "https://git.4nkweb.com/"

    - name: Checkout code
      uses: actions/checkout@v3
      with:
        ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}

    - name: Setup Node.js
      uses: actions/setup-node@v3
      with:
        node-version: '20'

    - name: Install dependencies
      run: npm ci

    - name: Run security audit
      run: npm audit --audit-level=moderate

    - name: Check for known vulnerabilities
      run: npm audit --audit-level=high

  integration-test:
    runs-on: ubuntu-latest
    needs: test

    steps:
    - name: Setup SSH for Gitea
      run: |
        mkdir -p ~/.ssh
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
        chmod 600 ~/.ssh/id_rsa
        ssh-keyscan -H git.4nkweb.com >> ~/.ssh/known_hosts
        git config --global url."git@git.4nkweb.com:".insteadOf "https://git.4nkweb.com/"

    - name: Checkout code
      uses: actions/checkout@v3
      with:
        ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}

    - name: Setup Docker Buildx
      uses: docker/setup-buildx-action@v2

    - name: Build and test Docker integration
      run: |
        docker build -f Dockerfile.4nk-node -t ihm-client:integration .
        docker run --rm -d --name ihm-client-test -p 8080:80 ihm-client:integration
        sleep 10
        curl -f http://localhost:8080 || exit 1
        docker stop ihm-client-test
        docker rmi ihm-client:integration