Jason Woltje
4b943fb997
- Add docker-build-api, docker-build-web, docker-build-postgres steps - Images pushed to reg.diversecanvas.com/mosaic/* on main/develop - Create docker-compose.prod.yml for production deployments - Add .env.prod.example with production configuration Requires Harbor secrets in Woodpecker: - harbor_username - harbor_password Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
154 lines
3.4 KiB
YAML
154 lines
3.4 KiB
YAML
# Woodpecker CI Quality Enforcement Pipeline - Monorepo
|
|
when:
|
|
- event: [push, pull_request, manual]
|
|
|
|
variables:
|
|
- &node_image "node:20-alpine"
|
|
- &install_deps |
|
|
corepack enable
|
|
pnpm install --frozen-lockfile
|
|
- &use_deps |
|
|
corepack enable
|
|
|
|
steps:
|
|
install:
|
|
image: *node_image
|
|
commands:
|
|
- *install_deps
|
|
|
|
security-audit:
|
|
image: *node_image
|
|
commands:
|
|
- *use_deps
|
|
- pnpm audit --audit-level=high
|
|
depends_on:
|
|
- install
|
|
|
|
lint:
|
|
image: *node_image
|
|
environment:
|
|
SKIP_ENV_VALIDATION: "true"
|
|
commands:
|
|
- *use_deps
|
|
- pnpm lint || true # Non-blocking while fixing legacy code
|
|
depends_on:
|
|
- install
|
|
when:
|
|
- evaluate: 'CI_PIPELINE_EVENT != "pull_request" || CI_COMMIT_BRANCH != "main"'
|
|
|
|
prisma-generate:
|
|
image: *node_image
|
|
environment:
|
|
SKIP_ENV_VALIDATION: "true"
|
|
commands:
|
|
- *use_deps
|
|
- pnpm --filter "@mosaic/api" prisma:generate
|
|
depends_on:
|
|
- install
|
|
|
|
typecheck:
|
|
image: *node_image
|
|
environment:
|
|
SKIP_ENV_VALIDATION: "true"
|
|
commands:
|
|
- *use_deps
|
|
- pnpm typecheck
|
|
depends_on:
|
|
- prisma-generate
|
|
|
|
test:
|
|
image: *node_image
|
|
environment:
|
|
SKIP_ENV_VALIDATION: "true"
|
|
commands:
|
|
- *use_deps
|
|
- pnpm test || true # Non-blocking while fixing legacy tests
|
|
depends_on:
|
|
- prisma-generate
|
|
|
|
build:
|
|
image: *node_image
|
|
environment:
|
|
SKIP_ENV_VALIDATION: "true"
|
|
NODE_ENV: "production"
|
|
commands:
|
|
- *use_deps
|
|
- pnpm build
|
|
depends_on:
|
|
- typecheck # Only block on critical checks
|
|
- security-audit
|
|
- prisma-generate
|
|
|
|
# ======================
|
|
# Docker Build & Push (main/develop only)
|
|
# ======================
|
|
# Requires secrets: harbor_username, harbor_password
|
|
|
|
docker-build-api:
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
settings:
|
|
registry: reg.diversecanvas.com
|
|
repo: reg.diversecanvas.com/mosaic/api
|
|
dockerfile: apps/api/Dockerfile
|
|
context: .
|
|
platforms:
|
|
- linux/amd64
|
|
tags:
|
|
- "${CI_COMMIT_SHA:0:8}"
|
|
- latest
|
|
username:
|
|
from_secret: harbor_username
|
|
password:
|
|
from_secret: harbor_password
|
|
when:
|
|
- branch: [main, develop]
|
|
event: push
|
|
depends_on:
|
|
- build
|
|
|
|
docker-build-web:
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
settings:
|
|
registry: reg.diversecanvas.com
|
|
repo: reg.diversecanvas.com/mosaic/web
|
|
dockerfile: apps/web/Dockerfile
|
|
context: .
|
|
platforms:
|
|
- linux/amd64
|
|
build_args:
|
|
- NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev
|
|
tags:
|
|
- "${CI_COMMIT_SHA:0:8}"
|
|
- latest
|
|
username:
|
|
from_secret: harbor_username
|
|
password:
|
|
from_secret: harbor_password
|
|
when:
|
|
- branch: [main, develop]
|
|
event: push
|
|
depends_on:
|
|
- build
|
|
|
|
docker-build-postgres:
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
settings:
|
|
registry: reg.diversecanvas.com
|
|
repo: reg.diversecanvas.com/mosaic/postgres
|
|
dockerfile: docker/postgres/Dockerfile
|
|
context: docker/postgres
|
|
platforms:
|
|
- linux/amd64
|
|
tags:
|
|
- "${CI_COMMIT_SHA:0:8}"
|
|
- latest
|
|
username:
|
|
from_secret: harbor_username
|
|
password:
|
|
from_secret: harbor_password
|
|
when:
|
|
- branch: [main, develop]
|
|
event: push
|
|
depends_on:
|
|
- build
|