Fix Deployment Validation Failure and Improve Robustness

.dockerignore

@@ -1,3 +1,5 @@
+# Copyright (c) 2026 Frank Currie (frank@sfle.ca)
+
 # Ignore files not needed for the backend build
 frontend/
 frontend.Dockerfile

.gcloudignore

@@ -1,3 +1,5 @@
+# Copyright (c) 2026 Frank Currie (frank@sfle.ca)
+
 .gcloudignore
 .git
 .gitignore

.github/ISSUES.md

@@ -1,3 +1,4 @@
+<!-- Copyright (c) 2026 Frank Currie (frank@sfle.ca) -->
 # Known Issues
 
-All issues have been logged in the GitHub repository. Please refer to the [Issues page](https://github.com/fkcurrie/utba-swarmmap/issues) for the latest updates and details. 
+All issues have been logged in the GitHub repository. Please refer to the [Issues page](https://github.com/fkcurrie/utba-swarmmap/issues) for the latest updates and details.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -4,14 +4,14 @@ about: Create a report to help us improve
 title: ''
 labels: bug
 assignees: ''
-
 ---
 
 **Describe the bug**
 A clear and concise description of what the bug is.
 
 **To Reproduce**
 Steps to reproduce the behavior:
+
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
@@ -24,9 +24,10 @@ A clear and concise description of what you expected to happen.
 If applicable, add screenshots to help explain your problem.
 
 **Environment:**
- - OS: [e.g. iOS]
- - Browser [e.g. chrome, safari]
- - Version [e.g. 22]
+
+- OS: [e.g. iOS]
+- Browser [e.g. chrome, safari]
+- Version [e.g. 22]
 
 **Additional context**
-Add any other context about the problem here. 
+Add any other context about the problem here.

.github/workflows/deploy.yml

@@ -0,0 +1,178 @@
+# Copyright (c) 2026 Frank Currie (frank@sfle.ca)
+---
+name: Deploy to Cloud Run
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+env:
+  PROJECT_ID: utba-swarmmap
+  REGION: northamerica-northeast2
+  SERVICE: utba-swarmmap-backend
+  FRONTEND_SERVICE: utba-swarmmap-frontend
+  REPO: swarmmap-repo
+  GCS_BUCKET_NAME: utba-swarmmap-media
+
+jobs:
+  deploy:
+    name: Validate, Build, and Deploy
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      issues: write
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: '24'
+          cache: 'npm'
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Linting
+        run: |
+          npx eslint "frontend/static/js/**/*.js"
+          npx markdownlint "**/*.md" --ignore node_modules
+
+      - name: YAML Lint
+        uses: ibiqlik/action-yamllint@v3
+        with:
+          file_or_dir: .
+          config_file: .yamllint.yaml
+
+      - name: Commitlint
+        uses: wagoid/commitlint-github-action@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: backend/go.mod
+          cache-dependency-path: backend/go.sum
+
+      - name: Backend Testing
+        run: |
+          cd backend
+          go test -v ./...
+
+      - name: Docker Build Test
+        run: |
+          docker build -t test-backend ./backend
+          docker build -t test-frontend ./frontend
+
+      - name: Google Auth
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: 'projects/18499119240/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider'
+          service_account: 'github-actions-deployer@utba-swarmmap.iam.gserviceaccount.com'
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Configure Docker
+        run: |
+          gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet
+
+      - name: Build and Push Frontend
+        run: |
+          IMAGE_NAME="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPO }}/frontend"
+          docker build -t "$IMAGE_NAME:${{ github.sha }}" ./frontend
+          docker tag "$IMAGE_NAME:${{ github.sha }}" "$IMAGE_NAME:latest"
+          docker push "$IMAGE_NAME:${{ github.sha }}"
+          docker push "$IMAGE_NAME:latest"
+
+      - name: Deploy Frontend to Cloud Run
+        id: deploy-frontend
+        uses: google-github-actions/deploy-cloudrun@v2
+        with:
+          service: ${{ env.FRONTEND_SERVICE }}
+          region: ${{ env.REGION }}
+          image: ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPO }}/frontend:${{ github.sha }}
+          flags: --allow-unauthenticated
+
+      - name: Get Backend URL
+        id: backend-url
+        run: |
+          URL=$(gcloud run services describe ${{ env.SERVICE }} \
+            --platform=managed \
+            --region=${{ env.REGION }} \
+            --format='value(status.url)' 2>/dev/null || echo "")
+          if [ -z "$URL" ]; then
+            PROJECT_NUMBER=$(gcloud projects describe ${{ env.PROJECT_ID }} --format='value(projectNumber)')
+            URL="https://${{ env.SERVICE }}-${PROJECT_NUMBER}.${{ env.REGION }}.run.app"
+          fi
+          echo "url=$URL" >> $GITHUB_OUTPUT
+
+      - name: Build and Push Backend
+        run: |
+          cp -r frontend/static backend/static
+          IMAGE_NAME="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPO }}/backend"
+          docker build -t "$IMAGE_NAME:${{ github.sha }}" ./backend
+          docker tag "$IMAGE_NAME:${{ github.sha }}" "$IMAGE_NAME:latest"
+          docker push "$IMAGE_NAME:${{ github.sha }}"
+          docker push "$IMAGE_NAME:latest"
+
+      - name: Deploy Backend to Cloud Run
+        id: deploy-backend
+        uses: google-github-actions/deploy-cloudrun@v2
+        with:
+          service: ${{ env.SERVICE }}
+          region: ${{ env.REGION }}
+          image: ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPO }}/backend:${{ github.sha }}
+          flags: --allow-unauthenticated
+          env_vars: |
+            GOOGLE_REDIRECT_URL=${{ steps.backend-url.outputs.url }}/auth/google/callback
+            GCP_PROJECT_ID=${{ env.PROJECT_ID }}
+            GCS_BUCKET_NAME=${{ env.GCS_BUCKET_NAME }}
+          secrets: |
+            GOOGLE_CLIENT_ID=google-oauth-client-id:latest
+            GOOGLE_CLIENT_SECRET=google-oauth-client-secret:latest
+            MAPBOX_ACCESS_TOKEN=mapbox-access-token:latest
+      - name: Health Check
+        id: health-check
+        run: |
+          curl --retry 5 --retry-all-errors --retry-delay 5 -I --fail --silent --show-error "${{ steps.deploy-backend.outputs.url }}"
+
+      - name: Post-Deployment Validation
+        id: validation
+        env:
+          DEPLOYED_URL: ${{ steps.deploy-backend.outputs.url }}
+        run: |
+          npx playwright install --with-deps chromium
+          npx playwright test e2e/validate-deployment.spec.js --config e2e/playwright.config.js
+
+      - name: Handle Deployment Failure
+        if: failure() && (steps.validation.outcome == 'failure' || steps.health-check.outcome == 'failure')
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          chmod +x scripts/handle-deployment-failure.sh
+          ./scripts/handle-deployment-failure.sh \
+            "${{ env.SERVICE }}" \
+            "${{ env.FRONTEND_SERVICE }}" \
+            "${{ env.REGION }}" \
+            "${{ steps.deploy-backend.outputs.url }}" \
+            "${{ github.sha }}"
+
+      - name: Upload Test Results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: playwright-report/
+          retention-days: 30

.github/workflows/e2e-startup.yaml

@@ -1,3 +1,4 @@
+# Copyright (c) 2026 Frank Currie (frank@sfle.ca)
 ---
 name: E2E Application Startup Check
 

.github/workflows/pr-checks.yaml

@@ -1,3 +1,4 @@
+# Copyright (c) 2026 Frank Currie (frank@sfle.ca)
 ---
 name: PR Checks
 
@@ -46,7 +47,14 @@ jobs:
         run: go test -race -v ./...
 
       - name: Test Coverage
-        run: go test -coverprofile=coverage.out ./...
+        run: |
+          go test -coverprofile=coverage.out ./...
+          TOTAL_COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')
+          echo "Total coverage: $TOTAL_COVERAGE%"
+          if awk "BEGIN {exit !($TOTAL_COVERAGE < 25)}"; then
+            echo "Coverage is below threshold (25%)"
+            exit 1
+          fi
 
       - name: Go Mod Tidy Check
         run: |
@@ -59,7 +67,7 @@ jobs:
       - name: Go Security (gosec)
         uses: securego/gosec@v2.25.0
         with:
-          args: ./backend/...
+          args: -exclude=G706 ./backend/...
 
       - name: Go Vulnerability Check (govulncheck)
         run: |
@@ -95,9 +103,15 @@ jobs:
       - name: Stylelint
         run: npx stylelint "frontend/static/css/**/*.css"
 
+      - name: Dependency Audit (npm audit)
+        run: npm audit --audit-level=high
+
   frontend-go:
     name: Frontend (Go Server)
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: frontend
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
@@ -109,12 +123,17 @@ jobs:
           cache-dependency-path: frontend/go.mod
 
       - name: Go Format
-        run: go fmt frontend/main.go
+        run: go fmt main.go
 
       - name: Go Security (gosec)
         uses: securego/gosec@master
         with:
-          args: ./frontend/...
+          args: -exclude=G706 ./frontend/...
+
+      - name: Go Vulnerability Check (govulncheck)
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+          govulncheck ./...
 
   general:
     name: General & Infrastructure
@@ -167,6 +186,11 @@ jobs:
         with:
           ignore_paths: node_modules
 
+      - name: Dockerfile Lint (hadolint)
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          recursive: true
+
       - name: Misspell
         uses: reviewdog/action-misspell@v1
         with:
@@ -177,3 +201,73 @@ jobs:
         uses: wagoid/commitlint-github-action@v6.2.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
+
+  e2e:
+    name: End-to-End (Playwright)
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v6
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: '24'
+          cache: 'npm'
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Install Playwright Browsers
+        run: npx playwright install --with-deps chromium
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Copy Static Assets for Backend Build
+        run: cp -r frontend/static backend/static
+
+      - name: Build and Start Services
+        run: docker compose up -d --build
+
+      - name: Wait for Services
+        run: |
+          echo "Waiting for services to be healthy..."
+          for i in {1..30}; do
+            BACKEND_UP=false
+            FRONTEND_UP=false
+            if curl -s http://localhost:8085 > /dev/null; then
+              BACKEND_UP=true
+            fi
+            if curl -s http://localhost:8082/static/css/style.css > /dev/null; then
+              FRONTEND_UP=true
+            fi
+
+            if [ "$BACKEND_UP" = true ] && [ "$FRONTEND_UP" = true ]; then
+              echo "All services are up!"
+              exit 0
+            fi
+            echo "Waiting... Backend: $BACKEND_UP, Frontend: $FRONTEND_UP ($i/30)"
+            sleep 2
+          done
+          echo "Services failed to start"
+          docker compose logs
+          exit 1
+
+      - name: Run Playwright tests
+        run: npx playwright test -c e2e/playwright.config.js
+        env:
+          DEPLOYED_URL: http://localhost:8085
+
+      - name: Upload Playwright Report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: playwright-report/
+          retention-days: 30
+
+      - name: Cleanup
+        if: always()
+        run: docker compose down

.gitignore

@@ -1,3 +1,5 @@
+# Copyright (c) 2026 Frank Currie (frank@sfle.ca)
+
 # Dependency directories
 node_modules/
 
@@ -29,3 +31,6 @@ bin/
 
 # Logs
 *.log
+
+# Test results
+test-results/