CI/CD

LAREX uses GitHub Actions workflows in .github/workflows/.

Workflows

CI Workflow (ci.yml)

Triggers

• Push to main and dev
• Pull requests targeting main

Jobs

1. backend (Backend Tests)

• Uses PostgreSQL 17-alpine service
• Runs with JDK 21 (Temurin)
• Executes ./gradlew test
• Builds JAR via ./gradlew build -x test
• Uploads backend test reports as artifact

2. frontend (Frontend Checks)

• Uses Node 20 + pnpm 10
• Installs dependencies in frontend/
• Runs pnpm build
• Note: lint/typecheck steps are currently present but commented out in workflow

3. keycloak-theme (Keycloak Theme Build)

• Uses Node 20 + pnpm 10
• Installs dependencies in keycloak-theme/
• Runs pnpm run build-keycloak-theme
• Uploads generated theme artifact (build_keycloak/)

4. docker-build (PR-only build test)

• Runs only on pull requests
• Builds backend and frontend Docker images with Buildx
• Does not push images

Release Workflow (release.yml)

Triggers

• Push to main when VERSION changes
• Manual dispatch (workflow_dispatch) with optional skip_tests

Pipeline

1. version

• Reads and normalizes VERSION
• Exposes it as workflow output

2. test

• Reuses ci.yml
• Skipped when skip_tests=true

3. build-and-push

• Builds and pushes backend/frontend images to ghcr.io
• Runs after successful tests (or when tests are skipped manually)
• Adds Docker metadata tags

4. create-release

• Creates GitHub release v<version>
• Uses generated release notes

5. sync-versions

• Runs scripts/version-sync.sh
• Commits and pushes version-sync changes if needed

Image Tags

Release images are tagged with Docker metadata rules, including:

• <version>
• <version>-<sha>
• latest (default branch only)
• sha-<sha>

Registry and Auth

• Registry: ghcr.io
• Authentication: GITHUB_TOKEN via docker/login-action

Local Validation

Useful local commands before pushing:

task test
task build

Next Steps

• Production Deployment
• Environment Variables