VoiceRSSSummary/.github/workflows/ci.yml

name: CI

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  lint-and-test:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - name: Setup Bun
      uses: oven-sh/setup-bun@v1
      with:
        bun-version: latest

    - name: Install dependencies
      run: bun install

    - name: Install admin panel dependencies
      run: cd admin-panel && bun install

    - name: Type check
      run: bunx tsc --noEmit

    - name: Lint
      run: bun run lint

    - name: Format check
      run: bun run format:check

    - name: Build frontend
      run: bun run build:frontend

    - name: Build admin panel
      run: bun run build:admin

    - name: Test build artifacts
      run: |
        ls -la frontend/dist/
        ls -la admin-panel/dist/
        echo "✅ Build artifacts created successfully"

  docker-test:
    runs-on: ubuntu-latest
    needs: lint-and-test

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3

    - name: Build Docker image (test only)
      uses: docker/build-push-action@v5
      with:
        context: .
        platforms: linux/amd64
        push: false
        tags: voice-rss-summary:test
        cache-from: type=gha
        cache-to: type=gha,mode=max

    - name: Test Docker image
      run: |
        echo "Testing Docker image functionality..."
        
        # Create minimal test environment
        mkdir -p test-data test-public
        echo "# Test feed" > feed_urls.txt
        echo "OPENAI_API_KEY=test" > .env
        echo "VOICEVOX_HOST=http://localhost:50021" >> .env
        
        # Run container for a short time to test startup
        docker run --rm --name test-container \
          -v "$(pwd)/feed_urls.txt:/app/feed_urls.txt:ro" \
          -v "$(pwd)/.env:/app/.env:ro" \
          -v "$(pwd)/test-public:/app/public" \
          -v "$(pwd)/test-data:/app/data" \
          voice-rss-summary:test \
          timeout 30 bun run server.ts || true
        
        echo "✅ Docker image test completed"

  security-scan:
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request'

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        scan-type: 'fs'
        scan-ref: '.'
        format: 'sarif'
        output: 'trivy-results.sarif'

    - name: Upload Trivy scan results to GitHub Security tab
      uses: github/codeql-action/upload-sarif@v2
      if: always()
      with:
        sarif_file: 'trivy-results.sarif'