web-hosts/domains/coppertone.tech/audit-reports/infrastructure-audit/cicd-20251123-104219.txt

# CI/CD Pipeline Audit - 20251123-104219
== CI/CD Configurations Found ==
/home/administrator/projects/coppertone.tech/.gitea/workflows/build-frontend.yml
/home/administrator/projects/coppertone.tech/.gitea/workflows/build-backend-payment.yml
/home/administrator/projects/coppertone.tech/.gitea/workflows/build-backend-auth.yml
/home/administrator/projects/coppertone.tech/.gitea/workflows/build-backend-work.yml
/home/administrator/projects/coppertone.tech/frontend/pnpm-lock.yaml
/home/administrator/projects/coppertone.tech/.gopath/pkg/mod/github.com/google/uuid@v1.6.0/.github/workflows/tests.yaml
/home/administrator/projects/coppertone.tech/.gopath/pkg/mod/github.com/google/uuid@v1.6.0/.github/workflows/apidiff.yaml
/home/administrator/projects/coppertone.tech/.gopath/pkg/mod/github.com/lib/pq@v1.10.9/.github/workflows/test.yml
/home/administrator/projects/coppertone.tech/.gopath/pkg/mod/github.com/lib/pq@v1.10.9/.github/workflows/codeql-analysis.yml
/home/administrator/projects/coppertone.tech/.gopath/pkg/mod/github.com/golang-jwt/jwt/v5@v5.3.0/.github/workflows/lint.yml
/home/administrator/projects/coppertone.tech/.gopath/pkg/mod/github.com/golang-jwt/jwt/v5@v5.3.0/.github/workflows/codeql-analysis.yml
/home/administrator/projects/coppertone.tech/.gopath/pkg/mod/github.com/golang-jwt/jwt/v5@v5.3.0/.github/workflows/build.yml

== Gitea Actions ==
total 24
drwxr-xr-x 2 administrator administrator 4096 Nov 21 09:03 .
drwxr-xr-x 3 administrator administrator 4096 Nov 20 15:08 ..
-rw-r--r-- 1 administrator administrator 2125 Nov 21 09:03 build-backend-auth.yml
-rw-r--r-- 1 administrator administrator 2238 Nov 21 09:03 build-backend-payment.yml
-rw-r--r-- 1 administrator administrator 2329 Nov 21 09:03 build-backend-work.yml
-rw-r--r-- 1 administrator administrator 1624 Nov 21 09:03 build-frontend.yml

=== build-backend-auth.yml ===
name: Build and Test Auth Service

on:
  push:
    branches: [ main, develop, 'feature/**' ]
    paths:
      - 'backend/functions/auth-service/**'
      - '.gitea/workflows/build-backend-auth.yml'
  pull_request:
    branches: [ main, develop ]
    paths:
      - 'backend/functions/auth-service/**'

jobs:
  build-and-test:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.25'

      - name: Cache Go modules
        uses: actions/cache@v4
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-auth-${{ hashFiles('backend/functions/auth-service/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-auth-

      - name: Download dependencies
        working-directory: ./backend/functions/auth-service
        run: go mod download

      - name: Verify dependencies
        working-directory: ./backend/functions/auth-service
        run: go mod verify

      - name: Run go vet
        working-directory: ./backend/functions/auth-service
        run: go vet ./...

      - name: Run tests
        working-directory: ./backend/functions/auth-service
        run: go test -v -race -coverprofile=coverage.out ./...

      - name: Build binary
        working-directory: ./backend/functions/auth-service
        run: go build -v -o auth-service main.go

      - name: Build container image
        working-directory: ./backend/functions/auth-service
        run: |
          podman build -t coppertone-auth-service:${{ github.sha }} -f Containerfile .
          podman build -t coppertone-auth-service:latest -f Containerfile .

      - name: Upload coverage
        uses: actions/upload-artifact@v4
        with:
          name: auth-service-coverage
          path: backend/functions/auth-service/coverage.out

      - name: Upload binary
        uses: actions/upload-artifact@v4
        with:
          name: auth-service-binary
          path: backend/functions/auth-service/auth-service

=== build-backend-payment.yml ===
name: Build and Test Payment Service

on:
  push:
    branches: [ main, develop, 'feature/**' ]
    paths:
      - 'backend/functions/payment-service/**'
      - 'backend/pkg/**'
      - '.gitea/workflows/build-backend-payment.yml'
  pull_request:
    branches: [ main, develop ]
    paths:
      - 'backend/functions/payment-service/**'
      - 'backend/pkg/**'

jobs:
  build-and-test:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.25'

      - name: Cache Go modules
        uses: actions/cache@v4
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-payment-${{ hashFiles('backend/functions/payment-service/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-payment-

      - name: Download dependencies
        working-directory: ./backend/functions/payment-service
        run: go mod download

      - name: Verify dependencies
        working-directory: ./backend/functions/payment-service
        run: go mod verify

      - name: Run go vet
        working-directory: ./backend/functions/payment-service
        run: go vet ./...

      - name: Run tests
        working-directory: ./backend/functions/payment-service
        run: go test -v -race -coverprofile=coverage.out ./...

      - name: Build binary
        working-directory: ./backend/functions/payment-service
        run: go build -v -o payment-service main.go

      - name: Build container image
        working-directory: ./backend/functions/payment-service
        run: |
          podman build -t coppertone-payment-service:${{ github.sha }} -f Containerfile .
          podman build -t coppertone-payment-service:latest -f Containerfile .

      - name: Upload coverage
        uses: actions/upload-artifact@v4
        with:
          name: payment-service-coverage
          path: backend/functions/payment-service/coverage.out

      - name: Upload binary
        uses: actions/upload-artifact@v4
        with:
          name: payment-service-binary
          path: backend/functions/payment-service/payment-service

=== build-backend-work.yml ===
name: Build and Test Work Management Service

on:
  push:
    branches: [ main, develop, 'feature/**' ]
    paths:
      - 'backend/functions/work-management-service/**'
      - 'backend/pkg/**'
      - '.gitea/workflows/build-backend-work.yml'
  pull_request:
    branches: [ main, develop ]
    paths:
      - 'backend/functions/work-management-service/**'
      - 'backend/pkg/**'

jobs:
  build-and-test:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.25'

      - name: Cache Go modules
        uses: actions/cache@v4
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-work-${{ hashFiles('backend/functions/work-management-service/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-work-

      - name: Download dependencies
        working-directory: ./backend/functions/work-management-service
        run: go mod download

      - name: Verify dependencies
        working-directory: ./backend/functions/work-management-service
        run: go mod verify

      - name: Run go vet
        working-directory: ./backend/functions/work-management-service
        run: go vet ./...

      - name: Run tests
        working-directory: ./backend/functions/work-management-service
        run: go test -v -race -coverprofile=coverage.out ./...

      - name: Build binary
        working-directory: ./backend/functions/work-management-service
        run: go build -v -o work-management-service main.go

      - name: Build container image
        working-directory: ./backend/functions/work-management-service
        run: |
          podman build -t coppertone-work-service:${{ github.sha }} -f Containerfile .
          podman build -t coppertone-work-service:latest -f Containerfile .

      - name: Upload coverage
        uses: actions/upload-artifact@v4
        with:
          name: work-service-coverage
          path: backend/functions/work-management-service/coverage.out

      - name: Upload binary
        uses: actions/upload-artifact@v4
        with:
          name: work-service-binary
          path: backend/functions/work-management-service/work-management-service

=== build-frontend.yml ===
name: Build and Test Frontend

on:
  push:
    branches: [ main, develop, 'feature/**' ]
    paths:
      - 'frontend/**'
      - '.gitea/workflows/build-frontend.yml'
  pull_request:
    branches: [ main, develop ]
    paths:
      - 'frontend/**'

jobs:
  build-and-test:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 'lts/*'
          cache: 'npm'
          cache-dependency-path: './frontend/package-lock.json'

      - name: Install dependencies
        working-directory: ./frontend
        run: npm ci

      - name: Run linter
        working-directory: ./frontend
        run: npm run lint

      - name: Run type check
        working-directory: ./frontend
        run: npm run type-check

      - name: Run unit tests
        working-directory: ./frontend
        run: npm run test:unit

      - name: Build Frontend
        working-directory: ./frontend
        run: npm run build

      - name: Build container image
        working-directory: ./frontend
        run: |
          podman build -t coppertone-frontend:${{ github.sha }} -f Containerfile .
          podman build -t coppertone-frontend:latest -f Containerfile .

      - name: Archive production artifacts
        uses: actions/upload-artifact@v4
        with:
          name: frontend-dist
          path: ./frontend/dist

      - name: Archive Nginx config
        uses: actions/upload-artifact@v4
        with:
          name: frontend-nginx-config
          path: ./frontend/nginx.conf


== GitHub Actions ==
No GitHub Actions found

== Security in CI/CD ==
None found