[DO NOT MERGE] feat: validate vector tile styles BM-1123 #3047
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| workflow_call: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| env: | |
| BASEMAPS_CLI_CONTAINER_VERSION: v7 | |
| BASEMAPS_SERVER_CONTAINER_VERSION: v7 | |
| jobs: | |
| build: | |
| name: Build | |
| permissions: | |
| id-token: write | |
| contents: read | |
| issues: write # This permission shouldn't needed as there is a bug currently for gh pr edit. https://github.com/cli/cli/issues/4631 | |
| pull-requests: write | |
| outputs: | |
| # location of the output configuration generally s3://linz-basemaps-staging/config/config-:hash.json.gz | |
| config_path: ${{ steps.path.outputs.config_path }} | |
| # location of the output asset file, generally s3://linz-basemaps-staging/config/assets.tar.co | |
| assets_path: ${{ steps.path.outputs.assets_path }} | |
| # Hashed filename of the assets eg "assets-FgL4CU4wTd17Y4P7iEgMdG82Vgzj8nXJq12W9A2oPiVf.tar.co" | |
| assets_hash: ${{ steps.path.outputs.assets_hash }} | |
| runs-on: ubuntu-latest | |
| concurrency: build-${{ github.head_ref }} | |
| steps: | |
| - uses: linz/action-typescript@v3 | |
| - name: Prepare path for glyphs | |
| run: | | |
| mkdir -p assets/fonts/ | |
| - name: Build Glyphs | |
| uses: linz/action-build-pbf-glyphs@v1 | |
| with: | |
| source: config/fonts/ | |
| target: assets/fonts/ | |
| - name: Build Sprites | |
| run: | | |
| npx basemaps-sprites $PWD/config/sprites/topographic/ | |
| mkdir -p assets/sprites/ | |
| cp topographic* assets/sprites | |
| - name: Bundle Assets Into Cotar | |
| run: | | |
| ./scripts/bmc.sh ./index.cjs bundle-assets --assets $PWD/assets/ --output $PWD/assets.tar.co | |
| ASSETS_HASH=$(ls assets*.tar.co) | |
| echo "ASSETS_HASH=${ASSETS_HASH}" >> $GITHUB_ENV | |
| echo "ASSETS_LOCATION_STAGING=s3://linz-basemaps-staging/assets/${ASSETS_HASH}" >> $GITHUB_ENV | |
| - name: AWS Configure | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-region: ap-southeast-2 | |
| mask-aws-account-id: true | |
| role-to-assume: ${{ secrets.AWS_ROLE_SCREENSHOT }} | |
| - name: Bundle Config File | |
| run: | | |
| ./scripts/bmc.sh ./index.cjs bundle --config $PWD/config --output $PWD/config-staging.json --assets ${ASSETS_LOCATION_STAGING} --cache s3://linz-basemaps-staging/basemaps-config/cache/ | |
| CONFIG_HASH_STAGING=$(cat config-staging.json | jq .hash -r) | |
| echo "CONFIG_LOCATION_STAGING=s3://linz-basemaps-staging/config/config-${CONFIG_HASH_STAGING}.json.gz" >> $GITHUB_ENV | |
| - name: Upload Config & Assets | |
| run: | | |
| aws s3 cp ${ASSETS_HASH} ${ASSETS_LOCATION_STAGING} | |
| gzip -9 -k config-staging.json | |
| aws s3 cp config-staging.json.gz ${CONFIG_LOCATION_STAGING} --content-encoding gzip | |
| - id: path | |
| name: Define Outputs for Screenshots | |
| run: | | |
| echo "config_path=${CONFIG_LOCATION_STAGING}" >> "$GITHUB_OUTPUT" | |
| echo "assets_path=${ASSETS_LOCATION_STAGING}" >> "$GITHUB_OUTPUT" | |
| echo "assets_hash=${ASSETS_HASH}" >> "$GITHUB_OUTPUT" | |
| - name: Compare To Production | |
| run: | | |
| aws s3 cp s3://linz-basemaps/config/config-latest.json.gz . | |
| ./scripts/bmc.sh ./index.cjs import --config ${CONFIG_LOCATION_STAGING} --output $PWD/changes.md --target $PWD/config-latest.json.gz | |
| - name: (Pull Request) Update Description | |
| if: github.ref != 'refs/heads/master' && github.event_name == 'pull_request' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| [ ! -f changes.md ] || gh pr comment ${{ github.event.number }} --body-file changes.md | |
| # Compare and deploy to non-prod | |
| deploy-nonprod: | |
| needs: [build] | |
| concurrency: deploy-nonprod-${{ github.head_ref }} | |
| name: Deploy Nonprod | |
| if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| env: | |
| CONFIG_PATH: ${{ needs.build.outputs.config_path }} | |
| ASSETS_PATH: ${{ needs.build.outputs.assets_path }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: | |
| name: 'nonprod' | |
| url: https://dev.basemaps.linz.govt.nz | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: AWS Configure | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-region: ap-southeast-2 | |
| mask-aws-account-id: true | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| - name: Import config | |
| run: | | |
| ./scripts/bmc.sh ./index.cjs import --config ${CONFIG_PATH} --commit | |
| # Compare and deploy to prod | |
| deploy-prod: | |
| needs: [build, deploy-nonprod] | |
| concurrency: deploy-prod-${{ github.head_ref }} | |
| name: Deploy Production | |
| if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| env: | |
| CONFIG_PATH: ${{ needs.build.outputs.config_path }} | |
| ASSETS_PATH: ${{ needs.build.outputs.assets_path }} | |
| ASSETS_HASH: ${{ needs.build.outputs.assets_hash }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: | |
| name: 'prod' | |
| url: https://basemaps.linz.govt.nz | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: AWS Configure | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-region: ap-southeast-2 | |
| mask-aws-account-id: true | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| - name: Download Config | |
| run: | | |
| aws s3 cp ${CONFIG_PATH} config-current.json.gz | |
| aws s3 cp ${ASSETS_PATH} assets-current.tar.co | |
| - name: Update config to production URLs | |
| run: | | |
| ASSETS_LOCATION_PROD=s3://linz-basemaps/assets/${ASSETS_HASH} | |
| echo ${ASSETS_LOCATION_PROD} | |
| aws s3 cp assets-current.tar.co s3://linz-basemaps/assets/assets-latest.tar.co | |
| aws s3 cp assets-current.tar.co ${ASSETS_LOCATION_PROD} | |
| ./scripts/bmc.sh ./index.cjs bundle --config $PWD/config-current.json.gz --output $PWD/config-prod.json --assets ${ASSETS_LOCATION_PROD} --cache s3://linz-basemaps-staging/basemaps-config/cache/ | |
| CONFIG_HASH_PROD=$(cat config-prod.json | jq .hash -r) | |
| echo "CONFIG_LOCATION_PROD=s3://linz-basemaps/config/config-${CONFIG_HASH_PROD}.json.gz" >> $GITHUB_ENV | |
| - name: Upload config | |
| run: | | |
| gzip -9 -k config-prod.json | |
| aws s3 cp config-prod.json.gz s3://linz-basemaps/config/config-latest.json.gz --content-encoding gzip | |
| aws s3 cp config-prod.json.gz ${CONFIG_LOCATION_PROD} --content-encoding gzip | |
| - name: Import config | |
| run: | | |
| ./scripts/bmc.sh ./index.cjs import --config ${CONFIG_LOCATION_PROD} --commit | |
| smoke: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| needs: [build] | |
| name: Smoke Test | |
| runs-on: ubuntu-latest | |
| env: | |
| CONFIG_PATH: ${{ needs.build.outputs.config_path }} | |
| BASEMAPS_HOST: http://localhost:5000 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: (Smoke) AWS Configure | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-region: ap-southeast-2 | |
| mask-aws-account-id: true | |
| role-to-assume: ${{ secrets.AWS_ROLE_SCREENSHOT }} | |
| - name: (Smoke) Start Local Server | |
| run: | | |
| ./scripts/bms.sh --config ${CONFIG_PATH} & | |
| # Wait for the server to start | |
| timeout 30 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${BASEMAPS_HOST}/v1/version)" != "200" ]]; do sleep 0.5; done' || false | |
| ./scripts/bmc.sh --test ./node_modules/@basemaps/smoke/build/ | |
| - name: (Smoke) Stop Server | |
| run: docker stop bms | |
| screenshot: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| needs: [build] | |
| name: Take Screenshots | |
| runs-on: ubuntu-latest | |
| env: | |
| SCREENSHOT_CONTAINER: ghcr.io/linz/basemaps-screenshot/cli:v1 | |
| DOCKER_AWS_ENV: -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_REGION -e AWS_DEFAULT_REGION | |
| CONFIG_PATH: ${{ needs.build.outputs.config_path }} | |
| BASEMAPS_HOST: http://localhost:5000 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: (Screenshot) AWS Configure | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-region: ap-southeast-2 | |
| mask-aws-account-id: true | |
| role-to-assume: ${{ secrets.AWS_ROLE_SCREENSHOT }} | |
| - name: (Screenshot) Screenshot Pull Request Changes | |
| run: | | |
| ./scripts/bms.sh --config ${CONFIG_PATH} & | |
| # Wait for the server to start | |
| timeout 30 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' http://localhost:5000/v1/version)" != "200" ]]; do sleep 0.5; done' || false | |
| docker run --rm --network="host" -v $PWD:$PWD ${DOCKER_AWS_ENV} ${SCREENSHOT_CONTAINER} --url http://localhost:5000 --output $PWD/.artifacts/visual-snapshots | |
| - name: Save snapshots | |
| uses: getsentry/action-visual-snapshot@v2 | |
| with: | |
| save-only: true | |
| snapshot-path: .artifacts/visual-snapshots | |
| - name: (Screenshot) Stop Server | |
| run: docker stop bms | |
| visual-diff: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| checks: write | |
| needs: [build, screenshot] | |
| name: Validate Screenshots | |
| if: github.ref != 'refs/heads/master' && github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: AWS Configure | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-region: ap-southeast-2 | |
| mask-aws-account-id: true | |
| role-to-assume: ${{ secrets.AWS_ROLE_SCREENSHOT }} | |
| - name: Diff snapshots | |
| id: visual-snapshots-diff | |
| uses: blacha/action-visual-snapshot@v2 | |
| with: | |
| storage-prefix: 's3://linz-basemaps-screenshot' | |
| storage-url: 'https://d25mfjh9syaxsr.cloudfront.net' |