fetch_ml/docs/src/cicd.md

---
layout: page
title: "CI/CD Pipeline"
permalink: /cicd/
nav_order: 5
---

# CI/CD Pipeline

Automated testing, building, and releasing for fetch_ml.

## Workflows

### CI Workflow (`.github/workflows/ci.yml`)

Runs on every push to `main`/`develop` and all pull requests.

**Jobs:**
1. **test** - Go backend tests with Redis
2. **build** - Build all binaries (Go + Zig CLI)
3. **test-scripts** - Validate deployment scripts
4. **security-scan** - Trivy and Gosec security scans
5. **docker-build** - Build and push Docker images (main branch only)

**Test Coverage:**
- Go unit tests with race detection
- `internal/queue` package tests
- Zig CLI tests  
- Integration tests
- Security audits

### Release Workflow (`.github/workflows/release.yml`)

Runs on version tags (e.g., `v1.0.0`).

**Jobs:**

1. **build-cli** (matrix build)
   - Linux x86_64 (static musl)
   - macOS x86_64
   - macOS ARM64
   - Downloads platform-specific static rsync
   - Embeds rsync for zero-dependency releases

2. **build-go-backends**
   - Cross-platform Go builds
   - api-server, worker, tui, data_manager, user_manager

3. **create-release**
   - Collects all artifacts
   - Generates SHA256 checksums
   - Creates GitHub release with notes

## Release Process

### Creating a Release

```bash
# 1. Update version
git tag v1.0.0

# 2. Push tag
git push origin v1.0.0

# 3. CI automatically builds and releases
```

### Release Artifacts

**CLI Binaries (with embedded rsync):**
- `ml-linux-x86_64.tar.gz` (~450-650KB)
- `ml-macos-x86_64.tar.gz` (~450-650KB)
- `ml-macos-arm64.tar.gz` (~450-650KB)

**Go Backends:**
- `fetch_ml_api-server.tar.gz`
- `fetch_ml_worker.tar.gz`
- `fetch_ml_tui.tar.gz`
- `fetch_ml_data_manager.tar.gz`
- `fetch_ml_user_manager.tar.gz`

**Checksums:**
- `checksums.txt` - Combined SHA256 sums
- Individual `.sha256` files per binary

## Development Workflow

### Local Testing

```bash
# Run all tests
make test

# Run specific package tests
go test ./internal/queue/...

# Build CLI
cd cli && zig build dev

# Run formatters and linters
make lint

# Security scans are handled automatically in CI by the `security-scan` job
```

#### Optional heavy end-to-end tests

Some e2e tests exercise full Docker deployments and performance scenarios and are
**skipped by default** to keep local/CI runs fast. You can enable them explicitly
with environment variables:

```bash
# Run Docker deployment e2e tests
FETCH_ML_E2E_DOCKER=1 go test ./tests/e2e/...

# Run performance-oriented e2e tests
FETCH_ML_E2E_PERF=1 go test ./tests/e2e/...
```

Without these variables, `TestDockerDeploymentE2E` and `TestPerformanceE2E` will
`t.Skip`, while all lighter e2e tests still run.

### Pull Request Checks

All PRs must pass:
- ✅ Go tests (with Redis)
- ✅ CLI tests
- ✅ Security scans
- ✅ Code linting
- ✅ Build verification

## Configuration

### Environment Variables

```yaml
GO_VERSION: '1.25.0'
ZIG_VERSION: '0.15.2'
```

### Secrets

Required for releases:
- `GITHUB_TOKEN` - Automatic, provided by GitHub Actions

## Monitoring

### Build Status

Check workflow runs at:
```
https://github.com/jfraeys/fetch_ml/actions
```

### Artifacts

Download build artifacts from:
- Successful workflow runs (30-day retention)
- GitHub Releases (permanent)

---

For implementation details:
- [.github/workflows/ci.yml](https://github.com/jfraeys/fetch_ml/blob/main/.github/workflows/ci.yml)
- [.github/workflows/release.yml](https://github.com/jfraeys/fetch_ml/blob/main/.github/workflows/release.yml)