-
Notifications
You must be signed in to change notification settings - Fork 1
157 lines (144 loc) · 4.15 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: CI
on:
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
branches:
- "**"
workflow_dispatch:
env:
BUN_VERSION: 1.2.4
REGISTRY: ghcr.io
NAMESPACE: "${{ github.repository }}"
MULTI_ARCH: false
USE_QEMU: false
jobs:
path-filter:
runs-on: ubuntu-latest
if: ${{ !github.event.pull_request.draft }}
outputs:
apps: ${{ steps.filter.outputs.apps }}
steps:
- name: Checks-out repository
uses: actions/checkout@v4
- name: Check updated files paths
uses: dorny/paths-filter@v2
id: filter
with:
filters: |
apps:
- 'apps/**'
- 'packages/**'
- '.github/workflows/**'
expose-vars:
runs-on: ubuntu-latest
if: ${{ !github.event.pull_request.draft }}
outputs:
BUN_VERSION: ${{ env.BUN_VERSION }}
REGISTRY: ${{ env.REGISTRY }}
NAMESPACE: ${{ env.NAMESPACE }}
MULTI_ARCH: ${{ env.MULTI_ARCH }}
USE_QEMU: ${{ env.USE_QEMU }}
steps:
- name: Exposing env vars
run: echo "Exposing env vars"
lint:
uses: ./.github/workflows/lint.yml
needs:
- expose-vars
with:
BUN_VERSION: ${{ needs.expose-vars.outputs.BUN_VERSION }}
unit-tests:
uses: ./.github/workflows/tests-unit.yml
needs:
- expose-vars
with:
BUN_VERSION: ${{ needs.expose-vars.outputs.BUN_VERSION }}
secrets:
SONAR_HOST_URL: "${{ secrets.SONAR_HOST_URL }}"
SONAR_TOKEN: "${{ secrets.SONAR_TOKEN }}"
SONAR_PROJECT_KEY: "${{ secrets.SONAR_PROJECT_KEY }}"
build:
uses: ./.github/workflows/build.yml
needs:
- expose-vars
permissions:
packages: write
with:
REGISTRY: ${{ needs.expose-vars.outputs.REGISTRY }}
NAMESPACE: ${{ needs.expose-vars.outputs.NAMESPACE }}
TAG: pr-${{ github.event.pull_request.number || github.event.number }}
MULTI_ARCH: ${{ needs.expose-vars.outputs.MULTI_ARCH == 'true' }}
USE_QEMU: ${{ needs.expose-vars.outputs.USE_QEMU == 'true' }}
build-label:
uses: ./.github/workflows/label.yml
needs:
- expose-vars
- build
permissions:
pull-requests: write
with:
CONF_PATH: ./.github/labels/build.yml
e2e-tests:
uses: ./.github/workflows/tests-e2e.yml
if: ${{ needs.path-filter.outputs.apps == 'true' }}
needs:
- path-filter
- expose-vars
- build
with:
BUN_VERSION: ${{ needs.expose-vars.outputs.BUN_VERSION }}
TAG: pr-${{ github.event.pull_request.number || github.event.number }}
BROWSERS: "chrome,firefox"
APPS: "api,docs"
deploy-tests:
uses: ./.github/workflows/tests-deploy.yml
if: ${{ needs.path-filter.outputs.apps != 'true' }}
needs:
- path-filter
- expose-vars
- build
with:
TAG: pr-${{ github.event.pull_request.number || github.event.number }}
scan-vuln:
uses: ./.github/workflows/scan.yml
if: ${{ !github.event.pull_request.draft && (github.base_ref == 'main' || github.base_ref == 'develop') }}
needs:
- expose-vars
- build
permissions:
issues: write
with:
REGISTRY: ${{ needs.expose-vars.outputs.REGISTRY }}
NAMESPACE: ${{ needs.expose-vars.outputs.NAMESPACE }}
TAG: pr-${{ github.event.pull_request.number || github.event.number }}
# Workaround for required status check in protection branches (see. https://github.com/orgs/community/discussions/13690)
all-jobs-passed:
name: Check jobs status
runs-on: ubuntu-latest
if: ${{ always() }}
needs:
- path-filter
- expose-vars
- lint
- unit-tests
- build
- scan-vuln
steps:
- name: Check status of all required jobs
run: |-
NEEDS_CONTEXT='${{ toJson(needs) }}'
JOB_IDS=$(echo "$NEEDS_CONTEXT" | jq -r 'keys[]')
for JOB_ID in $JOB_IDS; do
RESULT=$(echo "$NEEDS_CONTEXT" | jq -r ".[\"$JOB_ID\"].result")
echo "$JOB_ID job result: $RESULT"
if [[ $RESULT != "success" && $RESULT != "skipped" ]]; then
echo "***"
echo "Error: The $JOB_ID job did not pass."
exit 1
fi
done
echo "All jobs passed or were skipped."