Skip to content
This repository has been archived by the owner on Sep 26, 2024. It is now read-only.

Commit

Permalink
chore: added github readonly token to actions (#6085)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mohsen-deriv
mohsen-deriv authored Nov 30, 2023
1 parent 814175c commit a6bfb0f
Show file tree
Hide file tree
Showing 7 changed files with 185 additions and 130 deletions.
10 changes: 9 additions & 1 deletion .github/workflows/beta.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ env:
GATSBY_RUDDERSTACK_STAGING_KEY: ${{ secrets.GATSBY_RUDDERSTACK_STAGING_KEY }}
GATSBY_RUDDERSTACK_PRODUCTION_KEY: ${{ secrets.GATSBY_RUDDERSTACK_PRODUCTION_KEY }}
GATSBY_GOOGLE_TAG_MANAGER_TRACKING_ID: ${{ secrets.GATSBY_GOOGLE_TAG_MANAGER_TRACKING_ID }}

jobs:
release-beta:
timeout-minutes: 30
Expand All @@ -39,6 +39,14 @@ jobs:
node-version: '18.x'
cache: 'npm'

- name: Create npmrc file
shell: bash
run: echo "@deriv-com:registry=https://npm.pkg.github.com" >> .npmrc

- name: Setup install read-only token for deriv-com org
shell: bash
run: echo '//npm.pkg.github.com/:_authToken=${{ secrets.READ_DERIV_COM_ORG_PACKAGES }}' >> .npmrc

- run: npm ci
# - run: npm run format
# - run: npm run test
Expand Down
205 changes: 106 additions & 99 deletions .github/workflows/corewebvitals.yml
View file
Original file line number Diff line number Diff line change
@@ -1,111 +1,118 @@
name: Core Web Vitals Audit

permissions:
actions: write
checks: write
contents: write
deployments: write
pull-requests: write
statuses: write
actions: write
checks: write
contents: write
deployments: write
pull-requests: write
statuses: write

on:
push:
branches:
- main
pull_request:
branches:
- main
push:
branches:
- main
pull_request:
branches:
- main

jobs:
core_web_vitals_audit:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
core_web_vitals_audit:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: 18
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: 18
- name: Create npmrc file
shell: bash
run: echo "@deriv-com:registry=https://npm.pkg.github.com" >> .npmrc

- name: Install dependencies
run: npm ci
- name: Setup install read-only token for deriv-com org
shell: bash
run: echo '//npm.pkg.github.com/:_authToken=${{ secrets.READ_DERIV_COM_ORG_PACKAGES }}' >> .npmrc

- name: Run Core Web Vitals Audit
run: npm run audit
- name: Install dependencies
run: npm ci

- name: Install Datadog CI
run: npm install -g @datadog/datadog-ci
- name: Run Core Web Vitals Audit
run: npm run audit

- name: Sync results with Datadog
run: |
datadog-ci synthetics upload --config datadog-ci.json
datadog-ci synthetics results --config datadog-ci.json > results.json
env:
DATADOG_API_KEY: ${{ secrets.GATSBY_DATADOG_CLIENT_TOKEN }}
DATADOG_APP_KEY: ${{ secrets.GATSBY_DATADOG_APPLICATION_ID }}

- name: Post audit comment
uses: marocchino/sticky-pull-request-comment@v2
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
header: Core Web Vitals Audit
message: |
### Core Web Vitals Results
- Largest Contentful Paint: ${{ steps.results.outputs.lcp }}
- First Input Delay: ${{ steps.results.outputs.fid }}
- Cumulative Layout Shift: ${{ steps.results.outputs.cls }}
- name: Slack Notification 📣
uses: 8398a7/action-slack@v3
if: ${{ failure() }}
with:
status: custom
fields: workflow,job,commit,repo
custom_payload: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "plain_text",
"emoji": true,
"text": "It appears that this pull request has not met the required Core Web Vitals score."
}
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*User: <${{ github.event.pull_request.user.url }}|${{ github.event.pull_request.user.login }}>*\n*Link:* ${{ github.event.pull_request.html_url }}\n*Title:* ${{ github.event.pull_request.title }}\n*Status:* ${{ github.event.pull_request.state }}"
},
"accessory": {
"type": "image",
"image_url": "${{ github.event.pull_request.user.avatar_url }}",
"alt_text": "${{ github.event.pull_request.user.login }}"
}
},
{
"type": "divider"
},
{
"type": "context",
"elements": [
{
"type": "image",
"image_url": "https://api.slack.com/img/blocks/bkb_template_images/notificationsWarningIcon.png",
"alt_text": "notifications warning icon"
},
{
"type": "mrkdwn",
"text": "*<!subteam^S04RV6RFCTW> please check the PR*"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
- name: Install Datadog CI
run: npm install -g @datadog/datadog-ci

- name: Sync results with Datadog
run: |
datadog-ci synthetics upload --config datadog-ci.json
datadog-ci synthetics results --config datadog-ci.json > results.json
env:
DATADOG_API_KEY: ${{ secrets.GATSBY_DATADOG_CLIENT_TOKEN }}
DATADOG_APP_KEY: ${{ secrets.GATSBY_DATADOG_APPLICATION_ID }}

- name: Post audit comment
uses: marocchino/sticky-pull-request-comment@v2
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
header: Core Web Vitals Audit
message: |
### Core Web Vitals Results
- Largest Contentful Paint: ${{ steps.results.outputs.lcp }}
- First Input Delay: ${{ steps.results.outputs.fid }}
- Cumulative Layout Shift: ${{ steps.results.outputs.cls }}
- name: Slack Notification 📣
uses: 8398a7/action-slack@v3
if: ${{ failure() }}
with:
status: custom
fields: workflow,job,commit,repo
custom_payload: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "plain_text",
"emoji": true,
"text": "It appears that this pull request has not met the required Core Web Vitals score."
}
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*User: <${{ github.event.pull_request.user.url }}|${{ github.event.pull_request.user.login }}>*\n*Link:* ${{ github.event.pull_request.html_url }}\n*Title:* ${{ github.event.pull_request.title }}\n*Status:* ${{ github.event.pull_request.state }}"
},
"accessory": {
"type": "image",
"image_url": "${{ github.event.pull_request.user.avatar_url }}",
"alt_text": "${{ github.event.pull_request.user.login }}"
}
},
{
"type": "divider"
},
{
"type": "context",
"elements": [
{
"type": "image",
"image_url": "https://api.slack.com/img/blocks/bkb_template_images/notificationsWarningIcon.png",
"alt_text": "notifications warning icon"
},
{
"type": "mrkdwn",
"text": "*<!subteam^S04RV6RFCTW> please check the PR*"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
23 changes: 16 additions & 7 deletions .github/workflows/lint.yml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
name: Lint

permissions:
actions: write
checks: write
contents: write
deployments: write
pull-requests: write
statuses: write
actions: write
checks: write
contents: write
deployments: write
pull-requests: write
statuses: write

on:
push:
branches-ignore:
Expand Down Expand Up @@ -43,6 +43,15 @@ jobs:
with:
path: ./node_modules
key: modules-${{ hashFiles('package-lock.json') }}

- name: Create npmrc file
shell: bash
run: echo "@deriv-com:registry=https://npm.pkg.github.com" >> .npmrc

- name: Setup install read-only token for deriv-com org
shell: bash
run: echo '//npm.pkg.github.com/:_authToken=${{ secrets.READ_DERIV_COM_ORG_PACKAGES }}' >> .npmrc

- name: Install Node.js dependencies
run: |
npm ci
Expand Down
20 changes: 14 additions & 6 deletions .github/workflows/production.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,14 @@ jobs:
- name: Set version env variable
run: echo "GATSBY_DERIV_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV

- name: Create npmrc file
shell: bash
run: echo "@deriv-com:registry=https://npm.pkg.github.com" >> .npmrc

- name: Setup install read-only token for deriv-com org
shell: bash
run: echo '//npm.pkg.github.com/:_authToken=${{ secrets.READ_DERIV_COM_ORG_PACKAGES }}' >> .npmrc

- run: npm ci
- run: npm run format
- run: npm run test
Expand Down Expand Up @@ -79,18 +87,18 @@ jobs:
docker push ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:$GIT_TAG_NAME
- name: Deploy 🚀
env:
env:
KUBE_SERVER: ${{ secrets.KUBE_SERVER }}
SERVICEACCOUNT_TOKEN: ${{ secrets.SERVICEACCOUNT_TOKEN }}
CA_CRT: ${{ secrets.CA_CRT }}
NAMESPACE: deriv-com-production
DOCKERHUB_ORGANISATION: ${{ secrets.DOCKERHUB_ORGANISATION }}
run: |
git clone https://github.com/binary-com/devops-ci-scripts
cd devops-ci-scripts/k8s-build_tools
echo "${{ env.CA_CRT }}" | base64 --decode > ca.crt
export CA="ca.crt"
./release.sh deriv-com ${{ github.ref_name }}
git clone https://github.com/binary-com/devops-ci-scripts
cd devops-ci-scripts/k8s-build_tools
echo "${{ env.CA_CRT }}" | base64 --decode > ca.crt
export CA="ca.crt"
./release.sh deriv-com ${{ github.ref_name }}
- name: Slack Notification 📣
uses: 8398a7/action-slack@v3
Expand Down
41 changes: 24 additions & 17 deletions .github/workflows/staging.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,13 @@ jobs:
with:
node-version: '18.x'
cache: 'npm'
- name: Create npmrc file
shell: bash
run: echo "@deriv-com:registry=https://npm.pkg.github.com" >> .npmrc

- name: Setup install read-only token for deriv-com org
shell: bash
run: echo '//npm.pkg.github.com/:_authToken=${{ secrets.READ_DERIV_COM_ORG_PACKAGES }}' >> .npmrc

- run: npm ci
# - run: npm run format
Expand All @@ -65,29 +72,29 @@ jobs:

- name: Verify nginx image
run: |
set -e
docker run --rm ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:$GITHUB_SHA nginx -t
echo "docker image validated successfully"
set -e
docker run --rm ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:$GITHUB_SHA nginx -t
echo "docker image validated successfully"
- name: Pushing Image to docker hub 🐳
run: |
echo ${{ secrets.DOCKERHUB_PASSWORD }}| docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
docker push ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:latest-staging
docker push ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:$GITHUB_SHA
echo ${{ secrets.DOCKERHUB_PASSWORD }}| docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
docker push ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:latest-staging
docker push ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:$GITHUB_SHA
- name: Deploy 🚀
env:
KUBE_SERVER: ${{ secrets.KUBE_SERVER }}
SERVICEACCOUNT_TOKEN: ${{ secrets.SERVICEACCOUNT_TOKEN }}
CA_CRT: ${{ secrets.CA_CRT }}
NAMESPACE: deriv-com-staging
DOCKERHUB_ORGANISATION: ${{ secrets.DOCKERHUB_ORGANISATION }}
env:
KUBE_SERVER: ${{ secrets.KUBE_SERVER }}
SERVICEACCOUNT_TOKEN: ${{ secrets.SERVICEACCOUNT_TOKEN }}
CA_CRT: ${{ secrets.CA_CRT }}
NAMESPACE: deriv-com-staging
DOCKERHUB_ORGANISATION: ${{ secrets.DOCKERHUB_ORGANISATION }}
run: |
git clone https://github.com/binary-com/devops-ci-scripts
cd devops-ci-scripts/k8s-build_tools
echo "${{ env.CA_CRT }}" | base64 --decode > ca.crt
export CA="ca.crt"
./release.sh deriv-com ${GITHUB_SHA}
git clone https://github.com/binary-com/devops-ci-scripts
cd devops-ci-scripts/k8s-build_tools
echo "${{ env.CA_CRT }}" | base64 --decode > ca.crt
export CA="ca.crt"
./release.sh deriv-com ${GITHUB_SHA}
- name: Slack Notification 📣
uses: 8398a7/action-slack@v3
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/sync-build-cache.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,14 @@ jobs:
path: node_modules
key: npm-${{ hashFiles('**/package-lock.json') }}

- name: Create npmrc file
shell: bash
run: echo "@deriv-com:registry=https://npm.pkg.github.com" >> .npmrc

- name: Setup install read-only token for deriv-com org
shell: bash
run: echo '//npm.pkg.github.com/:_authToken=${{ secrets.READ_DERIV_COM_ORG_PACKAGES }}' >> .npmrc

- name: Install dependencies
if: ${{ steps.cache-npm.outputs.cache-hit != 'true' }}
run: npm ci
Expand Down
Loading

1 comment on commit a6bfb0f

@vercel
Copy link

@vercel vercel bot commented on a6bfb0f Nov 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully deployed to the following URLs:

deriv-com – ./

deriv-com.binary.sx
deriv-com-git-master.binary.sx

Please sign in to comment.