DOMA-8614 News Item Sharing getRecipients proxy function #1416
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Condo CI | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
workflow_dispatch: | |
env: | |
DOCKER_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:${{ github.sha }} | |
PG_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/doma/utils/postgres:13.2 | |
REDIS_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/doma/utils/redis:6.2 | |
jobs: | |
build-image: | |
name: Build Docker Image | |
runs-on: test-pool-runners | |
outputs: | |
DOCKER_IMAGE_FULL: ${{ env.DOCKER_IMAGE_FULL }} | |
steps: | |
- name: Prepare runner | |
run: | | |
sudo apt update && sudo apt install -y git | |
- name: Set registry variables | |
run: | | |
echo "DOCKER_CACHE_FROM=type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:$( echo "${{github.ref_name}}" | sed 's/[^a-zA-Z0-9]/-/g' ) >> $GITHUB_ENV" | |
echo "DOCKER_CACHE_TO=type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:$( echo "${{github.ref_name}}" | sed 's/[^a-zA-Z0-9]/-/g' ),mode=min,image-manifest=true" >> $GITHUB_ENV | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
submodules: recursive | |
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }} | |
- name: Prune repo to filter out yarn.lock and package.json | |
run: | | |
bash bin/prune.sh | |
- name: Setup context for Docker BuildX | |
id: buildx-context | |
run: | | |
docker context create builders | |
- name: Setup Docker BuildX | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
endpoint: builders | |
driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=10485760 | |
- name: Login to cloud registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.DOCKER_REGISTRY }} | |
username: ${{ secrets.SBERCLOUD_CR_USERNAME }} | |
password: ${{ secrets.SBERCLOUD_CR_PASSWORD }} | |
- name: Build repo image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: Dockerfile | |
push: true | |
tags: ${{ env.DOCKER_IMAGE_FULL }} | |
build-args: | | |
REGISTRY=${{ secrets.DOCKER_REGISTRY }}/doma/utils | |
TURBO_TEAM=condo-ci | |
TURBO_REMOTE_ONLY=true | |
TURBO_TOKEN=${{ secrets.TURBO_TOKEN }} | |
TURBO_API=${{ secrets.TURBO_API }} | |
provenance: false | |
cache-from: ${{ env.DOCKER_CACHE_FROM }} | |
cache-to: ${{ env.DOCKER_CACHE_TO }} | |
- name: Collect docker logs on failure | |
if: failure() | |
uses: jwalton/gh-docker-logs@v1 | |
with: | |
dest: './docker-logs' | |
- name: Upload log artifact | |
uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: logs | |
path: | | |
*.log | |
./docker-logs | |
retention-days: 2 | |
# SRC: https://how.wtf/run-workflow-step-or-job-based-on-file-changes-github-actions.html | |
detect-changes: | |
name: Define job list based on changed files | |
runs-on: ubuntu-latest | |
outputs: | |
dev-api: ${{ steps.detect-changes.outputs.dev-api }} | |
steps: | |
- name: Checkout code with submodules | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
submodules: recursive | |
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }} | |
- name: Scan changed files | |
uses: dorny/paths-filter@v2 | |
id: detect-changes | |
with: | |
filters: | | |
dev-api: | |
- 'apps/dev-api/**' | |
- 'apps/condo/domains/miniapp/**' | |
- 'apps/condo/domains/user/**' | |
lint: | |
name: Lint source code | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code with submodules | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
submodules: recursive | |
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }} | |
- name: Prepare Node environment | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'yarn' | |
- name: Install root dependencies | |
run: | | |
yarn workspaces focus root | |
- name: Check code-style rules | |
run: | | |
yarn lint:code | |
# TODO(DOMA-7753): Think about migrating this check to Typescript, like in dev-portal and documents. | |
# Reason: TS check is no cost + you can fix it before you commit it + lint out the box in build-time + have keys autocompletion!! | |
- name: Check translations rules | |
run: | | |
yarn lint:translations | |
- name: Check common file patterns | |
run: | | |
bash ./bin/lint-common-patterns.sh | |
# TODO(DOMA-7754): Figure out how to extract schema without starting KS-app (30sec for start per app is slow) and lint all apps | |
security: | |
name: Semgrep vulnerabilities check | |
runs-on: ubuntu-latest | |
container: | |
image: returntocorp/semgrep | |
# Skip any PR created by dependabot to avoid permission issues | |
if: (github.actor != 'dependabot[bot]') | |
steps: | |
# Fetch project source with GitHub Actions Checkout. | |
- uses: actions/checkout@v3 | |
- run: ./bin/run-semgrep.sh -a | |
run-dev-api-tests: | |
name: DEV-API Tests | |
runs-on: ubuntu-latest | |
needs: | |
- detect-changes | |
- build-image | |
if: ${{ needs.detect-changes.outputs.dev-api == 'true' }} | |
steps: | |
- name: Login to cloud registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.DOCKER_REGISTRY }} | |
username: ${{ secrets.SBERCLOUD_CR_USERNAME }} | |
password: ${{ secrets.SBERCLOUD_CR_PASSWORD }} | |
- name: Setup PG db | |
run: | | |
docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }} | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
POSTGRES_DB: main | |
- name: Setup Redis db | |
run: | | |
docker run -p="127.0.0.1:6379:6379" -d ${{ env.REDIS_IMAGE_FULL }} | |
- name: Run condo container with daemon | |
run: | | |
docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh | |
- name: Prepare apps | |
run: | | |
docker exec condo-container node bin/prepare.js -f condo dev-api | |
- name: Run apps and tests | |
run: | | |
docker exec condo-container sh -c "(\ | |
yarn workspace @app/condo start & \ | |
yarn workspace @app/dev-api start & \ | |
node bin/wait-apps-apis.js -f condo dev-api) && \ | |
yarn workspace @app/dev-api test" |