name: Test Deployment Workflow # Этот workflow можно запустить вручную для тестирования процесса развертывания on: workflow_dispatch: inputs: pr_number: description: "PR number to simulate" required: true default: "999" type: string cleanup: description: "Run cleanup after deployment" required: false default: false type: boolean jobs: test-deployment: name: Test Deployment Process runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: "18" cache: "yarn" - name: Install dependencies run: yarn install --frozen-lockfile - name: Run tests run: | # Add your test commands here echo "Running tests..." yarn lint:check || echo "Linting completed with warnings" - name: Build application run: yarn build - name: Build Docker image run: | docker build -t low-code-engine:test-${{ inputs.pr_number }} . echo "Docker image built successfully" - name: Test Docker image run: | # Test that the image runs correctly docker run -d --name test-app -p 3000:3000 low-code-engine:test-${{ inputs.pr_number }} sleep 10 # Try to connect to the app if curl -f http://localhost:3000/health > /dev/null 2>&1; then echo "✅ Application is responding" else echo "❌ Application is not responding" docker logs test-app fi docker stop test-app docker rm test-app - name: Save Docker image run: | docker save low-code-engine:test-${{ inputs.pr_number }} | gzip > low-code-engine-test.tar.gz ls -lh low-code-engine-test.tar.gz - name: Test SSH connection if: ${{ secrets.TESTING_SERVER_HOST }} uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.TESTING_SERVER_HOST }} username: ${{ secrets.TESTING_SERVER_USER }} key: ${{ secrets.TESTING_SERVER_SSH_KEY }} port: ${{ secrets.TESTING_SERVER_PORT || 22 }} script: | echo "✅ SSH connection successful" echo "Server info:" uname -a docker --version docker-compose --version df -h /opt/low-code-engine echo "Available ports for testing:" netstat -tln | grep ":30[0-9][0-9]" | head -5 || echo "No testing ports in use" - name: Test file transfer if: ${{ secrets.TESTING_SERVER_HOST }} uses: appleboy/scp-action@v0.1.7 with: host: ${{ secrets.TESTING_SERVER_HOST }} username: ${{ secrets.TESTING_SERVER_USER }} key: ${{ secrets.TESTING_SERVER_SSH_KEY }} port: ${{ secrets.TESTING_SERVER_PORT || 22 }} source: "low-code-engine-test.tar.gz" target: "/tmp/" - name: Test deployment simulation if: ${{ secrets.TESTING_SERVER_HOST }} uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.TESTING_SERVER_HOST }} username: ${{ secrets.TESTING_SERVER_USER }} key: ${{ secrets.TESTING_SERVER_SSH_KEY }} port: ${{ secrets.TESTING_SERVER_PORT || 22 }} script: | echo "Testing deployment simulation for PR #${{ inputs.pr_number }}" # Create test directory mkdir -p /opt/low-code-engine/test-pr-${{ inputs.pr_number }} cd /opt/low-code-engine/test-pr-${{ inputs.pr_number }} # Copy test file cp /tmp/low-code-engine-test.tar.gz . # Test image loading gunzip -c low-code-engine-test.tar.gz | docker load echo "✅ Test deployment simulation completed" # Cleanup test files rm -f low-code-engine-test.tar.gz /tmp/low-code-engine-test.tar.gz docker rmi low-code-engine:test-${{ inputs.pr_number }} || true cd .. rm -rf test-pr-${{ inputs.pr_number }} - name: Cleanup on failure if: failure() && secrets.TESTING_SERVER_HOST uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.TESTING_SERVER_HOST }} username: ${{ secrets.TESTING_SERVER_USER }} key: ${{ secrets.TESTING_SERVER_SSH_KEY }} port: ${{ secrets.TESTING_SERVER_PORT || 22 }} script: | # Cleanup any test artifacts rm -f /tmp/low-code-engine-test.tar.gz rm -rf /opt/low-code-engine/test-pr-${{ inputs.pr_number }} docker rmi low-code-engine:test-${{ inputs.pr_number }} || true echo "🧹 Cleanup completed" test-health-endpoints: name: Test Health Endpoints runs-on: ubuntu-latest needs: test-deployment if: ${{ secrets.TESTING_SERVER_HOST }} steps: - name: Test server health endpoints uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.TESTING_SERVER_HOST }} username: ${{ secrets.TESTING_SERVER_USER }} key: ${{ secrets.TESTING_SERVER_SSH_KEY }} port: ${{ secrets.TESTING_SERVER_PORT || 22 }} script: | echo "Testing health check endpoints..." # Test monitoring script if [ -f /usr/local/bin/monitor-deployments ]; then echo "✅ Monitor script exists" /usr/local/bin/monitor-deployments | head -20 else echo "❌ Monitor script not found" fi # Test cleanup script if [ -f /usr/local/bin/cleanup-old-deployments ]; then echo "✅ Cleanup script exists" else echo "❌ Cleanup script not found" fi # Test nginx configuration if command -v nginx &> /dev/null; then echo "✅ Nginx is installed" nginx -t 2>&1 | head -5 else echo "❌ Nginx not installed" fi # Test docker access docker ps | head -5 echo "Docker system info:" docker system df security-check: name: Security Check runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Run security audit run: | echo "Running security checks..." # Check for secrets in code if grep -r "password\|secret\|key" --include="*.ts" --include="*.js" --include="*.json" src/ | grep -v "// TODO\|console.log"; then echo "❌ Potential secrets found in code" exit 1 else echo "✅ No secrets found in source code" fi # Check Docker image for security issues echo "Building secure Docker image..." docker build -t security-test . # Basic security checks echo "Checking Docker image user..." docker run --rm security-test whoami | grep -v root || echo "✅ Not running as root" docker rmi security-test - name: Check workflow security run: | echo "Checking workflow file security..." # Check that secrets are properly referenced if grep -E '\$\{\{\s*secrets\.' .github/workflows/*.yml > /dev/null; then echo "✅ Secrets properly referenced" else echo "❌ No secrets found in workflows" fi # Check for hardcoded values if grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' .github/workflows/*.yml; then echo "❌ Hardcoded IP addresses found" exit 1 else echo "✅ No hardcoded IP addresses" fi