ihm_client/.gitea/workflows/ci.yml

name: CI/CD Pipeline

on:
  push:
    branches: [ docker-support ]
  pull_request:
    branches: [ docker-support ]

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
    - name: Setup SSH for Gitea
      run: |
        mkdir -p ~/.ssh
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
        chmod 600 ~/.ssh/id_rsa
        ssh-keyscan -H git.4nkweb.com >> ~/.ssh/known_hosts
        git config --global url."git@git.4nkweb.com:".insteadOf "https://git.4nkweb.com/"

    - name: Checkout code
      uses: actions/checkout@v3
      with:
        ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
        submodules: recursive

    - name: Setup Node.js
      uses: actions/setup-node@v3
      with:
        node-version: '20'
        cache: 'npm'

    - name: Install dependencies
      run: npm ci

    - name: Run linting
      run: npm run lint

    - name: Run type checking
      run: npm run type-check

    - name: Run tests
      run: npm run test

    - name: Build application
      run: npm run build

    - name: Test Docker build (artefacts)
      run: |
        docker build -t ihm-client:dist .
        docker image rm ihm-client:dist

  security:
    runs-on: ubuntu-latest
    needs: test

    steps:
    - name: Setup SSH for Gitea
      run: |
        mkdir -p ~/.ssh
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
        chmod 600 ~/.ssh/id_rsa
        ssh-keyscan -H git.4nkweb.com >> ~/.ssh/known_hosts
        git config --global url."git@git.4nkweb.com:".insteadOf "https://git.4nkweb.com/"

    - name: Checkout code
      uses: actions/checkout@v3
      with:
        ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}

    - name: Setup Node.js
      uses: actions/setup-node@v3
      with:
        node-version: '20'

    - name: Install dependencies
      run: npm ci

    - name: Run security audit
      run: npm audit --audit-level=moderate

    - name: Check for known vulnerabilities
      run: npm audit --audit-level=high

  integration-test:
    runs-on: ubuntu-latest
    needs: test

    steps:
    - name: Setup SSH for Gitea
      run: |
        mkdir -p ~/.ssh
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
        chmod 600 ~/.ssh/id_rsa
        ssh-keyscan -H git.4nkweb.com >> ~/.ssh/known_hosts
        git config --global url."git@git.4nkweb.com:".insteadOf "https://git.4nkweb.com/"

    - name: Checkout code
      uses: actions/checkout@v3
      with:
        ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}

    - name: Setup Docker Buildx
      uses: docker/setup-buildx-action@v2

    - name: Build Docker artefacts
      run: |
        docker build -t ihm-client:dist .
        docker image rm ihm-client:dist