chore(lib): update dependency rollup to v4 [security] #171
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test and deploy environment | |
on: | |
workflow_dispatch: | |
push: | |
branches-ignore: | |
- main | |
- production | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref_name }} | |
cancel-in-progress: true | |
jobs: | |
prepare: | |
runs-on: ubuntu-latest | |
outputs: | |
env_name: ${{ steps.env_name.outputs.env_name }} | |
build_matrix: ${{ steps.config.outputs.build }} | |
deploy_matrix: ${{ steps.config.outputs.deploy }} | |
test_matrix: ${{ steps.config.outputs.test }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
fetch-depth: 0 | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20.17" | |
- name: Get environment name | |
id: env_name | |
working-directory: devops/scripts | |
run: | | |
env_name=$(node get-environment-name.js ${{ github.ref_name }}) | |
echo "env_name: $env_name" | |
echo "env_name=$env_name" >> $GITHUB_OUTPUT | |
- name: Get matrices configuration | |
id: config | |
run: | | |
# BUILD MATRIX | |
echo "[]" \ | |
| jq '. + [{name:"api", tag:$tag}]' --arg tag "$(git log --max-count=1 --oneline -- api packages/lib package-lock.json | cut -d " " -f 1)" \ | |
| jq '. + [{name:"apiv2", tag:$tag}]' --arg tag "$(git log --max-count=1 --oneline -- apiv2 packages/lib package-lock.json | cut -d " " -f 1)" \ | |
| jq '. + [{name:"app", tag:$tag}]' --arg tag "$(git log --max-count=1 --oneline -- app packages package-lock.json | cut -d " " -f 1)" \ | |
| jq '. + [{name:"admin", tag:$tag}]' --arg tag "$(git log --max-count=1 --oneline -- admin packages package-lock.json | cut -d " " -f 1)" > build.json | |
echo "Build matrix" | |
cat build.json | |
echo "build=$(jq -c < build.json)" >> $GITHUB_OUTPUT | |
# DEPLOY MATRIX | |
cat build.json > deploy.json | |
echo "Deploy matrix" | |
cat deploy.json | |
echo "deploy=$(jq -c < deploy.json)" >> $GITHUB_OUTPUT | |
# TEST MATRIX | |
git switch main | |
echo "[]" \ | |
| jq '. + [{name:"api", run_test:$tag}]' --arg tag "$(git log --max-count=1 --oneline main..${{ github.ref_name }} -- api packages/lib package-lock.json | cut -d " " -f 1)" \ | |
| jq '. + [{name:"apiv2", run_test:$tag}]' --arg tag "$(git log --max-count=1 --oneline main..${{ github.ref_name }} -- apiv2 packages/lib package-lock.json | cut -d " " -f 1)" \ | |
| jq '. + [{name:"app", run_test:$tag}]' --arg tag "$(git log --max-count=1 --oneline main..${{ github.ref_name }} -- app packages package-lock.json | cut -d " " -f 1)" \ | |
| jq '. + [{name:"admin", run_test:$tag}]' --arg tag "$(git log --max-count=1 --oneline main..${{ github.ref_name }} -- admin packages package-lock.json | cut -d " " -f 1)" \ | |
| jq '. + [{name:"lib", run_test:$tag}]' --arg tag "$(git log --max-count=1 --oneline main..${{ github.ref_name }} -- packages package-lock.json | cut -d " " -f 1)" > test.json | |
echo "Test matrix" | |
cat test.json | |
echo "test=$(jq -c < test.json)" >> $GITHUB_OUTPUT | |
test: | |
needs: prepare | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
app: ${{ fromJSON(needs.prepare.outputs.test_matrix) }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Run tests | |
uses: jenseng/dynamic-uses@v1 | |
if: ${{matrix.app.run_test}} | |
with: | |
uses: ./.github/actions/run-tests-${{matrix.app.name}} | |
with: '{"branch_name": "${{ github.ref_name }}", "CC_TEST_REPORTER_ID": "${{ secrets.CC_TEST_REPORTER_ID }}" }' | |
create_environment: | |
if: | | |
!(contains(github.ref_name, '-no-ci-') || | |
startsWith(github.ref_name, 'no-ci-') || | |
endsWith(github.ref_name, 'no-ci') || | |
contains(github.ref_name, '_no_ci_') || | |
startsWith(github.ref_name, 'no_ci_') || | |
endsWith(github.ref_name, '_no_ci') || | |
startsWith(github.ref_name, 'renovate') || | |
startsWith(github.ref_name, 'gh-readonly-') | |
) | |
needs: prepare | |
runs-on: ubuntu-latest | |
outputs: | |
registry: ${{ steps.registry.outputs.registry }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20.17" | |
- name: Create environment | |
id: registry | |
working-directory: devops/scripts | |
env: | |
SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }} | |
SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }} | |
run: | | |
node create-environment.js ${{ needs.prepare.outputs.env_name }} | |
registry=$(node get-environment-registry.js ${{ needs.prepare.outputs.env_name }}) | |
echo "registry: $registry" | |
echo "registry=$registry" >> $GITHUB_OUTPUT | |
build: | |
needs: [prepare, create_environment] | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
app: ${{ fromJSON(needs.prepare.outputs.build_matrix) }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Login to Docker Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: nologin | |
password: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }} | |
registry: ${{ needs.create_environment.outputs.registry }} | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20.17" | |
- name: Build image | |
working-directory: devops/scripts | |
env: | |
SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }} | |
SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }} | |
run: | | |
node build-application-docker.js --push ${{ needs.prepare.outputs.env_name }} ${{matrix.app.name}} ${{matrix.app.tag}} | |
deploy: | |
needs: [prepare, build] | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
app: ${{ fromJSON(needs.prepare.outputs.deploy_matrix) }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref_name }} | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20.17" | |
- name: Deploy image on Scaleway | |
working-directory: devops/scripts | |
env: | |
SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }} | |
SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }} | |
run: | | |
node deploy-scaleway.js ${{ needs.prepare.outputs.env_name }} ${{matrix.app.name}} ${{matrix.app.tag}} |