oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity
Files
f353e0017283307942d157f4b2fdc07b659615c5
aitbc/.github/workflows/production-deploy.yml
oib f353e00172 chore(security): enhance environment configuration, CI workflows, and wallet daemon with security improvements 
- Restructure .env.example with security-focused documentation, service-specific environment file references, and AWS Secrets Manager integration
- Update CLI tests workflow to single Python 3.13 version, add pytest-mock dependency, and consolidate test execution with coverage
- Add comprehensive security validation to package publishing workflow with manual approval gates, secret scanning, and release
2026-03-03 10:33:46 +01:00

189 lines
5.8 KiB
YAML
Raw Blame History

name: Production Deployment
on:
push:
branches: [main]
tags: ['v*']
workflow_dispatch:
inputs:
environment:
description: 'Deployment environment'
required: true
default: 'staging'
type: choice
options:
- staging
- production
jobs:
security-scan:
runs-on: ubuntu-latest
name: Security Scanning
outputs:
security-passed: ${{ steps.security-check.outputs.passed }}
steps:
- uses: actions/checkout@v4
- name: Run comprehensive security scan
run: |
python scripts/focused_dotenv_linter.py --check
bandit -r . -f json -o bandit-report.json
slither contracts/ --json slither-report.json
- name: Security validation
id: security-check
run: |
if [ -f bandit-report.json ] && [ -f slither-report.json ]; then
echo "passed=true" >> $GITHUB_OUTPUT
else
echo "passed=false" >> $GITHUB_OUTPUT
exit 1
fi
build-and-test:
runs-on: ubuntu-latest
name: Build and Test
needs: security-scan
if: needs.security-scan.outputs.security-passed == 'true'
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install pytest pytest-cov pytest-asyncio
- name: Run comprehensive tests
run: |
python -m pytest -m "not slow" --cov=aitbc_cli --cov-report=xml --cov-fail-under=90
- name: Build application
run: |
python -m build
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: dist/
retention-days: 30
deploy-staging:
runs-on: ubuntu-latest
name: Deploy to Staging
needs: build-and-test
if: github.ref == 'refs/heads/main' || github.event.inputs.environment == 'staging'
steps:
- uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: dist/
- name: Deploy to staging
run: |
echo "Deploying to staging environment..."
# Add staging deployment commands here
# Example: scp to staging server, restart services, etc.
- name: Run smoke tests
run: |
python scripts/smoke_tests.py --environment=staging
- name: Health check
run: |
curl -f https://staging.aitbc.dev/health || exit 1
deploy-production:
runs-on: ubuntu-latest
name: Deploy to Production
needs: [build-and-test, deploy-staging]
if: startsWith(github.ref, 'refs/tags/v') || github.event.inputs.environment == 'production'
steps:
- uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: dist/
- name: Create production backup
run: |
echo "Creating production backup..."
# Add backup commands here
- name: Deploy to production
run: |
echo "Deploying to production environment..."
# Add production deployment commands here
- name: Run production smoke tests
run: |
python scripts/smoke_tests.py --environment=production
- name: Production health check
run: |
curl -f https://api.aitbc.dev/health || exit 1
- name: Update monitoring
run: |
if [ -n "${{ secrets.MONITORING_TOKEN }}" ]; then
curl -X POST https://monitoring.aitbc.net/api/deployment \
-H "Authorization: Bearer ${{ secrets.MONITORING_TOKEN }}" \
-d '{"version": "${{ github.ref_name }}", "environment": "production"}'
fi
post-deployment:
runs-on: ubuntu-latest
name: Post-Deployment Verification
needs: [deploy-staging, deploy-production]
if: always() && (needs.deploy-staging.result == 'success' || needs.deploy-production.result == 'success')
steps:
- name: Notify team
uses: actions/github-script@v6
with:
script: |
const environment = '${{ github.event.inputs.environment || (startsWith(github.ref, 'refs/tags/v') && 'production' || 'staging') }}';
const deploymentUrl = environment === 'production' ? 'https://aitbc.dev' : 'https://staging.aitbc.dev';
const message = `🚀 **Deployment Complete**
**Environment**: ${environment}
**Version**: ${github.ref_name}
**URL**: ${deploymentUrl}
**Commit**: ${github.sha}
**Next Steps**:
1. Verify functionality at ${deploymentUrl}
2. Check monitoring dashboard
3. Review deployment logs
4. Update documentation if needed`;
github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: `Deployment Complete: ${environment} - ${github.ref_name}`,
body: message,
labels: ['deployment', environment]
});
- name: Update documentation
run: |
echo "Updating API documentation..."
# Add documentation update commands here
- name: Performance baseline
run: |
python scripts/performance_baseline.py --environment=${{ github.event.inputs.environment || 'staging' }}
Reference in New Issue View Git Blame Copy Permalink