allow tracing headers for `whoami` CORS #133

Workflow file for this run

	name: CI/CD

	jobs:
	# Stage 1: codacy, devskim, install
	codacy:
	name: Codacy
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Analyze
	uses: codacy/codacy-analysis-cli-action@master
	with:
	project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
	format: sarif
	gh-code-scanning-compat: true
	max-allowed-issues: 2147483647
	output: sarif/codacy.sarif
	verbose: true
	## rejecting SARIF, as there are more runs than allowed (22 > 20)
	# - name: Upload SARIF
	# if: always()
	# uses: github/codeql-action/upload-sarif@main
	# with:
	# sarif_file: sarif/codacy.sarif
	# wait-for-processing: true

	devskim:
	name: DevSkim
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	- 8126:8126
	permissions:
	actions: read
	contents: read
	security-events: write
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Scan
	uses: microsoft/DevSkim-Action@v1
	- name: Upload SARIF
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: devskim-results.sarif
	wait-for-processing: true

	install:
	name: Install
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	cache: yarn
	check-latest: true
	node-version: 'lts/*'
	- name: Install dependencies
	run: yarn install --immutable

	# Stage 2: prepack
	prepack:
	name: Prepack
	needs: install
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	cache: yarn
	check-latest: true
	node-version: 'lts/*'
	- name: Install dependencies
	run: yarn install --immutable
	- name: Prepack
	run: yarn run --require dd-trace/init prepack
	env:
	CLARITY_TAG: lm4m88gmix
	CLOUD_PLATFORM: GitHub
	CLOUD_PROVIDER: GitHub Pages
	CLOUDWATCH_RUM_APPLICATION_ID: 8495b9c9-f57e-4395-9ca6-6c01862c107b
	CLOUDWATCH_RUM_GUEST_ROLE_ARN: arn:aws:iam::787801101157:role/RUM-Monitor-us-west-2-787801101157-0860829251171-Unauth
	CLOUDWATCH_RUM_IDENTITY_POOL_ID: us-west-2:f6379e5a-a304-4608-bf6d-b66f00a5d3fb
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_APPLICATION_ID: e29eb164-e193-4380-b512-ebd70bbfaeb6
	DD_CLIENT_TOKEN: pubf0c07bd5003d0c4a65a9f129d9e83a3d
	DD_ENV: prod
	DD_PROFILING_ENABLED: true
	DD_SERVICE: quisi.do
	DD_VERSION: ${{ github.sha }}
	DEPLOYMENT_ENVIRONMENT: live
	GITHUB_REPOSITORY: ${{ github.repository }}
	GITHUB_SHA: ${{ github.sha }}
	GOOGLE_ANALYTICS_TRACKING_ID: G-ZTQ6K5CVQS
	IMAGEKIT_KEY: ${{ secrets.IMAGEKIT_KEY }}
	PATREON_OAUTH_CLIENT_ID: J_6jrNJZNibHylSF83UVl9I4OHZYf67RAsU0s7_LnH1N5BKF-vgOyweF3KQLOKm1
	PATREON_OAUTH_REDIRECT_URI: https://a.quisi.do/patreon/
	SENTRY_ENVIRONMENT: production
	WHOAMI: https://api.quisi.do/whoami
	- name: Upload artifacts
	uses: actions/upload-artifact@v3
	with:
	name: prepack
	path: \|
	packages/*/.next/
	packages/*/dist/
	packages/*/out/

	# Stage 3: lighthouse, prepublish, prepublish-applications
	lighthouse:
	name: Lighthouse
	needs: prepack
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: prepack
	path: packages/
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	cache: yarn
	check-latest: true
	node-version: 'lts/*'
	- name: Install dependencies
	run: yarn install --immutable
	- name: Audit
	run: yarn packages/next run lighthouse:report:production
	- name: Validate
	run: yarn packages/next run postlighthouse
	- name: Upload report
	if: always()
	uses: actions/upload-artifact@v3
	with:
	name: lighthouse
	path: \|
	packages//lighthouse.report.
	packages//lighthouse-.devtoolslog.json
	packages//lighthouse-.trace.json

	prepublish:
	name: Prepublish
	needs: prepack
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: prepack
	path: packages/
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	cache: yarn
	check-latest: true
	node-version: 'lts/*'
	- name: Install dependencies
	run: yarn install --immutable
	- name: Prepublish
	run: yarn run --require dd-trace/ci/init prepublish
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_CIVISIBILITY_AGENTLESS_ENABLED: true
	DD_ENV: ci
	DD_SERVICE: quisi.do

	# Run prepublish on applications, because prepublish won't be triggered for
	# applications by the publish step.
	prepublish-applications:
	name: Prepublish applications
	needs: prepack
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: prepack
	path: packages/
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	cache: yarn
	check-latest: true
	node-version: 'lts/*'
	- name: Install dependencies
	run: yarn install --immutable
	- name: Prepublish quisi.do
	run: yarn packages/next run prepublish
	- name: Upload artifacts
	uses: actions/upload-artifact@v3
	with:
	name: prepublish-applications
	path: \|
	packages/*/jest/
	sarif/

	# Stage 4: github-pages, npm, sentry-release
	datadog-sourcemaps:
	name: Datadog sourcemaps
	needs: [lighthouse, prepublish-applications]
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: prepack
	path: packages/
	- name: Install dependencies
	run: yarn install --immutable
	- name: Upload Datadog sourcemaps
	run: yarn packages/next run datadog:sourcemaps
	env:
	DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	RELEASE_VERSION: ${{ github.sha }}

	github-pages:
	name: GitHub Pages
	needs: [lighthouse, prepublish-applications]
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: prepack
	path: packages/
	- name: Deploy
	uses: JamesIves/github-pages-deploy-action@v4
	with:
	branch: gh-pages
	clean: true
	folder: packages/next/out/
	single-commit: true

	npm:
	name: NPM
	needs: [prepack, prepublish]
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: prepack
	path: packages/
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	cache: yarn
	check-latest: true
	node-version: 'lts/*'
	- name: Install dependencies
	run: yarn install --immutable
	- name: Publish
	env:
	NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
	run: >
	yarn config set npmAuthToken $NPM_AUTH_TOKEN;
	yarn run publish;
	- name: Upload artifacts
	uses: actions/upload-artifact@v3
	with:
	name: npm
	path: \|
	packages/*/jest/
	sarif/

	sentry-release:
	name: Sentry release
	needs: [lighthouse, prepublish-applications]
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: prepack
	path: packages/
	- name: Sentry release
	uses: getsentry/action-release@v1
	env:
	SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
	SENTRY_LOG_LEVEL: info
	SENTRY_ORG: quisido
	SENTRY_PROJECT: quisi-do
	with:
	environment: production
	sourcemaps: build
	version: ${{ github.sha }}

	# Stage 5: cloudflare-purge, github-packages, wrangler-deploy-*
	cloudflare-purge:
	name: Cloudflare purge
	needs: github-pages
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Purge Cloudflare files
	env:
	CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_PURGE_API_TOKEN }}
	CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
	run: >
	curl \
	--data '{
	"files": [
	"https://quisi.do",
	"https://quisi.do/index.html"
	]
	}' \
	--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
	--header "Content-Type:application/json" \
	--request POST \
	"https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/purge_cache"

	github-packages:
	name: GitHub Packages
	needs: npm
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	permissions:
	contents: read
	packages: write
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: prepack
	path: packages/
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	cache: yarn
	check-latest: true
	node-version: 'lts/*'
	registry-url: 'https://npm.pkg.github.com'
	scope: '@${{ github.repository_owner }}'
	- name: Install dependencies
	run: yarn install --immutable
	- name: Publish
	env:
	NPM_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: >
	yarn config set npmAuthToken $NPM_AUTH_TOKEN;
	yarn config set \
	npmScopes.${{ github.repository_owner }}.npmPublishRegistry \
	'https://npm.pkg.github.com';
	yarn run publish;

	wrangler-deploy-authn:
	name: Wrangler deploy Authentication
	needs: [lighthouse, npm, prepublish-applications]
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	cache: yarn
	check-latest: true
	node-version: 'lts/*'
	- name: Install dependencies
	run: yarn install --immutable
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: prepack
	path: packages/
	- name: Deploy
	run: yarn packages/authn run production:deploy
	env:
	CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_EDIT_WORKERS_API_TOKEN }}

	wrangler-deploy-cloudflare-analytics:
	name: Wrangler deploy Cloudflare Analytics
	needs: [lighthouse, npm, prepublish-applications]
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	cache: yarn
	check-latest: true
	node-version: 'lts/*'
	- name: Install dependencies
	run: yarn install --immutable
	- name: Deploy
	run: yarn packages/cloudflare-analytics run deploy
	env:
	CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_EDIT_WORKERS_API_TOKEN }}

	wrangler-deploy-whoami:
	name: Wrangler deploy Who am I?
	needs: [lighthouse, npm, prepublish-applications]
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	cache: yarn
	check-latest: true
	node-version: 'lts/*'
	- name: Install dependencies
	run: yarn install --immutable
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: prepack
	path: packages/
	- name: Deploy
	run: yarn packages/whoami run production:deploy
	env:
	CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_EDIT_WORKERS_API_TOKEN }}

	# Stage 6: neuralegion
	neuralegion:
	name: NeuraLegion
	needs: cloudflare-purge
	runs-on: ubuntu-latest
	env:
	DD_ENV: ci
	services:
	datadog-agent:
	image: datadog/agent:latest
	env:
	DD_API_KEY: ${{ secrets.DATADOG_API_KEY }}
	DD_HOSTNAME: none
	DD_INSIDE_CI: true
	ports:
	- 8126:8126
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Scan
	continue-on-error: true
	# id: scan
	uses: NeuraLegion/run-scan@release
	with:
	api_token: ${{ secrets.NEURALEGION_TOKEN }}
	name: GitHub SHA - ${{ github.sha }}
	crawler_urls: \|
	["https://quisi.do/"]
	discovery_types: \|
	["crawler"]
	# - name: Wait for breakpoint
	# continue-on-error: true
	# uses: NeuraLegion/wait-for@release
	# with:
	# api_token: ${{ secrets.NEURALEGION_TOKEN }}
	# code_scanning_alerts: true
	# github_token: ${{ secrets.GITHUB_TOKEN }}
	# scan: ${{ steps.scan.outputs.id }}
	# timeout: 600
	# wait_for: any

	on:
	push:
	branches: [main]
	workflow_dispatch:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

allow tracing headers for `whoami` CORS #133

Workflow file

allow tracing headers for `whoami` CORS #133

Jobs

Run details

Workflow file for this run

allow tracing headers for whoami CORS #133

Workflow file

Workflow file for this run

allow tracing headers for `whoami` CORS #133