docs: add deployment guides for DigitalOcean, Fly.io, Sprites.dev #234
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install root dependencies | |
| run: npm ci | |
| - name: Lint | |
| run: npm run lint | |
| - name: Typecheck | |
| run: npm run typecheck | |
| - name: ShellCheck | |
| run: | | |
| find bin/ setup.sh start.sh install.sh -type f \( -name '*.sh' -o -name 'baudbot-safe-bash' -o -name 'baudbot-docker' -o -name 'baudbot' \) \ | |
| | xargs shellcheck -s bash -S warning | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install dependencies | |
| run: | | |
| npm ci | |
| cd slack-bridge && npm ci | |
| cd ../control-plane && npm ci | |
| - name: Run JS tests with coverage | |
| run: npm run test:coverage | |
| - name: Run shell tests | |
| run: bin/test.sh shell | |
| # security-audit.sh checks live system state (running services, firewall, | |
| # /proc mounts) that doesn't exist in CI. Run it locally instead: | |
| # cd bin && bash security-audit.test.sh | |
| secret-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install detect-secrets | |
| run: pip install detect-secrets | |
| - name: Check for new secrets | |
| run: | | |
| # Scan the repo and compare against the audited baseline. | |
| # Fails if any NEW secrets are found that aren't in the baseline. | |
| detect-secrets scan \ | |
| --baseline .secrets.baseline \ | |
| --exclude-files 'node_modules/.*' \ | |
| --exclude-files '\.git/.*' \ | |
| --exclude-files 'package-lock\.json' | |
| # Verify no unaudited secrets remain | |
| if detect-secrets audit --report --baseline .secrets.baseline 2>&1 | grep -q 'Unaudited'; then | |
| echo "❌ Unaudited secrets found — run: detect-secrets audit .secrets.baseline" | |
| exit 1 | |
| fi |