-
Notifications
You must be signed in to change notification settings - Fork 0
333 lines (280 loc) · 10 KB
/
Copy pathci.yml
File metadata and controls
333 lines (280 loc) · 10 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
# VaultStadio CI Pipeline
# Runs on every push and pull request
# Runner: self-hosted macOS X64 (labels: self-hosted, macOS, X64)
name: CI
on:
push:
branches: [main, master, develop]
pull_request:
branches: [main, master, develop]
env:
JAVA_VERSION: '17'
JAVA_DISTRIBUTION: 'temurin'
GRADLE_OPTS: '-Dorg.gradle.jvmargs=-Xmx4g'
jobs:
# Build and test the Kotlin backend
backend:
name: Backend Build & Test
runs-on: [self-hosted, macOS, X64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_DISTRIBUTION }}
- name: Setup Gradle
uses: gradle/gradle-build-action@v3
with:
project-root: backend
cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/master' }}
- name: Ensure Docker is available (for Testcontainers)
run: |
if [ -d "/Applications/Docker.app" ]; then
echo "Starting Docker Desktop..."
open -a Docker
echo "Waiting for Docker daemon (up to 90s)..."
for i in $(seq 1 45); do
if docker info >/dev/null 2>&1; then
echo "Docker is ready."
break
fi
if [ $i -eq 45 ]; then
echo "Docker did not become ready in time."
exit 1
fi
sleep 2
done
else
echo "Checking Docker..."
docker info || exit 1
fi
- name: Build backend modules
working-directory: backend
run: |
./gradlew :core:build \
:plugins-api:build \
:infrastructure:build \
:api:build \
-x test
- name: Run backend tests
working-directory: backend
run: |
./gradlew :core:test \
:api:test \
:infrastructure:test \
:plugins-api:test \
:plugins:image-metadata:test \
:plugins:video-metadata:test \
:plugins:fulltext-search:test \
:plugins:ai-classification:test \
--continue
- name: Generate backend coverage reports
working-directory: backend
run: |
./gradlew :core:jacocoTestReport \
:api:jacocoTestReport \
:infrastructure:jacocoTestReport \
:plugins-api:jacocoTestReport \
:plugins:image-metadata:jacocoTestReport \
:plugins:video-metadata:jacocoTestReport \
:plugins:fulltext-search:jacocoTestReport \
:plugins:ai-classification:jacocoTestReport \
--continue
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: backend-test-results
path: |
backend/**/build/reports/tests/
backend/**/build/test-results/
retention-days: 7
- name: Upload backend coverage reports
uses: actions/upload-artifact@v4
with:
name: jacoco-coverage-backend
path: |
backend/core/build/reports/jacoco/test/jacocoTestReport.xml
backend/api/build/reports/jacoco/test/jacocoTestReport.xml
backend/infrastructure/build/reports/jacoco/test/jacocoTestReport.xml
backend/plugins-api/build/reports/jacoco/test/jacocoTestReport.xml
backend/plugins/image-metadata/build/reports/jacoco/test/jacocoTestReport.xml
backend/plugins/video-metadata/build/reports/jacoco/test/jacocoTestReport.xml
backend/plugins/fulltext-search/build/reports/jacoco/test/jacocoTestReport.xml
backend/plugins/ai-classification/build/reports/jacoco/test/jacocoTestReport.xml
retention-days: 1
# Build the frontend (standalone project in frontend/)
frontend:
name: Frontend Build
runs-on: [self-hosted, macOS, X64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_DISTRIBUTION }}
- name: Setup Gradle
uses: gradle/gradle-build-action@v3
- name: Build frontend (Desktop)
run: cd frontend && ./gradlew :composeApp:compileKotlinDesktop --no-build-cache
- name: Run frontend tests (desktop)
run: cd frontend && ./gradlew :composeApp:desktopTest --continue --no-build-cache
- name: Generate frontend coverage report
run: cd frontend && ./gradlew :composeApp:jacocoTestReport --continue --no-build-cache
- name: Upload frontend coverage report
uses: actions/upload-artifact@v4
with:
name: jacoco-coverage-frontend
path: frontend/composeApp/build/reports/jacoco/jacocoTestReport/jacocoTestReport.xml
retention-days: 1
# Upload coverage to Codecov
coverage:
name: Coverage (Codecov)
runs-on: [self-hosted, macOS, X64]
needs: [backend, frontend]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download backend coverage reports
uses: actions/download-artifact@v4
with:
name: jacoco-coverage-backend
path: coverage-backend
- name: Download frontend coverage report
uses: actions/download-artifact@v4
with:
name: jacoco-coverage-frontend
path: coverage-frontend
- name: List coverage files (debug)
run: |
echo "=== coverage-backend ==="
find coverage-backend -type f 2>/dev/null || true
echo "=== coverage-frontend ==="
find coverage-frontend -type f 2>/dev/null || true
echo "=== all jacocoTestReport.xml in workspace ==="
find . -name 'jacocoTestReport.xml' -type f 2>/dev/null || true
- name: Discover coverage files for Codecov
id: coverage-files
run: |
FILES=$(find . -name 'jacocoTestReport.xml' -type f 2>/dev/null | tr '\n' ',' | sed 's/,$//')
echo "list=$FILES" >> "$GITHUB_OUTPUT"
if [ -z "$FILES" ]; then
echo "No jacocoTestReport.xml found"
exit 1
fi
echo "Found coverage files: $FILES"
- name: Upload to Codecov
uses: codecov/codecov-action@v5
with:
disable_search: true
files: ${{ steps.coverage-files.outputs.list }}
fail_ci_if_error: false
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
# Build plugins
plugins:
name: Plugins Build
runs-on: [self-hosted, macOS, X64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_DISTRIBUTION }}
- name: Setup Gradle
uses: gradle/gradle-build-action@v3
with:
project-root: backend
- name: Build plugins
working-directory: backend
run: |
./gradlew :plugins:image-metadata:build \
:plugins:video-metadata:build \
:plugins:fulltext-search:build \
:plugins:ai-classification:build \
-x test
# Build Android app
android:
name: Android Build
runs-on: [self-hosted, macOS, X64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_DISTRIBUTION }}
- name: Set up Android SDK
uses: android-actions/setup-android@v3
- name: Install Android SDK components
run: |
sdkmanager --install \
"platforms;android-34" \
"build-tools;34.0.0"
- name: Setup Gradle
uses: gradle/gradle-build-action@v3
- name: Build Android APK (debug)
run: cd frontend && ./gradlew :androidApp:assembleDevDebug
# Code quality checks (no root Gradle; backend and frontend are standalone)
lint:
name: Lint & Code Quality
runs-on: [self-hosted, macOS, X64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_DISTRIBUTION }}
- name: Set up Android SDK
uses: android-actions/setup-android@v3
- name: Install Android SDK components
run: |
sdkmanager --install \
"platforms;android-34" \
"build-tools;34.0.0"
- name: Check no FQN in type positions
run: ./scripts/check-no-fqn.sh
- name: Run Detekt (backend)
working-directory: backend
run: ./gradlew detektMain --continue
- name: Run Detekt (frontend)
working-directory: frontend
run: ./gradlew detektMain --continue
- name: Upload Detekt report
uses: actions/upload-artifact@v4
if: always()
with:
name: detekt-report
path: '**/build/reports/detekt/'
retention-days: 7
# Security scanning
security:
name: Security Scan
runs-on: [self-hosted, macOS, X64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
continue-on-error: true
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
continue-on-error: true