sync main with the develop (#17)

* ci: build, lint and test on ci * ci: add release action * ci: cache coverage * ci: use inputs for sonarcloud * ci: use envs for inputs * ci: use env for inputs * ci: another try with inputs * ci: fix syntax * ci: add inputs * refactor: clean blank lines * ci: separate actions for sonarcloud * ci: fix separate actions for sonarcloud * ci: fix sonarcloud secrets * ci: add project name * ci: fix project name * ci: add ci name * ci: test structure * ci: download artifacts to root * ci: remove coverage * ci: collect coverage from integration tests * ci: prepare cd action * ci: use main * fix: input not required * fix: use enterprise flag as input * ci: remove publish script * don't install husky git hooks when releasing why would you do that? certain hooks like pre-commit (for the repos that still use the stupid `commitizen`) the release will outright fail * chore: don't use yarn built-in script because it doesn't shadow (#7) * don't create github releases when publishing changesets/action@v1 will try to create a GitHub release in the repo when publishing a new package version. changesets/action@v1 tries to publish the release using the entire contents of the CHANGELOG.md as release description. The changelog file is taken from the package folder that it's publishing. See here for the code: https://github.com/changesets/action/blob/main/src/run.ts#L66-L68 The max char limit of the release description is 125,000 characters. The problem is many of our packages actually have longer changelogs than 125,000. For example this one has 200k characters: https://github.com/vuestorefront/bigcommerce/blob/main/packages/api-client/CHANGELOG.md I admit Github releases would be very useful for e.g. registering the Slack-Github bot in a customer's channel to let them now a new package release had happened. Unfortunately, I can't really remove the changelog because it contains important historical information. For now, I'm disabling creation of github releases and waiting for changesets to implement truncation: changesets/action#174 (comment) * chore: add codeowners for PR notifications * allow publishing OSS packages (#12) * log in in open source packages too in open source packages, we often publish to NPM. To do that, we need to log in (so that changesets/actions know how to publish) * publish using NPM_TOKEN if not enterprise * re-enable creating gh releases see changesets/action#304 (comment) * stop linting pr title with conventional commits we use changesets now so it's not necessary * add abillity to inject environment variables for use by unified ci (#4) * feat: allow setting env var Sometimes, running `yarn test` can require env variables, e.g. in the case of integration test * ci: use alternative solution --------- Co-authored-by: Wojciech Sikora <35867383+WojtekTheWebDev@users.noreply.github.com> * BREAKING don't log into private repo if it's not necessary !! THIS WILL BREAK EXISTING REPOS !! Before this commit, the repos running the CI action had no choice but always log into our private NPM repo using NPM_USER and NPM_PASS secrets. If you didn't have those secrets, the CI would fail. The error that caused the failure was that "NPM_PASS" is not defined as a secret. Of course it's not, because there's no reason to log in to any NPM repository in a public package, since npmjs is public. After this commit, the CI action doesn't log in into verdaccio by default. For repos like magento2 which are public, and don't use private pacakges, this doesn't make sense. Especially now that we use NPM_RELEASE_TOKEN secret for releases (which allows you to publish without having to provide NPM_USER and NPM_PASS), passing NPM_USER and NPM_PASS for a public repo makes even less sense. --- The breaking change comes from the fact that in private GH repos where the CI workflow is reused without explicitly passing the param "enterprise: true" (it's not passed because this argument didn't exist before this commit), will now default to "enterprise: false". This will break our private GitHub repos that need to `npm install` private vsf packages to work. It will break because the CI NPM will not be logged in. * remove unused ENVIRONMENT_VARIABLES input I don't know how this got here, this is entirely unused * remove unused sonarcloud vars sonarcloud-related stuff lives in sonarcloud.yml now * NPM_* secrets are used only if enterprise = true, so should be optional * feat: add node versions matrix input --------- Co-authored-by: Wojciech Sikora <wsikora@vuestorefront.io> Co-authored-by: Artur Tagisow <5359825+sethidden@users.noreply.github.com> Co-authored-by: Wojciech Sikora <35867383+WojtekTheWebDev@users.noreply.github.com> Co-authored-by: Artur Tagisow <atagisow@vuestorefront.io> Co-authored-by: John Doe <john.doe@gmail.com>
vuestorefront · Jul 13, 2023 · 49d4300 · 49d4300
1 parent 0c917ce
commit 49d4300
Show file tree

Hide file tree

Showing 4 changed files with 178 additions and 15 deletions.
diff --git a/workflows/.github/workflows/continuous-delivery.yml b/workflows/.github/workflows/continuous-delivery.yml
@@ -0,0 +1,64 @@
+name: Release
+
+on:
+  workflow_call:
+    secrets:
+      NPM_USER:
+        description: "repository NPM_USER secret passed on"
+        required: false
+      NPM_PASS:
+        description: "repository NPM_PASS secret passed on"
+        required: false
+      NPM_EMAIL:
+        description: "repository NPM_EMAIL secret passed on"
+        required: false
+    inputs:
+      enterprise:
+        description: "Flag to use enterprise registry"
+        type: boolean
+        required: false
+        default: false
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  changelog:
+    name: Changelog PR or Release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version-file: '.node-version'
+
+      - name: Install dependencies (Enterprise)
+        if: ${{ inputs.enterprise }}
+        shell: bash
+        run: |
+          npm install -g npm-cli-login
+          npm-cli-login -u ${{ secrets.NPM_USER }} -p ${{ secrets.NPM_PASS }} -e ${{ secrets.NPM_EMAIL }} -r https://registrynpm.storefrontcloud.io
+          HUSKY=0 yarn --frozen-lockfile
+
+      - name: Install dependencies (OS)
+        if: ${{ !inputs.enterprise }}
+        shell: bash
+        run: |
+          HUSKY=0 yarn --frozen-lockfile
+
+      - name: Create Release Pull Request or Publish
+        id: changesets
+        uses: changesets/action@v1
+        with:
+          version: yarn run changesets:version
+          publish: yarn run changesets:publish
+          commit: "ci: release"
+          title: "ci: release"
+
+        env:
+          # Needs access to push to main
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_RELEASE_TOKEN }}
diff --git a/workflows/.github/workflows/continuous-integration.yml b/workflows/.github/workflows/continuous-integration.yml
@@ -5,25 +5,52 @@ on:
     secrets:
       NPM_USER:
         description: 'repository NPM_USER secret passed on'
-        required: true
+        required: false
       NPM_PASS:
         description: 'repository NPM_PASS secret passed on'
-        required: true
+        required: false
       NPM_EMAIL:
         description: 'repository NPM_EMAIL secret passed on'
-        required: true    
+        required: false
+
+    inputs:
+      enterprise:
+        description: "Flag to use enterprise registry"
+        type: boolean
+        required: false
+        default: false
+
+      node_version:
+        description: "Node versions to test"
+        type: string
+        required: false
+        default: "['16']"
 
 jobs:
-  setup:
+  run-ci:
+    name: Run CI
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node_version: ${{ fromJson(inputs.node_version) }}
     steps:
+      - name: Expose github environment as shell variables
+        env:
+          SECRETS_CONTEXT: ${{ toJson(secrets) }}
+          VARS_CONTEXT: ${{ toJson(vars) }}
+        run: |
+          # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable
+          # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
+          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+          to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; }
+          echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV
       - name: Checkout code 🛎️
         uses: actions/checkout@v3
 
       - name: Setup node 🏗️
         uses: actions/setup-node@v3
         with:
-          node-version-file: '.node-version'
+          node-version: ${{ matrix.node_version }}
 
       - name: Get cache 🗄️
         id: cache
@@ -32,23 +59,45 @@ jobs:
           path: '**/node_modules'
           key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
 
-      - name: Install dependencies 🔧
-        if: steps.cache.outputs.cache-hit != 'true'
+      - name: Install dependencies (Enterprise)
+        if: ${{ (inputs.enterprise == true) && (steps.cache.outputs.cache-hit != true)}}
         shell: bash
         run: |
           npm install -g npm-cli-login
           npm-cli-login -u ${{ secrets.NPM_USER }} -p ${{ secrets.NPM_PASS }} -e ${{ secrets.NPM_EMAIL }} -r https://registrynpm.storefrontcloud.io
-          yarn --frozen-lockfile
-            
+          HUSKY=0 yarn --frozen-lockfile
+
+      - name: Install dependencies (OS)
+        if: ${{ (inputs.enterprise == false) && (steps.cache.outputs.cache-hit != true)}}
+        shell: bash
+        run: |
+          HUSKY=0 yarn --frozen-lockfile
+
       - name: Detect circular dependencies 🔄
-        uses: vuestorefront/engineering-toolkit/github-actions/circular-dependencies@1.0.3
+        uses: vuestorefront/engineering-toolkit/github-actions/circular-dependencies@main
         with:
           filesPath: 'packages/**/*.{ts,vue}'
-          
+
       - name: Check licenses 🧪
-        uses: vuestorefront/engineering-toolkit/github-actions/check-licenses@1.0.9
+        uses: vuestorefront/engineering-toolkit/github-actions/check-licenses@main
         with:
           projectPath: ${{ github.workspace }}
-
-      - name: Validate pull request title ⚡️
-        uses: JulienKode/pull-request-name-linter-action@v0.5.0   
+
+      - name: Build project
+        run: yarn build
+
+      - name: Run tests
+        run: yarn test
+
+      - name: Upload test coverage
+        uses: actions/upload-artifact@v3
+        with:
+          name: coverage-${{ runner.os }}-${{ github.event.pull_request.head.sha }}
+          path: |
+            packages/api-client/coverage
+            packages/sdk/coverage
+            packages/composables/coverage
+            coverage
+
+      - name: Lint project
+        run: yarn lint
diff --git a/workflows/.github/workflows/sonarcloud.yml b/workflows/.github/workflows/sonarcloud.yml
@@ -0,0 +1,49 @@
+name: Sonarcloud
+
+on:
+  workflow_call:
+    secrets:
+      SONARCLOUD_TOKEN:
+        required: true
+    inputs:
+      project_key:
+        description: "Project key i.e. bigcommerce_api-client"
+        required: true
+        type: string
+      package_name:
+          description: "Package name i.e. api-client"
+          required: true
+          type: string
+      exclusions:
+        description: "Comma separated list of files to exclude from analysis"
+        required: false
+        type: string
+
+jobs:
+  sonarcloud:
+    name: Run Sonarcloud check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # Suggested by sonarcloud. Shallow clones should be disabled for a better relevancy of analysis
+
+      - name: Download test coverage for commit
+        uses: actions/download-artifact@v3
+        with:
+          name: coverage-${{ runner.os }}-${{ github.event.pull_request.head.sha }}
+          path: ./
+
+      - name: Scanning ${{ inputs.package_name }} with sonarcloud
+        uses: SonarSource/sonarcloud-github-action@v1.8
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
+        with:
+          projectBaseDir: packages/${{ inputs.package_name }}
+          args: >
+            -Dsonar.organization=vuestorefront
+            -Dsonar.projectKey=${{ inputs.project_key }}
+            -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
+            -Dsonar.coverage.exclusions=__tests__/**,__mocks__/**,${{ inputs.exclusions }}
+            -Dsonar.cpd.exclusions=__tests__/**,__mocks__/**,${{ inputs.exclusions }}
diff --git a/workflows/.gitignore b/workflows/.gitignore
@@ -0,0 +1 @@
+.idea