Clarify what the group management page is for #3325 #22716
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| DOCKER_BUILDKIT: 1 | |
| jobs: | |
| frontend: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| - name: NPM Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: node_modules | |
| key: npm-${{ hashFiles('package-lock.json') }} | |
| restore-keys: npm- | |
| - name: Typecheck | |
| run: | | |
| make typecheck | |
| - name: Build Docker images | |
| run: | | |
| make IMAGE_TAG=${IMAGE_TAG} TARGET=prod build | |
| make IMAGE_TAG=${IMAGE_TAG} TARGET=dev build | |
| - name: Lint | |
| run: | | |
| make lint | |
| - name: Test | |
| run: | | |
| make IMAGE_TAG=${IMAGE_TAG} test | |
| - name: Ingestion smoke test | |
| run: | | |
| make \ | |
| IMAGE_TAG=${IMAGE_TAG} \ | |
| INGEST_ONLY=non-existent-group \ | |
| INGEST_DEBUG=true \ | |
| PREREVIEW_BEARER_TOKEN=bogus \ | |
| PRELIGHTS_FEED_KEY=bogus \ | |
| CROSSREF_API_BEARER_TOKEN=bogus \ | |
| ingest-evaluations | |
| - name: Server smoke test | |
| run: | | |
| .github/smoke-test.sh | |
| - name: Backstop test | |
| run: | | |
| make IMAGE_TAG=${IMAGE_TAG} backstop-test | |
| - name: Taiko | |
| run: | | |
| make taiko | |
| - name: Push Image to GHCR | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| echo "${GHCR_PASSWORD}" | docker login ghcr.io --username "${GHCR_USERNAME}" --password-stdin | |
| docker tag sciety/sciety:${IMAGE_TAG} ghcr.io/sciety/sciety:${IMAGE_TAG} | |
| docker push ghcr.io/sciety/sciety:${IMAGE_TAG} | |
| env: | |
| GHCR_USERNAME: ${{ github.actor }} | |
| GHCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Deploy to staging | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| aws --region=us-east-1 eks update-kubeconfig --name libero-eks--franklin | |
| helm repo add bitnami https://charts.bitnami.com/bitnami | |
| helm dependency build helm/sciety | |
| helm upgrade -i sciety--staging \ | |
| --set images.frontend.tag=${IMAGE_TAG} \ | |
| --set hostname=staging.sciety.org \ | |
| --set crossrefApiBearerToken=${CROSSREF_API_BEARER_TOKEN} \ | |
| --set-string experimentEnabled="true" \ | |
| --set appSecret=${APP_SECRET} \ | |
| --set appCache=redis \ | |
| --set auth0ClientId=${AUTH0_CLIENT_ID_STAGING} \ | |
| --set auth0ClientSecret=${AUTH0_CLIENT_SECRET_STAGING} \ | |
| --set auth0Domain='sciety-staging.eu.auth0.com' \ | |
| --set auth0CallbackUrl='https://staging.sciety.org/auth0/callback' \ | |
| --set postgresqlSecretName=hive-staging-rds-postgres \ | |
| --set googleTagManagerId='GTM-NX7CQB4' \ | |
| --set ingestionAuthBearerToken=${SCIETY_TEAM_API_BEARER_TOKEN} \ | |
| --set prelightsFeedKey=${PRELIGHTS_FEED_KEY} \ | |
| --set prereviewBearerToken=${PREREVIEW_BEARER_TOKEN} \ | |
| --set healthchecksPingKey=${HEALTHCHECKS_PING_KEY} \ | |
| --wait \ | |
| helm/sciety | |
| env: | |
| APP_SECRET: ${{ secrets.APP_SECRET }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| CROSSREF_API_BEARER_TOKEN: ${{ secrets.CROSSREF_API_BEARER_TOKEN }} | |
| SCIETY_TEAM_API_BEARER_TOKEN: ${{ secrets.SCIETY_TEAM_API_BEARER_TOKEN }} | |
| PRELIGHTS_FEED_KEY: ${{ secrets.PRELIGHTS_FEED_KEY }} | |
| PREREVIEW_BEARER_TOKEN: ${{ secrets.PREREVIEW_BEARER_TOKEN}} | |
| AUTH0_CLIENT_ID_STAGING: ${{ secrets.AUTH0_CLIENT_ID_STAGING }} | |
| AUTH0_CLIENT_SECRET_STAGING: ${{ secrets.AUTH0_CLIENT_SECRET_STAGING }} | |
| HEALTHCHECKS_PING_KEY: ${{ secrets.HEALTHCHECKS_PING_KEY }} | |
| - name: Deploy to prod | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| aws --region=us-east-1 eks update-kubeconfig --name libero-eks--franklin | |
| helm repo add bitnami https://charts.bitnami.com/bitnami | |
| helm dependency build helm/sciety | |
| helm upgrade -i sciety--prod \ | |
| --set-string allowSiteCrawlers=true \ | |
| --set images.frontend.tag=${IMAGE_TAG} \ | |
| --set hostname=sciety.org \ | |
| --set fathomSiteId='DBULFPXG' \ | |
| --set googleTagManagerId='GTM-NX7CQB4' \ | |
| --set crossrefApiBearerToken=${CROSSREF_API_BEARER_TOKEN} \ | |
| --set appSecret=${APP_SECRET} \ | |
| --set appCache=redis \ | |
| --set auth0ClientId=${AUTH0_CLIENT_ID} \ | |
| --set auth0ClientSecret=${AUTH0_CLIENT_SECRET} \ | |
| --set auth0Domain='sciety.eu.auth0.com' \ | |
| --set auth0CallbackUrl='https://sciety.org/auth0/callback' \ | |
| --set postgresqlSecretName=hive-prod-rds-postgres \ | |
| --set ingestionAuthBearerToken=${SCIETY_TEAM_API_BEARER_TOKEN} \ | |
| --set prelightsFeedKey=${PRELIGHTS_FEED_KEY} \ | |
| --set prereviewBearerToken=${PREREVIEW_BEARER_TOKEN} \ | |
| --set healthchecksPingKey=${HEALTHCHECKS_PING_KEY} \ | |
| --wait \ | |
| helm/sciety | |
| env: | |
| APP_SECRET: ${{ secrets.APP_SECRET }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| CROSSREF_API_BEARER_TOKEN: ${{ secrets.CROSSREF_API_BEARER_TOKEN }} | |
| SCIETY_TEAM_API_BEARER_TOKEN: ${{ secrets.SCIETY_TEAM_API_BEARER_TOKEN }} | |
| PRELIGHTS_FEED_KEY: ${{ secrets.PRELIGHTS_FEED_KEY }} | |
| PREREVIEW_BEARER_TOKEN: ${{ secrets.PREREVIEW_BEARER_TOKEN}} | |
| AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }} | |
| AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }} | |
| HEALTHCHECKS_PING_KEY: ${{ secrets.HEALTHCHECKS_PING_KEY }} | |
| - name: Notify Slack | |
| if: failure() && github.ref == 'refs/heads/main' | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| uses: zuplo/github-action-slack-notify-build@v2 | |
| with: | |
| channel: sciety-general | |
| status: FAILED | |
| color: danger | |
| - name: Archive Taiko screenshots | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: feature-test-screenshots | |
| path: feature-test/screenshots | |
| - name: Archive Backstop screenshots | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: backstop_data | |
| path: backstop_data | |
| - name: Checkout deployment | |
| if: github.ref == 'refs/heads/main' | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'sciety/deployment' | |
| path: 'deployment' | |
| ssh-key: '${{ secrets.SCIETY_DEPLOYMENT_REPO_WRITE_ACCESS_SSH_KEY }}' | |
| - name: Update demo deployment to latest version | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| cd deployment | |
| TAG=${IMAGE_TAG} yq -i '.spec.values.images.frontend.tag = strenv(TAG)' manifests/sciety--demo.yaml | |
| git add . | |
| git config user.email "team@sciety.org" | |
| git config user.name "Deployment update bot" | |
| git commit -m "Update demo deployment to ${IMAGE_TAG}" | |
| git push | |
| automerge: | |
| needs: frontend | |
| runs-on: ubuntu-latest | |
| if: github.actor == 'dependabot[bot]' | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Dependabot metadata | |
| id: metadata | |
| uses: dependabot/fetch-metadata@v2 | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: auto-merge patch updates to @types/* | |
| if: startsWith(steps.metadata.outputs.dependency-names, '@types') && steps.metadata.outputs.update-type == 'version-update:semver-patch' | |
| run: gh pr merge --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| - name: auto-merge all updates to @typescript-eslint/* | |
| if: startsWith(steps.metadata.outputs.dependency-names, '@typescript-eslint') | |
| run: gh pr merge --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| - name: auto-merge all updates to eslint* | |
| if: startsWith(steps.metadata.outputs.dependency-names, 'eslint') | |
| run: gh pr merge --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| - name: auto-merge all updates to @swc/* | |
| if: startsWith(steps.metadata.outputs.dependency-names, '@swc') | |
| run: gh pr merge --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| - name: auto-merge all updates to dependency-cruiser | |
| if: startsWith(steps.metadata.outputs.dependency-names, 'dependency-cruiser') | |
| run: gh pr merge --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| - name: auto-merge minor and patch updates to sass* | |
| if: startsWith(steps.metadata.outputs.dependency-names, 'sass') && steps.metadata.outputs.update-type == 'version-update:semver-minor' | |
| run: gh pr merge --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| - name: auto-merge patch updates to backstopjs | |
| if: startsWith(steps.metadata.outputs.dependency-names, 'backstopjs') && steps.metadata.outputs.update-type == 'version-update:semver-patch' | |
| run: gh pr merge --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| - name: auto-merge patch updates to browserslist | |
| if: startsWith(steps.metadata.outputs.dependency-names, 'browserslist') && steps.metadata.outputs.update-type == 'version-update:semver-minor' | |
| run: gh pr merge --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN}} |