Initial commit

.github/workflows/backend/audit.yaml

@@ -0,0 +1,51 @@
+name: audit
+on:
+  workflow_call:
+  push:
+    branches-ignore:
+      - main
+    paths:
+      - "projects/backend/**"
+      - ".github/workflows/backend/**"
+  pull_request:
+    branches-ignore:
+      - main
+    paths:
+      - "projects/backend/**"
+      - ".github/workflows/backend/**"
+defaults:
+  run:
+    working-directory: projects/backend
+jobs:
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.4
+          tools: composer:v2
+
+      - name: Setup cache
+        run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV
+
+      - name: Cache dependencies installed with composer
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.COMPOSER_CACHE_DIR }}
+          key: php8.3-composer-${{ hashFiles('projects/backend/composer.lock') }}
+          restore-keys: |
+            php8.3-composer-latest-
+      - name: Update composer
+        run: composer self-update
+
+      - name: Install dependencies with composer
+        run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi
+
+      - name: Security Audit with composer
+        run: composer audit
+        continue-on-error: true

.github/workflows/backend/deploy.yaml

@@ -0,0 +1,40 @@
+name: deploy
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "projects/backend/**"
+      - ".github/workflows/backend/**"
+jobs:
+  audit:
+    uses: ./.github/workflows/backend/audit.yaml
+  quality:
+    uses: ./.github/workflows/backend/quality.yaml
+  tests:
+    uses: ./.github/workflows/backend/tests.yaml
+    needs: [audit, quality]
+
+  deploy:
+    name: Deploy
+    needs: [tests]
+    runs-on: ubuntu-latest
+    steps:
+      -   name: execute ssh command
+          uses: appleboy/ssh-action@v1.2.0
+          with:
+            host: ${{ secrets.SSH_HOST }}
+            username: ${{ secrets.SSH_USER }}
+            key: ${{ secrets.SSH_KEY }}
+            port: ${{ secrets.SSH_PORT }}
+            script: |
+              cd /var/www/html/news.devscast.tech
+              git pull origin main --rebase
+              make deploy
+              curl -X POST "https://api.telegram.org/bot${{ secrets.DEVY_TOKEN }}/sendMessage" \
+                  -H "Content-Type: application/json" \
+                  -d '{
+                    "chat_id": "${{ secrets.DEVY_CHAT_ID }}",
+                    "text": "news.devscast.tech : `'"$(git rev-parse --short HEAD)"'` has been deployed! 🎉",
+                    "parse_mode": "Markdown"
+                  }'

.github/workflows/backend/quality.yaml

@@ -0,0 +1,51 @@
+name: quality
+on:
+  workflow_call:
+  push:
+    branches-ignore:
+      - main
+    paths:
+      - "projects/backend/**"
+      - ".github/workflows/backend/**"
+  pull_request:
+    branches-ignore:
+      - main
+    paths:
+      - "projects/backend/**"
+      - ".github/workflows/backend/**"
+
+defaults:
+  run:
+    working-directory: projects/backend
+jobs:
+  quality:
+    name: Quality
+    runs-on: ubuntu-latest
+    steps:
+      -   name: Checkout
+          uses: actions/checkout@v4
+
+      -   name: Setup PHP
+          uses: shivammathur/setup-php@v2
+          with:
+            php-version: 8.4
+            tools: composer:v2
+
+      -   name: Setup cache
+          run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV
+
+      -   name: Cache dependencies installed with composer
+          uses: actions/cache@v4
+          with:
+            path: ${{ env.COMPOSER_CACHE_DIR }}
+            key: php8.3-composer-${{ hashFiles('projects/backend/composer.lock') }}
+            restore-keys: |
+              php8.3-composer-latest-
+      -   name: Update composer
+          run: composer self-update
+
+      -   name: Install dependencies with composer
+          run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi
+
+      -   name: Run code quality analysis
+          run: composer app:cs

.github/workflows/backend/tests.yaml

@@ -0,0 +1,67 @@
+name: tests
+on:
+  workflow_call:
+  push:
+    branches-ignore:
+      - main
+    paths:
+      - "projects/backend/**"
+      - ".github/workflows/backend/**"
+  pull_request:
+    branches-ignore:
+      - main
+    paths:
+      - "projects/backend/**"
+      - ".github/workflows/backend/**"
+jobs:
+  functional:
+    name: Functional Tests
+    runs-on: ubuntu-latest
+#    services:
+#      mysql:
+#        image: mariadb:10.11.11
+#        env:
+#          MYSQL_ALLOW_EMPTY_PASSWORD: false
+#          MYSQL_ROOT_PASSWORD: root
+#          MYSQL_DATABASE: root
+#        ports:
+#          - 3306/tcp
+#        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    strategy:
+      matrix:
+        php: [8.4]
+      fail-fast: false
+    steps:
+      -   name: Checkout
+          uses: actions/checkout@v4
+
+      -   name: Setup PHP
+          uses: shivammathur/setup-php@v2
+          with:
+            php-version: ${{ matrix.php }}
+            tools: composer:v2
+
+      -   name: Setup cache
+          run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV
+
+      -   name: Cache dependencies installed with composer
+          uses: actions/cache@v4
+          with:
+            path: ${{ env.COMPOSER_CACHE_DIR }}
+            key: php${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }}
+            restore-keys: |
+              php${{ matrix.php }}-composer-latest-
+      -   name: Update composer
+          run: composer self-update
+
+      -   name: Install dependencies with composer
+          run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi
+
+#      -   name: Setup mysql
+#          run: sudo systemctl start mysql
+
+      -   name: Run functional tests
+          run: composer app:test
+          env:
+            APP_ENV: test
+#            DATABASE_URL: mysql://root:root@127.0.0.1:${{ job.services.mysql.ports['3306'] }}/app_test

.github/workflows/crawler/audit.yml

@@ -0,0 +1,40 @@
+name: audit
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "projects/crawler/**"
+      - ".github/workflows/crawler/**"
+  pull_request:
+    paths:
+      - "projects/crawler/**"
+      - ".github/workflows/crawler/**"
+
+jobs:
+  bandit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        run: curl -LsSf https://astral.sh/uv/install.sh | sh
+
+      - name: Cache uv dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cache/uv
+            .venv
+          key: ${{ runner.os }}-uv-${{ hashFiles('**/uv.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-uv-
+
+      - name: Sync dependencies (with dev tools)
+        run: uv sync --dev
+
+      - name: Run Bandit (security linter)
+        run: uv run bandit -r . -c pyproject.toml || true

.github/workflows/crawler/quality.yml

@@ -0,0 +1,49 @@
+name: quality
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "projects/crawler/**"
+      - ".github/workflows/crawler/**"
+  pull_request:
+    paths:
+      - "projects/crawler/**"
+      - ".github/workflows/crawler/**"
+
+defaults:
+  run:
+    working-directory: projects/crawler
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        run: curl -LsSf https://astral.sh/uv/install.sh | sh
+
+      - name: Cache uv dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cache/uv
+            projects/crawler/.venv
+          key: ${{ runner.os }}-uv-${{ hashFiles('projects/crawler/uv.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-uv-
+
+      - name: Sync dependencies (with dev tools)
+        run: uv sync --dev
+
+      - name: Run Ruff (lint + format checks)
+        run: |
+          uv run ruff check .
+          uv run ruff format --check .
+
+      - name: Run Pyright (type checks)
+        run: uv run pyright

.github/workflows/crawler/tests.yml

@@ -0,0 +1,44 @@
+name: tests
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "projects/crawler/**"
+      - ".github/workflows/crawler/**"
+  pull_request:
+    paths:
+      - "projects/crawler/**"
+      - ".github/workflows/crawler/**"
+
+defaults:
+  run:
+    working-directory: projects/crawler
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        run: curl -LsSf https://astral.sh/uv/install.sh | sh
+
+      - name: Cache uv dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cache/uv
+            projects/crawler/.venv
+          key: ${{ runner.os }}-uv-${{ hashFiles('projects/crawler/uv.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-uv-
+
+      - name: Sync dependencies (with dev tools)
+        run: uv sync --dev
+
+      - name: Run Pytest
+        run: uv run pytest

.github/workflows/mobile/quality.yaml

@@ -0,0 +1,51 @@
+name: quality
+
+on:
+  push:
+    paths:
+      - "projects/mobile/**"
+      - ".github/workflows/mobile/**"
+  pull_request:
+    paths:
+      - "projects/mobile/**"
+      - ".github/workflows/mobile/**"
+
+defaults:
+  run:
+    working-directory: projects/mobile
+
+jobs:
+  quality:
+    name: Quality
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+
+      - name: Cache Bun Dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.bun/install/cache
+          key: ${{ runner.os }}-bun-${{ hashFiles('projects/mobile/bun.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install Dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Run Code Quality Checks
+        run: |
+          bun run check-types
+          bun run check
+          bun run lint:check