Skip to content

DOMA-8614 News Item Sharing getRecipients proxy function #1416

DOMA-8614 News Item Sharing getRecipients proxy function

DOMA-8614 News Item Sharing getRecipients proxy function #1416

Workflow file for this run

name: Condo CI
on:
push:
branches:
- master
pull_request:
branches:
- master
workflow_dispatch:
env:
DOCKER_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:${{ github.sha }}
PG_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/doma/utils/postgres:13.2
REDIS_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/doma/utils/redis:6.2
jobs:
build-image:
name: Build Docker Image
runs-on: test-pool-runners
outputs:
DOCKER_IMAGE_FULL: ${{ env.DOCKER_IMAGE_FULL }}
steps:
- name: Prepare runner
run: |
sudo apt update && sudo apt install -y git
- name: Set registry variables
run: |
echo "DOCKER_CACHE_FROM=type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:$( echo "${{github.ref_name}}" | sed 's/[^a-zA-Z0-9]/-/g' ) >> $GITHUB_ENV"
echo "DOCKER_CACHE_TO=type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:$( echo "${{github.ref_name}}" | sed 's/[^a-zA-Z0-9]/-/g' ),mode=min,image-manifest=true" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: recursive
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
- name: Prune repo to filter out yarn.lock and package.json
run: |
bash bin/prune.sh
- name: Setup context for Docker BuildX
id: buildx-context
run: |
docker context create builders
- name: Setup Docker BuildX
id: buildx
uses: docker/setup-buildx-action@v3
with:
endpoint: builders
driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=10485760
- name: Login to cloud registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.DOCKER_REGISTRY }}
username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
- name: Build repo image
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile
push: true
tags: ${{ env.DOCKER_IMAGE_FULL }}
build-args: |
REGISTRY=${{ secrets.DOCKER_REGISTRY }}/doma/utils
TURBO_TEAM=condo-ci
TURBO_REMOTE_ONLY=true
TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
TURBO_API=${{ secrets.TURBO_API }}
provenance: false
cache-from: ${{ env.DOCKER_CACHE_FROM }}
cache-to: ${{ env.DOCKER_CACHE_TO }}
- name: Collect docker logs on failure
if: failure()
uses: jwalton/gh-docker-logs@v1
with:
dest: './docker-logs'
- name: Upload log artifact
uses: actions/upload-artifact@v3
if: failure()
with:
name: logs
path: |
*.log
./docker-logs
retention-days: 2
# SRC: https://how.wtf/run-workflow-step-or-job-based-on-file-changes-github-actions.html
detect-changes:
name: Define job list based on changed files
runs-on: ubuntu-latest
outputs:
dev-api: ${{ steps.detect-changes.outputs.dev-api }}
steps:
- name: Checkout code with submodules
uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: recursive
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
- name: Scan changed files
uses: dorny/paths-filter@v2
id: detect-changes
with:
filters: |
dev-api:
- 'apps/dev-api/**'
- 'apps/condo/domains/miniapp/**'
- 'apps/condo/domains/user/**'
lint:
name: Lint source code
runs-on: ubuntu-latest
steps:
- name: Checkout code with submodules
uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: recursive
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
- name: Prepare Node environment
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: Install root dependencies
run: |
yarn workspaces focus root
- name: Check code-style rules
run: |
yarn lint:code
# TODO(DOMA-7753): Think about migrating this check to Typescript, like in dev-portal and documents.
# Reason: TS check is no cost + you can fix it before you commit it + lint out the box in build-time + have keys autocompletion!!
- name: Check translations rules
run: |
yarn lint:translations
- name: Check common file patterns
run: |
bash ./bin/lint-common-patterns.sh
# TODO(DOMA-7754): Figure out how to extract schema without starting KS-app (30sec for start per app is slow) and lint all apps
security:
name: Semgrep vulnerabilities check
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
# Fetch project source with GitHub Actions Checkout.
- uses: actions/checkout@v3
- run: ./bin/run-semgrep.sh -a
run-dev-api-tests:
name: DEV-API Tests
runs-on: ubuntu-latest
needs:
- detect-changes
- build-image
if: ${{ needs.detect-changes.outputs.dev-api == 'true' }}
steps:
- name: Login to cloud registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.DOCKER_REGISTRY }}
username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
- name: Setup PG db
run: |
docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: main
- name: Setup Redis db
run: |
docker run -p="127.0.0.1:6379:6379" -d ${{ env.REDIS_IMAGE_FULL }}
- name: Run condo container with daemon
run: |
docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
- name: Prepare apps
run: |
docker exec condo-container node bin/prepare.js -f condo dev-api
- name: Run apps and tests
run: |
docker exec condo-container sh -c "(\
yarn workspace @app/condo start & \
yarn workspace @app/dev-api start & \
node bin/wait-apps-apis.js -f condo dev-api) && \
yarn workspace @app/dev-api test"