This repository now includes a comprehensive set of GitHub Actions workflows for automated VPN deployment, testing, security scanning, and monitoring. The workflows are designed for a multi-environment deployment strategy with staging and production environments.
Triggers:
- Push to
mainordevelopbranches - Pull requests to
main - Manual workflow dispatch
Features:
- Multi-stage deployment (staging → production)
- Code quality checks (Black, Flake8, MyPy)
- Automated testing with coverage reports
- Docker image building and testing
- Security pre-checks using Bandit and Safety
- Infrastructure validation
- Blue/green deployment strategy
- Automatic rollback on failure
- Deployment notifications via Slack
Key Jobs:
- Pre-deployment checks
- API building and testing
- Dashboard building and testing
- Infrastructure validation
- Staging deployment
- Production deployment
Triggers:
- Daily schedule (2 AM UTC)
- Push to
mainordevelop - Pull requests
- Manual workflow dispatch
Features:
- Dependency vulnerability scanning (Python & Node.js)
- Container security scanning with Trivy
- Code security analysis (Bandit, Semgrep, CodeQL)
- Infrastructure security checks
- VPN-specific security validations
- Comprehensive security reporting
- Automated security alerts
Key Jobs:
- Dependency scanning
- Container image scanning
- Code security analysis
- Infrastructure security validation
- VPN security configuration checks
- Security summary generation
Triggers:
- Push to
mainordevelop - Pull requests
- Every 6 hours (scheduled)
- Manual workflow dispatch
Features:
- Comprehensive test suite execution
- Unit tests for all components
- Integration tests with mock VPN servers
- Performance testing and benchmarking
- Security testing
- Smoke tests for basic functionality
- End-to-end testing with Playwright
- Automated test reporting
Test Suites:
- Unit tests (Python modules)
- Integration tests (API, database, Docker)
- Performance tests (API response times, config generation)
- Security tests (cryptographic strength, API security)
- Smoke tests (basic functionality)
- E2E tests (dashboard automation)
Triggers:
- Push to
mainordevelop(dashboard files only) - Pull requests (dashboard files only)
- Manual workflow dispatch
Features:
- Dashboard-specific build pipeline
- Performance testing with Lighthouse
- Multiple deployment targets (Vercel, Netlify, custom servers)
- Automated smoke testing
- Bundle size analysis
- Production monitoring and alerting
- Deployment rollback capabilities
- Environment-specific configurations
Deployment Options:
- Vercel deployment
- Netlify deployment
- Custom server deployment (rsync)
- AWS S3/CloudFront deployment
Triggers:
- Push to
mainordevelop(monitoring files) - Hourly health checks (scheduled)
- Manual workflow dispatch
Features:
- Monitoring stack deployment (Prometheus, Grafana, VPN API)
- Docker image building and security scanning
- Multi-environment deployment
- Health check automation
- Alert system testing
- Log rotation and cleanup
- Performance monitoring
- Automated status reporting
Monitoring Components:
- Prometheus (metrics collection)
- Grafana (visualization)
- VPN Monitoring API
- Health check system
- Alert management
- Log aggregation
Configure these secrets in your GitHub repository settings:
# Staging Environment
STAGING_SUPABASE_URL=
STAGING_SUPABASE_SERVICE_ROLE_KEY=
STAGING_GRAFANA_ADMIN_PASSWORD=
STAGING_SLACK_WEBHOOK_URL=
STAGING_DASHBOARD_URL=
STAGING_HOST=
STAGING_USER=
STAGING_S3_BUCKET=
# Production Environment
PRODUCTION_SUPABASE_URL=
PRODUCTION_SUPABASE_SERVICE_ROLE_KEY=
PRODUCTION_GRAFANA_ADMIN_PASSWORD=
PRODUCTION_SLACK_WEBHOOK_URL=
PRODUCTION_DASHBOARD_URL=
# Deployment Platforms
VERCEL_TOKEN=
NETLIFY_AUTH_TOKEN=
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=- Developer pushes code to
developbranch deploy-vpn.ymltriggers and deploys to stagingtest-vpn.ymlruns comprehensive testssecurity-scan.ymlperforms security checks- Dashboard deploys to staging environment
- Monitoring stack deploys to staging
- All results are reported via Slack
- Code is merged to
mainbranch deploy-vpn.ymltriggers production deploymenttest-vpn.ymlruns full test suitesecurity-scan.ymlperforms comprehensive security scan- Dashboard deploys to production
- Monitoring stack deploys to production
- Production health checks begin
- Deployment status is reported
- Daily Security Scans (2 AM UTC)
- Comprehensive Testing (Every 6 hours)
- Health Checks (Every hour)
- Monitoring Stack Validation (Every hour)
- Multi-layer security scanning
- Container vulnerability assessment
- Code security analysis
- Secret detection
- Cryptographic strength validation
- Automated security reporting
- Unit, integration, and E2E testing
- Performance benchmarking
- Security testing
- Automated test coverage reporting
- Cross-platform compatibility testing
- Blue/green deployment strategy
- Automatic rollback on failure
- Zero-downtime deployments
- Multi-environment support
- Configuration management
- Real-time health monitoring
- Performance tracking
- Alert management
- Log aggregation
- Automated maintenance
- Slack integration for all major events
- Detailed deployment reports
- Security scan results
- Test summaries
- Health check status
To manually trigger a deployment:
- Go to the Actions tab in your GitHub repository
- Select the desired workflow
- Click Run workflow
- Choose the environment and options
- Click Run workflow to start
All deployments can be monitored through:
- GitHub Actions tab
- Slack notifications
- Deployment reports (uploaded as artifacts)
- Monitoring dashboard (Grafana)
Workflow artifacts are automatically uploaded and include:
- Security scan reports
- Test coverage reports
- Deployment summaries
- Monitoring status reports
- Performance analysis
Each workflow can be customized by:
- Modifying trigger conditions
- Adjusting testing parameters
- Changing deployment targets
- Updating security scan rules
- Customizing notification channels
- Deployment failures: Check the deployment logs and verify environment variables
- Security scan failures: Review security reports and address critical issues
- Test failures: Check test logs and fix failing tests before deployment
- Monitoring issues: Verify monitoring stack health in Grafana dashboard
- All workflow logs are available in the GitHub Actions tab
- Artifacts contain detailed reports for debugging
- Slack notifications provide real-time status updates
- Monitoring dashboard shows system health metrics
- Configure GitHub Secrets in your repository settings
- Test workflows on the
developbranch first - Customize notifications and deployment targets as needed
- Set up monitoring dashboards and alert rules
- Review and adjust security scan parameters
- Establish deployment schedules and maintenance windows
The workflows are designed to be production-ready and can be customized further based on your specific requirements and infrastructure setup.