Pipeline CI/CD
Gambaran pipeline Continuous Integration dan Continuous Deployment di ketiga subproyek
Dokumen ini menjelaskan pipeline CI/CD di ketiga subproyek Yomu. Setiap subproyek mempertahankan workflow GitHub Actions sendiri, tanpa workflow di level root. Semua deployment kini menuju Docker Swarm di VPS GCP melalui yomu-deployment.
Kualitas Utama
PMD 7.0.0, clippy, ESLint menegakkan standar kode. JaCoCo ≥80%, pelacakan tarpaulin.
Keamanan Diperkuat
OWASP DepCheck CVSS ≥9.0 memblokir build. Pemindaian mingguan cargo-audit + cargo-deny. Upload SARIF ke tab GitHub Security.
Docker Teroptimasi
Multi-stage build di semua subproyek. Java menggunakan eclipse-temurin:21-jre, Rust alpine:3.20, Frontend node:24-slim.
Deployment
Semua layanan → GHCR → yomu-deployment → SSH → Docker Swarm di VPS GCP (34.101.41.6). Tag: main (production), staging (staging).
Matriks Layanan
| Subproyek | CI Workflow | Release Workflow | Security Workflow | CD Target |
|---|---|---|---|---|
| Java | ci.yml | release.yml | security-audit.yml | GHCR → VPS Swarm |
| Rust | ci.yml | release.yml | security-audit.yml | GHCR → VPS Swarm |
| Frontend | ci.yml | release.yml | — | GHCR → VPS Swarm |
Prinsip Utama
Formatting
Java: Gradle Spotless. Rust: cargo fmt dengan lebar 100 karakter. Frontend: Prettier via ESLint.
Linting
Java: PMD 7.0.0 (prioritas 5). Rust: clippy (MSRV 1.85). Frontend: ESLint (belum ada framework test).
Testing
Java: JUnit 5 + MockMvc (H2 in-memory DB). Rust: nextest (7 test binaries, 2 retry, timeout 120 detik). Frontend: belum dikonfigurasi.
Pemindaian Keamanan
Java: OWASP DepCheck (CVSS ≥9.0 memblokir). Rust: cargo-audit + cargo-deny (whitelist deny.toml). Selalu di branch main dan mingguan.
Docker Build
Semua subproyek menggunakan multi-stage Dockerfile. Java: 2 stage (builder + runner). Rust: 3 stage. Frontend: 3 stage dengan health check.
Deployment
Semua layanan → GHCR → repository_dispatch → yomu-deployment/deploy-production.yml → SSH → docker stack deploy di VPS Swarm.
Alur Deployment
Setiap subproyek mengikuti alur yang sama:
- CI Validation — Push atau PR memicu
ci.ymluntuk validasi kualitas kode - Docker Build — Setelah CI lulus,
release.ymlmembuild dan push Docker image ke GHCR - Repository Dispatch — Release workflow mengirim event
repository_dispatchke yomu-deployment - Deploy Trigger — Workflow
deploy-production.ymldi yomu-deployment menerima trigger - SSH ke VPS — Workflow SSH ke VPS GCP (34.101.41.6, user: pongo)
- Swarm Deploy — Menjalankan
docker stack deploy -c docker-compose.swarm.yml yomu - Smoke Test — Verifikasi health endpoint semua layanan
Image Tags
main: Production deploymentstaging: Staging deployment<commit-sha>: Deployment spesifik (via workflow_dispatch)
VPS Access
SSH menggunakan appleboy/ssh-action dengan GCP_SSH_KEY secret. Host: 34.101.41.6, user: pongo.
Rollback
Gunakan workflow_dispatch di yomu-deployment dengan image_tag spesifik untuk rollback ke versi sebelumnya.
Struktur Direktori Workflow
| Subproyek | File Workflow |
|---|---|
| Java | .github/workflows/ci.yml, pmd.yml, security-audit.yml, release.yml |
| Rust | .github/workflows/ci.yml, sonar.yml, security-audit.yml, release.yml |
| Frontend | .github/workflows/ci.yml, release.yml |
| Deployment | yomu-deployment/.github/workflows/deploy-production.yml |