From 29942281e7748e2ccf66c0cd2c533857ab5fa5e4 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Fri, 21 Nov 2025 12:02:19 +0530 Subject: [PATCH 01/17] Add Node.js CI workflow This workflow sets up a CI pipeline for Node.js applications, installing dependencies, building the source code, and running tests across multiple Node.js versions. --- .github/workflows/node.js.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/node.js.yml diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml new file mode 100644 index 000000000..093a9544b --- /dev/null +++ b/.github/workflows/node.js.yml @@ -0,0 +1,31 @@ +# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node +# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs + +name: Node.js CI + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + build: + + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [18.x, 20.x, 22.x] + # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ + + steps: + - uses: actions/checkout@v4 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v4 + with: + node-version: ${{ matrix.node-version }} + cache: 'npm' + - run: npm ci + - run: npm run build --if-present + - run: npm test From 67192802de4f07090d97facb4836925e3d503678 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Fri, 21 Nov 2025 12:04:22 +0530 Subject: [PATCH 02/17] Remove npm test from Node.js workflow Remove npm test step from workflow --- .github/workflows/node.js.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 093a9544b..87e625382 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -28,4 +28,4 @@ jobs: cache: 'npm' - run: npm ci - run: npm run build --if-present - - run: npm test + From a0234718546aaac338b5093d41f02452ece64fa4 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Fri, 21 Nov 2025 12:09:17 +0530 Subject: [PATCH 03/17] Update node.js.yml --- .github/workflows/node.js.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 87e625382..bcea99bb2 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -16,7 +16,7 @@ jobs: strategy: matrix: - node-version: [18.x, 20.x, 22.x] + node-version: [22.x] # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: From 032d3f3badfeb09151866ad0ffec7c413b3b4159 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Mon, 24 Nov 2025 15:02:15 +0530 Subject: [PATCH 04/17] Update node.js.yml --- .github/workflows/node.js.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index bcea99bb2..e24bd5732 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -6,8 +6,12 @@ name: Node.js CI on: push: branches: [ "master" ] + tags: + - "v*" pull_request: branches: [ "master" ] + tags: + - "v*" jobs: build: From 050b9df316599b927dc431077c2b2ffed061aa68 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Mon, 24 Nov 2025 16:56:21 +0530 Subject: [PATCH 05/17] Add artifact upload step to CI workflow --- .github/workflows/node.js.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index e24bd5732..87685f68b 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -33,3 +33,7 @@ jobs: - run: npm ci - run: npm run build --if-present + - uses: actions/upload-artifact@v4 + with: + name: my-build-output + path: ./dist/ From 9169b58bdc789f8777d2e7c25416196c77ccde84 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Tue, 25 Nov 2025 13:16:32 +0530 Subject: [PATCH 06/17] Add Trivy security scan and report upload steps --- .github/workflows/node.js.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 87685f68b..b55eda52c 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -37,3 +37,22 @@ jobs: with: name: my-build-output path: ./dist/ + - name: Aqua Security Trivy Scan + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: fs + scan-ref: . + severity: HIGH,CRITICAL + ignore-unfixed: true + vuln-type: os,library + exit-code: 1 + format: text + output: trivy-report.text + hide-progress: true + + - name: Upload Trivy Report + uses: actions/upload-artifact@v4 + with: + name: trivy-report + path: trivy-report.json + From 0d5d3d18de789bf393a13208c4c829273912e6da Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Tue, 25 Nov 2025 13:18:10 +0530 Subject: [PATCH 07/17] Change Trivy report format to CSV and output type --- .github/workflows/node.js.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index b55eda52c..4c525544e 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -46,8 +46,8 @@ jobs: ignore-unfixed: true vuln-type: os,library exit-code: 1 - format: text - output: trivy-report.text + format: table + output: trivy-report.csv hide-progress: true - name: Upload Trivy Report From 302f87e875f26666c9f0f55eed57b08caab9c6b3 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Tue, 25 Nov 2025 13:19:23 +0530 Subject: [PATCH 08/17] Change Trivy report format from JSON to CSV --- .github/workflows/node.js.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 4c525544e..040dd367b 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -54,5 +54,5 @@ jobs: uses: actions/upload-artifact@v4 with: name: trivy-report - path: trivy-report.json + path: trivy-report.csv From 4146e8f21eeeefc77d6657085f2f592fb0b9870c Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Tue, 25 Nov 2025 13:27:43 +0530 Subject: [PATCH 09/17] Change Trivy exit code and report output format --- .github/workflows/node.js.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 040dd367b..9ee184a1f 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -45,14 +45,14 @@ jobs: severity: HIGH,CRITICAL ignore-unfixed: true vuln-type: os,library - exit-code: 1 + exit-code: 0 format: table - output: trivy-report.csv + output: trivy-report.txt hide-progress: true - name: Upload Trivy Report uses: actions/upload-artifact@v4 with: name: trivy-report - path: trivy-report.csv + path: trivy-report.txt From f9dd47cf1b5643915035e834674a03ca3cebc012 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Tue, 25 Nov 2025 13:31:07 +0530 Subject: [PATCH 10/17] Change artifact upload path to current directory --- .github/workflows/node.js.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 9ee184a1f..1916ccdca 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -36,7 +36,7 @@ jobs: - uses: actions/upload-artifact@v4 with: name: my-build-output - path: ./dist/ + path: . - name: Aqua Security Trivy Scan uses: aquasecurity/trivy-action@0.33.1 with: From 32a9971055eee79a2e0b2686df38d140421629b0 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Tue, 25 Nov 2025 14:38:53 +0530 Subject: [PATCH 11/17] Remove conditional build step in workflow --- .github/workflows/node.js.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 1916ccdca..c1102ee6c 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -31,12 +31,13 @@ jobs: node-version: ${{ matrix.node-version }} cache: 'npm' - run: npm ci - - run: npm run build --if-present + - run: npm run build - uses: actions/upload-artifact@v4 with: name: my-build-output path: . + - name: Aqua Security Trivy Scan uses: aquasecurity/trivy-action@0.33.1 with: From 5bd8a494c3c06afa5de7ca0d3462bd9697b31f44 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Mon, 8 Dec 2025 16:44:20 +0530 Subject: [PATCH 12/17] Update greeting message in index.js --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index 54e5fef1f..c6ee820d1 100644 --- a/index.js +++ b/index.js @@ -3,7 +3,7 @@ const port = process.env.PORT || 3000; const server = http.createServer((req, res) => { res.statusCode = 200; - const msg = 'Hello Node!\n' + const msg = 'Hello Node Application!\n' res.end(msg); }); From b68abe949bfa95728f7075a3c4425dcc6acfeb3a Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Mon, 8 Dec 2025 18:19:15 +0530 Subject: [PATCH 13/17] Delete .github/workflows/node.js.yml --- .github/workflows/node.js.yml | 59 ----------------------------------- 1 file changed, 59 deletions(-) delete mode 100644 .github/workflows/node.js.yml diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml deleted file mode 100644 index c1102ee6c..000000000 --- a/.github/workflows/node.js.yml +++ /dev/null @@ -1,59 +0,0 @@ -# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node -# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs - -name: Node.js CI - -on: - push: - branches: [ "master" ] - tags: - - "v*" - pull_request: - branches: [ "master" ] - tags: - - "v*" - -jobs: - build: - - runs-on: ubuntu-latest - - strategy: - matrix: - node-version: [22.x] - # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ - - steps: - - uses: actions/checkout@v4 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 - with: - node-version: ${{ matrix.node-version }} - cache: 'npm' - - run: npm ci - - run: npm run build - - - uses: actions/upload-artifact@v4 - with: - name: my-build-output - path: . - - - name: Aqua Security Trivy Scan - uses: aquasecurity/trivy-action@0.33.1 - with: - scan-type: fs - scan-ref: . - severity: HIGH,CRITICAL - ignore-unfixed: true - vuln-type: os,library - exit-code: 0 - format: table - output: trivy-report.txt - hide-progress: true - - - name: Upload Trivy Report - uses: actions/upload-artifact@v4 - with: - name: trivy-report - path: trivy-report.txt - From bf2b3d466bb5e92c1b0df9316c639a19c18e0f95 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Mon, 8 Dec 2025 18:21:17 +0530 Subject: [PATCH 14/17] Create npm-publish-github-packages.yml --- .../workflows/npm-publish-github-packages.yml | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/npm-publish-github-packages.yml diff --git a/.github/workflows/npm-publish-github-packages.yml b/.github/workflows/npm-publish-github-packages.yml new file mode 100644 index 000000000..bd5d6f576 --- /dev/null +++ b/.github/workflows/npm-publish-github-packages.yml @@ -0,0 +1,37 @@ +# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created +# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages + +name: Node.js Package + +on: + release: + types: [created] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + - run: npm install + - run: npm run build + + publish-gpr: + needs: build + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + registry-url: https://npm.pkg.github.com/ + - run: npm install + - run: npm run build + - run: npm publish + env: + NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} From 57a1354fcecf55ba304eb68153c875b3a662afb7 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Mon, 8 Dec 2025 18:22:20 +0530 Subject: [PATCH 15/17] Update npm-publish-github-packages.yml --- .../workflows/npm-publish-github-packages.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm-publish-github-packages.yml b/.github/workflows/npm-publish-github-packages.yml index bd5d6f576..556c2fb4f 100644 --- a/.github/workflows/npm-publish-github-packages.yml +++ b/.github/workflows/npm-publish-github-packages.yml @@ -4,9 +4,21 @@ name: Node.js Package on: - release: - types: [created] + push: + branches: + - release + tags: + - "v*" + + pull_request: + branches: + - release + tags: + - "v*" + release: + types: [created, published] + jobs: build: runs-on: ubuntu-latest From a4614f7b3abf9aa67959141f9b2db8cb632c741b Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Mon, 8 Dec 2025 18:23:06 +0530 Subject: [PATCH 16/17] Update npm-publish-github-packages.yml --- .github/workflows/npm-publish-github-packages.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/npm-publish-github-packages.yml b/.github/workflows/npm-publish-github-packages.yml index 556c2fb4f..e7147fa2f 100644 --- a/.github/workflows/npm-publish-github-packages.yml +++ b/.github/workflows/npm-publish-github-packages.yml @@ -7,12 +7,14 @@ on: push: branches: - release + - master tags: - "v*" pull_request: branches: - release + - master tags: - "v*" From f260dd0585cf56a9d9c7681630b89b5593141684 Mon Sep 17 00:00:00 2001 From: Laljanibasha Shaik <98688990+laljohnny@users.noreply.github.com> Date: Wed, 10 Dec 2025 22:03:51 +0530 Subject: [PATCH 17/17] Refactor npm publish workflow and EC2 deployment Updated the GitHub Actions workflow for npm publishing and deployment to EC2. Adjusted node version, added artifact handling, and refined deployment steps. --- .../workflows/npm-publish-github-packages.yml | 87 +++++++++++++------ 1 file changed, 60 insertions(+), 27 deletions(-) diff --git a/.github/workflows/npm-publish-github-packages.yml b/.github/workflows/npm-publish-github-packages.yml index e7147fa2f..21be21f90 100644 --- a/.github/workflows/npm-publish-github-packages.yml +++ b/.github/workflows/npm-publish-github-packages.yml @@ -1,22 +1,12 @@ -# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created -# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages - -name: Node.js Package - +name: CD-TP-admin2-Backend on: push: branches: - release - - master - tags: - - "v*" pull_request: branches: - release - - master - tags: - - "v*" release: types: [created, published] @@ -24,28 +14,71 @@ on: jobs: build: runs-on: ubuntu-latest + environment: envdev + + strategy: + matrix: + node-version: [ 22 ] + steps: - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 with: - node-version: 20 + node-version: ${{ matrix.node-version }} + - run: npm install - - run: npm run build - publish-gpr: - needs: build + - run: CI=false npm run build --if-present + + - name: Upload build artifact + uses: actions/upload-artifact@v5 + with: + name: tp-admin2-backend-app-artifact-${{ github.run_number }} + path: dist/ + + deploy: runs-on: ubuntu-latest - permissions: - contents: read - packages: write + environment: envdev + needs: build + steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - name: Download build artifact + uses: actions/download-artifact@v6.0.0 with: - node-version: 20 - registry-url: https://npm.pkg.github.com/ - - run: npm install - - run: npm run build - - run: npm publish - env: - NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} + name: tp-admin2-backend-app-artifact-${{ github.run_number }} + path: ./artifact-files + + - name: Show downloaded files + run: ls -R ./artifact-files + + - name: Setup SSH key + run: | + mkdir -p ~/.ssh + echo "${{ secrets.EC2_SSH_KEY }}" > ~/.ssh/deploy-key.pem + chmod 600 ~/.ssh/deploy-key.pem + ssh-keyscan -H ${{ secrets.EC2_HOST }} >> ~/.ssh/known_hosts + + - name: Copy build files to EC2 server + run: | + # Create .env file from GitHub secret envirnoment envdev + echo "${{ secrets.ENV_FILE }}" > .env + + # Copy artifacts + .env to EC2 + scp -i ~/.ssh/deploy-key.pem -r ./artifact-files/* .env \ + ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }}:/home/ubuntu/admin2-backend + + + - name: Restart app on EC2 + run: | + ssh -i ~/.ssh/deploy-key.pem ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} << 'EOF' + # Load NVM so PM2 becomes available + export NVM_DIR="$HOME/.nvm" + [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" + + pm2 restart trustlypay_admin2_backend_1.0 || echo "PM2 not found!" + pm2 list || echo "PM2 list failed!" + + sudo systemctl restart apache2 + sudo systemctl status apache2 --no-pager + EOF