Skip to content

ci: add GitHub Actions CI/CD pipeline #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
premtsd-code wants to merge 2 commits into from
Closed

ci: add GitHub Actions CI/CD pipeline #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
630c9d3
ci: add GitHub Actions workflows, PR template, dependabot
premtsd-code Mar 17, 2026
78f113b
ci: make checks non-blocking until tests are added
premtsd-code Mar 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly

- package-ecosystem: docker
directory: /
schedule:
interval: weekly

- package-ecosystem: maven
directory: /api-gateway
schedule:
interval: weekly

- package-ecosystem: maven
directory: /user-service
schedule:
interval: weekly

- package-ecosystem: maven
directory: /post-service
schedule:
interval: weekly

- package-ecosystem: maven
directory: /connections-service
schedule:
interval: weekly

- package-ecosystem: maven
directory: /notification-service
schedule:
interval: weekly

- package-ecosystem: maven
directory: /uploader-service
schedule:
interval: weekly
30 changes: 30 additions & 0 deletions .github/pull_request_template.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
## Description
<!-- What does this PR do? -->

## Type of change
- [ ] Bug fix
- [ ] New feature
- [ ] Breaking change
- [ ] Documentation update

## Services affected
- [ ] api-gateway
- [ ] user-service
- [ ] post-service
- [ ] connections-service
- [ ] notification-service
- [ ] uploader-service
- [ ] config-server
- [ ] discovery-server

## Testing done
- [ ] Unit tests added/updated
- [ ] Integration tests added/updated
- [ ] Manually tested on DEV

## Checklist
- [ ] Tests pass locally
- [ ] Coverage above 70%
- [ ] No hardcoded credentials
- [ ] Flyway migration added if schema changed
- [ ] Swagger annotations added for new endpoints
122 changes: 122 additions & 0 deletions .github/workflows/develop-ci-cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
name: Develop CI/CD

on:
push:
branches: [develop]

jobs:

detect-changes:
name: Detect Changed Services
runs-on: ubuntu-latest
outputs:
api-gateway: ${{ steps.changes.outputs.api-gateway }}
user-service: ${{ steps.changes.outputs.user-service }}
post-service: ${{ steps.changes.outputs.post-service }}
connections-service: ${{ steps.changes.outputs.connections-service }}
notification-service: ${{ steps.changes.outputs.notification-service }}
uploader-service: ${{ steps.changes.outputs.uploader-service }}
config-server: ${{ steps.changes.outputs.config-server }}
discovery-server: ${{ steps.changes.outputs.discovery-server }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: changes
with:
filters: |
api-gateway:
- 'api-gateway/**'
user-service:
- 'user-service/**'
post-service:
- 'post-service/**'
connections-service:
- 'connections-service/**'
notification-service:
- 'notification-service/**'
uploader-service:
- 'uploader-service/**'
config-server:
- 'config-server/**'
discovery-server:
- 'discovery-server/**'

build-and-push:
name: Build and Push Images
runs-on: ubuntu-latest
needs: detect-changes
strategy:
matrix:
service:
- { name: api-gateway, changed: "${{ needs.detect-changes.outputs.api-gateway }}" }
- { name: user-service, changed: "${{ needs.detect-changes.outputs.user-service }}" }
- { name: post-service, changed: "${{ needs.detect-changes.outputs.post-service }}" }
- { name: connections-service, changed: "${{ needs.detect-changes.outputs.connections-service }}" }
- { name: notification-service, changed: "${{ needs.detect-changes.outputs.notification-service }}" }
- { name: uploader-service, changed: "${{ needs.detect-changes.outputs.uploader-service }}" }
- { name: config-server, changed: "${{ needs.detect-changes.outputs.config-server }}" }
- { name: discovery-server, changed: "${{ needs.detect-changes.outputs.discovery-server }}" }
steps:
- uses: actions/checkout@v4
if: matrix.service.changed == 'true'
- name: Set up JDK 17
if: matrix.service.changed == 'true'
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'corretto'
cache: maven
- name: Build service
if: matrix.service.changed == 'true'
run: cd ${{ matrix.service.name }} && mvn package -DskipTests
- name: Login to DockerHub
if: matrix.service.changed == 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASS }}
- name: Build and push image
if: matrix.service.changed == 'true'
uses: docker/build-push-action@v5
with:
context: ./${{ matrix.service.name }}
platforms: linux/amd64
push: true
tags: |
premtsd18/${{ matrix.service.name }}:develop
premtsd18/${{ matrix.service.name }}:develop-${{ github.sha }}

deploy-dev:
name: Deploy to DEV
runs-on: ubuntu-latest
needs: build-and-push
environment: development
steps:
- name: Deploy to Hetzner DEV
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HETZNER_IP }}
username: ${{ secrets.HETZNER_USER }}
key: ${{ secrets.HETZNER_SSH_KEY }}
script: |
cd ~/personal/linkedin
git pull origin develop
docker compose pull
docker compose up -d --remove-orphans
docker image prune -f
- name: Health check
run: |
sleep 30
curl -f http://${{ secrets.HETZNER_IP }}:10000/actuator/health
echo "DEV deployment successful ✅"
- name: Rollback on failure
if: failure()
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HETZNER_IP }}
username: ${{ secrets.HETZNER_USER }}
key: ${{ secrets.HETZNER_SSH_KEY }}
script: |
cd ~/personal/linkedin
docker compose up -d
echo "Rolled back ✅"
156 changes: 156 additions & 0 deletions .github/workflows/pr-checks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
name: PR Checks

on:
pull_request:
branches: [develop, main]

jobs:

detect-changes:
name: Detect Changed Services
runs-on: ubuntu-latest
outputs:
api-gateway: ${{ steps.changes.outputs.api-gateway }}
user-service: ${{ steps.changes.outputs.user-service }}
post-service: ${{ steps.changes.outputs.post-service }}
connections-service: ${{ steps.changes.outputs.connections-service }}
notification-service: ${{ steps.changes.outputs.notification-service }}
uploader-service: ${{ steps.changes.outputs.uploader-service }}
config-server: ${{ steps.changes.outputs.config-server }}
discovery-server: ${{ steps.changes.outputs.discovery-server }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: changes
with:
filters: |
api-gateway:
- 'api-gateway/**'
user-service:
- 'user-service/**'
post-service:
- 'post-service/**'
connections-service:
- 'connections-service/**'
notification-service:
- 'notification-service/**'
uploader-service:
- 'uploader-service/**'
config-server:
- 'config-server/**'
discovery-server:
- 'discovery-server/**'

unit-tests:
name: Unit Tests
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'corretto'
cache: maven
- name: Run unit tests
run: |
if [ -f "pom.xml" ]; then
mvn test -DskipIntegrationTests=true || true
else
echo "No root pom.xml found — skipping tests"
fi
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
continue-on-error: true
with:
name: unit-test-results
path: '**/target/surefire-reports/*.xml'

code-coverage:
name: Code Coverage
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'corretto'
cache: maven
- name: Run tests with coverage
run: |
if [ -f "pom.xml" ]; then
mvn verify jacoco:report -DskipIntegrationTests=true || true
else
echo "No root pom.xml — skipping coverage"
fi
- name: Upload coverage report
uses: actions/upload-artifact@v4
continue-on-error: true
with:
name: coverage-report
path: '**/target/site/jacoco/'

security-scan:
name: Security Scan
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'corretto'
cache: maven
- name: OWASP Dependency Check
run: |
if [ -f "pom.xml" ]; then
mvn dependency-check:check \
-DfailBuildOnCVSS=7 \
-DskipTestScope=true || true
else
echo "No root pom.xml — skipping OWASP"
fi
continue-on-error: true
- name: Upload OWASP report
uses: actions/upload-artifact@v4
if: always()
continue-on-error: true
with:
name: owasp-report
path: '**/target/dependency-check-report.html'

code-quality:
name: Code Quality
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'corretto'
cache: maven
- name: Checkstyle
run: |
if [ -f "pom.xml" ]; then
mvn checkstyle:check || true
else
echo "No root pom.xml — skipping checkstyle"
fi
continue-on-error: true
- name: SpotBugs
run: |
if [ -f "pom.xml" ]; then
mvn spotbugs:check || true
else
echo "No root pom.xml — skipping spotbugs"
fi
continue-on-error: true
Loading
Loading