初始化

.github/workflows/ci.yml

@@ -0,0 +1,167 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    name: 测试
+    runs-on: ubuntu-latest
+    
+    strategy:
+      matrix:
+        node-version: [18.x, 20.x]
+    
+    steps:
+    - name: 检出代码
+      uses: actions/checkout@v4
+      
+    - name: 设置 Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+        cache-dependency-path: frontend/package-lock.json
+        
+    - name: 安装依赖
+      working-directory: ./frontend
+      run: npm ci
+      
+    - name: 类型检查
+      working-directory: ./frontend
+      run: npm run type-check
+      
+    - name: 代码风格检查
+      working-directory: ./frontend
+      run: npm run lint
+      
+    - name: 代码格式检查
+      working-directory: ./frontend
+      run: npm run format:check
+      
+    - name: 运行单元测试
+      working-directory: ./frontend
+      run: npm run test:unit:coverage
+      
+    - name: 上传覆盖率报告到 Codecov
+      uses: codecov/codecov-action@v3
+      with:
+        file: ./frontend/coverage/lcov.info
+        flags: unittests
+        name: codecov-umbrella
+        
+    - name: 构建应用
+      working-directory: ./frontend
+      run: npm run build
+      
+    - name: 安装 Playwright
+      working-directory: ./frontend
+      run: npx playwright install --with-deps
+      
+    - name: 运行 E2E 测试
+      working-directory: ./frontend
+      run: npm run test:e2e
+      
+    - name: 上传 E2E 测试报告
+      uses: actions/upload-artifact@v3
+      if: always()
+      with:
+        name: playwright-report
+        path: frontend/playwright-report/
+        retention-days: 30
+        
+    - name: 上传测试结果
+      uses: actions/upload-artifact@v3
+      if: always()
+      with:
+        name: test-results
+        path: frontend/test-results/
+        retention-days: 30
+
+  security:
+    name: 安全检查
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: 检出代码
+      uses: actions/checkout@v4
+      
+    - name: 设置 Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20.x'
+        cache: 'npm'
+        cache-dependency-path: frontend/package-lock.json
+        
+    - name: 安装依赖
+      working-directory: ./frontend
+      run: npm ci
+      
+    - name: 运行安全审计
+      working-directory: ./frontend
+      run: npm audit --audit-level moderate
+      
+    - name: 运行 Snyk 安全扫描
+      uses: snyk/actions/node@master
+      continue-on-error: true
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      with:
+        args: --severity-threshold=high
+
+  deploy:
+    name: 部署
+    needs: [test, security]
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    
+    steps:
+    - name: 检出代码
+      uses: actions/checkout@v4
+      
+    - name: 设置 Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20.x'
+        cache: 'npm'
+        cache-dependency-path: frontend/package-lock.json
+        
+    - name: 安装依赖
+      working-directory: ./frontend
+      run: npm ci
+      
+    - name: 构建应用
+      working-directory: ./frontend
+      run: npm run build
+      
+    - name: 部署到服务器
+      uses: appleboy/ssh-action@v1.0.0
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.SSH_KEY }}
+        script: |
+          cd /var/www/html
+          git pull origin main
+          cd frontend
+          npm ci --production
+          npm run build
+          pm2 restart frontend-app
+
+  notify:
+    name: 通知
+    needs: [test, security, deploy]
+    runs-on: ubuntu-latest
+    if: always()
+    
+    steps:
+    - name: 发送通知到 Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        status: ${{ job.status }}
+        channel: '#ci-cd'
+        webhook_url: ${{ secrets.SLACK_WEBHOOK }}
+        fields: repo,message,commit,author,action,eventName,ref,workflow