Skip to content
Build & Test

Build & Test: renovate/pypi-jinja2-vulnerability #127

Sign in to view logs

Build & Test: renovate/pypi-jinja2-vulnerability

Build & Test: renovate/pypi-jinja2-vulnerability #127

Workflow file for this run

.github/workflows/ci.yml at d1bd9ef
name: Build & Test
run-name: 'Build & Test: ${{ github.head_ref || github.ref_name }}'
# Dockefile for the self-hosted runner:
# https://github.com/celo-org/infrastructure/blob/master/terraform/root-modules/gcp/integration-tests-gke/files/github-arc/Dockerfile-monorepo
on:
push:
branches:
- master
- changeset-release/master
pull_request:
concurrency:
group: dev-tooling-${{ github.ref }}
cancel-in-progress: true
defaults:
run:
shell: bash --login -eo pipefail {0}
env:
# Increment these to force cache rebuilding
NODE_MODULE_CACHE_VERSION: 5
NODE_OPTIONS: '--max-old-space-size=4096'
TERM: dumb
# EXAMPLE on debug ssh step
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
# timeout-minutes: 20
# if: contains(matrix.command, 'common/') && false
# with:
# limit-access-to-actor: true
jobs:
install-dependencies:
name: Install dependencies
outputs:
# Propagate more outputs if you need https://github.com/tj-actions/changed-files#outputs
# Adding a initial comma so ',<path>' matches also for the first file
all_modified_files: ',${{ steps.changed-files.outputs.all_modified_files }}'
artifacts_to_cache: ${{ steps.get_artifacts_to_cache.outputs.artifacts_to_cache }}
# runs-on: ubuntu-latest
runs-on: ['self-hosted', 'org', '8-cpu']
timeout-minutes: 30
steps:
- uses: actions/setup-node@v2
with:
node-version: '18'
- name: "enable corepack for yarn"
run : sudo corepack enable yarn
- uses: actions/checkout@v4
# must call twice because of chicken and egg problem with yarn and node
- uses: actions/setup-node@v2
with:
node-version: '18'
cache: 'yarn'
- name: Restore node cache
uses: actions/cache@v3
id: cache_node
with:
# We need to cache all the artifacts generated by yarn install+build
# Update this list also in .github/actions/sync-workspace/action.yml with exactly the same list
path: |
./.yarn/cache
./.yarn/install-state.gz
node_modules
packages/**/node_modules
key: node-${{ runner.os }}-${{ runner.arch }}-${{ env.NODE_MODULE_CACHE_VERSION }}-${{ hashFiles('yarn.lock') }}
restore-keys: |
node-${{ runner.os }}-${{ runner.arch }}-${{ env.NODE_MODULE_CACHE_VERSION }}-
- name: Install yarn dependencies
run: git config --global url."https://".insteadOf ssh:// && yarn install
if: steps.cache_node.outputs.cache-hit != 'true'
- name: Run yarn postinstall if cache hitted
run: yarn run postinstall
if: steps.cache_node.outputs.cache-hit == 'true'
- name: Build packages
run: yarn build --ignore docs --include-dependencies
- name: Check licenses
if: steps.cache_node.outputs.cache-hit != 'true'
run: |
yarn check-licenses
# Get workdir local changes and fail if there are any change
- name: Verify Changed files
id: verify-changed-files
uses: tj-actions/verify-changed-files@v17
with:
fail-if-changed: 'true'
fail-message: 'Files changed during build. Please build locally and commit the changes.'
files: |
**/*
- run: |
echo "${{ steps.verify-changed-files.outputs.changed_files }}"
- name: Get the artifacts to cache
id: get_artifacts_to_cache
# there are too many files when listed individually.
run: |
artifacts_to_cache="$(git ls-files --others --ignored --exclude-standard | grep -v node_modules | grep -v .js.map | grep -v .d.ts.map | grep -v .yarn/cache)"
echo "artifacts_to_cache<<EOF" >> $GITHUB_OUTPUT
echo "$artifacts_to_cache" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
# We use cache to share the build artifacts between jobs (gh artifacts are too slow...)
# For more context check https://github.com/actions/upload-artifact/issues/199
- name: Restore build artifacts cache
uses: actions/cache@v3
id: cache_build_artifacts
with:
# We need to cache all the artifacts generated by yarn install+build
# Update this list also in .github/actions/sync-workspace/action.yml with exactly the same list
path: |
${{ steps.get_artifacts_to_cache.outputs.artifacts_to_cache }}
key: code-${{ github.sha }}
restore-keys: |
code-${{ github.sha }}
- name: Detect files changed in PR (or commit), and expose as output
id: changed-files
uses: tj-actions/changed-files@v41
with:
# Using comma as separator to be able to easily match full paths (using ,<path>)
separator: ','
# Checking if changed in the last 100 commits in PRs
fetch_depth: '150'
- run: echo ",${{ steps.changed-files.outputs.all_modified_files }}"
lint-checks:
name: Lint code
runs-on: ['self-hosted', 'org', '8-cpu']
timeout-minutes: 30
needs: install-dependencies
steps:
- uses: actions/checkout@v4
- name: Sync workspace
uses: ./.github/actions/sync-workspace
with:
artifacts_to_cache: ${{ needs.install-dependencies.outputs.artifacts_to_cache }}
- run: yarn run prettify:diff
- run: yarn run lint
general_test:
name: General jest test
runs-on: ['self-hosted', 'org', '8-cpu']
needs: install-dependencies
steps:
- uses: actions/checkout@v4
- name: Sync workspace
uses: ./.github/actions/sync-workspace
with:
artifacts_to_cache: ${{ needs.install-dependencies.outputs.artifacts_to_cache }}
- name: Run Jest Tests
run: |
mkdir -p test-results/jest
# Skipping packages that are tested in a specific job below
yarn run lerna \
--ignore @celo/contractkit \
--ignore @celo/celocli \
--ignore '@celo/wallet-*' \
run test
- name: Upload Jest Test Results
uses: actions/upload-artifact@v3
with:
name: Jest Test Results
path: test-results/jest
wallet-test:
name: Wallet test
runs-on: ['self-hosted', 'org', '8-cpu']
timeout-minutes: 30
needs: install-dependencies
steps:
- uses: actions/checkout@v4
- name: Sync workspace
uses: ./.github/actions/sync-workspace
with:
artifacts_to_cache: ${{ needs.install-dependencies.outputs.artifacts_to_cache }}
- run: sudo corepack enable yarn
- name: Run Wallet tests
run: |
yarn run lerna --scope '@celo/wallet-*' run test
contractkit-tests:
name: ContractKit Tests
runs-on: ['self-hosted', 'org', '8-cpu']
timeout-minutes: 30
needs: [install-dependencies]
if: |
github.base_ref == 'master' || contains(github.base_ref, 'release') ||
contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') ||
contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') ||
contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') ||
false
steps:
- uses: actions/checkout@v4
- name: Sync workspace
uses: ./.github/actions/sync-workspace
with:
artifacts_to_cache: ${{ needs.install-dependencies.outputs.artifacts_to_cache }}
- run: sudo corepack enable yarn
- name: Run tests
run: |
yarn workspace @celo/contractkit test
cli-tests:
name: CeloCli Tests
runs-on: ['self-hosted', 'org', '8-cpu']
timeout-minutes: 30
needs: [install-dependencies]
if: |
github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') ||
contains(needs.install-dependencies.outputs.all_modified_files, 'packages/cli') ||
contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') ||
contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') ||
contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') ||
contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') ||
false
steps:
- uses: actions/checkout@v4
- name: Sync workspace
uses: ./.github/actions/sync-workspace
with:
artifacts_to_cache: ${{ needs.install-dependencies.outputs.artifacts_to_cache }}
- name: Fail if someone forgot to commit CLI docs
run: |
yarn workspace @celo/celocli docs
if [[ $(git status packages/docs/command-line-interface --porcelain) ]]; then
git --no-pager diff packages/docs/command-line-interface
echo "There are git differences after generating CLI docs"
git status
git diff
exit 1
fi
- name: Run tests
run: |
yarn workspace @celo/celocli test
- name: Verify that a new account can be created
run: |
yarn workspace @celo/celocli run celocli account:new
- name: Test that releasecelo command topic is working
run: |
yarn workspace @celo/celocli run celocli releasecelo --help
base-test:
name: SDK Base package Tests
runs-on: ['self-hosted', 'org', '8-cpu']
timeout-minutes: 30
needs: [install-dependencies]
if: |
github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') ||
contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') ||
contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') ||
contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') ||
contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') ||
false
steps:
- uses: actions/checkout@v4
- name: Sync workspace
uses: ./.github/actions/sync-workspace
with:
artifacts_to_cache: ${{ needs.install-dependencies.outputs.artifacts_to_cache }}
- run: sudo corepack enable yarn
- name: Install and test the npm package
run: |
set -euo pipefail
cd packages/sdk/base
yarn pack
cd $RUNNER_TEMP
npm install $RUNNER_WORKSPACE/developer-tooling/packages/sdk/base/*.tgz
utils-test:
name: SDK Utils package Tests
runs-on: ['self-hosted', 'org', '8-cpu']
timeout-minutes: 30
needs: [install-dependencies]
if: |
github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') ||
contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') ||
contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') ||
contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') ||
contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') ||
false
steps:
- uses: actions/checkout@v4
- name: Sync workspace
uses: ./.github/actions/sync-workspace
with:
artifacts_to_cache: ${{ needs.install-dependencies.outputs.artifacts_to_cache }}
- run: sudo corepack enable yarn
- name: Install and test the npm package
run: |
set -euo pipefail
cd packages/sdk/base
yarn pack
cd ../utils
yarn pack
cd $RUNNER_TEMP
npm install $RUNNER_WORKSPACE/developer-tooling/packages/sdk/base/*.tgz
npm install $RUNNER_WORKSPACE/developer-tooling/packages/sdk/utils/*.tgz