Skip to content
.github/workflows/ci-cd.yml

Enhance dashboard and budget request functionalities #42

Sign in to view logs

Enhance dashboard and budget request functionalities

Enhance dashboard and budget request functionalities #42

Workflow file for this run

.github/workflows/ci-cd.yml at c344362
name: CI/CD Pipeline

Check failure on line 1 in .github/workflows/ci-cd.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/ci-cd.yml

Invalid workflow file 

(Line: 134, Col: 12): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.STAGING_URL, (Line: 161, Col: 12): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.PRODUCTION_URL
on:
push:
branches:
- main
- develop
pull_request:
branches:
- main
- develop
workflow_dispatch:
env:
DOTNET_VERSION: '8.0.x'
SOLUTION_PATH: 'BeemaEdge.sln'
jobs:
build:
name: Build and Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Restore dependencies
run: dotnet restore ${{ env.SOLUTION_PATH }}
- name: Build solution
run: dotnet build ${{ env.SOLUTION_PATH }} --configuration Release --no-restore
- name: Run tests
run: dotnet test ${{ env.SOLUTION_PATH }} --configuration Release --no-build --verbosity normal --collect:"XPlat Code Coverage"
continue-on-error: true
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results
path: '**/TestResults/**/*'
- name: Publish application
run: dotnet publish src/Web/BeemaEdgeApi.csproj --configuration Release --output ./publish --no-build
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: ./publish/**/*
retention-days: 7
docker-build:
name: Build Docker Image
runs-on: ubuntu-latest
needs: build
if: github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub (optional)
if: env.DOCKER_HUB_USERNAME != ''
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ secrets.DOCKER_REGISTRY }}/beemaedge-api
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha,prefix={{branch}}-
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./src/Web/Dockerfile
push: ${{ github.event_name != 'pull_request' && secrets.DOCKER_HUB_USERNAME != '' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/beemaedge-api:buildcache
cache-to: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/beemaedge-api:buildcache,mode=max
security-scan:
name: Security Scan
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
deploy-staging:
name: Deploy to Staging
runs-on: ubuntu-latest
needs: [build, docker-build]
if: github.ref == 'refs/heads/develop' && github.event_name == 'push'
environment:
name: staging
url: ${{ secrets.STAGING_URL }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Deploy to Lightsail
run: |
chmod +x deploy/lightsail-deploy.sh
export LIGHTSAIL_INSTANCE_NAME=${{ secrets.LIGHTSAIL_STAGING_INSTANCE }}
export SSH_USER=ubuntu
./deploy/lightsail-deploy.sh
deploy-production:
name: Deploy to Production
runs-on: ubuntu-latest
needs: [build, docker-build, security-scan]
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
environment:
name: production
url: ${{ secrets.PRODUCTION_URL }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Deploy to Lightsail
run: |
chmod +x deploy/lightsail-deploy.sh
export LIGHTSAIL_INSTANCE_NAME=${{ secrets.LIGHTSAIL_PRODUCTION_INSTANCE }}
export SSH_USER=ubuntu
./deploy/lightsail-deploy.sh
- name: Run database migrations
run: |
chmod +x deploy/database-migrate.sh
./deploy/database-migrate.sh
- name: Health check
run: |
chmod +x deploy/health-check.sh
./deploy/health-check.sh
notify:
name: Notify Deployment Status
runs-on: ubuntu-latest
needs: [deploy-staging, deploy-production]
if: always() && (needs.deploy-staging.result != 'skipped' || needs.deploy-production.result != 'skipped')
steps:
- name: Send notification
uses: 8398a7/action-slack@v3
if: always()
with:
status: ${{ job.status }}
text: |
Deployment Status: ${{ job.status }}
Branch: ${{ github.ref }}
Commit: ${{ github.sha }}
webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}