name: CI/CD Pipeline run-name: ${{ gitea.actor }} triggered pipeline on ${{ gitea.ref_name }} on: pull_request: paths: - 'legalconsenthub/**' - 'legalconsenthub-backend/**' - 'api/**' - '.gitea/workflows/ci-cd.yaml' push: branches: - main paths: - 'legalconsenthub/**' - 'legalconsenthub-backend/**' - 'api/**' - '.gitea/workflows/ci-cd.yaml' jobs: frontend: runs-on: ubuntu-latest defaults: run: working-directory: ./legalconsenthub steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '22.16.0' - name: Setup Java uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: '21' - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: 10.13.1 run_install: false - name: Get pnpm store directory id: pnpm-cache run: | echo "STORE_PATH=$(pnpm store path)" >> $GITEA_OUTPUT - name: Setup pnpm cache uses: actions/cache@v4 with: path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} restore-keys: | ${{ runner.os }}-pnpm-store- - name: Install dependencies run: pnpm install --frozen-lockfile - name: Build application run: pnpm build - name: Run linting run: pnpm lint - name: Run type checking run: pnpm type-check - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Gitea Container Registry if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' uses: docker/login-action@v3 with: registry: gitea.lugnas.de username: ${{ gitea.actor }} password: ${{ secrets.DOCKER_PUSH_TOKEN }} - name: Extract metadata for Docker id: meta uses: docker/metadata-action@v5 with: images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub tags: | type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }} type=sha,prefix=,format=long - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . file: ./legalconsenthub/Dockerfile push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} platforms: linux/amd64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache - name: Image built successfully if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' run: | echo "✅ Docker image built and pushed successfully" echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:latest" echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:${{ gitea.sha }}" - name: Dry-run completed if: gitea.event_name == 'pull_request' run: | echo "✅ Dry-run build completed successfully (image not pushed)" backend: runs-on: ubuntu-latest defaults: run: working-directory: ./legalconsenthub-backend steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Java uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: '21' - name: Setup Gradle cache uses: actions/cache@v4 with: path: | ~/.gradle/caches ~/.gradle/wrapper legalconsenthub-backend/.gradle key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle- - name: Make gradlew executable run: chmod +x gradlew - name: Build application run: ./gradlew build -x test - name: Run ktlint check run: ./gradlew ktlintCheck - name: Run tests run: ./gradlew test env: SPRING_PROFILES_ACTIVE: testcontainers - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Gitea Container Registry if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' uses: docker/login-action@v3 with: registry: gitea.lugnas.de username: ${{ gitea.actor }} password: ${{ secrets.DOCKER_PUSH_TOKEN }} - name: Extract metadata for Docker id: meta uses: docker/metadata-action@v5 with: images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend tags: | type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }} type=sha,prefix=,format=long - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . file: ./legalconsenthub-backend/Dockerfile push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} platforms: linux/amd64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache - name: Image built successfully if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' run: | echo "✅ Docker image built and pushed successfully" echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:latest" echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:${{ gitea.sha }}" - name: Dry-run completed if: gitea.event_name == 'pull_request' run: | echo "✅ Dry-run build completed successfully (image not pushed)" deploy: runs-on: ubuntu-latest needs: [frontend, backend] if: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup SSH run: | mkdir -p ~/.ssh chmod 700 ~/.ssh echo "${{ secrets.SYNOLOGY_DEPLOY_KEY }}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa - name: Deploy to server run: | ssh -i ~/.ssh/id_rsa -p 32766 -o StrictHostKeyChecking=accept-new deploy@ds218 "sudo /usr/local/bin/deployLegalconsenthub.sh" - name: Deployment successful run: | echo "✅ Deployment triggered successfully" echo "🚀 Application is being deployed to production"