From 704144bd7d52a46450898ac91b29330b7c61f4a4 Mon Sep 17 00:00:00 2001 From: Lexus Drumgold Date: Fri, 3 Mar 2023 12:54:12 -0500 Subject: [PATCH] ci(workflows): [`ci`] split `ci` job into multiple jobs Signed-off-by: Lexus Drumgold --- .dictionary.txt | 1 + .github/workflows/ci.yml | 260 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 245 insertions(+), 16 deletions(-) diff --git a/.dictionary.txt b/.dictionary.txt index d10fb691..62c2b7f6 100644 --- a/.dictionary.txt +++ b/.dictionary.txt @@ -9,6 +9,7 @@ dessant docast dohm fbca +ggshield gpgsign hmarr iife diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 148b565c..c3d2359b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,10 +2,21 @@ # # References: # +# - https://docs.github.com/actions/automating-builds-and-tests/building-and-testing-nodejs +# - https://docs.github.com/actions/learn-github-actions/contexts +# - https://docs.github.com/actions/learn-github-actions/expressions +# - https://docs.github.com/actions/using-jobs/using-a-matrix-for-your-jobs # - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request # - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push # - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch +# - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions +# - https://github.com/GitGuardian/ggshield-action +# - https://github.com/actions/cache +# - https://github.com/actions/cache/discussions/650 # - https://github.com/actions/checkout +# - https://github.com/actions/setup-node +# - https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#yarn2-configuration +# - https://github.com/actions/upload-artifact # - https://github.com/hmarr/debug-action --- @@ -17,23 +28,29 @@ on: - feat/** - hotfix/** - main + - release/** workflow_dispatch: permissions: packages: read env: + CACHE_PATH: node_modules GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} HUSKY: 0 REF: ${{ github.head_ref || github.ref_name }} + SHA: ${{ github.event.pull_request.head.sha || github.sha }} concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: - ci: + metadata: if: | - github.event_name == 'pull_request' || - github.event_name == 'workflow_dispatch' || - !startsWith(github.event.head_commit.message, 'release:') + github.event.head_commit.author.name != 'dependabot[bot]' + && github.event.head_commit.author.username != 'flexdevelopment' + && !startsWith(github.event.head_commit.message, 'release:') runs-on: ubuntu-latest + outputs: + version: ${{ steps.version.outputs.result }} + version-typescript: ${{ steps.version-typescript.outputs.result }} steps: - id: debug name: Print environment variables and event payload @@ -43,31 +60,242 @@ jobs: uses: actions/checkout@v3.2.0 with: ref: ${{ env.REF }} + - id: node + name: Setup Node.js + uses: actions/setup-node@v3.6.0 + with: + cache: yarn + cache-dependency-path: yarn.lock + node-version-file: .nvmrc - id: yarn name: Install dependencies - if: github.actor != 'dependabot[bot]' - run: yarn - - id: yarn-dependabot - name: Install dependencies for dependabot - if: github.actor == 'dependabot[bot]' - run: yarn --no-immutable + run: yarn ${{ github.actor == 'dependabot[bot]' && '--no-immutable' || '--immutable' }} + - id: cache + name: Cache dependencies + uses: actions/cache@v3.2.6 + with: + key: ${{ runner.os }}-${{ github.run_id }} + path: ${{ env.CACHE_PATH }} + - id: version + name: Get package version + run: echo "result=$(jq .version package.json -r)" >> $GITHUB_OUTPUT + - id: version-typescript + name: Get TypeScript version + run: echo "result=$(jq .devDependencies.typescript package.json -r)" >> $GITHUB_OUTPUT + commitlint: + needs: metadata + runs-on: ubuntu-latest + steps: + - id: checkout + name: Checkout ${{ env.REF }} + uses: actions/checkout@v3.2.0 + with: + fetch-depth: 0 + ref: ${{ env.REF }} + - id: node + name: Setup Node.js + uses: actions/setup-node@v3.6.0 + with: + cache: yarn + cache-dependency-path: yarn.lock + node-version-file: .nvmrc + - id: cache + name: Restore dependencies cache + uses: actions/cache@v3.2.6 + with: + key: ${{ runner.os }}-${{ github.run_id }} + path: ${{ env.CACHE_PATH }} + - id: lint + name: Check commitlint status + run: yarn commitlint --from $SHA~${{ github.event.pull_request.commits || 1 }} --to $SHA + gitguardian: + needs: commitlint + runs-on: ubuntu-latest + steps: + - id: checkout + name: Checkout ${{ env.REF }} + uses: actions/checkout@v3.2.0 + with: + fetch-depth: 0 + ref: ${{ env.REF }} + - id: scan + name: Scan commits for secrets and policy breaches + uses: GitGuardian/ggshield-action@master + with: + args: --all-policies --show-secrets --verbose + env: + GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }} + GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} + GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }} + GITHUB_PUSH_BASE_SHA: ${{ github.event.base }} + GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }} + format: + needs: + - commitlint + - gitguardian + runs-on: ubuntu-latest + steps: + - id: checkout + name: Checkout ${{ env.REF }} + uses: actions/checkout@v3.2.0 + with: + ref: ${{ env.REF }} + - id: node + name: Setup Node.js + uses: actions/setup-node@v3.6.0 + with: + cache: yarn + cache-dependency-path: yarn.lock + node-version-file: .nvmrc + - id: cache + name: Restore dependencies cache + uses: actions/cache@v3.2.6 + with: + key: ${{ runner.os }}-${{ github.run_id }} + path: ${{ env.CACHE_PATH }} - id: format name: Check code formatting run: yarn check:format + lint: + needs: + - commitlint + - gitguardian + runs-on: ubuntu-latest + steps: + - id: checkout + name: Checkout ${{ env.REF }} + uses: actions/checkout@v3.2.0 + with: + ref: ${{ env.REF }} + - id: node + name: Setup Node.js + uses: actions/setup-node@v3.6.0 + with: + cache: yarn + cache-dependency-path: yarn.lock + node-version-file: .nvmrc + - id: cache + name: Restore dependencies cache + uses: actions/cache@v3.2.6 + with: + key: ${{ runner.os }}-${{ github.run_id }} + path: ${{ env.CACHE_PATH }} + - id: build + name: Build project + run: yarn build - id: lint name: Check lint status run: yarn check:lint + spelling: + needs: + - commitlint + - gitguardian + runs-on: ubuntu-latest + steps: + - id: checkout + name: Checkout ${{ env.REF }} + uses: actions/checkout@v3.2.0 + with: + ref: ${{ env.REF }} + - id: node + name: Setup Node.js + uses: actions/setup-node@v3.6.0 + with: + cache: yarn + cache-dependency-path: yarn.lock + node-version-file: .nvmrc + - id: cache + name: Restore dependencies cache + uses: actions/cache@v3.2.6 + with: + key: ${{ runner.os }}-${{ github.run_id }} + path: ${{ env.CACHE_PATH }} - id: spelling name: Check spelling run: yarn check:spelling - - id: types - name: Check types - run: yarn check:types - - id: types-build - name: Check types build - run: yarn check:types:build + typescript: + needs: + - commitlint + - gitguardian + - metadata + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + typescript-version: + - ${{ needs.metadata.outputs.version-typescript }} + - latest + - ~4.9.0 + - ~4.8.0 + steps: + - id: checkout + name: Checkout ${{ env.REF }} + uses: actions/checkout@v3.2.0 + with: + ref: ${{ env.REF }} + - id: node + name: Setup Node.js + uses: actions/setup-node@v3.6.0 + with: + cache: yarn + cache-dependency-path: yarn.lock + node-version-file: .nvmrc + - id: cache + name: Restore dependencies cache + uses: actions/cache@v3.2.6 + with: + key: ${{ runner.os }}-${{ github.run_id }} + path: ${{ env.CACHE_PATH }} + - id: typescript + name: Install typescript@${{ matrix.typescript-version }} + run: yarn add -D typescript@${{ matrix.typescript-version }} + - id: set-typescript-version + name: Set env.TYPESCRIPT_VERSION + run: | + echo "TYPESCRIPT_VERSION=$(jq .devDependencies.typescript package.json -r)" >> $GITHUB_ENV + - id: print-typescript-version + name: Print TypeScript version + run: echo $TYPESCRIPT_VERSION + - id: typecheck + name: Run typecheck + run: yarn typecheck + build: + needs: + - commitlint + - gitguardian + - metadata + runs-on: ubuntu-latest + steps: + - id: checkout + name: Checkout ${{ env.REF }} + uses: actions/checkout@v3.2.0 + with: + ref: ${{ env.REF }} + - id: node + name: Setup Node.js + uses: actions/setup-node@v3.6.0 + with: + cache: yarn + cache-dependency-path: yarn.lock + node-version-file: .nvmrc + - id: cache + name: Restore dependencies cache + uses: actions/cache@v3.2.6 + with: + key: ${{ runner.os }}-${{ github.run_id }} + path: ${{ env.CACHE_PATH }} - id: pack name: Pack project run: yarn pack -o %s-%v.tgz env: NODE_ENV: production + - id: typecheck + name: Run typecheck + run: yarn check:types:build + - id: archive + name: Archive production artifacts + uses: actions/upload-artifact@v3.1.2 + with: + name: | + ${{ format('@{0}-{1}-{2}', github.repository_owner, github.event.repository.name, needs.metadata.outputs.version) }} + path: '*.tgz'