Nicholai/united-tattoo
1
1
Fork 0
Code Issues 24 Pull Requests Actions 2 Packages Projects Releases Wiki Activity
united-tattoo/docs/CI-CD-PIPELINE.md

445 lines
11 KiB
Markdown
Raw Permalink Blame History

# CI/CD Pipeline Documentation
## Overview
This document describes the comprehensive CI/CD pipeline for the United Tattoo website, built with Next.js and deployed to Cloudflare Workers via Gitea Actions.
---
## 🚀 Pipeline Architecture
### Workflow Files
1. **`enhanced-ci.yaml`** - Main CI/CD pipeline with quality gates
2. **`deploy.yaml`** - Deployment pipeline with manual triggers
3. **`security.yaml`** - Security scanning and dependency checks
4. **`performance.yaml`** - Performance monitoring and Lighthouse audits
### Pipeline Stages
```
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Quality Gates │ │ Build & Test │ │ Deploy │
│ │ │ │ │ │
│ • Lint & Format │───▶│ • Build App │───▶│ • Preview │
│ • Security Scan │ │ • Unit Tests │ │ • Production │
│ • Type Check │ │ • Coverage │ │ • Health Check │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
▼ ▼ ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Post-Deploy │ │ Performance │ │ Monitoring │
│ │ │ │ │ │
│ • Lighthouse │ │ • Bundle Size │ │ • Core Web Vitals│
│ • SEO Check │ │ • Budget Check │ │ • Security Headers│
│ • Health Check │ │ • Performance │ │ • Uptime Monitor │
└─────────────────┘ └─────────────────┘ └─────────────────┘
```
---
## 📋 Workflow Details
### 1. Enhanced CI Pipeline (`enhanced-ci.yaml`)
**Triggers:**
- Push to `main`, `master`, or `ci-run-*` branches
- Pull requests to `main`/`master`
- Manual workflow dispatch
**Jobs:**
#### Quality Gates
- **Code Quality**: ESLint, TypeScript check, format validation
- **Security Scan**: Dependency audit, license check, outdated packages
- **Tests**: Unit tests with coverage reporting
#### Build & Deploy
- **Build**: Next.js build with OpenNext Cloudflare adapter
- **Deploy Preview**: Automatic deployment for PRs
- **Deploy Production**: Deployment to production environment
#### Post-Deployment
- **Lighthouse CI**: Performance audit
- **SEO Check**: Metadata validation
- **Security Headers**: Security configuration check
### 2. Deployment Pipeline (`deploy.yaml`)
**Features:**
- Manual deployment triggers
- Environment selection (preview/production)
- Emergency deployment options
- Rollback capability
- Health checks and verification
**Deployment Flow:**
1. Pre-deployment checks (optional)
2. Build application
3. Database migrations (production only)
4. Deploy to Cloudflare
5. Health check verification
6. Performance validation
7. SEO verification
### 3. Security Pipeline (`security.yaml`)
**Security Checks:**
- **Dependency Scan**: npm audit, license check, outdated packages
- **Code Security**: ESLint security rules, hardcoded secrets check
- **Container Security**: Dockerfile security analysis
- **Security Report**: Comprehensive security status report
**Scheduled Runs:**
- Daily security scans at 3 AM UTC
- Automatic vulnerability detection
- License compliance checking
### 4. Performance Pipeline (`performance.yaml`)
**Performance Monitoring:**
- **Lighthouse Audit**: Performance, accessibility, SEO scores
- **Bundle Analysis**: Bundle size monitoring, budget enforcement
- **Core Web Vitals**: LCP, FID, CLS monitoring
- **SEO Performance**: Meta tags, structured data validation
**Scheduled Runs:**
- Daily performance checks at 4 AM UTC
- Performance regression detection
- SEO compliance monitoring
---
## 🔧 Configuration
### Environment Variables
**Required:**
```bash
CLOUDFLARE_ACCOUNT_ID=5cee6a21cea282a9c89d5297964402e7
CLOUDFLARE_API_TOKEN=your-cloudflare-api-token
```
**Optional:**
```bash
TOTAL_STATIC_MAX_BYTES=3000000
MAX_ASSET_BYTES=1500000
LHCI_GITHUB_APP_TOKEN=your-lighthouse-ci-token
```
### Secrets
Configure these in your Gitea repository settings:
1. **`CLOUDFLARE_API_TOKEN`** - Cloudflare API token with Pages permissions
2. **`LHCI_GITHUB_APP_TOKEN`** - Lighthouse CI token (optional)
### Variables
Set these in your Gitea repository variables:
1. **`CLOUDFLARE_ACCOUNT_ID`** - Your Cloudflare account ID
2. **`TOTAL_STATIC_MAX_BYTES`** - Maximum total static assets size
3. **`MAX_ASSET_BYTES`** - Maximum individual asset size
---
## 📊 Quality Gates
### Code Quality
- ✅ ESLint passes with no errors
- ✅ TypeScript compilation successful
- ✅ Code formatting consistent
- ✅ No security vulnerabilities (critical/high)
### Performance
- ✅ Lighthouse Performance score ≥ 80
- ✅ Lighthouse SEO score ≥ 90
- ✅ Bundle size under budget limits
- ✅ Core Web Vitals within thresholds
### Security
- ✅ No critical dependency vulnerabilities
- ✅ Approved licenses only
- ✅ No hardcoded secrets
- ✅ Security headers present
---
## 🚀 Deployment Process
### Automatic Deployments
**Pull Requests:**
- Automatic preview deployment
- Quality gates must pass
- Performance checks run
- Security scan executed
**Main Branch:**
- Automatic production deployment
- All quality gates enforced
- Database migrations (if needed)
- Health checks performed
### Manual Deployments
**Via Gitea UI:**
1. Go to Actions → Deploy
2. Select environment (preview/production)
3. Choose deployment options
4. Monitor deployment progress
**Via CLI:**
```bash
# Deploy to preview
npm run deploy:preview
# Deploy to production
npm run deploy:production
```
### Emergency Deployments
**Skip Tests:**
- Use `skip_tests: true` option
- Bypasses quality gates
- Use only for critical fixes
**Force Deploy:**
- Use `force_deploy: true` option
- Deploys even if checks fail
- Use with extreme caution
---
## 📈 Monitoring & Reporting
### Performance Monitoring
**Lighthouse Scores:**
- Performance: Target ≥ 80
- Accessibility: Target ≥ 90
- Best Practices: Target ≥ 80
- SEO: Target ≥ 90
**Core Web Vitals:**
- LCP (Largest Contentful Paint): Target < 2.5s
- FID (First Input Delay): Target < 100ms
- CLS (Cumulative Layout Shift): Target < 0.1
**Bundle Size:**
- Total static assets: Target < 3MB
- Individual assets: Target < 1.5MB
### Security Monitoring
**Dependency Security:**
- Critical vulnerabilities: 0 allowed
- High vulnerabilities: Monitor closely
- Moderate vulnerabilities: Review regularly
**License Compliance:**
- Approved licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, Unlicense, CC0-1.0
- All other licenses: Manual review required
### SEO Monitoring
**Required Elements:**
- Open Graph tags present
- Twitter Card tags present
- JSON-LD structured data
- Canonical URLs
- Meta descriptions
**Performance:**
- Page load time < 2s
- Mobile-friendly
- HTTPS enabled
- Security headers present
---
## 🛠️ Local Development
### Pre-commit Hooks
Install pre-commit hooks:
```bash
npm install -g husky lint-staged
npx husky install
npx husky add .husky/pre-commit "npx lint-staged"
```
### Local Testing
**Run Quality Checks:**
```bash
npm run ci:lint # ESLint
npm run ci:typecheck # TypeScript
npm run ci:test # Unit tests
npm run ci:build # Build check
```
**Run Security Checks:**
```bash
npm run security:audit # Dependency audit
npm run security:outdated # Check outdated packages
```
**Run Performance Checks:**
```bash
npm run performance:bundle # Bundle analysis
npm run performance:lighthouse # Lighthouse audit
```
### Local Deployment
**Preview Deployment:**
```bash
npm run pages:build
npm run preview
```
**Production Deployment:**
```bash
CLOUDFLARE_ACCOUNT_ID=your-account-id npm run deploy:production
```
---
## 🔍 Troubleshooting
### Common Issues
**Build Failures:**
- Check Node.js version (requires 20.x)
- Verify all dependencies installed
- Check for TypeScript errors
- Review ESLint configuration
**Deployment Failures:**
- Verify Cloudflare credentials
- Check account ID configuration
- Review build artifacts
- Check network connectivity
**Performance Issues:**
- Review bundle size limits
- Check for large dependencies
- Optimize images and assets
- Review Lighthouse recommendations
**Security Issues:**
- Update vulnerable dependencies
- Review license compliance
- Check for hardcoded secrets
- Verify security headers
### Debug Commands
**Check Pipeline Status:**
```bash
# View recent workflow runs
gh run list
# View specific workflow
gh run view <run-id>
# Download artifacts
gh run download <run-id>
```
**Local Debugging:**
```bash
# Build with verbose output
npm run ci:build --verbose
# Run tests with coverage
npm run ci:test --coverage
# Check bundle size
npm run ci:budgets
```
---
## 📚 Best Practices
### Code Quality
- Write meaningful commit messages
- Keep PRs small and focused
- Add tests for new features
- Follow TypeScript best practices
- Use ESLint and Prettier consistently
### Security
- Regularly update dependencies
- Use environment variables for secrets
- Review security scan results
- Follow OWASP guidelines
- Implement proper access controls
### Performance
- Monitor bundle sizes
- Optimize images and assets
- Use lazy loading appropriately
- Implement proper caching
- Monitor Core Web Vitals
### Deployment
- Test in preview environment first
- Use feature flags for gradual rollouts
- Monitor deployment health
- Have rollback plan ready
- Document deployment procedures
---
## 🔄 Continuous Improvement
### Pipeline Optimization
- Monitor pipeline execution times
- Optimize build processes
- Reduce unnecessary steps
- Improve error handling
- Add more comprehensive tests
### Monitoring Enhancement
- Add more performance metrics
- Implement alerting systems
- Create dashboards
- Track deployment success rates
- Monitor user experience metrics
### Security Hardening
- Implement additional security scans
- Add compliance checks
- Enhance vulnerability detection
- Implement security policies
- Regular security reviews
---
## 📞 Support
### Getting Help
- Check workflow logs in Gitea Actions
- Review error messages carefully
- Consult this documentation
- Check GitHub Issues
- Contact development team
### Reporting Issues
- Use GitHub Issues for bugs
- Provide detailed error messages
- Include relevant logs
- Describe reproduction steps
- Suggest potential solutions
---
**Last Updated:** 2025-10-09
**Version:** 1.0.0
**Maintainer:** Development Team
Reference in New Issue View Git Blame Copy Permalink