Optimize CI/CD pipeline architecture (#434)

Author: jjalan

.github/workflows/cd.yml

@@ -0,0 +1,62 @@
+name: cd
+
+on:
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+
+jobs:
+  deploy:
+    if: github.event.pull_request.state == 'open' && github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    concurrency:
+      group: cd-preview-${{ github.event.pull_request.head.ref }}
+      cancel-in-progress: true
+    steps:
+      - name: Checkout app
+        uses: actions/checkout@v3
+        with:
+          path: app
+
+      - name: Checkout github-ci
+        uses: actions/checkout@v3
+        with:
+          repository: jalantechnologies/github-ci
+          path: platform
+          ref: v3.2.5
+
+      - name: Extract branch name
+        id: extract_branch
+        run: |
+          BRANCH_NAME=$(echo ${{ github.event.pull_request.head.ref }} | sed -e 's/^refs\/heads\///g')
+          BRANCH_HASH=$(sha1sum < <(printf '%s' $BRANCH_NAME) | cut -c -15)
+          echo "branch_hash=$(echo $BRANCH_HASH)" >> $GITHUB_OUTPUT
+
+      - name: Build Docker image
+        id: build
+        uses: ./platform/.github/actions/build
+        with:
+          app_name: flask-react-template
+          tag: ${{ steps.extract_branch.outputs.branch_hash }}
+          build_args: APP_ENV=preview
+          context: app/.
+          docker_registry: ${{ vars.DOCKER_REGISTRY }}
+          docker_username: ${{ vars.DOCKER_USERNAME }}
+          docker_password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Deploy to preview
+        uses: ./platform/.github/actions/deploy
+        with:
+          app_name: flask-react-template
+          app_env: preview
+          app_hostname: '{1}.preview.platform.bettrhq.com'
+          branch: ${{ github.event.pull_request.head.ref }}
+          deploy_id: ${{ github.run_number }}
+          deploy_root: app/lib/kube
+          deploy_labels: gh/pr=${{ github.event.number }}
+          deploy_image: ${{ steps.build.outputs.image_ref }}
+          docker_registry: ${{ vars.DOCKER_REGISTRY }}
+          docker_username: ${{ vars.DOCKER_USERNAME }}
+          docker_password: ${{ secrets.DOCKER_PASSWORD }}
+          do_access_token: ${{ secrets.DO_ACCESS_TOKEN }}
+          do_cluster_id: ${{ vars.DO_CLUSTER_ID }}
+          doppler_token: ${{ secrets.DOPPLER_PREVIEW_TOKEN }}

.github/workflows/ci.yml

@@ -0,0 +1,110 @@
+name: ci
+
+on:
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+
+jobs:
+  lint:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22.13.1'
+          cache: 'npm'
+
+      - name: Install pipenv
+        run: pip install pipenv
+
+      - name: Install Python dependencies
+        run: pipenv install --dev --deploy
+
+      - name: Install Node dependencies
+        run: npm ci
+
+      - name: Run linting
+        run: npm run lint
+
+  sonarqube:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Get github-ci version
+        id: ci_version
+        run: |
+          # Extract version from cd.yml workflow
+          workflow_yaml=$(cat .github/workflows/cd.yml)
+          uses_data=$(echo "$workflow_yaml" | grep 'jalantechnologies/github-ci')
+          tag=$(echo $uses_data | sed -n 's/.*@\(.*\)/\1/p')
+          echo "version=$(echo $tag)" >> $GITHUB_OUTPUT
+
+      - name: Checkout github-ci
+        uses: actions/checkout@v3
+        with:
+          repository: jalantechnologies/github-ci
+          path: platform
+          ref: ${{ steps.ci_version.outputs.version }}
+
+      - name: Run SonarQube analysis
+        uses: ./platform/.github/actions/analyze
+        with:
+          sonar_host_url: ${{ vars.SONAR_HOST_URL }}
+          sonar_token: ${{ secrets.SONAR_TOKEN }}
+          branch: ${{ github.head_ref }}
+          branch_base: main
+          pull_request_number: ${{ github.event.number }}
+
+  review:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Placeholder for code review
+        run: |
+          echo "Code review placeholder"
+          echo "Future implementation: AI-powered review for architecture, security, and best practices"
+
+  test:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run integration tests
+        run: docker compose -f docker-compose.test.yml up --exit-code-from app
+
+      - name: Coverage report
+        continue-on-error: true
+        uses: irongut/[email protected]
+        with:
+          filename: output/coverage.xml
+          badge: true
+          fail_below_min: true
+          format: markdown
+          hide_branch_rate: false
+          hide_complexity: true
+          indicators: true
+          output: both
+          thresholds: '60 80'
+
+      - name: Add coverage PR comment
+        continue-on-error: true
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          recreate: true
+          path: code-coverage-results.md

.github/workflows/clean_on_pr_closed.yml renamed to .github/workflows/clean.yml

@@ -1,4 +1,4 @@
-name: clean_on_pr_closed
+name: clean
 
 on:
   pull_request_target:
@@ -11,8 +11,8 @@ jobs:
       group: ci-preview-${{ github.event.pull_request.head.ref }}
       cancel-in-progress: true
     with:
-      hosting_provider: ${{ vars.HOSTING_PROVIDER }} # 'DIGITAL_OCEAN' or 'AWS'
-      app_name: flask-react-app
+      hosting_provider: ${{ vars.HOSTING_PROVIDER }}
+      app_name: flask-react-template
       app_env: preview
       branch: ${{ github.event.pull_request.head.ref }}
       docker_registry: ${{ vars.DOCKER_REGISTRY }}

.github/workflows/clean_on_delete.yml

@@ -1,33 +1,54 @@
-name: permanent_preview
+name: cd_permanent_preview
 
 on:
   push:
     branches:
       - main
 
 jobs:
-  permanent_preview:
-    uses: jalantechnologies/github-ci/.github/workflows/[email protected]
+  deploy:
+    runs-on: ubuntu-latest
     concurrency:
-      group: ci-permanent-preview
+      group: cd-permanent-preview
       cancel-in-progress: true
-    with:
-      hosting_provider: ${{ vars.HOSTING_PROVIDER }} # 'DIGITAL_OCEAN' or 'AWS'
-      app_name: flask-react-app
-      app_env: preview
-      app_hostname: preview.flask-react-template.platform.bettrhq.com
-      branch: main
-      checks: "['npm:coverage', 'npm:lint', 'compose:test']"
-      docker_registry: ${{ vars.DOCKER_REGISTRY }}
-      docker_username: ${{ vars.DOCKER_USERNAME }}
-      aws_cluster_name: ${{ vars.AWS_CLUSTER_NAME }}
-      aws_region: ${{ vars.AWS_REGION }}
-      sonar_host_url: ${{ vars.SONAR_HOST_URL }}
-      do_cluster_id: ${{ vars.DO_CLUSTER_ID }}
-    secrets:
-      docker_password: ${{ secrets.DOCKER_PASSWORD }}
-      doppler_token: ${{ secrets.DOPPLER_PREVIEW_TOKEN }}
-      aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      do_access_token: ${{ secrets.DO_ACCESS_TOKEN }}
-      sonar_token: ${{ secrets.SONAR_TOKEN }}
+    steps:
+      - name: Checkout app
+        uses: actions/checkout@v3
+        with:
+          path: app
+
+      - name: Checkout github-ci
+        uses: actions/checkout@v3
+        with:
+          repository: jalantechnologies/github-ci
+          path: platform
+          ref: v3.2.5
+
+      - name: Build Docker image
+        id: build
+        uses: ./platform/.github/actions/build
+        with:
+          app_name: flask-react-template
+          tag: preview
+          context: app/.
+          docker_registry: ${{ vars.DOCKER_REGISTRY }}
+          docker_username: ${{ vars.DOCKER_USERNAME }}
+          docker_password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Deploy to permanent preview
+        uses: ./platform/.github/actions/deploy
+        with:
+          app_name: flask-react-template
+          app_env: preview
+          app_hostname: preview.flask-react-template.platform.bettrhq.com
+          branch: main
+          deploy_id: ${{ github.run_number }}
+          deploy_root: app/lib/kube
+          deploy_labels: gh/env=preview
+          deploy_image: ${{ steps.build.outputs.image_ref }}
+          docker_registry: ${{ vars.DOCKER_REGISTRY }}
+          docker_username: ${{ vars.DOCKER_USERNAME }}
+          docker_password: ${{ secrets.DOCKER_PASSWORD }}
+          do_access_token: ${{ secrets.DO_ACCESS_TOKEN }}
+          do_cluster_id: ${{ vars.DO_CLUSTER_ID }}
+          doppler_token: ${{ secrets.DOPPLER_PREVIEW_TOKEN }}