From 157cb4910fb0110913b7a972d2645a6ba8cd853c Mon Sep 17 00:00:00 2001
From: Mondo Diaz <armando.m.diaz@boeing.com>
Date: Tue, 13 Jan 2026 22:43:21 +0000
Subject: [PATCH] Refactor CI pipeline with templates and add frontend tests

- Add frontend_tests job (npm run test with Vitest)
- Add verification checks to deploy_stage (health, API, frontend)
- Extract shared YAML anchors: deploy_template, helm_setup, verify_deployment
- Reduce code duplication across deploy jobs
---
 .gitlab-ci.yml | 153 ++++++++++++++++++++++++++++---------------------
 1 file changed, 87 insertions(+), 66 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index bac3b31..6f66b70 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,7 +15,7 @@ hadolint:
 
 # secrets job is a blocking check - real credential leaks should fail the pipeline
 
-# Run Python tests
+# Run Python backend tests
 python_tests:
   stage: test
   image: deps.global.bsf.tools/docker/python:3.12-slim
@@ -26,27 +26,97 @@ python_tests:
     - cd backend
     - python -m pytest -v
 
-# Deploy to stage (main branch)
-deploy_stage:
+# Run frontend tests
+frontend_tests:
+  stage: test
+  image: deps.global.bsf.tools/docker/node:20-alpine
+  before_script:
+    - cd frontend
+    - npm ci
+  script:
+    - npm run test -- --run
+  rules:
+    - exists:
+        - frontend/package.json
+
+# Shared deploy configuration
+.deploy_template: &deploy_template
   stage: deploy
   needs: [build_image]
   image: deps.global.bsf.tools/registry-1.docker.io/alpine/k8s:1.29.12
+
+.helm_setup: &helm_setup
+  - helm version
+  - helm repo add stable https://charts.helm.sh/stable
+  - helm repo add bitnami https://charts.bitnami.com/bitnami
+  - cd helm/orchard
+  - helm dependency update
+  - helm repo update
+
+.verify_deployment: &verify_deployment |
+  echo "=== Waiting for health endpoint (certs may take a few minutes) ==="
+  for i in $(seq 1 30); do
+    if curl -sf --max-time 10 "$BASE_URL/health" > /dev/null 2>&1; then
+      echo "Health check passed!"
+      break
+    fi
+    echo "Attempt $i/30 - waiting 10s..."
+    sleep 10
+  done
+
+  # Verify health endpoint
+  echo ""
+  echo "=== Health Check ==="
+  curl -sf "$BASE_URL/health" || { echo "Health check failed"; exit 1; }
+  echo ""
+
+  # Verify API is responding
+  echo ""
+  echo "=== API Check (GET /api/v1/projects) ==="
+  HTTP_CODE=$(curl -sf -o /dev/null -w "%{http_code}" "$BASE_URL/api/v1/projects")
+  if [ "$HTTP_CODE" = "200" ]; then
+    echo "API responding: HTTP $HTTP_CODE"
+  else
+    echo "API check failed: HTTP $HTTP_CODE"
+    exit 1
+  fi
+
+  # Verify frontend is served
+  echo ""
+  echo "=== Frontend Check ==="
+  if curl -sf "$BASE_URL/" | grep -q "</html>"; then
+    echo "Frontend is being served"
+  else
+    echo "Frontend check failed"
+    exit 1
+  fi
+
+  echo ""
+  echo "=== All checks passed! ==="
+  echo "Deployment URL: $BASE_URL"
+
+# Deploy to stage (main branch)
+deploy_stage:
+  <<: *deploy_template
   variables:
-    ENV: stage
     NAMESPACE: orch-stage-namespace
     VALUES_FILE: helm/orchard/values-stage.yaml
+    BASE_URL: https://orchard-stage.common.global.bsf.tools
   before_script:
     - kubectl config use-context esv/bsf/bsf-integration/orchard/orchard-mvp:orchard-stage
-    - helm version
-    - helm repo add stable https://charts.helm.sh/stable
-    - helm repo add bitnami https://charts.bitnami.com/bitnami
-    - cd helm/orchard
-    - helm dependency update
-    - helm repo update
+    - *helm_setup
   script:
     - echo "Deploying to stage environment"
     - cd $CI_PROJECT_DIR
-    - helm upgrade --install orchard-stage ./helm/orchard --namespace $NAMESPACE -f $VALUES_FILE --set image.tag=git.linux-amd64-$CI_COMMIT_SHA
+    - |
+      helm upgrade --install orchard-stage ./helm/orchard \
+        --namespace $NAMESPACE \
+        -f $VALUES_FILE \
+        --set image.tag=git.linux-amd64-$CI_COMMIT_SHA \
+        --wait \
+        --timeout 5m
+    - kubectl rollout status deployment/orchard-stage -n $NAMESPACE --timeout=5m
+    - *verify_deployment
   environment:
     name: stage
     url: https://orchard-stage.common.global.bsf.tools
@@ -58,20 +128,13 @@ deploy_stage:
 
 # Deploy feature branch to dev namespace
 deploy_feature:
-  stage: deploy
-  needs: [build_image]
-  image: deps.global.bsf.tools/registry-1.docker.io/alpine/k8s:1.29.12
+  <<: *deploy_template
   variables:
     NAMESPACE: orch-dev-namespace
     VALUES_FILE: helm/orchard/values-dev.yaml
   before_script:
     - kubectl config use-context esv/bsf/bsf-integration/orchard/orchard-mvp:orchard
-    - helm version
-    - helm repo add stable https://charts.helm.sh/stable
-    - helm repo add bitnami https://charts.bitnami.com/bitnami
-    - cd helm/orchard
-    - helm dependency update
-    - helm repo update
+    - *helm_setup
   script:
     - echo "Deploying feature branch $CI_COMMIT_REF_SLUG"
     - cd $CI_PROJECT_DIR
@@ -87,51 +150,9 @@ deploy_feature:
         --set minioIngress.tls.secretName=minio-$CI_COMMIT_REF_SLUG-tls \
         --wait \
         --timeout 5m
-    - echo "Waiting for deployment to be ready..."
     - kubectl rollout status deployment/orchard-$CI_COMMIT_REF_SLUG -n $NAMESPACE --timeout=5m
-    - |
-      BASE_URL="https://orchard-$CI_COMMIT_REF_SLUG.common.global.bsf.tools"
-
-      echo "=== Waiting for health endpoint (certs may take a few minutes) ==="
-      for i in $(seq 1 30); do
-        if curl -sf --max-time 10 "$BASE_URL/health" > /dev/null 2>&1; then
-          echo "Health check passed!"
-          break
-        fi
-        echo "Attempt $i/30 - waiting 10s..."
-        sleep 10
-      done
-
-      # Verify health endpoint
-      echo ""
-      echo "=== Health Check ==="
-      curl -sf "$BASE_URL/health" || { echo "Health check failed"; exit 1; }
-      echo ""
-
-      # Verify API is responding
-      echo ""
-      echo "=== API Check (GET /api/v1/projects) ==="
-      HTTP_CODE=$(curl -sf -o /dev/null -w "%{http_code}" "$BASE_URL/api/v1/projects")
-      if [ "$HTTP_CODE" = "200" ]; then
-        echo "API responding: HTTP $HTTP_CODE"
-      else
-        echo "API check failed: HTTP $HTTP_CODE"
-        exit 1
-      fi
-
-      # Verify frontend is served
-      echo ""
-      echo "=== Frontend Check ==="
-      if curl -sf "$BASE_URL/" | grep -q "</html>"; then
-        echo "Frontend is being served"
-      else
-        echo "Frontend check failed"
-        exit 1
-      fi
-
-      echo ""
-      echo "=== All checks passed! ==="
-      echo "Deployment URL: $BASE_URL"
+    - export BASE_URL="https://orchard-$CI_COMMIT_REF_SLUG.common.global.bsf.tools"
+    - *verify_deployment
   environment:
     name: review/$CI_COMMIT_REF_SLUG
     url: https://orchard-$CI_COMMIT_REF_SLUG.common.global.bsf.tools
@@ -144,8 +165,8 @@ deploy_feature:
 
 # Cleanup feature branch deployment
 cleanup_feature:
-  stage: deploy
-  image: deps.global.bsf.tools/registry-1.docker.io/alpine/k8s:1.29.12
+  <<: *deploy_template
+  needs: []
   variables:
     NAMESPACE: orch-dev-namespace
   before_script: