From 1e0886144ffa51e82b00d4d5a52a5ec7def0928a Mon Sep 17 00:00:00 2001 From: Marc Mintel Date: Mon, 2 Mar 2026 12:21:48 +0100 Subject: [PATCH] ci(qa): rewrite pipeline with 6 transparent inline jobs [skip ci] --- .gitea/workflows/qa.yml | 230 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 218 insertions(+), 12 deletions(-) diff --git a/.gitea/workflows/qa.yml b/.gitea/workflows/qa.yml index d2101463..80ba071a 100644 --- a/.gitea/workflows/qa.yml +++ b/.gitea/workflows/qa.yml @@ -5,16 +5,222 @@ on: - cron: '0 3 * * *' workflow_dispatch: +env: + TARGET_URL: 'https://testing.klz-cables.com' + PROJECT_NAME: 'klz-2026' + jobs: - call-qa-workflow: - uses: mmintel/at-mintel/.gitea/workflows/quality-assurance-template.yml@main - with: - TARGET_URL: 'https://testing.klz-cables.com' - PROJECT_NAME: 'klz-2026' - secrets: - GOTIFY_URL: ${{ secrets.GOTIFY_URL }} - GOTIFY_TOKEN: ${{ secrets.GOTIFY_TOKEN }} - GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'lassmichrein' }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - MINTEL_PRIVATE_TOKEN: ${{ secrets.MINTEL_PRIVATE_TOKEN }} - GITEA_PAT: ${{ secrets.GITEA_PAT }} + # ──────────────────────────────────────────────────── + # 1. Install & Cache Dependencies + # ──────────────────────────────────────────────────── + install: + name: 📦 Install + runs-on: docker + container: + image: catthehacker/ubuntu:act-latest + steps: + - uses: actions/checkout@v4 + - uses: pnpm/action-setup@v3 + with: + version: 10 + - uses: actions/setup-node@v4 + with: + node-version: 20 + - name: 🔐 Registry Auth + run: | + echo "@mintel:registry=https://git.infra.mintel.me/api/packages/mmintel/npm" > .npmrc + echo "//git.infra.mintel.me/api/packages/mmintel/npm/:_authToken=${{ secrets.NPM_TOKEN }}" >> .npmrc + - name: Install + run: | + pnpm store prune + pnpm install --no-frozen-lockfile + - name: Upload workspace + uses: actions/upload-artifact@v4 + with: + name: workspace + path: | + node_modules + .npmrc + retention-days: 1 + + # ──────────────────────────────────────────────────── + # 2. Static Checks (HTML, Assets, HTTP) + # ──────────────────────────────────────────────────── + static: + name: 🔍 Static Analysis + needs: install + runs-on: docker + container: + image: catthehacker/ubuntu:act-latest + steps: + - uses: actions/checkout@v4 + - uses: pnpm/action-setup@v3 + with: + version: 10 + - uses: actions/setup-node@v4 + with: + node-version: 20 + - uses: actions/download-artifact@v4 + with: + name: workspace + - name: 🌐 HTML Validation + env: + NEXT_PUBLIC_BASE_URL: ${{ env.TARGET_URL }} + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} + run: pnpm run check:html + - name: 🖼️ Broken Assets + env: + NEXT_PUBLIC_BASE_URL: ${{ env.TARGET_URL }} + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} + run: pnpm run check:assets + - name: 🔒 HTTP Headers + env: + NEXT_PUBLIC_BASE_URL: ${{ env.TARGET_URL }} + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} + run: pnpm run check:http + + # ──────────────────────────────────────────────────── + # 3. Accessibility (WCAG) + # ──────────────────────────────────────────────────── + a11y: + name: ♿ Accessibility + needs: install + runs-on: docker + container: + image: catthehacker/ubuntu:act-latest + steps: + - uses: actions/checkout@v4 + - uses: pnpm/action-setup@v3 + with: + version: 10 + - uses: actions/setup-node@v4 + with: + node-version: 20 + - uses: actions/download-artifact@v4 + with: + name: workspace + - name: 🔍 Install Chromium + run: | + apt-get update && apt-get install -y gnupg wget ca-certificates + CODENAME=$(. /etc/os-release && echo $VERSION_CODENAME) + mkdir -p /etc/apt/keyrings + wget -qO- "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x82BB6851C64F6880" | gpg --dearmor > /etc/apt/keyrings/xtradeb.gpg + echo "deb [signed-by=/etc/apt/keyrings/xtradeb.gpg] http://ppa.launchpad.net/xtradeb/apps/ubuntu $CODENAME main" > /etc/apt/sources.list.d/xtradeb-ppa.list + printf "Package: *\nPin: release o=LP-PPA-xtradeb-apps\nPin-Priority: 1001\n" > /etc/apt/preferences.d/xtradeb + apt-get update && apt-get install -y --allow-downgrades chromium + ln -sf /usr/bin/chromium /usr/bin/google-chrome + - name: ♿ WCAG Scan + continue-on-error: true + env: + NEXT_PUBLIC_BASE_URL: ${{ env.TARGET_URL }} + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} + run: pnpm run check:wcag + + # ──────────────────────────────────────────────────── + # 4. Performance (Lighthouse) + # ──────────────────────────────────────────────────── + lighthouse: + name: 🎭 Lighthouse + needs: install + runs-on: docker + container: + image: catthehacker/ubuntu:act-latest + steps: + - uses: actions/checkout@v4 + - uses: pnpm/action-setup@v3 + with: + version: 10 + - uses: actions/setup-node@v4 + with: + node-version: 20 + - uses: actions/download-artifact@v4 + with: + name: workspace + - name: 🔍 Install Chromium + run: | + apt-get update && apt-get install -y gnupg wget ca-certificates + CODENAME=$(. /etc/os-release && echo $VERSION_CODENAME) + mkdir -p /etc/apt/keyrings + wget -qO- "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x82BB6851C64F6880" | gpg --dearmor > /etc/apt/keyrings/xtradeb.gpg + echo "deb [signed-by=/etc/apt/keyrings/xtradeb.gpg] http://ppa.launchpad.net/xtradeb/apps/ubuntu $CODENAME main" > /etc/apt/sources.list.d/xtradeb-ppa.list + printf "Package: *\nPin: release o=LP-PPA-xtradeb-apps\nPin-Priority: 1001\n" > /etc/apt/preferences.d/xtradeb + apt-get update && apt-get install -y --allow-downgrades chromium + ln -sf /usr/bin/chromium /usr/bin/google-chrome + - name: 🎭 Desktop + env: + LHCI_URL: ${{ env.TARGET_URL }} + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} + run: pnpm run pagespeed:test -- --collect.settings.preset=desktop + - name: 📱 Mobile + env: + LHCI_URL: ${{ env.TARGET_URL }} + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} + run: pnpm run pagespeed:test -- --collect.settings.preset=mobile + + # ──────────────────────────────────────────────────── + # 5. Link Check & Dependency Audit + # ──────────────────────────────────────────────────── + links: + name: 🔗 Links & Deps + needs: install + runs-on: docker + container: + image: catthehacker/ubuntu:act-latest + steps: + - uses: actions/checkout@v4 + - uses: pnpm/action-setup@v3 + with: + version: 10 + - uses: actions/setup-node@v4 + with: + node-version: 20 + - uses: actions/download-artifact@v4 + with: + name: workspace + - name: 📦 Depcheck + continue-on-error: true + run: pnpm dlx depcheck --ignores="*eslint*,*typescript*,*tailwindcss*,*postcss*,*prettier*,*@types/*,*husky*,*lint-staged*,*@next/*,*@lhci/*,*commitlint*,*cspell*,*rimraf*,*@payloadcms/*,*start-server-and-test*,*html-validate*,*critters*,*dotenv*,*turbo*" + - name: 🔗 Lychee Link Check + uses: lycheeverse/lychee-action@v2 + with: + args: --accept 200,204,429 --timeout 15 content/ app/ public/ + fail: true + + # ──────────────────────────────────────────────────── + # 6. Notification + # ──────────────────────────────────────────────────── + notify: + name: 🔔 Notify + needs: [install, static, a11y, lighthouse, links] + if: always() + runs-on: docker + container: + image: catthehacker/ubuntu:act-latest + steps: + - name: 🔔 Gotify + shell: bash + run: | + INSTALL="${{ needs.install.result }}" + STATIC="${{ needs.static.result }}" + A11Y="${{ needs.a11y.result }}" + LIGHTHOUSE="${{ needs.lighthouse.result }}" + LINKS="${{ needs.links.result }}" + + if [[ "$INSTALL" != "success" || "$STATIC" != "success" || "$LIGHTHOUSE" != "success" ]]; then + PRIORITY=8 + EMOJI="🚨" + STATUS="Failed" + else + PRIORITY=2 + EMOJI="✅" + STATUS="Passed" + fi + + TITLE="$EMOJI ${{ env.PROJECT_NAME }} QA $STATUS" + MESSAGE="Install: $INSTALL | Static: $STATIC | A11y: $A11Y | Lighthouse: $LIGHTHOUSE | Links: $LINKS + ${{ env.TARGET_URL }}" + + curl -s -k -X POST "${{ secrets.GOTIFY_URL }}/message?token=${{ secrets.GOTIFY_TOKEN }}" \ + -F "title=$TITLE" \ + -F "message=$MESSAGE" \ + -F "priority=$PRIORITY" || true