chore(deps): update github-actions #1644
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD Azure (preview) | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize, reopened, labeled] | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| preview_name: | |
| description: 'Name of the deployment environment' | |
| type: string | |
| required: true | |
| permissions: | |
| pull-requests: write | |
| id-token: write | |
| jobs: | |
| preview: | |
| name: Build & Deploy to preview | |
| runs-on: windows-latest | |
| env: | |
| PREVIEW_NAME: ${{ github.event.pull_request.number || github.event.inputs.preview_name }} | |
| GITHUB_REPO_TOKEN: ${{ secrets.GITHUBS_REPO_TOKEN }} | |
| NUXT_SESSION_PASSWORD: ${{ secrets.AZURE_SESSION_SECRET }} | |
| steps: | |
| # We could also add these checks to a job-wide if condition, to skip the workflow if its unsecure to run. | |
| # However, Github views skipped workflows as "successful" and thus one could merge a PR without running this workflow first. | |
| - name: Fail if unsecure | |
| if: "github.event_name != 'workflow_dispatch' && !contains(github.event.pull_request.labels.*.name, 'status: safe to test') && github.actor != 'tobiasdiez' && github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]'" | |
| run: exit 1 | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || github.ref }} | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version: 20 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Build | |
| run: pnpm build:azure | |
| - name: Login to Azure | |
| uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Deploy Web App | |
| id: deploy_web | |
| run: | | |
| # Workaround for https://github.com/Azure/static-web-apps-cli/issues/557 and https://github.com/Azure/static-web-apps-cli/issues/565 | |
| $output = pnpm swa deploy .output\public --env $env:PREVIEW_NAME --verbose=silly 2>&1 | Out-String | |
| Write-Host $output | |
| $match = $output | Select-String -Pattern 'Project deployed to (?<url>.*) ' | |
| if ($match -eq $null) { exit 1 } | |
| $url = $match.Matches[0].Groups['url'].Value | |
| echo "url=$url" >> $env:GITHUB_OUTPUT | |
| env: | |
| SWA_CLI_DEPLOYMENT_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_MANGO_PEBBLE_0224C3803 }} | |
| - name: Install Python | |
| uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 | |
| with: | |
| python-version: '3.10' | |
| - name: Create test database on Azure | |
| run: | | |
| $name = "postgres_test_$env:PREVIEW_NAME" | |
| $pwd = az account get-access-token --resource-type oss-rdbms --output tsv --query accessToken | |
| # az postgres flexible-server db create --server-name jabrefdb --resource-group JabRefOnline --database-name $name --charset utf8 --collation en_US.utf8 | |
| # For some reason the public schema is not created automatically or without the default permissions, so we need to do it manually | |
| # TODO: Remove this workaround once https://github.com/Azure/azure-cli/issues/26772 is fixed | |
| # We also need to manually install an old version of rdbms due to https://github.com/Azure/azure-cli/issues/25067 | |
| # az extension add --name rdbms-connect --version 1.0.3 --debug | |
| # az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "ALTER DATABASE $name OWNER TO azure_pg_admin; create schema public;" --output table | |
| # az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "grant usage on schema public to public; grant create on schema public to public;" --output table | |
| # az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "SELECT schema_name FROM information_schema.schemata;" --output table | |
| # Login to the database using the Github user | |
| $connection_string = "postgresql://Github:$pwd@$($env:DB_NAME).postgres.database.azure.com:5432/$($name)?sslmode=require" | |
| echo "::add-mask::$connection_string" | |
| echo "DATABASE_URL=$connection_string" >> $env:GITHUB_ENV | |
| $Env:DATABASE_URL = $connection_string | |
| # Finally, run the migrations (this also creates the db) | |
| pnpm prisma:migrate:reset --force | |
| env: | |
| DB_NAME: ${{ secrets.AZURE_DATABASE_NAME }} | |
| - name: Create & Link Function App | |
| run: | | |
| pip install azure-identity azure-mgmt-web azure-mgmt-storage azure-mgmt-applicationinsights azure-mgmt-redis azure-mgmt-communication | |
| python .github\scripts\deploy.py --env $env:PREVIEW_NAME | |
| env: | |
| SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Deploy Function App | |
| run: | | |
| # Nuxt/nitro creates symlinks to replicate parts of the node_modules folder | |
| # if multiple versions of the same package are used. | |
| # However, these symlinks are not preserved by Compress-Archive, and even they were, Azure has problems with symlinks: | |
| # https://github.com/Azure/webapps-deploy/issues/54 | |
| # Therefore, replace all symlinks by the actual files | |
| $links = Get-ChildItem -Path .output\server -Attributes ReparsePoint -Recurse | |
| foreach ($link in $links) | |
| { | |
| $source = $link.Target; | |
| $destination = $link.FullName; | |
| Remove-Item $destination -Force | |
| Copy-Item -Path $source -Destination $destination -Force -Recurse | |
| } | |
| Compress-Archive -Path .output\server\* -DestinationPath .output\server.zip | |
| az functionapp deployment source config-zip -g JabRefOnline -n jabref-function-$env:PREVIEW_NAME --src .output\server.zip | |
| - name: Check HTTP status | |
| run: | | |
| Start-Sleep -Seconds 30 | |
| curl -s -w 'Establish Connection: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n' ${{ steps.deploy_web.outputs.url }} || true | |
| curl -s -w 'Establish Connection: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n' ${{ steps.deploy_web.outputs.url }}/api || true | |
| # The api returns 400 status code for some reason | |
| # uses: gerdemann/[email protected] | |
| # with: | |
| # url: ${{ steps.deploy_web.outputs.url }}/api | |
| # code: 200 | |
| # timeout: 300 # initial warm up can take quite some time | |
| # interval: 30 | |
| - name: Report URL as PR comment | |
| if: github.event_name == 'pull_request_target' | |
| uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2 | |
| with: | |
| message: | | |
| Deployed ${{ github.sha }} to ${{ steps.deploy_web.outputs.url }} | |
| - name: Run E2E tests | |
| run: pnpm test:e2e | |
| env: | |
| TEST_URL: ${{ steps.deploy_web.outputs.url }} |