factifai-mcp-server/.github/workflows/ci-cd.yml at main · presidio-oss/factifai-mcp-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: CI/CD

on:
  push:
    branches: [main, release, rc]
  pull_request:
    branches: [main, release, rc]
  workflow_dispatch:
    inputs:
      target_branch:
        description: 'Target branch for release'
        required: true
        default: 'release'
        type: choice
        options:
          - release
          - rc
      release_type:
        description: 'Release type'
        required: true
        default: 'stable'
        type: choice
        options:
          - stable
          - rc
      skip_lint:
        description: 'Skip lint check (emergency releases only)'
        required: false
        type: boolean
        default: false

permissions:
  contents: write
  packages: write
  checks: write
  pull-requests: write
  id-token: write
  attestations: write

jobs:
  ci-cd:
    name: CI/CD Pipeline
    runs-on: ubuntu-latest
    environment: ${{ ((github.event_name == 'push' && (github.ref == 'refs/heads/release' || github.ref == 'refs/heads/rc')) || (github.event_name == 'workflow_dispatch')) && 'production' || null }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          # Smart fetch: full history for releases (changelog), shallow for others
          fetch-depth: ${{ ((github.event_name == 'push' && (github.ref == 'refs/heads/release' || github.ref == 'refs/heads/rc')) || (github.event_name == 'workflow_dispatch' && inputs.release_type != 'skip')) && 0 || 1 }}
          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.target_branch || github.ref }}

      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
          bun-version: 1.2.15

      - name: Cache Dependencies
        uses: actions/cache@v4
        with:
          path: ~/.bun/install/cache
          key: ${{ runner.os }}-bun-${{ hashFiles('**/package.json', '**/bun.lock') }}
          restore-keys: |
            ${{ runner.os }}-bun-

      - name: Install Dependencies
        run: bun install

      - name: Lint & Build (Parallel)
        run: |
          if [ "${{ github.event_name == 'workflow_dispatch' && inputs.skip_lint == true }}" = "true" ]; then
            echo "⚠️ Skipping lint check (emergency release mode)"
            echo "🔨 Running build only..."
            bun run build
          else
            echo "🚀 Running lint and build in parallel..."
            bun run format:check &
            LINT_PID=$!
            bun run build &
            BUILD_PID=$!

            # Wait for both processes and capture exit codes
            wait $LINT_PID
            LINT_EXIT=$?
            wait $BUILD_PID
            BUILD_EXIT=$?

            # Check if either failed
            if [ $LINT_EXIT -ne 0 ]; then
              echo "❌ Lint failed"
              exit $LINT_EXIT
            fi

            if [ $BUILD_EXIT -ne 0 ]; then
              echo "❌ Build failed"
              exit $BUILD_EXIT
            fi

            echo "✅ Lint and build completed successfully"
          fi

      - name: Attest Build Artifacts
        if: |
          (github.event_name == 'push' && (github.ref == 'refs/heads/release' || github.ref == 'refs/heads/rc')) ||
          (github.event_name == 'workflow_dispatch' && inputs.release_type != 'skip')
        uses: actions/attest-build-provenance@v2
        with:
          subject-path: 'dist/*'

      - name: Release
        if: |
          (github.event_name == 'push' && (github.ref == 'refs/heads/release' || github.ref == 'refs/heads/rc')) ||
          (github.event_name == 'workflow_dispatch' && inputs.release_type != 'skip')
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
        run: |
          echo "🔧 Configuring git and npm..."
          git config --global user.email "github-actions[bot]@users.noreply.github.com"
          git config --global user.name "github-actions[bot]"
          echo "//registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN" >> ~/.npmrc

          # Determine release type (automatic vs manual)
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            echo "📋 Manual release triggered:"
            echo "  - Target branch: ${{ inputs.target_branch }}"
            echo "  - Release type: ${{ inputs.release_type }}"

            if [ "${{ inputs.release_type }}" = "stable" ]; then
              echo "🚀 Releasing stable version..."
              bun run release:ci
            elif [ "${{ inputs.release_type }}" = "rc" ]; then
              echo "🚀 Releasing RC version..."
              bun run release:rc:ci
            fi
          else
            echo "🤖 Automatic release triggered by push"
            if [ "${{ github.ref }}" = "refs/heads/release" ]; then
              echo "🚀 Releasing stable version..."
              bun run release:ci
            elif [ "${{ github.ref }}" = "refs/heads/rc" ]; then
              echo "🚀 Releasing RC version..."
              bun run release:rc:ci
            fi
          fi