ci(workflows): [ci] split ci job into multiple jobs

Signed-off-by: Lexus Drumgold <[email protected]>
flex-development · Mar 3, 2023 · 704144b · 704144b
1 parent 3c86791
commit 704144b
Show file tree

Hide file tree

Showing 2 changed files with 245 additions and 16 deletions.
diff --git a/.dictionary.txt b/.dictionary.txt
@@ -9,6 +9,7 @@ dessant
 docast
 dohm
 fbca
+ggshield
 gpgsign
 hmarr
 iife

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,10 +2,21 @@
 #
 # References:
 #
+# - https://docs.github.com/actions/automating-builds-and-tests/building-and-testing-nodejs
+# - https://docs.github.com/actions/learn-github-actions/contexts
+# - https://docs.github.com/actions/learn-github-actions/expressions
+# - https://docs.github.com/actions/using-jobs/using-a-matrix-for-your-jobs
 # - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request
 # - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push
 # - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
+# - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions
+# - https://github.com/GitGuardian/ggshield-action
+# - https://github.com/actions/cache
+# - https://github.com/actions/cache/discussions/650
 # - https://github.com/actions/checkout
+# - https://github.com/actions/setup-node
+# - https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#yarn2-configuration
+# - https://github.com/actions/upload-artifact
 # - https://github.com/hmarr/debug-action
 
 ---
@@ -17,23 +28,29 @@ on:
  - feat/**
  - hotfix/**
  - main
+ - release/**
  workflow_dispatch:
 permissions:
  packages: read
 env:
+ CACHE_PATH: node_modules
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  HUSKY: 0
  REF: ${{ github.head_ref || github.ref_name }}
+ SHA: ${{ github.event.pull_request.head.sha || github.sha }}
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 jobs:
- ci:
+ metadata:
  if: |
- github.event_name == 'pull_request' ||
- github.event_name == 'workflow_dispatch' ||
- !startsWith(github.event.head_commit.message, 'release:')
+ github.event.head_commit.author.name != 'dependabot[bot]'
+ && github.event.head_commit.author.username != 'flexdevelopment'
+ && !startsWith(github.event.head_commit.message, 'release:')
  runs-on: ubuntu-latest
+ outputs:
+ version: ${{ steps.version.outputs.result }}
+ version-typescript: ${{ steps.version-typescript.outputs.result }}
  steps:
  - id: debug
  name: Print environment variables and event payload
@@ -43,31 +60,242 @@ jobs:
  uses: actions/[email protected]
  with:
  ref: ${{ env.REF }}
+ - id: node
+ name: Setup Node.js
+ uses: actions/[email protected]
+ with:
+ cache: yarn
+ cache-dependency-path: yarn.lock
+ node-version-file: .nvmrc
  - id: yarn
  name: Install dependencies
- if: github.actor != 'dependabot[bot]'
- run: yarn
- - id: yarn-dependabot
- name: Install dependencies for dependabot
- if: github.actor == 'dependabot[bot]'
- run: yarn --no-immutable
+ run: yarn ${{ github.actor == 'dependabot[bot]' && '--no-immutable' || '--immutable' }}
+ - id: cache
+ name: Cache dependencies
+ uses: actions/[email protected]
+ with:
+ key: ${{ runner.os }}-${{ github.run_id }}
+ path: ${{ env.CACHE_PATH }}
+ - id: version
+ name: Get package version
+ run: echo "result=$(jq .version package.json -r)" >> $GITHUB_OUTPUT
+ - id: version-typescript
+ name: Get TypeScript version
+ run: echo "result=$(jq .devDependencies.typescript package.json -r)" >> $GITHUB_OUTPUT
+ commitlint:
+ needs: metadata
+ runs-on: ubuntu-latest
+ steps:
+ - id: checkout
+ name: Checkout ${{ env.REF }}
+ uses: actions/[email protected]
+ with:
+ fetch-depth: 0
+ ref: ${{ env.REF }}
+ - id: node
+ name: Setup Node.js
+ uses: actions/[email protected]
+ with:
+ cache: yarn
+ cache-dependency-path: yarn.lock
+ node-version-file: .nvmrc
+ - id: cache
+ name: Restore dependencies cache
+ uses: actions/[email protected]
+ with:
+ key: ${{ runner.os }}-${{ github.run_id }}
+ path: ${{ env.CACHE_PATH }}
+ - id: lint
+ name: Check commitlint status
+ run: yarn commitlint --from $SHA~${{ github.event.pull_request.commits || 1 }} --to $SHA
+ gitguardian:
+ needs: commitlint
+ runs-on: ubuntu-latest
+ steps:
+ - id: checkout
+ name: Checkout ${{ env.REF }}
+ uses: actions/[email protected]
+ with:
+ fetch-depth: 0
+ ref: ${{ env.REF }}
+ - id: scan
+ name: Scan commits for secrets and policy breaches
+ uses: GitGuardian/ggshield-action@master
+ with:
+ args: --all-policies --show-secrets --verbose
+ env:
+ GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
+ GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+ GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+ GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
+ GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
+ format:
+ needs:
+ - commitlint
+ - gitguardian
+ runs-on: ubuntu-latest
+ steps:
+ - id: checkout
+ name: Checkout ${{ env.REF }}
+ uses: actions/[email protected]
+ with:
+ ref: ${{ env.REF }}
+ - id: node
+ name: Setup Node.js
+ uses: actions/[email protected]
+ with:
+ cache: yarn
+ cache-dependency-path: yarn.lock
+ node-version-file: .nvmrc
+ - id: cache
+ name: Restore dependencies cache
+ uses: actions/[email protected]
+ with:
+ key: ${{ runner.os }}-${{ github.run_id }}
+ path: ${{ env.CACHE_PATH }}
  - id: format
  name: Check code formatting
  run: yarn check:format
+ lint:
+ needs:
+ - commitlint
+ - gitguardian
+ runs-on: ubuntu-latest
+ steps:
+ - id: checkout
+ name: Checkout ${{ env.REF }}
+ uses: actions/[email protected]
+ with:
+ ref: ${{ env.REF }}
+ - id: node
+ name: Setup Node.js
+ uses: actions/[email protected]
+ with:
+ cache: yarn
+ cache-dependency-path: yarn.lock
+ node-version-file: .nvmrc
+ - id: cache
+ name: Restore dependencies cache
+ uses: actions/[email protected]
+ with:
+ key: ${{ runner.os }}-${{ github.run_id }}
+ path: ${{ env.CACHE_PATH }}
+ - id: build
+ name: Build project
+ run: yarn build
  - id: lint
  name: Check lint status
  run: yarn check:lint
+ spelling:
+ needs:
+ - commitlint
+ - gitguardian
+ runs-on: ubuntu-latest
+ steps:
+ - id: checkout
+ name: Checkout ${{ env.REF }}
+ uses: actions/[email protected]
+ with:
+ ref: ${{ env.REF }}
+ - id: node
+ name: Setup Node.js
+ uses: actions/[email protected]
+ with:
+ cache: yarn
+ cache-dependency-path: yarn.lock
+ node-version-file: .nvmrc
+ - id: cache
+ name: Restore dependencies cache
+ uses: actions/[email protected]
+ with:
+ key: ${{ runner.os }}-${{ github.run_id }}
+ path: ${{ env.CACHE_PATH }}
  - id: spelling
  name: Check spelling
  run: yarn check:spelling
- - id: types
- name: Check types
- run: yarn check:types
- - id: types-build
- name: Check types build
- run: yarn check:types:build
+ typescript:
+ needs:
+ - commitlint
+ - gitguardian
+ - metadata
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ typescript-version:
+ - ${{ needs.metadata.outputs.version-typescript }}
+ - latest
+ - ~4.9.0
+ - ~4.8.0
+ steps:
+ - id: checkout
+ name: Checkout ${{ env.REF }}
+ uses: actions/[email protected]
+ with:
+ ref: ${{ env.REF }}
+ - id: node
+ name: Setup Node.js
+ uses: actions/[email protected]
+ with:
+ cache: yarn
+ cache-dependency-path: yarn.lock
+ node-version-file: .nvmrc
+ - id: cache
+ name: Restore dependencies cache
+ uses: actions/[email protected]
+ with:
+ key: ${{ runner.os }}-${{ github.run_id }}
+ path: ${{ env.CACHE_PATH }}
+ - id: typescript
+ name: Install typescript@${{ matrix.typescript-version }}
+ run: yarn add -D typescript@${{ matrix.typescript-version }}
+ - id: set-typescript-version
+ name: Set env.TYPESCRIPT_VERSION
+ run: |
+ echo "TYPESCRIPT_VERSION=$(jq .devDependencies.typescript package.json -r)" >> $GITHUB_ENV
+ - id: print-typescript-version
+ name: Print TypeScript version
+ run: echo $TYPESCRIPT_VERSION
+ - id: typecheck
+ name: Run typecheck
+ run: yarn typecheck
+ build:
+ needs:
+ - commitlint
+ - gitguardian
+ - metadata
+ runs-on: ubuntu-latest
+ steps:
+ - id: checkout
+ name: Checkout ${{ env.REF }}
+ uses: actions/[email protected]
+ with:
+ ref: ${{ env.REF }}
+ - id: node
+ name: Setup Node.js
+ uses: actions/[email protected]
+ with:
+ cache: yarn
+ cache-dependency-path: yarn.lock
+ node-version-file: .nvmrc
+ - id: cache
+ name: Restore dependencies cache
+ uses: actions/[email protected]
+ with:
+ key: ${{ runner.os }}-${{ github.run_id }}
+ path: ${{ env.CACHE_PATH }}
  - id: pack
  name: Pack project
  run: yarn pack -o %s-%v.tgz
  env:
  NODE_ENV: production
+ - id: typecheck
+ name: Run typecheck
+ run: yarn check:types:build
+ - id: archive
+ name: Archive production artifacts
+ uses: actions/[email protected]
+ with:
+ name: |
+ ${{ format('@{0}-{1}-{2}', github.repository_owner, github.event.repository.name, needs.metadata.outputs.version) }}
+ path: '*.tgz'