Sharang Parnerkar
f1710fdb9e
All checks were successful
CI/CD / go-lint (push) Has been skipped
CI/CD / python-lint (push) Has been skipped
CI/CD / nodejs-lint (push) Has been skipped
CI/CD / test-go-ai-compliance (push) Successful in 34s
CI/CD / test-python-backend-compliance (push) Successful in 39s
CI/CD / test-python-document-crawler (push) Successful in 24s
CI/CD / test-python-dsms-gateway (push) Successful in 19s
CI/CD / validate-canonical-controls (push) Successful in 13s
CI/CD / Deploy (push) Successful in 2s
## Summary - Add Coolify deployment configuration (docker-compose, healthchecks, network setup) - Replace deploy-hetzner CI job with Coolify webhook deploy - Externalize postgres, qdrant, S3 for Coolify environment ## All changes since branch creation - Coolify docker-compose with Traefik labels and healthchecks - CI pipeline: deploy-hetzner → deploy-coolify (simple webhook curl) - SQLAlchemy 2.x text() compatibility fixes - Alpine-compatible Dockerfile fixes Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com> Reviewed-on: #1
210 lines
6.8 KiB
YAML
210 lines
6.8 KiB
YAML
# Gitea Actions CI/CD Pipeline
|
|
# BreakPilot Compliance
|
|
#
|
|
# Services:
|
|
# Go: ai-compliance-sdk
|
|
# Python: backend-compliance, document-crawler, dsms-gateway
|
|
# Node.js: admin-compliance, developer-portal
|
|
#
|
|
# Workflow:
|
|
# Push auf main → Tests → Deploy (Coolify)
|
|
# Pull Request → Lint + Tests (kein Deploy)
|
|
|
|
name: CI/CD
|
|
|
|
on:
|
|
push:
|
|
branches: [main, develop]
|
|
pull_request:
|
|
branches: [main, develop]
|
|
|
|
jobs:
|
|
# ========================================
|
|
# Lint (nur bei PRs)
|
|
# ========================================
|
|
|
|
go-lint:
|
|
runs-on: docker
|
|
if: github.event_name == 'pull_request'
|
|
container: golangci/golangci-lint:v1.62-alpine
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
apk add --no-cache git
|
|
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
|
|
- name: Lint ai-compliance-sdk
|
|
run: |
|
|
if [ -d "ai-compliance-sdk" ]; then
|
|
cd ai-compliance-sdk && golangci-lint run --timeout 5m ./...
|
|
fi
|
|
|
|
python-lint:
|
|
runs-on: docker
|
|
if: github.event_name == 'pull_request'
|
|
container: python:3.12-slim
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
|
|
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
|
|
- name: Lint Python services
|
|
run: |
|
|
pip install --quiet ruff
|
|
for svc in backend-compliance document-crawler dsms-gateway; do
|
|
if [ -d "$svc" ]; then
|
|
echo "=== Linting $svc ==="
|
|
ruff check "$svc/" --output-format=github || true
|
|
fi
|
|
done
|
|
|
|
nodejs-lint:
|
|
runs-on: docker
|
|
if: github.event_name == 'pull_request'
|
|
container: node:20-alpine
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
apk add --no-cache git
|
|
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
|
|
- name: Lint Node.js services
|
|
run: |
|
|
for svc in admin-compliance developer-portal; do
|
|
if [ -d "$svc" ]; then
|
|
echo "=== Linting $svc ==="
|
|
cd "$svc"
|
|
npm ci --silent 2>/dev/null || npm install --silent
|
|
npx next lint || true
|
|
cd ..
|
|
fi
|
|
done
|
|
|
|
# ========================================
|
|
# Unit Tests
|
|
# ========================================
|
|
|
|
test-go-ai-compliance:
|
|
runs-on: docker
|
|
container: golang:1.24-alpine
|
|
env:
|
|
CGO_ENABLED: "0"
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
apk add --no-cache git
|
|
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
|
|
- name: Test ai-compliance-sdk
|
|
run: |
|
|
if [ ! -d "ai-compliance-sdk" ]; then
|
|
echo "WARNUNG: ai-compliance-sdk nicht gefunden"
|
|
exit 0
|
|
fi
|
|
cd ai-compliance-sdk
|
|
go test -v -coverprofile=coverage.out ./... 2>&1
|
|
COVERAGE=$(go tool cover -func=coverage.out 2>/dev/null | tail -1 | awk '{print $3}' || echo "0%")
|
|
echo "Coverage: $COVERAGE"
|
|
|
|
test-python-backend-compliance:
|
|
runs-on: docker
|
|
container: python:3.12-slim
|
|
env:
|
|
CI: "true"
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
|
|
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
|
|
- name: Test backend-compliance
|
|
run: |
|
|
if [ ! -d "backend-compliance" ]; then
|
|
echo "WARNUNG: backend-compliance nicht gefunden"
|
|
exit 0
|
|
fi
|
|
cd backend-compliance
|
|
export PYTHONPATH="$(pwd):${PYTHONPATH:-}"
|
|
pip install --quiet --no-cache-dir -r requirements.txt 2>/dev/null || true
|
|
pip install --quiet --no-cache-dir fastapi uvicorn pytest pytest-asyncio
|
|
python -m pytest compliance/tests/ -v --tb=short
|
|
|
|
test-python-document-crawler:
|
|
runs-on: docker
|
|
container: python:3.12-slim
|
|
env:
|
|
CI: "true"
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
|
|
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
|
|
- name: Test document-crawler
|
|
run: |
|
|
if [ ! -d "document-crawler" ]; then
|
|
echo "WARNUNG: document-crawler nicht gefunden"
|
|
exit 0
|
|
fi
|
|
cd document-crawler
|
|
export PYTHONPATH="$(pwd):${PYTHONPATH:-}"
|
|
pip install --quiet --no-cache-dir -r requirements.txt 2>/dev/null || true
|
|
pip install --quiet --no-cache-dir pytest pytest-asyncio
|
|
python -m pytest tests/ -v --tb=short
|
|
|
|
test-python-dsms-gateway:
|
|
runs-on: docker
|
|
container: python:3.12-slim
|
|
env:
|
|
CI: "true"
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
|
|
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
|
|
- name: Test dsms-gateway
|
|
run: |
|
|
if [ ! -d "dsms-gateway" ]; then
|
|
echo "WARNUNG: dsms-gateway nicht gefunden"
|
|
exit 0
|
|
fi
|
|
cd dsms-gateway
|
|
export PYTHONPATH="$(pwd):${PYTHONPATH:-}"
|
|
pip install --quiet --no-cache-dir -r requirements.txt 2>/dev/null || true
|
|
pip install --quiet --no-cache-dir pytest pytest-asyncio
|
|
python -m pytest test_main.py -v --tb=short
|
|
|
|
# ========================================
|
|
# Validate Canonical Controls
|
|
# ========================================
|
|
|
|
validate-canonical-controls:
|
|
runs-on: docker
|
|
container: python:3.12-slim
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
|
|
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
|
|
- name: Validate controls
|
|
run: |
|
|
python scripts/validate-controls.py
|
|
|
|
# ========================================
|
|
# Deploy via Coolify (nur main, kein PR)
|
|
# ========================================
|
|
|
|
deploy-coolify:
|
|
name: Deploy
|
|
runs-on: docker
|
|
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
|
needs:
|
|
- test-go-ai-compliance
|
|
- test-python-backend-compliance
|
|
- test-python-document-crawler
|
|
- test-python-dsms-gateway
|
|
- validate-canonical-controls
|
|
container:
|
|
image: alpine:latest
|
|
steps:
|
|
- name: Trigger Coolify deploy
|
|
run: |
|
|
apk add --no-cache curl
|
|
curl -sf "${{ secrets.COOLIFY_WEBHOOK }}" \
|
|
-H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"
|