diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml new file mode 100644 index 0000000..8b795ab --- /dev/null +++ b/.gitea/workflows/build.yml @@ -0,0 +1,34 @@ +name: Build-Check + +on: + pull_request: + branches: + - main + - beta + - testing + - client + - staging + - production + +jobs: + build-test: + name: Build and Test PR + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 20 + + - name: Install Dependencies + run: npm install + + - name: Build Check + run: npm run build + + - name: Audit Dependencies + run: npm audit --audit-level=critical \ No newline at end of file diff --git a/.gitea/workflows/compressimage.yml b/.gitea/workflows/compressimage.yml new file mode 100644 index 0000000..f927196 --- /dev/null +++ b/.gitea/workflows/compressimage.yml @@ -0,0 +1,67 @@ +name: Enforce Image Standards + +on: + pull_request: + branches: + - main + - beta + - testing + - client + - staging + - production + types: [opened, synchronize, reopened] + paths: + - '**/*.jpg' + - '**/*.jpeg' + - '**/*.png' + workflow_dispatch: + +jobs: + optimize: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ gitea.head_ref }} # IMPORTANT + + - name: Install Image Tools + run: | + sudo apt-get update + sudo apt-get install -y imagemagick jpegoptim pngquant + + - name: Resize Oversized Images + run: | + find . -type f \( -iname "*.jpg" -o -iname "*.jpeg" -o -iname "*.png" \) \ + -exec mogrify -resize 1920x1920\> {} \; + + - name: Optimize JPEG + run: | + find . -type f \( -iname "*.jpg" -o -iname "*.jpeg" \) \ + -exec jpegoptim --strip-all --max=85 {} \; + + - name: Optimize PNG + run: | + find . -type f -iname "*.png" \ + -exec pngquant --force --ext .png --quality=75-90 {} \; + + # Commit changes if any + - name: Commit changes + run: | + git config --global user.name "CI Bot" + git config --global user.email "ci@local" + + if [ -n "$(git status --porcelain)" ]; then + git add . + git commit -m "chore: optimize images via CI" + else + echo "No changes to commit" + fi + + # Push back to PR branch + - name: Push changes + if: success() + run: | + git push origin HEAD:${{ gitea.head_ref }} \ No newline at end of file diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..a85fa0f --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,140 @@ +name: Deployment + +on: + push: + branches: + - beta + - testing + - staging + - production + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout Code in Runner + uses: actions/checkout@v3 + + - name: Branch and Folder Selection for Deployment + run: | + BRANCH_NAME=${{ gitea.ref_name }} + + case $BRANCH_NAME in + beta) + echo "PROJECT_FOLDER=/home/user/app-beta" >> $GITHUB_ENV + echo "AUTH_TYPE=passwd" >> $GITHUB_ENV + echo "PM2_ID=app-beta[3000]" >> $GITHUB_ENV + echo "HOST=${{ secrets.BETA_SERVER_HOST }}" >> $GITHUB_ENV + echo "USERNAME=${{ secrets.BETA_SERVER_USERNAME }}" >> $GITHUB_ENV + echo "PASSWORD=${{ secrets.BETA_SERVER_PASSWORD }}" >> $GITHUB_ENV + echo "PORT=${{ secrets.BETA_SERVER_PORT }}" >> $GITHUB_ENV + ;; + + testing) + echo "PROJECT_FOLDER=/home/user/app-testing" >> $GITHUB_ENV + echo "AUTH_TYPE=passwd" >> $GITHUB_ENV + echo "PM2_ID=app-testing[3001]" >> $GITHUB_ENV + echo "HOST=${{ secrets.BETA_SERVER_HOST }}" >> $GITHUB_ENV + echo "USERNAME=${{ secrets.BETA_SERVER_USERNAME }}" >> $GITHUB_ENV + echo "PASSWORD=${{ secrets.BETA_SERVER_PASSWORD }}" >> $GITHUB_ENV + echo "PORT=${{ secrets.BETA_SERVER_PORT }}" >> $GITHUB_ENV + ;; + + staging) + echo "PROJECT_FOLDER=/var/www/app-staging" >> $GITHUB_ENV + echo "AUTH_TYPE=key" >> $GITHUB_ENV + echo "PM2_ID=app-staging[4000]" >> $GITHUB_ENV + echo "HOST=${{ secrets.STAGING_SERVER_HOST }}" >> $GITHUB_ENV + echo "USERNAME=${{ secrets.STAGING_SERVER_USERNAME }}" >> $GITHUB_ENV + echo "PORT=${{ secrets.STAGING_SERVER_PORT }}" >> $GITHUB_ENV + ;; + + production) + echo "PROJECT_FOLDER=/home/reactjs/Wdipl-react" >> $GITHUB_ENV + echo "AUTH_TYPE=passwd" >> $GITHUB_ENV + #echo "PM2_ID=wdipl_frontend[3001]" >> $GITHUB_ENV + echo "HOST=${{ secrets.PRODUCTION_SERVER_HOST }}" >> $GITHUB_ENV + echo "USERNAME=${{ secrets.PRODUCTION_SERVER_USERNAME }}" >> $GITHUB_ENV + echo "PASSWORD=${{ secrets.PRODUCTION_SERVER_PASSWORD }}" >> $GITHUB_ENV + echo "PORT=${{ secrets.PRODUCTION_SERVER_PORT }}" >> $GITHUB_ENV + ;; + + *) + echo "Unknown Branch" + exit 1 + ;; + esac + + echo "BRANCH_NAME=${{ gitea.ref_name }}" >> $GITHUB_ENV + echo "SELECTED BRANCH : $BRANCH_NAME" + echo "SELECTED FOLDER : $PROJECT_FOLDER" + + - name: Deployment via SSH (Password) + if: env.AUTH_TYPE == 'passwd' + uses: appleboy/ssh-action@v1 + with: + host: ${{ env.HOST }} + username: ${{ env.USERNAME }} + password: ${{ env.PASSWORD }} + port: ${{ env.PORT }} + envs: BRANCH_NAME,PROJECT_FOLDER,PM2_ID + script: | + set -xe + + # PM2_ID supports names like: app-name[port] + # Always wrap in quotes to avoid shell issues + + echo $BRANCH_NAME + echo $PROJECT_FOLDER + + cd $PROJECT_FOLDER + + git fetch + git reset --hard origin/$BRANCH_NAME + git pull origin $BRANCH_NAME + + echo "Latest commits:" + git log --oneline -5 + + echo "Installing dependencies..." + npm i && npm run build + + #echo "Reloading PM2..." + #pm2 reload "$PM2_ID" + + echo "Recent Logs:" + pm2 logs "$PM2_ID" --lines 50 --nostream + + - name: Deployment via SSH (Key) + if: env.AUTH_TYPE == 'key' + uses: appleboy/ssh-action@v1 + with: + host: ${{ env.HOST }} + username: ${{ env.USERNAME }} + key: ${{ gitea.ref_name == 'production' && secrets.PRODUCTION_SERVER_KEY || secrets.STAGING_SERVER_KEY }} + port: ${{ env.PORT }} + envs: BRANCH_NAME,PROJECT_FOLDER,PM2_ID + script: | + set -xe + + echo $BRANCH_NAME + echo $PROJECT_FOLDER + + cd $PROJECT_FOLDER + + git fetch + git reset --hard origin/$BRANCH_NAME + git pull origin $BRANCH_NAME + + echo "Latest commits:" + git log --oneline -5 + + echo "Installing dependencies..." + npm i && npm run build + + echo "Reloading PM2..." + pm2 reload "$PM2_ID" + + echo "Recent Logs:" + pm2 logs "$PM2_ID" --lines 50 --nostream \ No newline at end of file diff --git a/.gitea/workflows/sonar.yml b/.gitea/workflows/sonar.yml new file mode 100644 index 0000000..a811a78 --- /dev/null +++ b/.gitea/workflows/sonar.yml @@ -0,0 +1,39 @@ +name: Sonar Check + +on: + pull_request: + branches: + - main + - beta + - testing + - client + - staging + - production + +jobs: + sonarqube: + name: SonarQube Scan + runs-on: ubuntu-latest + + container: + image: sonarsource/sonar-scanner-cli:12.0.0.3214_8.0.1 + options: --user root + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Run Sonar Scan + run: | + REPO_NAME=${{ gitea.event.repository.name }} + + sonar-scanner \ + -Dsonar.projectKey=$REPO_NAME \ + -Dsonar.projectName=$REPO_NAME \ + -Dsonar.sources=. \ + -Dsonar.host.url=${{ secrets.SONARQUBE_HOST }} \ + -Dsonar.token=${{ secrets.SONARQUBE_TOKEN }} \ + -Dsonar.exclusions=node_modules/**,dist/**,coverage/** \ + -Dsonar.qualitygate.wait=true \ No newline at end of file