Add CI/CD pipeline generation module for GitHub Actions and GitLab CI

[Copilot]

Completes the deployment story: ship() handles one-time deploys, but production apps need automated pipelines. This module programmatically generates GitHub Actions workflows and GitLab CI configs with full-stack support.

Changes

Core module (fastops/ci.py, 592 lines):

• github_actions() - Generate GHA workflows with test/build/deploy jobs
  • Registry support: GHCR, Docker Hub, ECR, ACR
  • Deploy targets: Docker, VPS, Hetzner, Azure, AWS
  • Features: caching, linting, services (postgres), Node.js setup
• gitlab_ci() - Generate GitLab CI with equivalent capabilities
• deploy_workflow() - Convenience wrapper for deploy-focused pipelines
• test_workflow() - Convenience wrapper for PR testing
• multi_env_workflow() - Staging → production with approval gates
• _yaml_dump() - PyYAML with fallback to custom serializer

Exports:

• Updated fastops/__init__.py to expose all functions

Usage

from fastops import github_actions, deploy_workflow, test_workflow

# Full CI/CD with postgres tests, linting, Hetzner deploy
github_actions('deploy', app_name='myapp', 
    registry='ghcr',
    deploy_target='hetzner',
    deploy_host='${{ secrets.DEPLOY_HOST }}',
    test_cmd='pytest',
    lint=True,
    services=[{'postgres': {'image': 'postgres:16', 'env': {'POSTGRES_PASSWORD': 'test'}}}]
)
# → Writes .github/workflows/deploy.yml

# Quick deploy workflow
deploy_workflow('myapp', target='docker')

# Test-only for PRs  
test_workflow('myapp', python_version='3.11')

Multi-environment workflows include conditional branching and environment protection:

multi_env_workflow('api')
# → staging (auto-deploy from develop) + production (manual approval from main)

Original prompt

Overview

Add a CI/CD pipeline generation module that programmatically creates GitHub Actions workflows, GitLab CI configs, and deploy-on-push pipelines. This completes the deployment story: ship() handles one-time deploys, but production apps need automated pipelines.

Branch off copilot/add-cloud-resource-provisioning.

---

File: fastops/ci.py

Module docstring

"""CI/CD pipeline generation: GitHub Actions, GitLab CI, and deploy-on-push workflows."""

__all__

['github_actions', 'gitlab_ci', 'deploy_workflow', 'test_workflow', 'multi_env_workflow']

Imports

import os, json
from pathlib import Path

---

Function 1: github_actions(name='deploy', app_name='app', **kw)

Generate a GitHub Actions workflow YAML dict and optionally save to .github/workflows/.

Parameters:

• name — workflow name
• app_name — application name used in image tags, service names
• trigger — dict with keys like push, pull_request, workflow_dispatch. Default: {'push': {'branches': ['main']}}
• python_version — default '3.12'
• node_version — default None (skip Node setup if None)
• test_cmd — command to run tests, default 'python -m pytest'
• build — bool, include Docker build step, default True
• registry — 'ghcr', 'dockerhub', 'ecr', 'acr'. Default 'ghcr'
• deploy_target — None, 'docker', 'vps', 'azure', 'aws', 'hetzner'. If None, no deploy step.
• deploy_host — SSH host for VPS/Hetzner deploy
• deploy_user — SSH user, default 'deploy'
• domain — domain for proxy config
• env_vars — dict of env var names to pull from GitHub secrets
• services — list of service dicts for the services: key (e.g., postgres for tests)
• cache — bool, enable pip/npm caching, default True
• lint — bool, add ruff/eslint step, default False
• save — bool, write to .github/workflows/{name}.yml, default True

Returns: dict (the workflow YAML structure)

The workflow should include these jobs:

Job: test (if test_cmd is not None)

• runs-on: ubuntu-latest
• services: postgres if needed
• steps: checkout, setup-python, cache pip, install deps (pip install -e '.[dev]'), run tests

Job: build (if build=True)

• needs: test (if test job exists)
• steps: checkout, login to registry, build and push Docker image
• Registry login logic:
  • ghcr: docker/login-action with registry: ghcr.io, username ${{ github.actor }}, password ${{ secrets.GITHUB_TOKEN }}
  • dockerhub: docker/login-action with username from secrets, password from secrets
  • ecr: aws-actions/configure-aws-credentials + aws-actions/amazon-ecr-login
  • acr: azure/login + azure/docker-login
• Image tag: {registry_prefix}/{app_name}:${{ github.sha }} and :latest

Job: deploy (if deploy_target is not None)

• needs: build
• Deploy logic based on target:
  • docker: SSH into host, docker compose pull && docker compose up -d
  • vps/hetzner: SSH deploy with rsync + docker compose
  • azure: azure/webapps-deploy action
  • aws: ECS update-service or App Runner

If save=True, write to .github/workflows/{name}.yml using yaml.dump (import yaml lazily, fallback to json-style manual YAML generation if PyYAML not available).

Function 2: gitlab_ci(name='deploy', app_name='app', **kw)

Similar to github_actions but generates .gitlab-ci.yml format.

Parameters: same as github_actions where applicable.

Stages: test, build, deploy

Each stage maps to a GitLab CI job with:

• image: appropriate Docker image
• script: list of commands
• only: branch restrictions
• variables: from kw
• services: for test database

Returns: dict, optionally saves to .gitlab-ci.yml.

Function 3: deploy_workflow(app_name='app', target='docker', **kw)

Convenience wrapper that calls github_actions() with deploy-focused defaults:

• name='deploy'
• build=True
• deploy_target=target
• trigger={'push': {'branches': ['main']}, 'workflow_dispatch': {}}

Returns the workflow dict.

Function 4: test_workflow(app_name='app', **kw)

Convenience wrapper for test-only workflow:

• name='test'
• build=False
• deploy_target=None
• trigger={'push': {'branches': ['main', 'develop']}, 'pull_request': {'branches': ['main']}}
• lint=True

Returns the workflow dict.

Function 5: multi_env_workflow(app_name='app', environments=None, **kw)

Generate a workflow with staging → production promotion:

Default environments:

environments = environments or {
    'staging': {'branch': 'develop', 'domain': f'staging.{app_name}.com'},
    'production': {'branch': 'main', 'domain': f'{app_name}.com', 'approval': True},
}

Creates a workflow with:

• Test job (runs on all pushes)
• Build job per environment
• Deploy job per environment
• Production deploy requires manual approval (environment: production with protection rules)

Returns dict, saves to .github/workflows/deploy.yml.

---...

This pull request was created from Copilot chat.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.