tetelearning · PureMunky · Sep 9, 2025 · Sep 9, 2025 · Sep 9, 2025 · Sep 10, 2025
diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
@@ -0,0 +1,227 @@
+name: Build and Push Docker Image
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches: [ develop ]
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+
+  # Allow manual triggering
+  workflow_dispatch:
+
+env:
+  DOTNET_VERSION: '8.0.x'
+  NODE_VERSION: '20.x'
+  REGISTRY: docker.io
+  IMAGE_NAME: puremunky/tete-web
+
+jobs:
+  test:
+    name: Run Full Test Suite
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNET_VERSION }}
+
+    - name: Setup Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODE_VERSION }}
+        cache: 'npm'
+        cache-dependency-path: Tete.Web/ClientApp/package-lock.json
+
+    - name: Restore .NET dependencies
+      run: dotnet restore
+
+    - name: Build .NET solution
+      run: dotnet build --no-restore --configuration Release
+
+    - name: Run .NET tests
+      run: dotnet test --no-build --configuration Release --logger trx --results-directory "TestResults"
+
+    - name: Install npm dependencies
+      working-directory: Tete.Web/ClientApp
+      run: npm ci
+
+    - name: Run frontend linting
+      working-directory: Tete.Web/ClientApp
+      run: npm run lint
+
+    - name: Run frontend tests
+      working-directory: Tete.Web/ClientApp
+      run: npm run test -- --watch=false --browsers=ChromeHeadless
+
+    - name: Build Angular app
+      working-directory: Tete.Web/ClientApp
+      run: npm run build
+
+  build-and-push:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+    needs: test
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=sha,prefix={{branch}}-
+          type=raw,value=latest,enable={{is_default_branch}}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: ./Web.Dockerfile
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        platforms: linux/amd64
+
+    - name: Generate build summary
+      run: |
+        echo "## Docker Build Summary" >> $GITHUB_STEP_SUMMARY
+        echo "🐳 **Image**: \`${{ env.IMAGE_NAME }}\`" >> $GITHUB_STEP_SUMMARY
+        echo "📦 **Tags**:" >> $GITHUB_STEP_SUMMARY
+        echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+        echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
+        echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+        echo "🔗 **Registry**: [Docker Hub](${{ env.REGISTRY }}/${{ env.IMAGE_NAME }})" >> $GITHUB_STEP_SUMMARY
+        echo "📝 **Commit**: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
+
+  security-scan:
+    name: Container Security Scan
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    permissions:
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: '${{ env.IMAGE_NAME }}:${{ github.sha }}'
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v3
+      if: always()
+      with:
+        sarif_file: 'trivy-results.sarif'
+
+    - name: Run Trivy for summary
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: '${{ env.IMAGE_NAME }}:${{ github.sha }}'
+        format: 'table'
+        exit-code: '0'
+
+  smoke-test:
+    name: Post-Build Smoke Test
+    runs-on: ubuntu-latest
+    needs: build-and-push
+
+    steps:
+    - name: Test published Docker image
+      run: |
+        echo "Testing published image: ${{ env.IMAGE_NAME }}:${{ github.sha }}"
+
+        # Pull and run the published image
+        docker run -d --name smoke-test -p 8080:80 ${{ env.IMAGE_NAME }}:${{ github.sha }}
+
+        # Wait for container to be ready
+        timeout 90 bash -c 'until curl -f http://localhost:8080/health; do echo "Waiting for app..."; sleep 3; done'
+
+        # Verify health endpoint
+        response=$(curl -s http://localhost:8080/health)
+        echo "Health response: $response"
+
+        if echo "$response" | grep -q '"status":"healthy"'; then
+          echo "✅ Smoke test passed - application is healthy"
+        else
+          echo "❌ Smoke test failed - application is not healthy"
+          exit 1
+        fi
+
+        # Test Angular app loads
+        if curl -s http://localhost:8080/ | grep -q "Tête (beta)"; then
+          echo "✅ Frontend loads successfully"
+        else
+          echo "❌ Frontend failed to load"
+          exit 1
+        fi
+
+        # Cleanup
+        docker stop smoke-test
+        docker rm smoke-test
+
+  update-todo:
+    name: Update CI/CD Progress
+    runs-on: ubuntu-latest
+    needs: [test, build-and-push, security-scan, smoke-test]
+    if: success()
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Update CI-CD-TODO.md
+      run: |
+        # Mark Docker build pipeline as completed
+        sed -i 's/- \[ \] Create `\.github\/workflows\/build-and-push\.yml`/- [x] Create `\.github\/workflows\/build-and-push\.yml`/' CI-CD-TODO.md
+        sed -i 's/- \[ \] Full test suite execution on develop branch push/- [x] Full test suite execution on develop branch push/' CI-CD-TODO.md
+        sed -i 's/- \[ \] Docker multi-stage build using existing/- [x] Docker multi-stage build using existing/' CI-CD-TODO.md
+        sed -i 's/- \[ \] Image tagging (git SHA, latest, semantic version)/- [x] Image tagging (git SHA, latest, semantic version)/' CI-CD-TODO.md
+        sed -i 's/- \[ \] DockerHub push to `puremunky\/tete-web`/- [x] DockerHub push to `puremunky\/tete-web`/' CI-CD-TODO.md
+        sed -i 's/- \[ \] Container image vulnerability scanning/- [x] Container image vulnerability scanning/' CI-CD-TODO.md
+
+        # Update last modified date
+        sed -i "s/\*\*Last Updated\*\*: .*/\*\*Last Updated\*\*: $(date +%Y-%m-%d)/" CI-CD-TODO.md
+
+    - name: Commit changes
+      run: |
+        git config --local user.email "action@github.com"
+        git config --local user.name "GitHub Action"
+        git add CI-CD-TODO.md
+        if git diff --staged --quiet; then
+          echo "No changes to commit"
+        else
+          git commit -m "🤖 Update CI-CD-TODO.md - Docker build pipeline completed
+
+🎯 Generated with [Claude Code](https://claude.ai/code)
+
+Co-Authored-By: Claude <noreply@anthropic.com>"
+          git push
+        fi