Add more information to session detail page #3025
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
CARGO_TERM_COLOR: always | |
CARGO_NET_GIT_FETCH_WITH_CLI: "true" | |
jobs: | |
opa-lint: | |
name: Lint and test OPA policies | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3.6.0 | |
- name: Setup OPA | |
uses: open-policy-agent/setup-opa@v2.1.0 | |
with: | |
version: 0.55.0 | |
- name: Lint policies | |
working-directory: ./policies | |
run: make lint | |
- name: Run OPA tests | |
working-directory: ./policies | |
run: make test | |
frontend-lint: | |
name: Check frontend style | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3.6.0 | |
- name: Install Node | |
uses: actions/setup-node@v3.8.1 | |
with: | |
node-version: 18 | |
- name: Install Node dependencies | |
working-directory: ./frontend | |
run: npm ci | |
- name: Lint | |
working-directory: ./frontend | |
run: npm run lint | |
frontend-test: | |
name: Run the frontend test suite | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3.6.0 | |
- name: Install Node | |
uses: actions/setup-node@v3.8.1 | |
with: | |
node-version: 18 | |
- name: Install Node dependencies | |
working-directory: ./frontend | |
run: npm ci | |
- name: Test | |
working-directory: ./frontend | |
run: npm test | |
rustfmt: | |
name: Check Rust style | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3.6.0 | |
- name: Install toolchain | |
run: | | |
rustup toolchain install nightly | |
rustup default nightly | |
rustup component add rustfmt | |
- name: Check style | |
run: cargo fmt --all -- --check | |
cargo-deny: | |
name: Run `cargo deny` checks | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3.6.0 | |
- name: Run `cargo-deny` | |
uses: EmbarkStudios/cargo-deny-action@v1.5.4 | |
check-schema: | |
name: Check schema | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3.6.0 | |
- name: Install Rust toolchain | |
run: | | |
rustup toolchain install stable | |
rustup default stable | |
- name: Setup Rust cache | |
uses: Swatinem/rust-cache@v2.6.2 | |
with: | |
save-if: "${{ github.event_name != 'pull_request' }}" | |
- name: Install Node | |
uses: actions/setup-node@v3.8.1 | |
with: | |
node-version: 18 | |
- name: Install Node dependencies | |
working-directory: ./frontend | |
run: npm ci | |
- name: Update the schemas | |
run: sh ./misc/update.sh | |
- name: Check that the workspace is clean | |
run: | | |
if ! [[ -z $(git status -s) ]]; then | |
echo "::error title=Workspace is not clean::Please run 'sh ./misc/update.sh' and commit the changes" | |
( | |
echo '## Diff after running `sh ./misc/update.sh`:' | |
echo | |
echo '```diff' | |
git diff | |
echo '```' | |
) >> $GITHUB_STEP_SUMMARY | |
exit 1 | |
fi | |
clippy: | |
name: Run Clippy | |
needs: [rustfmt, opa-lint] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3.6.0 | |
- name: Install toolchain | |
run: | | |
rustup toolchain install 1.71.0 | |
rustup default 1.71.0 | |
rustup component add clippy | |
- name: Setup OPA | |
uses: open-policy-agent/setup-opa@v2.1.0 | |
with: | |
version: 0.55.0 | |
- name: Compile OPA policies | |
working-directory: ./policies | |
run: make | |
- name: Setup Rust cache | |
uses: Swatinem/rust-cache@v2.6.2 | |
with: | |
save-if: "${{ github.event_name != 'pull_request' }}" | |
- name: Run clippy | |
run: | | |
cargo clippy --workspace --tests --bins --lib -- -D warnings | |
test: | |
name: Run test suite with Rust stable | |
needs: [rustfmt, opa-lint] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
services: | |
postgres: | |
image: docker.io/library/postgres:15.3 | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
POSTGRES_DB: postgres | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- "5432:5432" | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3.6.0 | |
- name: Install toolchain | |
run: | | |
rustup toolchain install stable | |
rustup default stable | |
- name: Install Node | |
uses: actions/setup-node@v3.8.1 | |
with: | |
node-version: 18 | |
- name: Install Node dependencies | |
working-directory: ./frontend | |
run: npm ci | |
- name: Build the frontend | |
working-directory: ./frontend | |
run: npm run build | |
- name: Setup OPA | |
uses: open-policy-agent/setup-opa@v2.1.0 | |
with: | |
version: 0.55.0 | |
- name: Compile OPA policies | |
working-directory: ./policies | |
run: make | |
- name: Setup Rust cache | |
uses: Swatinem/rust-cache@v2.6.2 | |
with: | |
save-if: "${{ github.event_name != 'pull_request' }}" | |
- name: Test | |
id: test | |
env: | |
DATABASE_URL: postgresql://postgres:postgres@localhost/postgres | |
SQLX_OFFLINE: '1' | |
run: | | |
cargo test --workspace | |
build-image: | |
name: Build and push Docker image | |
needs: [rustfmt, opa-lint] | |
runs-on: ubuntu-latest | |
env: | |
IMAGE: ghcr.io/matrix-org/matrix-authentication-service | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3.6.0 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v4.6.0 | |
with: | |
images: "${{ env.IMAGE }}" | |
bake-target: docker-metadata-action | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
type=sha | |
- name: Docker meta (debug variant) | |
id: meta-debug | |
uses: docker/metadata-action@v4.6.0 | |
with: | |
images: "${{ env.IMAGE }}" | |
bake-target: docker-metadata-action-debug | |
tags: | | |
type=ref,event=branch,suffix=-debug | |
type=semver,pattern={{version}},suffix=-debug | |
type=semver,pattern={{major}}.{{minor}},suffix=-debug | |
type=semver,pattern={{major}},suffix=-debug | |
type=sha,suffix=-debug | |
- name: Setup Cosign | |
uses: sigstore/cosign-installer@v3.1.1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2.10.0 | |
with: | |
config-inline: | | |
[registry."docker.io"] | |
mirrors = ["mirror.gcr.io"] | |
- name: Login to GitHub Container Registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v2.2.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# For pull-requests, only read from the cache, do not try to push to the | |
# cache or the image itself | |
# We only build for the amd64 platform in pull-requests to speed-up CI | |
- name: Build | |
uses: docker/bake-action@v3.1.0 | |
if: github.event_name == 'pull_request' | |
with: | |
files: | | |
docker-bake.hcl | |
${{ steps.meta.outputs.bake-file }} | |
${{ steps.meta-debug.outputs.bake-file }} | |
set: | | |
base.context=https://github.com/${{ github.repository }}.git#${{ github.ref }} | |
base.platform=linux/amd64 | |
base.cache-from=type=registry,ref=${{ env.IMAGE }}:buildcache | |
- name: Build and push | |
id: bake | |
uses: docker/bake-action@v3.1.0 | |
if: github.event_name != 'pull_request' | |
with: | |
files: | | |
docker-bake.hcl | |
${{ steps.meta.outputs.bake-file }} | |
${{ steps.meta-debug.outputs.bake-file }} | |
set: | | |
base.context=https://github.com/${{ github.repository }}.git#${{ github.ref }} | |
base.output=type=image,push=true | |
base.cache-from=type=registry,ref=${{ env.IMAGE }}:buildcache | |
base.cache-to=type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max | |
- name: Sign the images with GitHub Actions provided token | |
# Only sign on tags and on commits on main branch | |
if: | | |
github.event_name != 'pull_request' | |
&& (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') | |
run: |- | |
cosign sign --yes \ | |
"${{ env.IMAGE }}@${{ fromJSON(steps.bake.outputs.metadata).regular['containerimage.digest'] }}" \ | |
"${{ env.IMAGE }}@${{ fromJSON(steps.bake.outputs.metadata).debug['containerimage.digest'] }}" | |
tests-done: | |
name: Tests done | |
if: ${{ always() }} | |
needs: | |
- opa-lint | |
- frontend-lint | |
- frontend-test | |
- rustfmt | |
- cargo-deny | |
- clippy | |
- check-schema | |
- test | |
- build-image | |
runs-on: ubuntu-latest | |
steps: | |
- uses: matrix-org/done-action@v2 | |
with: | |
needs: ${{ toJSON(needs) }} |