Summary
Set up GitHub Actions CI/CD pipeline to build, test, and deploy the application to Digital Ocean.
Details
CI Pipeline (on every PR and push to main)
jobs:
backend:
- Checkout
- Set up Go
- Run go vet
- Run go test ./...
- Build binary
frontend:
- Checkout
- Set up Node
- npm ci
- npm run lint
- npm run type-check
- npm run build
docker:
- Build Docker image (multi-stage: build frontend + backend, copy into minimal image)
- Push to GitHub Container Registry (ghcr.io) on main branch onlyCD Pipeline (on push to main, after CI passes)
- Build Docker image with embedded frontend
- Push to container registry
- Deploy to Digital Ocean (App Platform deploy hook or Droplet SSH + docker pull)
- Run database migrations
- Health check after deployment
Dockerfile (multi-stage)
# Stage 1: Build frontend
FROM node:22-alpine AS frontend
WORKDIR /app/web
COPY web/ .
RUN npm ci && npm run build
# Stage 2: Build backend
FROM golang:1.23-alpine AS backend
WORKDIR /app
COPY go.* ./
RUN go mod download
COPY . .
COPY --from=frontend /app/web/dist ./web/dist
RUN go build -o server ./cmd/server
# Stage 3: Runtime
FROM alpine:3.20
COPY --from=backend /app/server /server
COPY --from=backend /app/migrations /migrations
EXPOSE 8080
CMD ["/server"]
Secrets Management
- GitHub Actions secrets for:
DIGITALOCEAN_TOKEN, DATABASE_URL, COD_SSO_TOKEN
- Never print secrets in logs
- Use environment-specific secrets (staging vs production if applicable)
Acceptance Criteria
Summary
Set up GitHub Actions CI/CD pipeline to build, test, and deploy the application to Digital Ocean.
Details
CI Pipeline (on every PR and push to main)
CD Pipeline (on push to main, after CI passes)
Dockerfile (multi-stage)
Secrets Management
DIGITALOCEAN_TOKEN,DATABASE_URL,COD_SSO_TOKENAcceptance Criteria