This document details the automation systems implemented to ensure deployment reliability and solution availability.
Overview
CI Pipelines by Repository
Control-Hub-Back
| Step | Command | Tool |
|---|
| TypeCheck | pnpm typecheck | TypeScript |
| Lint | pnpm lint | ESLint |
| Format | pnpm format --check | Prettier |
| Security Audit | pnpm audit --prod | npm audit |
| Tests | pnpm test (Japa) | Japa + MySQL + Redis |
| Coverage | npx c8 --reporter=lcov | c8 |
| Build | pnpm build | AdonisJS |
| SonarQube | Scan + Quality Gate | SonarQube |
CI Services: MySQL 8 and Redis started as GitHub Actions service containers for integration tests.
Control-Hub Frontend (my-app)
| Step | Command | Tool |
|---|
| TypeCheck | tsc --noEmit | TypeScript |
| Lint | pnpm run lint | ESLint |
| Format | pnpm run format --check | Prettier |
| Security Audit | pnpm audit | npm audit |
| Unit Tests | pnpm test | Vitest |
| E2E Tests | pnpm test:e2e | Playwright (headless) |
| Storybook Build | pnpm build-storybook | Storybook |
| A11y Tests | Storybook test runner | @storybook/addon-a11y |
| Build | pnpm build | Next.js |
| SonarQube | Scan + Quality Gate | SonarQube |
Firstbreath Showcase
| Step | Command | Tool |
|---|
| TypeCheck | tsc --noEmit | TypeScript |
| Lint | next lint | ESLint |
| Format | pnpm run format --check | Prettier |
| Security Audit | pnpm audit | npm audit |
| Prisma | prisma generate + schema validation | Prisma |
| Build | next build | Next.js |
| Storybook | Build + A11y tests | Storybook |
| Unit Tests | pnpm test | Vitest |
| SonarQube | Scan + Quality Gate | SonarQube |
Firstbreath Vision
| Step | Command | Tool |
|---|
| Format | black --check | Black |
| Lint | flake8 --select=E9,F63,F7,F82 | Flake8 |
| Security | safety check -r requirements.txt | Safety |
| Tests | pytest --cov (per service) | pytest + pytest-cov |
| SonarQube | Scan + Quality Gate | SonarQube |
| Docker Build | Build + push images | Docker / GHCR |
CPU-only tests: tests use CPU-only versions of PyTorch to avoid GPU dependency in CI.
Mobile App
| Step | Command | Tool |
|---|
| Lint | ESLint | ESLint |
| Tests | jest | Jest (jest-expo) |
| SonarQube | Scan + Quality Gate | SonarQube |
SonarQube — Quality Gates
Our self-hosted SonarQube instance (sonar.firstbreath.fr) enforces the following rules:
| Rule | Threshold |
|---|
| Critical Bugs | 0 |
| Duplication | < 3% |
| Maintainability | Rating A |
| Minimum Coverage | Varies per module |
| Security Hotspots | Mandatory review |
Configuration per Repository
Each repository contains a sonar-project.properties defining:
sonar.sources — source directories to analyzesonar.exclusions — excluded files (node_modules, build, tests, config)sonar.coverage.exclusions — non-testable code (controllers, validators)sonar.javascript.lcov.reportPaths — coverage report
Continuous Deployment (CD)
Deployment Mechanism
| Component | CD Mechanism | Details |
|---|
| Control-Hub-Back | Dokploy webhook | Push to main → Docker build → rolling restart |
| Firstbreath Vision | Dokploy webhook | Push to main → Docker build → restart (GPU) |
| Showcase | Dokploy webhook | Push to main → Docker build (Prisma migrate) → restart |
| Documentation | Dokploy webhook | Push to main → Docusaurus build → Nginx restart |
Watchtower (legacy infrastructure)
The legacy infrastructure used Watchtower for CD:
- Poll every 5 minutes (
WATCHTOWER_POLL_INTERVAL=300)
- Automatic pull of new Docker images from GHCR
- Old image cleanup (
WATCHTOWER_CLEANUP=true)
- Label-based filtering (
WATCHTOWER_LABEL_ENABLE=true)
This approach has been replaced by Dokploy for better deployment control.
System Interactions
| Metric | Target | Monitoring |
|---|
| CI build time | < 5 min | GitHub Actions |
| Deployment time | < 3 min | Dokploy logs |
| API availability | > 99% (uptime) | Grafana + healthchecks |
| Inference latency | < 200ms/frame | Prometheus (batch-inference) |
| Restart time | < 30s | Docker healthcheck start_period |