From 323886443f78a37f5dafb46cd1bb22f19d0cc6e1 Mon Sep 17 00:00:00 2001 From: Marc Mintel Date: Wed, 25 Feb 2026 00:23:03 +0100 Subject: [PATCH] =?UTF-8?q?refactor:=20consolidate=20CI=20pipeline=20(9?= =?UTF-8?q?=E2=86=927=20jobs),=20remove=20continue-on-error=20from=20smoke?= =?UTF-8?q?=20test?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/deploy.yml | 182 +++++++++--------------------------- 1 file changed, 46 insertions(+), 136 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index b8335de2..2a466fac 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -365,12 +365,11 @@ jobs: run: docker builder prune -f --filter "until=1h" # ────────────────────────────────────────────────────────────────────────────── - # JOB 5: Smoke Test (OG Images) + # JOB 5: Post-Deploy Verification (Smoke Tests + Quality Gates) # ────────────────────────────────────────────────────────────────────────────── - smoke_test: - name: 🧪 Smoke Test + post_deploy_checks: + name: 🧪 Post-Deploy Verification needs: [prepare, deploy] - continue-on-error: true if: needs.deploy.result == 'success' && needs.prepare.outputs.target != 'branch' runs-on: docker container: @@ -392,24 +391,52 @@ jobs: echo "//${{ vars.REGISTRY_HOST || 'npm.infra.mintel.me' }}/:_authToken=${{ secrets.REGISTRY_PASS }}" >> .npmrc - name: Install dependencies run: pnpm install --frozen-lockfile - - name: 🚀 Run OG Image Check + + # ── Critical Smoke Tests (MUST pass) ────────────────────────────────── + - name: 🚀 OG Image Check env: TEST_URL: ${{ needs.prepare.outputs.next_public_url }} run: pnpm run check:og - - name: 🌐 Run Full Sitemap HTTP Validation + - name: 🌐 Full Sitemap HTTP Validation env: NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} run: pnpm run check:http + # ── Quality Gates (informational, don't block pipeline) ─────────────── + - name: 🌐 HTML DOM Validation + continue-on-error: true + env: + NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} + run: pnpm check:html + - name: 🔒 Security Headers Scan + continue-on-error: true + env: + NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} + run: pnpm check:security + - name: 🔗 Lychee Deep Link Crawl + continue-on-error: true + env: + NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} + run: pnpm check:links + - name: 🖼️ Dynamic Asset & Image Integrity Scan + continue-on-error: true + env: + NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} + run: pnpm check:assets + # ────────────────────────────────────────────────────────────────────────────── - # JOB 6: Lighthouse (Performance & Accessibility) + # JOB 6: Performance & Accessibility (Lighthouse + WCAG) # ────────────────────────────────────────────────────────────────────────────── - lighthouse: - name: ⚡ Lighthouse - needs: [prepare, deploy, smoke_test] + performance: + name: ⚡ Performance & Accessibility + needs: [prepare, post_deploy_checks] continue-on-error: true - if: success() && needs.prepare.outputs.target != 'skip' && needs.prepare.outputs.target != 'branch' + if: needs.post_deploy_checks.result == 'success' && needs.prepare.outputs.target != 'branch' runs-on: docker container: image: catthehacker/ubuntu:act-latest @@ -424,7 +451,6 @@ jobs: uses: actions/setup-node@v4 with: node-version: 20 - - name: 🔐 Registry Auth run: | echo "@mintel:registry=https://${{ vars.REGISTRY_HOST || 'npm.infra.mintel.me' }}" > .npmrc @@ -465,78 +491,14 @@ jobs: # Standardize binary paths [ -f /usr/bin/chromium ] && ln -sf /usr/bin/chromium /usr/bin/google-chrome [ -f /usr/bin/chromium ] && ln -sf /usr/bin/chromium /usr/bin/chromium-browser - - name: ⚡ Run Lighthouse CI + - name: ⚡ Lighthouse CI env: NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} CHROME_PATH: /usr/bin/chromium PAGESPEED_LIMIT: 8 run: pnpm run pagespeed:test - - # ────────────────────────────────────────────────────────────────────────────── - # JOB 7: WCAG Audit - # ────────────────────────────────────────────────────────────────────────────── - wcag: - name: ♿ WCAG - needs: [prepare, deploy, smoke_test, lighthouse] - continue-on-error: true - if: success() && needs.prepare.outputs.target != 'skip' && needs.prepare.outputs.target != 'branch' - runs-on: docker - container: - image: catthehacker/ubuntu:act-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Setup pnpm - uses: pnpm/action-setup@v3 - with: - version: 10 - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: 🔐 Registry Auth - run: | - echo "@mintel:registry=https://${{ vars.REGISTRY_HOST || 'npm.infra.mintel.me' }}" > .npmrc - echo "//${{ vars.REGISTRY_HOST || 'npm.infra.mintel.me' }}/:_authToken=${{ secrets.REGISTRY_PASS }}" >> .npmrc - - name: Install dependencies - run: pnpm install --frozen-lockfile - - name: 🔍 Install Chromium (Native & ARM64) - run: | - rm -f /etc/apt/apt.conf.d/docker-clean - apt-get update - apt-get install -y gnupg wget ca-certificates - - # Detect OS - OS_ID=$(. /etc/os-release && echo $ID) - CODENAME=$(. /etc/os-release && echo $VERSION_CODENAME) - - if [ "$OS_ID" = "debian" ]; then - echo "🎯 Debian detected - installing native chromium" - apt-get install -y chromium - else - echo "🎯 Ubuntu detected - adding xtradeb PPA" - mkdir -p /etc/apt/keyrings - KEY_ID="82BB6851C64F6880" - - # Fetch PPA key - wget -qO- "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x$KEY_ID" | gpg --dearmor > /etc/apt/keyrings/xtradeb.gpg - - # Add PPA repository - echo "deb [signed-by=/etc/apt/keyrings/xtradeb.gpg] http://ppa.launchpad.net/xtradeb/apps/ubuntu $CODENAME main" > /etc/apt/sources.list.d/xtradeb-ppa.list - - # PRIORITY PINNING: Force PPA over Snap-dummy - printf "Package: *\nPin: release o=LP-PPA-xtradeb-apps\nPin-Priority: 1001\n" > /etc/apt/preferences.d/xtradeb - - apt-get update - apt-get install -y --allow-downgrades chromium - fi - - # Standardize binary paths - [ -f /usr/bin/chromium ] && ln -sf /usr/bin/chromium /usr/bin/google-chrome - [ -f /usr/bin/chromium ] && ln -sf /usr/bin/chromium /usr/bin/chromium-browser - - name: ♿ Run WCAG Audit + - name: ♿ WCAG Audit env: NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} @@ -545,76 +507,24 @@ jobs: run: pnpm run check:wcag # ────────────────────────────────────────────────────────────────────────────── - # JOB 9: Quality Assertions - # ────────────────────────────────────────────────────────────────────────────── - quality_assertions: - name: 🛡️ Quality Gates - needs: [prepare, deploy, smoke_test, lighthouse, wcag] - continue-on-error: true - if: success() && needs.prepare.outputs.target != 'skip' && needs.prepare.outputs.target != 'branch' - runs-on: docker - container: - image: catthehacker/ubuntu:act-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Setup pnpm - uses: pnpm/action-setup@v3 - with: - version: 10 - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - name: 🔐 Registry Auth - run: | - echo "@mintel:registry=https://${{ vars.REGISTRY_HOST || 'npm.infra.mintel.me' }}" > .npmrc - echo "//${{ vars.REGISTRY_HOST || 'npm.infra.mintel.me' }}/:_authToken=${{ secrets.REGISTRY_PASS }}" >> .npmrc - - name: Install dependencies - run: pnpm install --frozen-lockfile - - name: 🌐 HTML DOM Validation - env: - NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} - GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} - run: pnpm check:html - - name: 🔒 Security Headers Scan - env: - NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} - GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} - run: pnpm check:security - - name: 🔗 Lychee Deep Link Crawl - env: - NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} - GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} - run: pnpm check:links - - name: 🖼️ Dynamic Asset & Image Integrity Scan - env: - NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} - GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} - run: pnpm check:assets - - # ────────────────────────────────────────────────────────────────────────────── - # JOB 10: Notifications + # JOB 7: Notifications # ────────────────────────────────────────────────────────────────────────────── notifications: name: 🔔 Notify - needs: [prepare, deploy, smoke_test, lighthouse, wcag, quality_assertions] + needs: [prepare, deploy, post_deploy_checks, performance] if: always() runs-on: docker container: image: catthehacker/ubuntu:act-latest steps: - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - name: 🔔 Gotify run: | STATUS="${{ needs.deploy.result }}" - TITLE="klz-cables.com: $STATUS" - [[ "$STATUS" == "success" ]] && PRIORITY=5 || PRIORITY=8 + SMOKE="${{ needs.post_deploy_checks.result }}" + TITLE="klz-cables.com: deploy=$STATUS smoke=$SMOKE" + [[ "$STATUS" == "success" && "$SMOKE" == "success" ]] && PRIORITY=5 || PRIORITY=8 curl -s -k -X POST "${{ secrets.GOTIFY_URL }}/message?token=${{ secrets.GOTIFY_TOKEN }}" \ -F "title=$TITLE" \ - -F "message=Deploy to ${{ needs.prepare.outputs.target }} finished with status $STATUS.\nVersion: ${{ needs.prepare.outputs.image_tag }}" \ + -F "message=Deploy to ${{ needs.prepare.outputs.target }} finished.\nDeploy: $STATUS | Smoke: $SMOKE\nVersion: ${{ needs.prepare.outputs.image_tag }}" \ -F "priority=$PRIORITY" || true