name: CI/CD Pipeline on: push: branches: - master - main paths-ignore: - '**.md' - 'LICENSE' - '.gitignore' - 'docs/**' pull_request: branches: - master - main workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: quality-checks: name: Code Quality & Security runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: latest - name: Cache dependencies uses: actions/cache@v4 with: path: | ~/.bun/install/cache node_modules key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock', '**/package.json') }} restore-keys: | ${{ runner.os }}-bun- - name: Install dependencies run: bun install --frozen-lockfile - name: Run linter run: bun run lint continue-on-error: false - name: Check code formatting run: bunx prettier --check . continue-on-error: true - name: Run tests run: bun run test:all continue-on-error: true - name: Security audit run: bun audit continue-on-error: true build-test: name: Build & Test runs-on: ubuntu-latest needs: quality-checks steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: latest - name: Cache dependencies uses: actions/cache@v4 with: path: | ~/.bun/install/cache node_modules key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock', '**/package.json') }} restore-keys: | ${{ runner.os }}-bun- - name: Install dependencies run: bun install --frozen-lockfile - name: Build project run: | PORT=5000 bun run start & SERVER_PID=$! sleep 5 kill $SERVER_PID || true - name: Test API endpoints run: | PORT=5000 bun run start & SERVER_PID=$! sleep 5 curl -f http://localhost:5000/ping || exit 1 kill $SERVER_PID || true publish: name: Publish Package runs-on: ubuntu-latest needs: [quality-checks, build-test] if: github.event_name == 'push' && github.ref == 'refs/heads/master' permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: latest - name: Cache dependencies uses: actions/cache@v4 with: path: | ~/.bun/install/cache node_modules key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock', '**/package.json') }} restore-keys: | ${{ runner.os }}-bun- - name: Install dependencies run: bun install --frozen-lockfile - name: Setup Node.js for publishing uses: actions/setup-node@v4 with: node-version: '20' registry-url: 'https://npm.pkg.github.com' scope: '@${{ github.repository_owner }}' - name: Configure package.json for GitHub Packages run: | node -e ' const fs = require("fs"); const pkg = JSON.parse(fs.readFileSync("package.json", "utf8")); const owner = "${{ github.repository_owner }}".toLowerCase(); pkg.name = "@" + owner + "/" + pkg.name; pkg.private = false; pkg.publishConfig = { registry: "https://npm.pkg.github.com", access: "public" }; fs.writeFileSync("package.json", JSON.stringify(pkg, null, 2)); console.log("Updated package.json name to:", pkg.name); ' - name: Publish to GitHub Packages run: npm publish env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}