Skip to content

Bulk update dependencies #19777

Bulk update dependencies

Bulk update dependencies #19777

name: Build plugin
on:
push:
# Don't run for irrelevant changes.
paths-ignore:
- 'docs/**'
- '.storybook/**'
- '.wordpress-org/**'
- '__mocks__/**'
- '__static__/**'
- 'bin/**'
- 'packages/e2e-test-utils/**'
- 'packages/e2e-tests/**'
- 'packages/karma-*/**'
- 'tests/**'
- '**.md'
- '**.yml'
- '**.neon.dist'
- '**.xml.dist'
- '.editorconfig'
- '.eslint*'
- '.markdownlint*'
- '.phpstorm.meta.php'
- '.prettier*'
- '.stylelint*'
- '.github/workflows/**'
- '!.github/workflows/build-and-deploy.yml'
branches:
- main
- release/*
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
# Don't run for irrelevant changes.
paths-ignore:
- 'docs/**'
- '.storybook/**'
- '.wordpress-org/**'
- '__mocks__/**'
- '__static__/**'
- 'bin/**'
- 'packages/e2e-test-utils/**'
- 'packages/e2e-tests/**'
- 'packages/karma-*/**'
- 'tests/**'
- '**.md'
- '**.yml'
- '**.neon.dist'
- '**.xml.dist'
- '.editorconfig'
- '.eslint*'
- '.markdownlint*'
- '.phpstorm.meta.php'
- '.prettier*'
- '.stylelint*'
- '.github/workflows/**'
- '!.github/workflows/build-and-deploy.yml'
permissions:
contents: read
pull-requests: write
# Cancels all previous workflow runs for pull requests that have not completed.
concurrency:
# The concurrency group contains the workflow name and the (target) branch name.
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
bundle-size:
name: Bundle size check
runs-on: ubuntu-latest
timeout-minutes: 15
# The action cannot annotate the PR when run from a PR fork or authored by Dependabot.
if: >
github.event_name == 'pull_request' &&
github.event.pull_request.draft == false &&
github.event.pull_request.head.repo.fork == false &&
github.event.pull_request.user.login != 'dependabot[bot]'
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
with:
disable-file-monitoring: true
egress-policy: block
allowed-endpoints: >
cloudresourcemanager.googleapis.com:443
codeserver.dev.6b7f1eeb-705b-4201-864d-2007030c8372.drush.in:2222
dl.google.com:443
github.com:443
api.github.com:443
oauth2.googleapis.com:443
objects.githubusercontent.com:443
packagist.org:443
registry.npmjs.org:443
storage.googleapis.com:443
54.185.253.63:443
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
- name: Setup Node
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d
with:
node-version-file: '.nvmrc'
cache: npm
- name: Bundle size check
uses: preactjs/compressed-size-action@8119d3d31b6e57b167e09c81dfa877eada3bcb35
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
pattern: '{assets/js/*.js,assets/css/*.css}'
build-script: 'build:js'
minimum-change-threshold: 100
# Ignore chunk and module hashes in bundle filenames.
strip-hash: '.*-(\w{20})|^(\d{2,5})\.js$'
build:
name: Build & deploy
runs-on: ubuntu-latest
timeout-minutes: 20
if: >
github.event.pull_request.draft == false &&
github.event.pull_request.head.repo.fork == false &&
github.event.pull_request.user.login != 'dependabot[bot]'
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
- name: Setup Node
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d
with:
node-version-file: '.nvmrc'
cache: npm
- name: Setup PHP
uses: shivammathur/setup-php@72ae4ccbe57f82bbe08411e84e2130bd4ba1c10f
with:
php-version: '8.0'
coverage: none
tools: composer
- name: Install dependencies
run: npm ci
env:
PUPPETEER_SKIP_DOWNLOAD: true
- name: Install PHP dependencies
uses: ramsey/composer-install@83af392bf5f031813d25e6fe4cd626cdba9a2df6
with:
composer-options: '--prefer-dist --no-progress --no-interaction'
- name: Setup Bun
uses: oven-sh/setup-bun@4573031972107e0af692492ee967d9022deafd7b
with:
bun-version: '0.5.9'
- name: Build plugin
run: |
bun run build:js
bun run workflow:version -- --nightly
mkdir -p build/web-stories-regular build/web-stories-dev
- name: Bundle regular version
run: |
bun run workflow:build-plugin -- --zip web-stories.zip
cp -r build/web-stories/ build/web-stories-regular/
- name: Bundle development version
run: |
rm -rf assets/css/* assets/js/*
npx webpack --env=development
bun run workflow:build-plugin -- --zip web-stories-dev.zip
# Upload ZIP file to GCS for use in QA environment.
- name: Authenticate
uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Setup Cloud SDK
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
- name: Upload ZIP files to GCS
run: |
gsutil cp -r build/web-stories.zip gs://web-stories-wp-github-artifacts/${{ github.ref }}/web-stories.zip
gsutil cp -r build/web-stories-dev.zip gs://web-stories-wp-github-artifacts/${{ github.ref }}/web-stories-dev.zip
# Leave comment with links to plugin ZIPs.
- name: Check if a comment was already made
id: find-comment
uses: peter-evans/find-comment@a54c31d7fa095754bfef525c0c8e5e5674c4b4b1
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: googleforcreators-bot
body-includes: Plugin builds for
# Only run this step if it's a PR. One way to check for that is if `github.head_ref` is not empty.
# Only run if the PR was not authored by Dependabot and it is not a draft or not from a fork.
if: >
github.head_ref &&
github.event.pull_request.draft == false &&
github.event.pull_request.head.repo.fork == false &&
github.event.pull_request.user.login != 'dependabot[bot]'
- name: Get comment body
id: get-comment-body
# Setting a multi-line output requires escaping line-feeds. See <https://github.community/t/set-output-truncates-multiline-strings/16852/3>.
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo 'COMMENT_BODY<<EOF' >> $GITHUB_ENV
echo 'Plugin builds for ${{ github.event.pull_request.head.sha }} are ready :bellhop_bell:!' >> $GITHUB_ENV
echo '- Download [development build](https://storage.googleapis.com/web-stories-wp-github-artifacts/${{ github.ref }}/web-stories-dev.zip?${{ github.sha }})' >> $GITHUB_ENV
echo '- Download [production build](https://storage.googleapis.com/web-stories-wp-github-artifacts/${{ github.ref }}/web-stories.zip?${{ github.sha }})' >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
if: >
github.head_ref &&
github.event.pull_request.draft == false &&
github.event.pull_request.head.repo.fork == false &&
github.event.pull_request.user.login != 'dependabot[bot]'
- name: Create or update comment on PR with links to plugin builds
uses: peter-evans/create-or-update-comment@c6c9a1a66007646a28c153e2a8580a5bad27bcfa
with:
issue-number: ${{ github.event.pull_request.number }}
comment-id: ${{ steps.find-comment.outputs.comment-id }}
edit-mode: replace
body: ${{ env.COMMENT_BODY }}
token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }}
if: >
github.head_ref &&
github.event.pull_request.draft == false &&
github.event.pull_request.head.repo.fork == false &&
github.event.pull_request.user.login != 'dependabot[bot]'
# Deploy to staging site if on main branch.
- name: Setup SSH Keys and known_hosts
uses: webfactory/ssh-agent@d4b9b8ff72958532804b70bbe600ad43b36d5f2e
with:
ssh-private-key: ${{ secrets.PANTHEON_DEPLOY_KEY }}
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
- name: Deploy to staging
run: |
rm -rf build/web-stories
mv build/web-stories-regular/* build/web-stories
bash bin/deploy-to-test-environment.sh
if: github.ref == 'refs/heads/main' && github.event_name == 'push'