CI #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| # Runs when there is a push to the default branch | |
| # This triggers tests and a pushed "latest" image | |
| # That is deployed to the "dev" environment | |
| push: | |
| branches: | |
| - master | |
| # Runs on pull requests to verify changes and push | |
| # PR image for local testing | |
| pull_request: | |
| # Manually dispatch to update cache or to push an image | |
| # From any ref | |
| workflow_dispatch: | |
| inputs: | |
| splits: | |
| description: 'The number of splits for test_main' | |
| required: true | |
| type: number | |
| default: 14 | |
| # Runs when a release is published | |
| # Pushes a tagged image | |
| # That is deployed to the "staging/production" environments | |
| release: | |
| types: [published] | |
| concurrency: | |
| # different events on the same ref can run in parallel | |
| # different refs on the same event can run in parallel | |
| # different splits on the same ref + event can run in parallel | |
| group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name}}-${{ inputs.splits}} | |
| cancel-in-progress: true | |
| env: | |
| docs_artifact: docs | |
| jobs: | |
| context: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| is_fork: ${{ steps.context.outputs.is_fork }} | |
| is_dependabot: ${{ steps.context.outputs.is_dependabot }} | |
| is_default_branch: ${{ steps.context.outputs.is_default_branch }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set context | |
| id: context | |
| uses: ./.github/actions/context | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: context | |
| outputs: | |
| digest: ${{ steps.build.outputs.digest }} | |
| version: ${{ steps.build.outputs.version }} | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Determine if build is allowed | |
| id: should_build | |
| shell: bash | |
| run: | | |
| is_fork="${{ needs.context.outputs.is_fork }}" | |
| is_dependabot="${{ needs.context.outputs.is_dependabot }}" | |
| # Default behaviour is to build images for any CI.yml run | |
| should_build="true" | |
| # Never run the build on a fork. Forks lack sufficient permissions | |
| # to access secrets or push artifacts | |
| if [[ "$is_fork" == 'true' ]]; then | |
| should_build="false" | |
| fi | |
| # Dependabot PRs are treated as if they are from forks (see above) | |
| if [[ "$is_dependabot" == 'true' && "${{ github.event_name }}" == 'pull_request' ]]; then | |
| should_build="false" | |
| fi | |
| echo "result=$should_build" >> $GITHUB_OUTPUT | |
| - name: Build Docker image | |
| if: ${{ steps.should_build.outputs.result == 'true' }} | |
| id: build | |
| uses: ./.github/actions/build-docker | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_PASS }} | |
| push: true | |
| # Only continue if we are releasing | |
| # Login to GAR to publish production image | |
| - name: get the GCP auth token | |
| if: ${{ steps.should_build.outputs.result == 'true' }} | |
| id: gcp-auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| service_account: ${{ secrets.GAR_PUSHER_SERVICE_ACCOUNT_EMAIL }} | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| - name: login to GAR | |
| if: ${{ steps.should_build.outputs.result == 'true' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp-auth.outputs.access_token }} | |
| test_make_docker_configuration: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v2 | |
| - name: Install dependencies | |
| shell: bash | |
| run: npm ci | |
| - name: Check make/docker configuration | |
| shell: bash | |
| run: | | |
| docker compose version | |
| npm exec jest -- ./tests/make --runInBand | |
| test_run_docker_action: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create failure | |
| id: failure | |
| continue-on-error: true | |
| uses: ./.github/actions/run-docker | |
| with: | |
| digest: ${{ needs.build.outputs.digest }} | |
| version: ${{ needs.build.outputs.version }} | |
| run: | | |
| exit 1 | |
| - name: Verify failure | |
| if: always() | |
| run: | | |
| if [[ "${{ steps.failure.outcome }}" != "failure" ]]; then | |
| echo "Expected failure" | |
| exit 1 | |
| fi | |
| - name: Check (special characters in command) | |
| uses: ./.github/actions/run-docker | |
| with: | |
| digest: ${{ needs.build.outputs.digest }} | |
| version: ${{ needs.build.outputs.version }} | |
| run: | | |
| echo 'this is a question?' | |
| echo 'a * is born' | |
| echo 'wow an array []' | |
| docs_build: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/configure-pages@v4 | |
| - name: Build Docs | |
| uses: ./.github/actions/run-docker | |
| with: | |
| digest: ${{ needs.build.outputs.digest }} | |
| version: ${{ needs.build.outputs.version }} | |
| compose_file: docker-compose.yml | |
| run: | | |
| make docs | |
| - name: Upload artifact | |
| uses: actions/upload-pages-artifact@v3 | |
| with: | |
| path: 'docs/_build/html' | |
| name: ${{ env.docs_artifact }} | |
| docs_deploy: | |
| needs: [context, docs_build] | |
| # Only deploy docs on a push event | |
| # to the default branch | |
| # that is not running on a fork | |
| if: | | |
| github.event_name == 'push' && | |
| needs.context.outputs.is_default_branch == 'true' && | |
| needs.context.outputs.is_fork == 'false' | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v4 | |
| with: | |
| artifact_name: ${{ env.docs_artifact }} | |
| locales: | |
| runs-on: ubuntu-latest | |
| needs: [build, context] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Extract Locales | |
| uses: ./.github/actions/run-docker | |
| with: | |
| digest: ${{ needs.build.outputs.digest }} | |
| version: ${{ needs.build.outputs.version }} | |
| compose_file: docker-compose.yml | |
| run: make extract_locales | |
| - name: Push Locales | |
| shell: bash | |
| run: | | |
| is_fork="${{ needs.context.outputs.is_fork }}" | |
| is_default_branch="${{ needs.context.outputs.is_default_branch }}" | |
| is_push="${{ github.event_name == 'push' }}" | |
| if [[ "$is_fork" == 'true' ]]; then | |
| cat <<'EOF' | |
| Github actions are not authorized to push from workflows triggered by forks. | |
| We cannot verify if the l10n extraction push will work or not. | |
| Please submit a PR from the base repository if you are modifying l10n extraction scripts. | |
| EOF | |
| else | |
| if [[ "$is_default_branch" == 'true' && "$is_push" == 'true' ]]; then | |
| args="" | |
| else | |
| args="--dry-run" | |
| fi | |
| make push_locales ARGS="${args}" | |
| fi | |
| test: | |
| needs: build | |
| uses: ./.github/workflows/_test.yml | |
| with: | |
| version: ${{ needs.build.outputs.version }} | |
| digest: ${{ needs.build.outputs.digest }} | |
| test_main: | |
| needs: [context, build] | |
| uses: ./.github/workflows/_test_main.yml | |
| with: | |
| version: ${{ needs.build.outputs.version }} | |
| digest: ${{ needs.build.outputs.digest }} | |
| # If running from a manual workflow_dispatch event, use the provided input | |
| # If no input is given or running on pull_request event, use the default value of 14 | |
| splits: ${{ fromJson(github.event.inputs.splits) || 14 }} |