Yomu
CI/CD

Pipeline CI/CD

Gambaran pipeline Continuous Integration dan Continuous Deployment di ketiga subproyek

Dokumen ini menjelaskan pipeline CI/CD di ketiga subproyek Yomu. Setiap subproyek mempertahankan workflow GitHub Actions sendiri, tanpa workflow di level root. Semua deployment kini menuju Docker Swarm di VPS GCP melalui yomu-deployment.

linters

Kualitas Utama

PMD 7.0.0, clippy, ESLint menegakkan standar kode. JaCoCo ≥80%, pelacakan tarpaulin.

shield

Keamanan Diperkuat

OWASP DepCheck CVSS ≥9.0 memblokir build. Pemindaian mingguan cargo-audit + cargo-deny. Upload SARIF ke tab GitHub Security.

container

Docker Teroptimasi

Multi-stage build di semua subproyek. Java menggunakan eclipse-temurin:21-jre, Rust alpine:3.20, Frontend node:24-slim.

rocket

Deployment

Semua layanan → GHCR → yomu-deployment → SSH → Docker Swarm di VPS GCP (34.101.41.6). Tag: main (production), staging (staging).

Matriks Layanan

SubproyekCI WorkflowRelease WorkflowSecurity WorkflowCD Target
Javaci.ymlrelease.ymlsecurity-audit.ymlGHCR → VPS Swarm
Rustci.ymlrelease.ymlsecurity-audit.ymlGHCR → VPS Swarm
Frontendci.ymlrelease.ymlGHCR → VPS Swarm

Prinsip Utama

code

Formatting

Java: Gradle Spotless. Rust: cargo fmt dengan lebar 100 karakter. Frontend: Prettier via ESLint.

book

Linting

Java: PMD 7.0.0 (prioritas 5). Rust: clippy (MSRV 1.85). Frontend: ESLint (belum ada framework test).

test

Testing

Java: JUnit 5 + MockMvc (H2 in-memory DB). Rust: nextest (7 test binaries, 2 retry, timeout 120 detik). Frontend: belum dikonfigurasi.

shield-check

Pemindaian Keamanan

Java: OWASP DepCheck (CVSS ≥9.0 memblokir). Rust: cargo-audit + cargo-deny (whitelist deny.toml). Selalu di branch main dan mingguan.

docker

Docker Build

Semua subproyek menggunakan multi-stage Dockerfile. Java: 2 stage (builder + runner). Rust: 3 stage. Frontend: 3 stage dengan health check.

cloud

Deployment

Semua layanan → GHCR → repository_dispatch → yomu-deployment/deploy-production.yml → SSH → docker stack deploy di VPS Swarm.

Alur Deployment

Setiap subproyek mengikuti alur yang sama:

  1. CI Validation — Push atau PR memicu ci.yml untuk validasi kualitas kode
  2. Docker Build — Setelah CI lulus, release.yml membuild dan push Docker image ke GHCR
  3. Repository Dispatch — Release workflow mengirim event repository_dispatch ke yomu-deployment
  4. Deploy Trigger — Workflow deploy-production.yml di yomu-deployment menerima trigger
  5. SSH ke VPS — Workflow SSH ke VPS GCP (34.101.41.6, user: pongo)
  6. Swarm Deploy — Menjalankan docker stack deploy -c docker-compose.swarm.yml yomu
  7. Smoke Test — Verifikasi health endpoint semua layanan
tag

Image Tags

  • main: Production deployment
  • staging: Staging deployment
  • <commit-sha>: Deployment spesifik (via workflow_dispatch)
key

VPS Access

SSH menggunakan appleboy/ssh-action dengan GCP_SSH_KEY secret. Host: 34.101.41.6, user: pongo.

undo

Rollback

Gunakan workflow_dispatch di yomu-deployment dengan image_tag spesifik untuk rollback ke versi sebelumnya.

Struktur Direktori Workflow

SubproyekFile Workflow
Java.github/workflows/ci.yml, pmd.yml, security-audit.yml, release.yml
Rust.github/workflows/ci.yml, sonar.yml, security-audit.yml, release.yml
Frontend.github/workflows/ci.yml, release.yml
Deploymentyomu-deployment/.github/workflows/deploy-production.yml

Tautan

On this page