-
Notifications
You must be signed in to change notification settings - Fork 396
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test: Migrate CI to GtiHub [SDK-4450] (#1437)
- Loading branch information
Showing
11 changed files
with
439 additions
and
66 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
name: Build package | ||
description: Build the SDK package | ||
|
||
inputs: | ||
node: | ||
description: The Node version to use | ||
required: false | ||
default: 18 | ||
|
||
runs: | ||
using: composite | ||
|
||
steps: | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: ${{ inputs.node }} | ||
cache: npm | ||
|
||
- shell: bash | ||
run: npm ci | ||
env: | ||
NODE_ENV: development | ||
|
||
- shell: bash | ||
run: npm run install:example | ||
env: | ||
NODE_ENV: development | ||
|
||
- shell: bash | ||
run: npm run build |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
name: Prepare test | ||
description: Prepare an SDK test | ||
|
||
inputs: | ||
node: | ||
description: The Node version to use | ||
required: false | ||
default: 18 | ||
cache: | ||
description: The cache key identifier to use | ||
required: true | ||
|
||
runs: | ||
using: composite | ||
|
||
steps: | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: ${{ inputs.node }} | ||
cache: npm | ||
|
||
- uses: actions/cache/restore@v3 | ||
with: | ||
path: . | ||
key: ${{ inputs.cache }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,14 @@ | ||
version: 2 | ||
updates: | ||
- package-ecosystem: "npm" | ||
directory: "/" | ||
- package-ecosystem: "npm" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
ignore: | ||
- dependency-name: "*" | ||
update-types: ["version-update:semver-major"] | ||
|
||
- package-ecosystem: 'github-actions' | ||
directory: '/' | ||
schedule: | ||
interval: 'daily' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
name: Browserstack | ||
|
||
on: | ||
merge_group: | ||
workflow_dispatch: | ||
pull_request: | ||
types: | ||
- opened | ||
- synchronize | ||
push: | ||
branches: | ||
- main | ||
|
||
permissions: | ||
contents: read | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | ||
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | ||
|
||
env: | ||
NODE_VERSION: 18 | ||
CACHE_KEY: '${{ github.event.pull_request.head.sha || github.ref }}-${{ github.run_id }}-${{ github.run_attempt }}' | ||
|
||
jobs: | ||
authorize: | ||
name: Authorize | ||
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- run: true | ||
|
||
browserstack: | ||
needs: authorize # Require approval before running on forked pull requests | ||
|
||
name: Run Tests | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ github.event.pull_request.head.sha || github.ref }} | ||
|
||
- uses: ./.github/actions/build | ||
with: | ||
node: ${{ env.NODE_VERSION }} | ||
|
||
- shell: bash | ||
run: npm i --prefix=example-app --no-package-lock | ||
env: | ||
NODE_ENV: development | ||
|
||
- shell: bash | ||
run: npx start-server-and-test "start:example-local" http://localhost:3000 "browserstack-cypress run --build-name ${{ github.event.pull_request.head.sha || github.ref }} --no-wrap" | ||
env: | ||
BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }} | ||
BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
name: CodeQL | ||
|
||
on: | ||
merge_group: | ||
pull_request: | ||
types: | ||
- opened | ||
- synchronize | ||
push: | ||
branches: | ||
- main | ||
schedule: | ||
- cron: '37 10 * * 2' | ||
|
||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | ||
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | ||
|
||
jobs: | ||
analyze: | ||
name: Check for Vulnerabilities | ||
runs-on: ubuntu-latest | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: [javascript] | ||
|
||
steps: | ||
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group' | ||
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. | ||
|
||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
with: | ||
languages: ${{ matrix.language }} | ||
queries: +security-and-quality | ||
|
||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@v2 | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 | ||
with: | ||
category: '/language:${{ matrix.language }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
name: Publish Release | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
branch: | ||
description: The branch to release from | ||
required: true | ||
default: main | ||
version: | ||
description: The version being published. This should be a valid semver version, such as `1.0.0`. | ||
required: true | ||
default: '' | ||
type: string | ||
dry-run: | ||
type: boolean | ||
description: Perform a publishing dry run. This will not publish the release, but will validate the release and log the commands that would be run. | ||
default: false | ||
|
||
permissions: | ||
contents: read | ||
id-token: write # For publishing to NPM with provenance. Allows developers to run `npm audit signatures` and verify release signature of SDK. @see https://github.blog/2023-04-19-introducing-npm-package-provenance/ | ||
packages: write # For cross-publishing to GitHub Packages registry. | ||
|
||
env: | ||
NODE_VERSION: 18 | ||
NODE_ENV: development | ||
|
||
jobs: | ||
configure: | ||
name: Validate input parameters | ||
runs-on: ubuntu-latest | ||
|
||
outputs: | ||
vtag: ${{ steps.vtag.outputs.vtag }} # The fully constructed release tag to use for publishing | ||
dry-run: ${{ steps.dry-run.outputs.dry-run }} # The dry-run flag to use for publishing, if applicable | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
ref: ${{ github.event.inputs.branch }} | ||
|
||
# Configure for dry-run, if applicable. @see https://docs.npmjs.com/cli/v9/commands/npm-publish#dry-run | ||
- id: dry-run | ||
if: ${{ github.event.inputs.dry-run == 'true' }} | ||
name: Configure for `--dry-run` | ||
run: | | ||
echo "dry-run=--dry-run" >> $GITHUB_ENV | ||
echo "dry-run=--dry-run" >> $GITHUB_OUTPUT | ||
# Build the tag string from package.json version and release suffix. Produces something like `1.0.0-beta.1` for a beta, or `1.0.0` for a stable release. | ||
- name: Build tag | ||
id: vtag | ||
run: | | ||
PACKAGE_VERSION="${{ github.event.inputs.version }}" | ||
echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_ENV | ||
echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_OUTPUT | ||
# Ensure tag does not already exist. | ||
- name: Validate version | ||
uses: actions/github-script@v6 | ||
env: | ||
vtag: ${{ env.vtag }} | ||
with: | ||
script: | | ||
const releaseMeta = github.rest.repos.listReleases.endpoint.merge({ | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
}); | ||
const releases = await github.paginate(releaseMeta); | ||
for (const release of releases) { | ||
if (release.name === process.env.vtag) { | ||
throw new Error(`${process.env.vtag} already exists`); | ||
} | ||
} | ||
console.log(`${process.env.vtag} does not exist. Proceeding with release.`) | ||
publish-npm: | ||
needs: configure | ||
|
||
name: Publish to NPM | ||
runs-on: ubuntu-latest | ||
environment: 'release' | ||
|
||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
ref: ${{ github.event.inputs.branch }} | ||
|
||
- name: Setup Node | ||
uses: actions/setup-node@v3 | ||
with: | ||
node-version: ${{ env.NODE_VERSION }} | ||
cache: npm | ||
registry-url: 'https://registry.npmjs.org' | ||
|
||
- name: Install dependencies | ||
run: npm ci | ||
|
||
- name: Publish release to NPM | ||
run: npm publish --provenance --tag ${{ needs.configure.outputs.vtag }} ${{ needs.configure.outputs.dry-run }} | ||
env: | ||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
Oops, something went wrong.