ci: add CI security scan and Coolify deploy workflow

Bulletdev · Bulletdev · commit d37d9a8ae13d · 2026-03-07T10:05:53.000-03:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,43 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Brakeman
+        run: bundle exec brakeman -q -w2 --no-pager
+
+      - name: Bundle Audit
+        run: |
+          gem install bundler-audit --no-document
+          bundle-audit check --update
+
+  lint:
+    name: RuboCop
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: RuboCop
+        run: bundle exec rubocop --parallel --format simple
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,46 @@
+name: Deploy to Production
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    name: Trigger Coolify Deploy
+    runs-on: ubuntu-latest
+
+    environment:
+      name: production
+      url: https://kingslendas.com
+
+    steps:
+      - name: Trigger Coolify webhook
+        run: |
+          HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
+            -X GET "${{ secrets.COOLIFY_WEBHOOK_URL }}")
+
+          if [ "$HTTP_STATUS" -ge 200 ] && [ "$HTTP_STATUS" -lt 300 ]; then
+            echo "Deploy triggered successfully (HTTP $HTTP_STATUS)"
+          else
+            echo "Failed to trigger deploy (HTTP $HTTP_STATUS)"
+            exit 1
+          fi
+
+      - name: Wait for deploy and health check
+        run: |
+          echo "Waiting 60s for Coolify to build and start..."
+          sleep 60
+
+          for i in {1..10}; do
+            HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://kingslendas.com/up)
+            if [ "$HTTP_STATUS" -eq 200 ]; then
+              echo "Health check passed (attempt $i)"
+              exit 0
+            fi
+            echo "Attempt $i/10 — HTTP $HTTP_STATUS, retrying in 15s..."
+            sleep 15
+          done
+
+          echo "Health check failed after all attempts"
+          exit 1
