diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml deleted file mode 100644 index d1fee4c629..0000000000 --- a/.github/workflows/automerge.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Dependabot Automerge - -on: - workflow_run: - types: - - completed - workflows: - - 'Build & Test' - branches: - - 'dependabot/**' - -jobs: - Test_visual_regression: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'dependabot[bot]' }} - steps: - - name: Git clone repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Cache Node modules - uses: actions/cache@v3 - with: - path: '**/node_modules' - key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} - - name: Build icon-library - run: | - yarn install --frozen-lockfile - yarn --cwd packages/icon-library build - - name: Build design-tokens - run: | - yarn --cwd packages/design-tokens build - - name: Run visual regression tests - run: | - yarn --cwd packages/react-component-library chromatic --project-token=${{secrets.CHROMATIC_TOKEN}} - Automerge: - name: Merge Dependabot PR's - runs-on: ubuntu-latest - needs: [Test_visual_regression] - steps: - - name: Auto merge Dependabot minor and patch version bumps - uses: defencedigital/design-system-mergeme-action@master - with: - GITHUB_TOKEN: ${{ secrets.MERGE_BOT }} - PRESET: DEPENDABOT_MINOR diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 5985acf98d..b3b36925da 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -219,11 +219,10 @@ jobs: yarn --cwd packages/design-tokens build yarn --cwd packages/design-tokens test - Test_visual_regression: + # See post_built_and_test.yml for details about how this is used + Build_storybook: runs-on: ubuntu-latest - needs: [Build_icon_library, Test_react-component-library] - # https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ - if: ${{ github.actor != 'dependabot[bot]' }} + needs: [Build_icon_library] steps: - name: Git clone repository uses: actions/checkout@v3 @@ -241,7 +240,20 @@ jobs: with: name: dist - - name: Run visual regression tests + - name: Build Storybook + env: + CHROMATIC_SHA: ${{ github.event.pull_request.head.sha || github.sha }} + CHROMATIC_BRANCH: ${{ github.head_ref || github.ref_name }} + CHROMATIC_SLUG: ${{ github.event.pull_request.head.repo.full_name || github.repository }} run: | tar -xzf dist.tar.gz && mv distil packages/icon-library/dist && mv distdt packages/design-tokens/dist - yarn --cwd packages/react-component-library chromatic --project-token=${{secrets.CHROMATIC_TOKEN}} --ci + yarn --cwd packages/react-component-library storybook:static + echo "$CHROMATIC_SHA" > packages/react-component-library/.static_storybook/sha + echo "$CHROMATIC_BRANCH" > packages/react-component-library/.static_storybook/branch + echo "$CHROMATIC_SLUG" > packages/react-component-library/.static_storybook/slug + + - name: Upload Storybook artefact + uses: actions/upload-artifact@v3 + with: + name: storybook-static + path: packages/react-component-library/.static_storybook diff --git a/.github/workflows/post_build_and_test.yml b/.github/workflows/post_build_and_test.yml new file mode 100644 index 0000000000..c028083c20 --- /dev/null +++ b/.github/workflows/post_build_and_test.yml @@ -0,0 +1,85 @@ +name: Post Build & Test + +on: + workflow_run: + types: + - completed + workflows: + - 'Build & Test' + +jobs: + # This runs Chromatic visual regression tests without exposing secrets to untrusted code from + # third-party PRs. + # + # For more details, see: + # https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ + # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + Test_visual_regression: + runs-on: ubuntu-latest + if: github.event.workflow_run.conclusion == 'success' + steps: + - name: Git clone repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Cache Node modules + uses: actions/cache@v3 + with: + path: '**/node_modules' + key: ${{ runner.os }}-node-modules-${{ hashFiles('**/yarn.lock') }} + + - name: Install dependencies + run: | + yarn install --frozen-lockfile + + # Based on + # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow + - name: Download pre-built Storybook + uses: actions/github-script@v6 + with: + script: | + const allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: context.payload.workflow_run.id, + }); + const matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { + return artifact.name == "storybook-static" + })[0]; + const download = await github.rest.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + const fs = require('fs'); + fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/storybook-static.zip`, Buffer.from(download.data)); + + - name: Unzip pre-built Storybook + run: | + unzip storybook-static.zip -d packages/react-component-library/.static_storybook + echo "CHROMATIC_SHA=$(> $GITHUB_ENV + echo "CHROMATIC_BRANCH=$(> $GITHUB_ENV + echo "CHROMATIC_SLUG=$(> $GITHUB_ENV + + - name: Fetch original ref + run: | + git fetch origin "+$CHROMATIC_SHA" + + - name: Run visual regression tests + run: | + cd packages/react-component-library + npm exec --no -- chromatic --project-token=${{secrets.CHROMATIC_TOKEN}} --storybook-build-dir=.static_storybook + + Automerge: + name: Merge Dependabot PR's + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + needs: [Test_visual_regression] + steps: + - name: Auto merge Dependabot minor and patch version bumps + uses: defencedigital/design-system-mergeme-action@master + with: + GITHUB_TOKEN: ${{ secrets.MERGE_BOT }} + PRESET: DEPENDABOT_MINOR