name: Test and Lint on: push: branches: [ main, develop ] pull_request: branches: [ main ] jobs: test-app: runs-on: ubuntu-latest defaults: run: working-directory: ./app steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20' cache: 'npm' cache-dependency-path: './app/package-lock.json' - name: Install dependencies run: npm ci - name: Type check run: npx tsc --noEmit - name: Build application run: npm run build - name: Run tests (if available) run: npm test --if-present continue-on-error: true test-node: runs-on: ubuntu-latest defaults: run: working-directory: ./node steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v1 with: bun-version: latest - name: Install dependencies run: bun install - name: Type check run: bunx tsc --noEmit - name: Build application run: bun run build - name: Run tests (if available) run: bun test --if-present continue-on-error: true lint-dockerfiles: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Lint App Dockerfile uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ./app/Dockerfile failure-threshold: warning - name: Lint Node Dockerfile uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ./node/Dockerfile failure-threshold: warning security-scan: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy scan results uses: github/codeql-action/upload-sarif@v2 if: always() with: sarif_file: 'trivy-results.sarif'