This document describes the CI/CD pipeline for the On-Chain SSI project.
The pipeline consists of three sequential stages:
Lint -> Test -> Build
Each stage must pass before the next stage runs. If any stage fails, the pipeline stops.
Location: .github/workflows/ci.yml
Triggers:
- On pull requests to
mainbranch - On pushes to
mainbranch
Purpose: Validate code style and formatting
Checks:
- ESLint - TypeScript/React code quality (frontend)
- Prettier - Code formatting consistency (frontend)
- Solhint - Solidity contract linting (contracts)
Configuration Files:
packages/demo-app-frontend/eslint.config.js- ESLint rulespackages/demo-app-frontend/.prettierrc- Prettier formatting rulespackages/trust-anchor-did-ethr/.solhint.json- Solhint rules (relaxed for practicality, it is work in progress to make them stricter)
Exit Criteria: All linters pass with 0 errors
Purpose: Verify contract functionality
Requires: Lint stage must pass
Tests:
- Hardhat test suite (36 tests)
- Unit tests for all smart contracts
- Integration tests for DID workflows
Exit Criteria: All tests pass
Purpose: Verify project can be compiled and built
Requires: Test stage must pass
Builds:
- Smart contract compilation (
npx hardhat compile) - Frontend production build (
npm run build)
Exit Criteria: Both contracts and frontend build successfully
# Frontend
cd packages/demo-app-frontend
npm run lint
npx prettier --check .
# Contracts
cd packages/trust-anchor-did-ethr
npx solhint 'contracts/**/*.sol'cd packages/trust-anchor-did-ethr
npx hardhat test# Contracts
cd packages/trust-anchor-did-ethr
npx hardhat compile
# Frontend
cd packages/demo-app-frontend
npm run buildThe project uses Husky to enforce code quality before commits.
What runs on commit:
- ESLint checks staged TypeScript files
- Prettier formats staged files
- Changes are auto-fixed and staged again if possible
- Commit is blocked if unfixable errors exist
Configuration:
.husky/pre-commit- Hook scriptpackages/demo-app-frontend/package.json→lint-stagedsection
Bypass (emergency only):
git commit --no-verifyAll three jobs show green checkmarks:
- Lint: All linters pass
- Test: All 36 tests pass
- Build: Contracts compile, frontend builds
Pipeline stops at the first failure:
- Lint fails: Test and Build stages do not run
- Test fails: Build stage does not run
- Build fails: PR cannot be merged
ESLint fails:
cd packages/demo-app-frontend
npm run lint
# Fix errors shown, or autofix:
npx eslint . --fixPrettier fails:
cd packages/demo-app-frontend
npx prettier --check . # See what needs formatting
npm run format # Autoformat all filesSolhint fails:
cd packages/trust-anchor-did-ethr
npx solhint 'contracts/**/*.sol'
# Check .solhint.json if rules are too strict, probably not because they are relaxed currently. Can be checked with stricter rulescd packages/trust-anchor-did-ethr
npx hardhat test
# Review error output
# Fix contracts or test filesContract compilation fails:
cd packages/trust-anchor-did-ethr
npx hardhat compile
# Check Solidity syntax errorsFrontend build fails:
cd packages/demo-app-frontend
npm run build
# Usually TypeScript errors, so check terminal outputIssue: CI fails on merged code
Cause: Dependencies changed or Node.js version mismatch
Solution:
# Update dependencies
npm install
# Ensure Node.js 22.12.0+
node --versionNote: The following features are planned but not yet implemented.
- Automated testnet deployments
- Contract verification on Etherscan/block explorers
- Deployment tests
- Ethereum Sepolia testnet integration
- Secure secrets management using GitHub Secrets
- RPC endpoint configuration
When contributing, ensure:
- All pre-commit hooks pass
- Run tests locally before pushing:
npm test - Check CI status after pushing
- Fix any CI failures before requesting review
For pipeline issues, check this document for troubleshooting steps, review GitHub Actions logs, and run commands locally to reproduce issues.