feat: feature 4 done while working on release branch #32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: [push] | |
env: | |
PARABOL_DOCKERFILE: ./docker/parabol-ubi/docker-build/dockerfiles/pipeline.dockerfile | |
PARABOL_BUILD_ENV_PATH: docker/parabol-ubi/docker-build/environments/pipeline | |
jobs: | |
build: | |
runs-on: ubuntu-8cores | |
permissions: | |
contents: "read" | |
id-token: "write" | |
services: | |
postgres: | |
image: postgres:12.15-alpine | |
# This env variables must be the same in the file PARABOL_BUILD_ENV_PATH | |
env: | |
POSTGRES_PASSWORD: "temppassword" | |
POSTGRES_USER: "tempuser" | |
POSTGRES_DB: "tempdb" | |
ports: | |
- 5432:5432 | |
rethinkdb: | |
image: rethinkdb:2.4.2 | |
ports: | |
- 8080:8080 | |
- 28015:28015 | |
- 29015:29015 | |
redis: | |
image: redis:6.2.6 | |
ports: | |
- 6379:6379 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup environment variables | |
run: | | |
echo "NODE_VERSION=$(jq -r -j '.engines.node|ltrimstr("^")' package.json)" >> $GITHUB_ENV | |
if [ ${{github.ref_type}} = "tag" ]; then | |
DOCKER_REPOSITORY_FOR_REF=${{ secrets.GCP_AR_PARABOL }} | |
else | |
DOCKER_REPOSITORY_FOR_REF=${{ secrets.GCP_AR_PARABOL_DEV }} | |
fi | |
echo "DOCKER_REPOSITORY_FOR_REF=${DOCKER_REPOSITORY_FOR_REF}" >> $GITHUB_ENV | |
GITHUB_REF_NAME_NORMALIZED=$(echo ${{github.ref_name}} | tr / -) | |
echo "GITHUB_REF_NAME_NORMALIZED=${GITHUB_REF_NAME_NORMALIZED}" >> $GITHUB_ENV | |
DOCKERIZE=${{ github.ref_type == 'tag' || contains(fromJSON('["master", "release", "staging", "production"]'), github.ref_name) || startsWith(github.event.head_commit.message, 'dockerize')}} | |
echo "DOCKERIZE=${DOCKERIZE}" >> $GITHUB_ENV | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version-file: package.json | |
# Caching yarn dir & running yarn install is too slow | |
# Instead, we aggressively cache node_modules below to avoid calling install | |
- name: Get cached node modules | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
**/node_modules | |
key: node_modules-${{ runner.arch }}-${{ env.NODE_VERSION }}-${{ hashFiles('yarn.lock') }} | |
- name: Install node_modules | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: yarn install --immutable | |
- name: Build the DBs | |
run: | | |
cp ${{ env.PARABOL_BUILD_ENV_PATH }} ./.env | |
yarn db:migrate | |
yarn pg:migrate up | |
yarn pg:build | |
yarn pg:generate | |
- name: Build for testing | |
if: env.DOCKERIZE != 'true' | |
run: yarn build | |
- name: Build for deploying | |
if: env.DOCKERIZE == 'true' | |
env: | |
NODE_OPTIONS: "--max_old_space_size=8192" | |
run: yarn build --no-deps | |
- name: Verify source is clean | |
run: git diff --quiet HEAD || (echo "Changes in generated files detected"; git diff; exit 1) | |
- name: Check Code Quality | |
run: yarn codecheck | |
- name: Run Predeploy for Testing | |
run: yarn predeploy | |
- name: Start testing server in background | |
run: | | |
yarn start & | |
env: | |
CI: true | |
STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }} | |
- name: Wait for testing server to be healthy | |
run: curl -4 --retry 30 --retry-connrefused --retry-delay 10 http://localhost:3000/graphql | |
- name: Run server tests | |
run: yarn test:server -- --reporters=default --reporters=jest-junit | |
env: | |
JEST_JUNIT_OUTPUT_DIR: ./test-results/junit/server | |
CI: true | |
- name: Run client tests | |
run: yarn test:client -- --reporters=default --reporters=jest-junit | |
env: | |
JEST_JUNIT_OUTPUT_DIR: ./test-results/junit/client | |
CI: true | |
- name: Store Playwright Version | |
run: | | |
PLAYWRIGHT_VERSION=$(npm ls @playwright/test | grep @playwright | sed 's/.*@//') | |
echo "PLAYWRIGHT_VERSION=$PLAYWRIGHT_VERSION" >> $GITHUB_ENV | |
- name: Cache Playwright Browsers | |
id: cache-playwright-browsers | |
uses: actions/cache@v3 | |
with: | |
path: ~/.cache/ms-playwright | |
key: playwright-${{ runner.arch }}-${{ env.PLAYWRIGHT_VERSION }} | |
- name: Setup Playwright | |
if: steps.cache-playwright-browsers.outputs.cache-hit != 'true' | |
run: npx playwright install --with-deps | |
- name: Run Playwright Tests | |
run: yarn workspace integration-tests test --reporter list,junit | |
env: | |
PLAYWRIGHT_JUNIT_OUTPUT_NAME: ./test-results/junit/junit.xml | |
- name: Store Artifacts from Failed Tests | |
if: failure() | |
uses: actions/upload-artifact@v2 | |
with: | |
name: test-results | |
path: test-results/ | |
retention-days: 7 | |
- name: Set up Docker Buildx | |
if: env.DOCKERIZE == 'true' | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: "--allow-insecure-entitlement network.host" | |
driver-opts: network=host | |
- id: "auth" | |
name: "Authenticate to Google Cloud" | |
if: env.DOCKERIZE == 'true' | |
uses: "google-github-actions/auth@v1" | |
with: | |
token_format: "access_token" | |
workload_identity_provider: ${{ secrets.GCP_WI_PROVIDER_NAME }} | |
service_account: ${{ secrets.GCP_SA_EMAIL }} | |
- uses: "docker/login-action@v2" | |
if: env.DOCKERIZE == 'true' | |
with: | |
registry: ${{ secrets.GCP_DOCKER_REGISTRY }} | |
username: "oauth2accesstoken" | |
password: "${{ steps.auth.outputs.access_token }}" | |
# | |
# Multi-platform build. Uncomment to be able t build multi-platform images. | |
# | |
# - name: Set up QEMU | |
# uses: docker/setup-qemu-action@v2 | |
- name: Build and push | |
if: env.DOCKERIZE == 'true' | |
uses: docker/build-push-action@v4 | |
with: | |
network: host | |
allow: network.host | |
file: ${{ env.PARABOL_DOCKERFILE }} | |
context: . | |
build-args: | | |
"_NODE_VERSION=${{ env.NODE_VERSION }}" | |
"_SECURITY_ENABLED=true" | |
push: true | |
tags: | | |
"${{ secrets.GCP_AR_PARABOL_DEV }}:${{github.sha}}" | |
"${{ env.DOCKER_REPOSITORY_FOR_REF }}:${{ env.GITHUB_REF_NAME_NORMALIZED }}" | |
# platforms: linux/amd64,linux/arm64 # Uncomment to be able to build multi-platform images. |