Bump google-github-actions/auth from 1 to 2 #1012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: { branches: [main] } | |
pull_request: {} | |
permissions: | |
contents: read | |
env: | |
repository: sctrainer/main | |
jobs: | |
wait-for-ci-container: | |
name: Wait For CI Container To Be Built And Pushed | |
runs-on: ubuntu-20.04 | |
outputs: | |
ci-container: ${{ steps.outputter.outputs.ci-container }} | |
# Dependabot doesn't receive secrets on a push event | |
# so can't run our CI, so we just skip CI for it. | |
# We have settings set up that ensure it can't be merged without | |
# being up to date with main, so it shouldn't be an issue | |
if: ${{ !( github.event_name == 'push' && github.event.sender.login == 'dependabot[bot]' ) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get container tags | |
id: tags | |
run: echo "ci-container=ci-container-v7" >> $GITHUB_OUTPUT | |
- name: Wait for CI Container image to exist | |
shell: bash | |
run: | | |
SECONDS=0 | |
max_wait_time=300 | |
wait_interval=5 | |
while (( SECONDS < max_wait_time )); do | |
curl --silent -f -lSL https://hub.docker.com/v2/repositories/${{ env.repository }}/tags/${{ steps.tags.outputs.ci-container }} && break; | |
echo "Failed so sleeping" | |
sleep $wait_interval | |
echo "Trying again" | |
done | |
(( SECONDS >= max_wait_time )) && echo "failed" && exit 1 | |
echo "Success" | |
- name: Output the container names | |
id: outputter | |
run: echo "ci-container=${{ env.repository }}:${{ steps.tags.outputs.ci-container }}" >> $GITHUB_OUTPUT | |
wait-for-ci-chrome-container: | |
name: Wait For CI Chrome Container To Be Built And Pushed | |
runs-on: ubuntu-20.04 | |
outputs: | |
ci-chrome: ${{ steps.outputter.outputs.ci-chrome }} | |
# Dependabot doesn't receive secrets on a push event | |
# so can't run our CI, so we just skip CI for it. | |
# We have settings set up that ensure it can't be merged without | |
# being up to date with main, so it shouldn't be an issue | |
if: ${{ !( github.event_name == 'push' && github.event.sender.login == 'dependabot[bot]' ) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get container tags | |
id: tags | |
run: echo "ci-chrome=ci-chrome-v4" >> $GITHUB_OUTPUT | |
- name: Wait for CI Chrome image to exist | |
shell: bash | |
run: | | |
SECONDS=0 | |
max_wait_time=300 | |
wait_interval=5 | |
while (( SECONDS < max_wait_time )); do | |
curl --silent -f -lSL https://hub.docker.com/v2/repositories/${{ env.repository }}/tags/${{ steps.tags.outputs.ci-chrome }} && break; | |
echo "Failed so sleeping" | |
sleep $wait_interval | |
echo "Trying again" | |
done | |
(( SECONDS >= max_wait_time )) && echo "failed" && exit 1 | |
echo "Success" | |
- name: Output the container names | |
id: outputter | |
run: echo "ci-chrome=${{ env.repository }}:${{ steps.tags.outputs.ci-chrome }}" >> $GITHUB_OUTPUT | |
wait-for-production-container: | |
name: Wait For Production Container To Be Built And Pushed | |
runs-on: ubuntu-20.04 | |
outputs: | |
production: ${{ steps.outputter.outputs.production }} | |
# Dependabot doesn't receive secrets on a push event | |
# so can't run our CI, so we just skip CI for it. | |
# We have settings set up that ensure it can't be merged without | |
# being up to date with main, so it shouldn't be an issue | |
if: ${{ !( github.event_name == 'push' && github.event.sender.login == 'dependabot[bot]' ) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get container tags | |
id: tags | |
env: | |
EVENT_NAME: ${{ github.event_name }} | |
MAIN_SHA: ${{ github.sha }} | |
PR_SHA: ${{ github.event.pull_request.head.sha }} | |
run: | | |
SHA=$(\ | |
( | |
[[ "$EVENT_NAME" == 'push' ]] && \ | |
echo "$MAIN_SHA" \ | |
) || \ | |
( \ | |
[[ "$EVENT_NAME" == 'pull_request' ]] && \ | |
echo "$PR_SHA" \ | |
) || \ | |
( \ | |
echo "ERROR: Unexpected event name $EVENT_NAME" && \ | |
exit 1 | |
) \ | |
) | |
echo "production=production-$SHA" >> $GITHUB_OUTPUT | |
- name: Wait for Production image to exist | |
shell: bash | |
run: | | |
SECONDS=0 | |
max_wait_time=300 | |
wait_interval=5 | |
while (( SECONDS < max_wait_time )); do | |
curl --silent -f -lSL https://hub.docker.com/v2/repositories/${{ env.repository }}/tags/${{ steps.tags.outputs.production }} && break; | |
echo "Failed so sleeping" | |
sleep $wait_interval | |
echo "Trying again" | |
done | |
(( SECONDS >= max_wait_time )) && echo "failed" && exit 1 | |
echo "Success" | |
- name: Output the container names | |
id: outputter | |
run: echo "production=${{ env.repository }}:${{ steps.tags.outputs.production }}" >> $GITHUB_OUTPUT | |
lint-and-unit-tests: | |
name: Linting And Unit Tests | |
runs-on: ubuntu-20.04 | |
needs: wait-for-ci-container | |
container: | |
image: ${{ needs.wait-for-ci-container.outputs.ci-container }} | |
# This is to appease the new strict directory ownership checks announced here: | |
# https://github.blog/2022-04-12-git-security-vulnerability-announced/# | |
# User 1001 is the one Github uses to create the working directory | |
options: --user 1001 | |
# Dependabot doesn't receive secrets on a push event | |
# so can't run our CI, so we just skip CI for it. | |
# We have settings set up that ensure it can't be merged without | |
# being up to date with main, so it shouldn't be an issue | |
if: ${{ !( github.event_name == 'push' && github.event.sender.login == 'dependabot[bot]' ) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run shellcheck | |
run: ./scripts/checks/shellcheck.sh | |
- name: Handle Elm Yarn Caching | |
uses: actions/cache@v3 | |
env: | |
cache-name: yarn-e2e-cache-v2 | |
with: | |
path: | | |
~/elm-yarn-cache | |
key: ${{ job.container.image }}-${{ env.cache-name }}-${{ hashFiles('end-to-end-tests/**/yarn.lock')}} | |
# Note we purposefully don't specify fallback restore keys. | |
# Explanation: https://glebbahmutov.com/blog/do-not-let-cypress-cache-snowball/ | |
- name: Install Elm Yarn Dependencies | |
run: yarn --cache-folder ~/elm-yarn-cache | |
- name: Assert elm-verify-examples is up to date | |
run: ./scripts/checks/elm-verify-examples.sh && ./scripts/helpers/check-for-uncommitted-changes.sh | |
- name: Run elm-format | |
run: ./scripts/checks/elm-format.sh | |
- name: Run elm-review | |
run: ./scripts/checks/elm-review.sh | |
- name: Run unit tests | |
run: ./scripts/checks/elm-test.sh | |
- name: Check that docs compile | |
run: ./scripts/checks/elm-docs-compile.sh | |
- name: Handle E2E Yarn caching | |
uses: actions/cache@v3 | |
env: | |
cache-name: yarn-e2e-cache-v2 | |
with: | |
path: | | |
~/e2e-yarn-cache | |
key: ${{ job.container.image }}-${{ env.cache-name }}-${{ hashFiles('end-to-end-tests/**/yarn.lock')}} | |
# Note we purposefully don't specify fallback restore keys. | |
# Explanation: https://glebbahmutov.com/blog/do-not-let-cypress-cache-snowball/ | |
- name: Install Cypress Dependencies | |
working-directory: end-to-end-tests | |
run: yarn --cache-folder ~/e2e-yarn-cache | |
- name: Run Prettier | |
run: ./scripts/checks/prettier.sh | |
- name: Run Eslint on Cypress Code | |
run: ./scripts/checks/eslint.sh | |
- name: Run Typescript Type Checking on Cypress Code | |
run: ./scripts/checks/typescript.sh | |
check-javascript-asset-size: | |
name: Javascript Asset Size Not Too Big | |
runs-on: ubuntu-20.04 | |
needs: wait-for-production-container | |
container: ${{ needs.wait-for-production-container.outputs.production }} | |
# Dependabot doesn't receive secrets on a push event | |
# so can't run our CI, so we just skip CI for it. | |
# We have settings set up that ensure it can't be merged without | |
# being up to date with main, so it shouldn't be an issue | |
if: ${{ !( github.event_name == 'push' && github.event.sender.login == 'dependabot[bot]' ) }} | |
steps: | |
- name: Install Bash (as production image doesn't include it) | |
run: apk add bash | |
- name: Check Javascript Asset Filesize Less Than 200Kb | |
shell: bash | |
run: > | |
num_bytes=$(gzip /app/public/main.js -c | wc -c) | |
RED='\033[0;31m' | |
(( num_bytes < (200 * 1000) )) || | |
( | |
echo -e "${RED}ERROR: Javascript Asset Size Has Grown Unexpectedly. Gzipped Size Is Now $num_bytes bytes" && | |
exit 1 | |
) | |
cypress-end-to-end-tests: | |
name: > | |
Cypress E2E tests for ${{ matrix.platform.browserString }} | |
on screen size of ${{ matrix.sizeRelevant.deviceName }} | |
runs-on: ubuntu-20.04 | |
needs: | |
- wait-for-ci-chrome-container | |
- wait-for-production-container | |
container: | |
image: ${{ needs.wait-for-ci-chrome-container.outputs.ci-chrome }} | |
# This is needed for Firefox running as described here | |
# https://github.com/cypress-io/github-action/issues/104 | |
options: --user 1001 | |
env: | |
PORT: 8080 | |
services: | |
sctrainer-server: | |
image: ${{ needs.wait-for-production-container.outputs.production }} | |
env: | |
PORT: ${{ env.PORT }} | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- browser: chrome | |
browserString: Chrome | |
# Values for devices taken from https://docs.cypress.io/api/commands/viewport#Arguments | |
sizeRelevant: | |
- viewportWidth: 1280 | |
viewportHeight: 800 | |
# We include the dynamic viewport tests just one place as it doesn't matter what initial | |
# viewport size it is as it's dynamically changed, so no need to include it in several | |
# viewport sizes | |
ignoredSpecs: | |
deviceName: Macbook 13 | |
- viewportWidth: 375 | |
viewportHeight: 667 | |
ignoredSpecs: ', "**/uses-dynamic-viewports/*"' | |
deviceName: iPhone 8 | |
# Dependabot doesn't receive secrets on a push event | |
# so can't run our CI, so we just skip CI for it. | |
# We have settings set up that ensure it can't be merged without | |
# being up to date with main, so it shouldn't be an issue | |
if: ${{ !( github.event_name == 'push' && github.event.sender.login == 'dependabot[bot]' ) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Handle Yarn caching | |
uses: actions/cache@v3 | |
env: | |
cache-name: yarn-cache-v2 | |
with: | |
path: | | |
~/.cache/yarn | |
key: ${{ job.container.image }}-${{ env.cache-name }}-${{ hashFiles('end-to-end-tests/**/yarn.lock')}} | |
# Note we purposefully don't specify fallback restore keys. | |
# Explanation: https://glebbahmutov.com/blog/do-not-let-cypress-cache-snowball/ | |
- name: Handle Cypress caching | |
uses: actions/cache@v3 | |
env: | |
cache-name: cypress-cache-v2 | |
with: | |
path: | | |
~/.cache/Cypress | |
key: ${{ job.container.image }}-${{ env.cache-name }}-${{ hashFiles('end-to-end-tests/**/yarn.lock')}} | |
# Note we purposefully don't specify fallback restore keys. | |
# Explanation: https://glebbahmutov.com/blog/do-not-let-cypress-cache-snowball/ | |
- name: Install Dependencies | |
run: yarn --frozen-lockfile | |
working-directory: end-to-end-tests | |
- name: Log Cypress Info | |
run: npx cypress info | |
working-directory: end-to-end-tests | |
- name: Run Cypress Tests | |
working-directory: end-to-end-tests | |
run: > | |
./node_modules/.bin/cypress run | |
--browser ${{ matrix.platform.browser }} | |
--config '{"viewportWidth": ${{ matrix.sizeRelevant.viewportWidth }}, "viewportHeight": ${{ matrix.sizeRelevant.viewportHeight }}, "baseUrl": "http://sctrainer-server:${{ env.PORT }}", "e2e": {"excludeSpecPattern": ["**/visual-tests.cy.ts" ${{ matrix.sizeRelevant.ignoredSpecs }}]}, "video": true}' | |
- name: Upload recorded videos | |
uses: actions/upload-artifact@v3 | |
if: failure() | |
continue-on-error: true | |
with: | |
name: VIDEOS-cypress-${{ matrix.platform.browser }}-${{ matrix.sizeRelevant.deviceName }}-${{ github.sha }} | |
path: end-to-end-tests/cypress/videos | |
- name: Upload recorded Screenshots | |
uses: actions/upload-artifact@v3 | |
if: failure() | |
continue-on-error: true | |
with: | |
name: SCREENSHOTS-cypress-${{ matrix.platform.browser }}-${{ matrix.sizeRelevant.deviceName }}-${{ github.sha }} | |
path: end-to-end-tests/cypress/screenshots | |
# | |
# | |
# Useful for debugging: | |
# - uses: mxschmitt/action-tmate@v3 | |
# with: | |
# limit-access-to-actor: true | |
# sudo: false |