Feat/fine-rights #3070
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - ready_for_review | |
| branches: | |
| - "**" | |
| workflow_dispatch: | |
| env: | |
| NODE_VERSION: "20.15.1" | |
| PNPM_VERSION: "9.5.0" | |
| REGISTRY: "ghcr.io" | |
| NAMESPACE: "${{ github.repository }}" | |
| MULTI_ARCH: false | |
| USE_QEMU: false | |
| jobs: | |
| path-filter: | |
| runs-on: ubuntu-latest | |
| if: ${{ !github.event.pull_request.draft }} | |
| outputs: | |
| apps: ${{ steps.filter.outputs.apps }} | |
| steps: | |
| - name: Checks-out repository | |
| uses: actions/checkout@v4 | |
| - name: Check updated files paths | |
| uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| apps: | |
| - 'apps/**' | |
| - 'packages/**' | |
| - 'plugins/**' | |
| - '.github/workflows/**' | |
| expose-vars: | |
| runs-on: ubuntu-latest | |
| if: ${{ !github.event.pull_request.draft }} | |
| outputs: | |
| NODE_VERSION: ${{ env.NODE_VERSION }} | |
| PNPM_VERSION: ${{ env.PNPM_VERSION }} | |
| REGISTRY: ${{ env.REGISTRY }} | |
| NAMESPACE: ${{ env.NAMESPACE }} | |
| MULTI_ARCH: ${{ env.MULTI_ARCH }} | |
| USE_QEMU: ${{ env.USE_QEMU }} | |
| steps: | |
| - name: Exposing env vars | |
| run: echo "Exposing env vars" | |
| lint: | |
| uses: ./.github/workflows/lint.yml | |
| needs: | |
| - expose-vars | |
| with: | |
| NODE_VERSION: ${{ needs.expose-vars.outputs.NODE_VERSION }} | |
| PNPM_VERSION: ${{ needs.expose-vars.outputs.PNPM_VERSION }} | |
| unit-tests: | |
| uses: ./.github/workflows/tests-unit.yml | |
| needs: | |
| - expose-vars | |
| with: | |
| NODE_VERSION: ${{ needs.expose-vars.outputs.NODE_VERSION }} | |
| PNPM_VERSION: ${{ needs.expose-vars.outputs.PNPM_VERSION }} | |
| secrets: | |
| SONAR_HOST_URL: "${{ secrets.SONAR_HOST_URL }}" | |
| SONAR_TOKEN: "${{ secrets.SONAR_TOKEN }}" | |
| SONAR_PROJECT_KEY: "${{ secrets.SONAR_PROJECT_KEY }}" | |
| component-tests: | |
| uses: ./.github/workflows/tests-component.yml | |
| if: ${{ needs.path-filter.outputs.apps == 'true' }} | |
| needs: | |
| - path-filter | |
| - expose-vars | |
| with: | |
| NODE_VERSION: ${{ needs.expose-vars.outputs.NODE_VERSION }} | |
| PNPM_VERSION: ${{ needs.expose-vars.outputs.PNPM_VERSION }} | |
| BROWSERS: "${{ github.base_ref == 'main' && 'chrome,firefox' || 'firefox' }}" | |
| build: | |
| uses: ./.github/workflows/build.yml | |
| needs: | |
| - expose-vars | |
| with: | |
| REGISTRY: ${{ needs.expose-vars.outputs.REGISTRY }} | |
| NAMESPACE: ${{ needs.expose-vars.outputs.NAMESPACE }} | |
| TAG: pr-${{ github.event.pull_request.number || github.event.number }} | |
| MULTI_ARCH: ${{ needs.expose-vars.outputs.MULTI_ARCH == 'true' }} | |
| USE_QEMU: ${{ needs.expose-vars.outputs.USE_QEMU == 'true' }} | |
| e2e-tests: | |
| uses: ./.github/workflows/tests-e2e.yml | |
| if: ${{ needs.path-filter.outputs.apps == 'true' }} | |
| needs: | |
| - path-filter | |
| - expose-vars | |
| - build | |
| with: | |
| NODE_VERSION: ${{ needs.expose-vars.outputs.NODE_VERSION }} | |
| PNPM_VERSION: ${{ needs.expose-vars.outputs.PNPM_VERSION }} | |
| TAG: pr-${{ github.event.pull_request.number || github.event.number }} | |
| BROWSERS: "${{ github.base_ref == 'main' && 'chrome,firefox' || 'firefox' }}" | |
| deploy-tests: | |
| uses: ./.github/workflows/tests-deploy.yml | |
| if: ${{ needs.path-filter.outputs.apps != 'true' || (!github.event.pull_request.draft && github.base_ref == 'main') }} | |
| needs: | |
| - path-filter | |
| - expose-vars | |
| - build | |
| with: | |
| TAG: pr-${{ github.event.pull_request.number || github.event.number }} | |
| scan-vuln: | |
| uses: ./.github/workflows/scan.yml | |
| if: ${{ !github.event.pull_request.draft && github.base_ref == 'main' }} | |
| needs: | |
| - expose-vars | |
| - build | |
| with: | |
| REGISTRY: ${{ needs.expose-vars.outputs.REGISTRY }} | |
| NAMESPACE: ${{ needs.expose-vars.outputs.NAMESPACE }} | |
| TAG: pr-${{ github.event.pull_request.number || github.event.number }} | |
| # Workaround for required status check in protection branches (see. https://github.com/orgs/community/discussions/13690) | |
| all-jobs-passed: | |
| name: Check jobs status | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: | |
| - path-filter | |
| - expose-vars | |
| - lint | |
| - unit-tests | |
| - component-tests | |
| - build | |
| - e2e-tests | |
| - deploy-tests | |
| - scan-vuln | |
| steps: | |
| - name: Check status of all required jobs | |
| run: |- | |
| NEEDS_CONTEXT='${{ toJson(needs) }}' | |
| JOB_IDS=$(echo "$NEEDS_CONTEXT" | jq -r 'keys[]') | |
| for JOB_ID in $JOB_IDS; do | |
| RESULT=$(echo "$NEEDS_CONTEXT" | jq -r ".[\"$JOB_ID\"].result") | |
| echo "$JOB_ID job result: $RESULT" | |
| if [[ $RESULT != "success" && $RESULT != "skipped" ]]; then | |
| echo "***" | |
| echo "Error: The $JOB_ID job did not pass." | |
| exit 1 | |
| fi | |
| done | |
| echo "All jobs passed or were skipped." |