name: CI/CD Pipeline on: push: branches: [ main, develop ] pull_request: branches: [ main ] release: types: [ published ] env: DOTNET_VERSION: '8.0' DOCKER_REGISTRY: ghcr.io IMAGE_NAME: marketally/context-plugin jobs: test: name: Test runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup .NET uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNET_VERSION }} - name: Cache dependencies uses: actions/cache@v3 with: path: ~/.nuget/packages key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }} restore-keys: | ${{ runner.os }}-nuget- - name: Restore dependencies run: dotnet restore - name: Build run: dotnet build --no-restore --configuration Release - name: Run unit tests run: dotnet test --no-build --configuration Release --verbosity normal --collect:"XPlat Code Coverage" --results-directory ./coverage - name: Generate coverage report uses: codecov/codecov-action@v3 with: files: ./coverage/**/coverage.cobertura.xml fail_ci_if_error: false verbose: true code-quality: name: Code Quality runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup .NET uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNET_VERSION }} - name: Restore dependencies run: dotnet restore - name: Build run: dotnet build --no-restore --configuration Release - name: Run static analysis run: | dotnet tool install --global dotnet-sonarscanner || true dotnet sonarscanner begin /k:"marketally_context-plugin" /o:"marketally" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" dotnet build --no-restore dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} continue-on-error: true security-scan: name: Security Scan runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy scan results uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' build-and-push: name: Build and Push Docker Image runs-on: ubuntu-latest needs: [test, code-quality] if: github.event_name != 'pull_request' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Container Registry uses: docker/login-action@v3 with: registry: ${{ env.DOCKER_REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=sha,prefix={{branch}}- - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - name: Generate SBOM uses: anchore/sbom-action@v0 with: image: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} format: spdx-json output-file: sbom.spdx.json - name: Upload SBOM uses: actions/upload-artifact@v3 with: name: sbom path: sbom.spdx.json deploy-staging: name: Deploy to Staging runs-on: ubuntu-latest needs: [build-and-push] if: github.ref == 'refs/heads/develop' environment: staging steps: - name: Checkout code uses: actions/checkout@v4 - name: Deploy to staging run: | echo "Deploying to staging environment..." # Add your staging deployment commands here # This could be kubectl, helm, docker-compose, etc. - name: Run integration tests run: | echo "Running integration tests against staging..." # Add integration test commands here - name: Notify deployment uses: 8398a7/action-slack@v3 with: status: ${{ job.status }} fields: repo,message,commit,author,action,eventName,ref,workflow env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} if: always() deploy-production: name: Deploy to Production runs-on: ubuntu-latest needs: [build-and-push] if: github.event_name == 'release' environment: production steps: - name: Checkout code uses: actions/checkout@v4 - name: Deploy to production run: | echo "Deploying to production environment..." # Add your production deployment commands here - name: Run smoke tests run: | echo "Running smoke tests against production..." # Add smoke test commands here - name: Notify deployment uses: 8398a7/action-slack@v3 with: status: ${{ job.status }} fields: repo,message,commit,author,action,eventName,ref,workflow env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} if: always() performance-test: name: Performance Testing runs-on: ubuntu-latest needs: [deploy-staging] if: github.ref == 'refs/heads/develop' steps: - name: Checkout code uses: actions/checkout@v4 - name: Run performance tests run: | echo "Running performance tests..." # Add performance testing commands here (e.g., k6, Artillery, etc.) - name: Upload performance results uses: actions/upload-artifact@v3 with: name: performance-results path: performance-results/