name: Synapse CI/CD Pipeline
on:
push:
branches: [ main, develop ]
tags:
- 'v*'
pull_request:
branches: [ main, develop ]
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
jobs:
build:
name: Build and Test
runs-on: ubuntu-latest
services:
postgres:
image: postgres:13
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: synapse_test
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v3
- name: Cache Cargo dependencies
uses: actions/cache@v3
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y libssl-dev pkg-config libpq-dev protobuf-compiler
- name: Install stable toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
profile: minimal
override: true
components: clippy, rustfmt
- name: Install wasm-pack
uses: jetli/wasm-pack-action@v0.4.0
with:
version: 'latest'
- name: Check formatting
run: cargo fmt -- --check
- name: Clippy
run: cargo clippy -- -D warnings
- name: Build
run: cargo build --verbose
- name: Run tests
run: cargo test --verbose
env:
DATABASE_URL: postgres://postgres:postgres@localhost:5432/synapse_test
- name: Build WebAssembly package
run: |
cd wasm
wasm-pack build --target web
security-audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install cargo-audit
run: cargo install cargo-audit
- name: Run security audit
run: cargo audit
build-docker:
name: Build Docker Image
runs-on: ubuntu-latest
needs: [build, security-audit]
if: github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: synapsenetwork/synapse
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=sha,format=short
- name: Build and push Docker image
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
deploy-staging:
name: Deploy to Staging
runs-on: ubuntu-latest
needs: build-docker
if: github.ref == 'refs/heads/develop'
steps:
- name: Deploy to staging environment
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.STAGING_HOST }}
username: ${{ secrets.STAGING_USERNAME }}
key: ${{ secrets.STAGING_SSH_KEY }}
script: |
cd /opt/synapse
docker-compose pull
docker-compose up -d
deploy-production:
name: Deploy to Production
runs-on: ubuntu-latest
needs: build-docker
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: Deploy to production environment
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.PRODUCTION_HOST }}
username: ${{ secrets.PRODUCTION_USERNAME }}
key: ${{ secrets.PRODUCTION_SSH_KEY }}
script: |
cd /opt/synapse
docker-compose pull
docker-compose up -d