name: CI/CD Pipeline run-name: ${{ github.actor }} triggered pipeline on ${{ github.ref_name }} on: pull_request: paths: - 'legalconsenthub/**' - 'legalconsenthub-backend/**' - 'api/**' - '.github/workflows/pipeline.yaml' push: branches: - main paths: - 'legalconsenthub/**' - 'legalconsenthub-backend/**' - 'api/**' - '.github/workflows/pipeline.yaml' concurrency: group: ci-${{ github.ref }} cancel-in-progress: true jobs: frontend: runs-on: ubuntu-latest defaults: run: working-directory: ./legalconsenthub steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '22.16.0' - name: Setup Java uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: '21' - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: 10.13.1 run_install: false - name: Get pnpm store directory id: pnpm-cache run: | echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT - name: Setup pnpm cache uses: actions/cache@v4 with: path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} restore-keys: | ${{ runner.os }}-pnpm-store- - name: Install dependencies run: pnpm install --frozen-lockfile - name: Build application run: pnpm build - name: Run linting run: pnpm lint - name: Run type checking run: pnpm type-check - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Gitea Container Registry if: github.event_name == 'push' && github.ref == 'refs/heads/main' uses: docker/login-action@v3 with: registry: git.gremiumhub.de username: ${{ github.actor }} password: ${{ secrets.DOCKER_PUSH_TOKEN }} - name: Extract metadata for Docker id: meta uses: docker/metadata-action@v5 with: images: git.gremiumhub.de/${{ github.repository_owner }}/legalconsenthub tags: | type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} type=sha,prefix=,format=long - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . file: ./legalconsenthub/Dockerfile push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} platforms: linux/amd64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=local,src=/tmp/.buildx-cache-frontend cache-to: type=local,dest=/tmp/.buildx-cache-frontend,mode=max - name: Image built successfully if: github.event_name == 'push' && github.ref == 'refs/heads/main' run: | echo "✅ Docker image built and pushed successfully" echo "📦 Image: git.gremiumhub.de/${{ github.repository_owner }}/legalconsenthub:latest" echo "📦 Image: git.gremiumhub.de/${{ github.repository_owner }}/legalconsenthub:${{ github.sha }}" - name: Dry-run completed if: github.event_name == 'pull_request' run: | echo "✅ Dry-run build completed successfully (image not pushed)" backend: runs-on: ubuntu-latest defaults: run: working-directory: ./legalconsenthub-backend steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Java uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: '21' - name: Setup Gradle cache uses: actions/cache@v4 with: path: | ~/.gradle/caches ~/.gradle/wrapper legalconsenthub-backend/.gradle key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle- - name: Build application run: ./gradlew build -x test - name: Run ktlint check run: ./gradlew ktlintCheck - name: Run tests run: ./gradlew test env: # Fixes Ryuk testcontainers error during test (https://github.com/testcontainers/testcontainers-java/issues/7036) TESTCONTAINERS_HOST_OVERRIDE: host.docker.internal - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Gitea Container Registry if: github.event_name == 'push' && github.ref == 'refs/heads/main' uses: docker/login-action@v3 with: registry: git.gremiumhub.de username: ${{ github.actor }} password: ${{ secrets.DOCKER_PUSH_TOKEN }} - name: Extract metadata for Docker id: meta uses: docker/metadata-action@v5 with: images: git.gremiumhub.de/${{ github.repository_owner }}/legalconsenthub-backend tags: | type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} type=sha,prefix=,format=long - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . file: ./legalconsenthub-backend/Dockerfile push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} platforms: linux/amd64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=local,src=/tmp/.buildx-cache-backend cache-to: type=local,dest=/tmp/.buildx-cache-backend,mode=max - name: Image built successfully if: github.event_name == 'push' && github.ref == 'refs/heads/main' run: | echo "✅ Docker image built and pushed successfully" echo "📦 Image: git.gremiumhub.de/${{ github.repository_owner }}/legalconsenthub-backend:latest" echo "📦 Image: git.gremiumhub.de/${{ github.repository_owner }}/legalconsenthub-backend:${{ github.sha }}" - name: Dry-run completed if: github.event_name == 'pull_request' run: | echo "✅ Dry-run build completed successfully (image not pushed)" deploy: runs-on: ubuntu-latest needs: [frontend, backend] if: github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - name: Trigger Coolify redeploy (frontend) run: | curl -s -X POST \ -H "Authorization: Bearer ${{ secrets.COOLIFY_DEPLOY_TOKEN }}" \ "https://coolify.gremiumhub.de/api/v1/deploy?uuid=${{ secrets.COOLIFY_FRONTEND_UUID }}&force=false" - name: Trigger Coolify redeploy (backend) run: | curl -s -X POST \ -H "Authorization: Bearer ${{ secrets.COOLIFY_DEPLOY_TOKEN }}" \ "https://coolify.gremiumhub.de/api/v1/deploy?uuid=${{ secrets.COOLIFY_BACKEND_UUID }}&force=false" - name: Deployment triggered run: | echo "✅ Coolify redeployment triggered successfully" echo "🚀 Frontend and backend are being redeployed"