diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..9303ac4 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,128 @@ +# ============================================================================= +# GitLab CI/CD Pipeline — STEAM Security Dashboard +# ============================================================================= +# +# Pipeline stages: +# 1. install — install dependencies for backend and frontend +# 2. lint — run linters / static checks +# 3. test — run backend (Jest) and frontend (react-scripts) tests +# 4. build — produce the production frontend bundle +# 5. deploy — restart services on the local machine (manual trigger) +# +# Executor: shell (runs directly on dashboard-dev using system Node.js) +# ============================================================================= + +# --------------------------------------------------------------------------- +# Global cache — speeds up repeated runs by reusing node_modules +# --------------------------------------------------------------------------- +cache: + key: ${CI_COMMIT_REF_SLUG} + paths: + - node_modules/ + - frontend/node_modules/ + +# --------------------------------------------------------------------------- +# Stages run in order; jobs within a stage run in parallel +# --------------------------------------------------------------------------- +stages: + - install + - lint + - test + - build + - deploy + +# ============================================================================= +# STAGE 1: Install dependencies +# ============================================================================= + +install-backend: + stage: install + script: + - npm ci + artifacts: + paths: + - node_modules/ + expire_in: 1 hour + +install-frontend: + stage: install + script: + - cd frontend + - npm ci + artifacts: + paths: + - frontend/node_modules/ + expire_in: 1 hour + +# ============================================================================= +# STAGE 2: Lint / static analysis +# ============================================================================= + +lint-frontend: + stage: lint + needs: ["install-frontend"] + script: + - cd frontend + - npx eslint src/ --max-warnings 0 + allow_failure: true # non-blocking until the team cleans up existing warnings + +# ============================================================================= +# STAGE 3: Tests +# ============================================================================= + +test-backend: + stage: test + needs: ["install-backend"] + script: + - npx jest --ci --forceExit --detectOpenHandles backend/__tests__/ + timeout: 5 minutes + +test-frontend: + stage: test + needs: ["install-frontend"] + script: + - cd frontend + - CI=true npx react-scripts test --watchAll=false --ci --forceExit + timeout: 5 minutes + +# ============================================================================= +# STAGE 4: Build the production frontend bundle +# ============================================================================= + +build-frontend: + stage: build + needs: ["install-frontend", "test-frontend"] + script: + - cd frontend + - REACT_APP_API_BASE=/api REACT_APP_API_HOST="" npm run build + artifacts: + paths: + - frontend/build/ + expire_in: 7 days + +# ============================================================================= +# STAGE 5: Deploy +# ============================================================================= +# Since the runner IS the app server (dashboard-dev), deploy just restarts +# the services locally. No SSH needed. +# +# Manual trigger only, and only from the main/master branch. +# ============================================================================= + +deploy: + stage: deploy + needs: ["build-frontend"] + rules: + - if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "master" + when: manual + environment: + name: production + script: + - echo "Deploying on dashboard-dev..." + - cd /home/cve-dashboard + - git pull origin ${CI_COMMIT_BRANCH} + - npm ci + - cd frontend && npm ci && npm run build && cd .. + - ./stop-servers.sh || true + - ./start-servers.sh + - echo "Deploy complete."