nessi
3792ca55e7
Add complete NexaPantry application structure including: - Docker Compose configuration with PostgreSQL, Redis, FastAPI backend, worker, frontend and Caddy - Environment configuration template with database, auth, and service settings - GitHub Actions CI workflow for backend/frontend linting, testing, auditing and Docker builds - AGPL-3.0 license and comprehensive README with setup, development, and security documentation - Backend
63 lines
1.5 KiB
YAML
63 lines
1.5 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
pull_request:
|
|
|
|
jobs:
|
|
backend:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.12"
|
|
- name: Install backend
|
|
run: |
|
|
cd backend
|
|
python -m pip install --upgrade pip
|
|
pip install ".[dev]"
|
|
- name: Lint
|
|
run: cd backend && ruff check app
|
|
- name: Test
|
|
run: cd backend && pytest
|
|
- name: Audit
|
|
run: cd backend && pip-audit
|
|
- name: Bandit
|
|
run: cd backend && bandit -q -r app -x app/tests
|
|
|
|
frontend:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "22"
|
|
cache: npm
|
|
cache-dependency-path: frontend/package-lock.json
|
|
- name: Install frontend
|
|
run: cd frontend && npm ci
|
|
- name: Lint
|
|
run: cd frontend && npm run lint
|
|
- name: Typecheck
|
|
run: cd frontend && npm run typecheck
|
|
- name: Test
|
|
run: cd frontend && npm test -- --run
|
|
- name: Audit
|
|
run: cd frontend && npm audit --audit-level=moderate
|
|
|
|
docker:
|
|
runs-on: ubuntu-latest
|
|
needs: [backend, frontend]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Build images
|
|
run: docker compose build
|
|
- name: Trivy filesystem scan
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
scan-type: fs
|
|
scan-ref: .
|
|
severity: CRITICAL,HIGH
|
|
exit-code: "0"
|