-
Notifications
You must be signed in to change notification settings - Fork 1
executable file
·196 lines (173 loc) · 7.45 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
name: Continuous Integration
on:
push:
branches:
- main
- dev
pull_request:
env:
APP_NAME: etabli
CONTAINER_REGISTRY: ghcr.io
CONTAINER_IMAGE_FOLDER: ghcr.io/${{ github.repository }}
NODE_OPTIONS: --max_old_space_size=4096
NODE_VERSION: 18.19.0
RUBY_VERSION: 3.2.2
PYTHON_VERSION: 3.10.4
PLAYWRIGHT_BROWSERS_CACHE_FOLDER_SUFFIX: .cache/ms-playwright
concurrency:
# Prevent parallel builds of the same branch
group: cicd-${{ github.ref }}
cancel-in-progress: false
jobs:
requirements:
name: Continuous Integration
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
issues: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set environment for branch
run: |
if [[ $GITHUB_REF_NAME == 'main' ]]; then
echo "APP_MODE=prod" >> $GITHUB_ENV
echo "CLEVER_APP_ID=${{ secrets.CLEVER_APP_ID_PRODUCTION }}" >> $GITHUB_ENV
elif [[ $GITHUB_REF_NAME == 'dev' ]]; then
echo "APP_MODE=dev" >> $GITHUB_ENV
echo "CLEVER_APP_ID=${{ secrets.CLEVER_APP_ID_DEVELOPMENT }}" >> $GITHUB_ENV
else
echo "APP_MODE=test" >> $GITHUB_ENV
fi
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ env.RUBY_VERSION }}
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip'
cache-dependency-path: 'src/semgrep/requirements.txt'
- name: Export npm store directory as an environment variable
shell: bash
run: |
echo "STORE_PATH=$(npm config get cache)" >> $GITHUB_ENV
- uses: actions/cache@v3
name: Setup npm cache
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-npm-store-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-store-
- uses: actions/cache@v3
name: Setup Next.js build cache
with:
path: ${{ github.workspace }}/.next/cache
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
- name: Install tools
run: bundle --gemfile src/bibliothecary/Gemfile && pip install -r src/semgrep/requirements.txt
- name: Install dependencies
env:
PLAYWRIGHT_BROWSERS_PATH: ${{ env.STORE_PATH }}/${{ env.PLAYWRIGHT_BROWSERS_CACHE_FOLDER_SUFFIX }}
run: make deps
- name: Prepare linting
run: make lint-prepare
- name: Lint
run: make lint
- name: Format check
run: make format-check
- name: Prepare tests
env:
PLAYWRIGHT_BROWSERS_PATH: ${{ env.STORE_PATH }}/${{ env.PLAYWRIGHT_BROWSERS_CACHE_FOLDER_SUFFIX }}
run: make test-prepare
- name: Install `docker-compose` for local CI/CD simulations (https://github.com/nektos/act/issues/112#issuecomment-1387307297)
if: ${{ env.ACT }}
uses: KengoTODA/actions-setup-docker-compose@v1
with:
version: '2.14.2'
- name: Install `Xvfb` and others to run browsers for end-to-end testing in local CI/CD simulations (https://github.com/nektos/act/issues/1300#issuecomment-1387344639)
if: ${{ env.ACT }}
run: sudo apt-get update && sudo apt-get install -y xvfb && npx playwright install-deps
- name: Test unit
run: make test-unit
- name: Build
env:
SENTRY_URL: ${{ secrets.SENTRY_URL }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
SENTRY_RELEASE_UPLOAD: true
# [WORKAROUND] When building Next.js in a standalone mode the frontend `NEXT_PUBLIC_*` environement variables are hardcoded
# So they are not switchable at runtime. Since ours won't change overtime, we are fine to retrigger a build in needed
# but it would be painful for someone reusing directly the Docker image. Some workarounds exist but they are by far too hacky, see:
# - https://github.com/vercel/next.js/discussions/17641
# - https://phase.dev/blog/nextjs-public-runtime-variables/
# - https://www.tomoliver.net/posts/nextjs-docker-public-env-vars
NEXT_PUBLIC_APP_BASE_URL: ${{ secrets.NEXT_PUBLIC_APP_BASE_URL }}
NEXT_PUBLIC_CRISP_WEBSITE_ID: ${{ secrets.NEXT_PUBLIC_CRISP_WEBSITE_ID }}
NEXT_PUBLIC_MATOMO_SITE_ID: ${{ secrets.NEXT_PUBLIC_MATOMO_SITE_ID }}
NEXT_PUBLIC_MATOMO_URL: ${{ secrets.NEXT_PUBLIC_MATOMO_URL }}
NEXT_PUBLIC_SENTRY_DSN: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN }}
run: make build
- name: Test end-to-end
env:
PLAYWRIGHT_BROWSERS_PATH: ${{ env.STORE_PATH }}/${{ env.PLAYWRIGHT_BROWSERS_CACHE_FOLDER_SUFFIX }}
run: make test-e2e
# # Disabled since too long, need to consider if our Storybook e2e tests are sufficient
# - name: Accessibility with Lighthouse
# run: make accessibility
# env:
# NEXTJS_BUILD_OUTPUT_MODE: export
# LHCI_GITHUB_APP_TOKEN: ${{ secrets.LHCI_GITHUB_APP_TOKEN }}
- name: Publish to Chromatic
if: ${{ !github.event.act }}
uses: chromaui/action@v1
env:
CHROMATIC_PROJECT_TOKEN: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
with:
# Note: since we use `buildScriptName` we have to specify some of those parameters into the underlying `package.json` script named `chromatic`
projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
buildScriptName: build
autoAcceptChanges: true
onlyChanged: true
externals: public/**
exitZeroOnChanges: true
- name: Set up Docker buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
if: ${{ !github.event.act && (github.ref_name == 'dev' || github.ref_name == 'main') }}
uses: docker/login-action@v2
with:
registry: ${{ env.CONTAINER_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push the application Docker image
if: ${{ !github.event.act && (github.ref_name == 'dev' || github.ref_name == 'main') }}
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ env.CONTAINER_IMAGE_FOLDER }}/${{ env.APP_NAME }}-${{ github.ref_name }}:${{ github.sha }},${{ env.CONTAINER_IMAGE_FOLDER }}/${{ env.APP_NAME }}-${{ github.ref_name }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Deploy to Clever Cloud
if: ${{ !github.event.act && (github.ref_name == 'dev' || github.ref_name == 'main') }}
uses: 47ng/[email protected]
with:
appID: ${{ env.CLEVER_APP_ID }}
force: true
quiet: true # disable copying into GitHub Actions all logs from Clever Cloud
env:
CLEVER_TOKEN: ${{ secrets.CLEVER_TOKEN }}
CLEVER_SECRET: ${{ secrets.CLEVER_SECRET }}