Skip to content

feat(rental-agreement): security deposit #66547

feat(rental-agreement): security deposit

feat(rental-agreement): security deposit #66547

Workflow file for this run

name: Monorepo pipeline - pull request
on:
pull_request: {}
workflow_dispatch: {}
defaults:
run:
shell: bash
concurrency:
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-a-fallback-value
group: pullrequest-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
COMPOSE_HTTP_TIMEOUT: 180
SKIP_GENERATED_CACHE: ${{ contains(github.event.pull_request.labels.*.name, 'skip-generated-cache') }}
NX_AFFECTED_ALL: ${{ contains(github.event.pull_request.labels.*.name, 'nx-affected-all') }}
jobs:
prepare:
runs-on: ec2-runners
container:
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest
timeout-minutes: 35
env:
AFFECTED_ALL: ${{ secrets.AFFECTED_ALL }}
CHUNK_SIZE: 7
SERVERSIDE_FEATURES_ON: ''
DOCKER_REGISTRY: 821090935708.dkr.ecr.eu-west-1.amazonaws.com/
DOCKER_BASE_IMAGE_REGISTRY: 821090935708.dkr.ecr.eu-west-1.amazonaws.com/ecr-public
outputs:
TEST_CHUNKS: ${{ steps.test_projects.outputs.CHUNKS }}
E2E_CHUNKS: ${{ steps.e2e_projects.outputs.CHUNKS }}
E2E_BUILD_ID: ${{ steps.e2e_projects.outputs.BUILD_ID }}
LINT_CHUNKS: ${{ steps.lint_projects.outputs.CHUNKS }}
BUILD_CHUNKS: ${{ steps.build_projects.outputs.CHUNKS }}
CACHE_KEYS: ${{ steps.get-cache.outputs.keys }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
- name: Setup yarn
run: corepack enable
- name: Check node version
run: |
set -euo pipefail
node -v
ls -l `which node`
- name: Checking out relevant branches
run: |
set -euo pipefail
git checkout "$GITHUB_HEAD_REF"
git checkout "$GITHUB_BASE_REF"
git checkout "$GITHUB_SHA"
git config --global user.email "[email protected]"
git config --global user.name "CI Bot"
BASE_SHA="$(git merge-base HEAD "$GITHUB_BASE_REF")"
HEAD_SHA="$(git merge-base HEAD "$GITHUB_HEAD_REF")"
echo "Current base SHA is '$BASE_SHA' and head SHA is '$HEAD_SHA'"
echo "{\"base_sha\": \"$BASE_SHA\", \"head_sha\":\"$HEAD_SHA\"}" > event.json
# This is to increase the retention days for our GitHub Actions run events
# See this for more information:
# https://github.blog/changelog/2020-10-08-github-actions-ability-to-change-retention-days-for-artifacts-and-logs/
- name: Keep PR run event
uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4
with:
name: pr-event
path: event.json
retention-days: 90
include-hidden-files: true
if-no-files-found: error
- name: Get cache
id: get-cache
uses: ./.github/actions/get-cache
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
enable-cache: 'node_modules,cypress,generated-files'
- run: |
set -euo pipefail
echo "HEAD=$GITHUB_SHA" >> "$GITHUB_ENV"
export HEAD_REF="$GITHUB_HEAD_REF"
export BASE_REF="$GITHUB_BASE_REF"
export PR_REF="$GITHUB_SHA"
export SHELL=/usr/bin/bash
export WORKFLOW_ID=pullrequest
source ./scripts/ci/00_prepare-base-tags.sh "$(git merge-base HEAD "$GITHUB_BASE_REF")"
git checkout "$GITHUB_SHA"
echo "BASE=$BASE" >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HTML_URL: ${{ github.event.pull_request.html_url }}
ISSUE_REPORTING_SLACK_WEBHOOK_URL: ${{ secrets.SLACK_BUILD_ISSUES_REPORTING_WEBHOOK_URL }}
name: Preparing HEAD and BASE tags
- name: License audit Node modules
run: ./scripts/ci/20_license-audit.sh
- name: Check user permissions
uses: actions-cool/check-user-permission@v2
id: check-permission
- name: Set magic env if test-everything label is set
if: ${{ contains(github.event.pull_request.labels.*.name, 'test everything') && steps.check-permission.outputs['user-permission'] == 'admin' }}
run: |
echo "AFFECTED_ALL=7913-$GITHUB_HEAD_REF" >> "$GITHUB_ENV"
- name: Warn if user does not have the required permissions
if: ${{ contains(github.event.pull_request.labels.*.name, 'test everything') && steps.check-permission.outputs['user-permission'] != 'admin' }}
run: |
echo "## WARN permissions" >> "$GITHUB_STEP_SUMMARY"
echo "User '$GITHUB_ACTOR' does not have the required permissions to apply the 'test everything' label" >> "$GITHUB_STEP_SUMMARY"
- name: Prepare lint targets
id: lint_projects
run: |
set -euo pipefail
CHUNKS="$(./scripts/ci/generate-chunks.sh lint)"
if [[ "$CHUNKS" != "[]" ]]; then
echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT"
fi
- name: Prepare test targets
id: test_projects
run: |
set -euo pipefail
CHUNKS="$(./scripts/ci/generate-chunks.sh test)"
if [[ "$CHUNKS" != "[]" ]]; then
echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT"
fi
- name: Prepare e2e targets
id: e2e_projects
env:
CHUNK_SIZE: 1
run: |
set -euo pipefail
CHUNKS="$(./scripts/ci/generate-chunks.sh e2e-ci)"
if [[ "$CHUNKS" != "[]" ]]; then
echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT"
fi
echo BUILD_ID="$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER-$(uuidgen)" >> "$GITHUB_OUTPUT"
- name: Prepare build targets
id: build_projects
env:
CHUNK_SIZE: 4
run: |
set -euo pipefail
CHUNKS="$(./scripts/ci/generate-chunks.sh build)"
if [[ "$CHUNKS" != "[]" ]]; then
echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT"
fi
- name: Check release-manager approval
id: check-release-manager-approval
if: ${{ contains(github.event.pull_request.labels.*.name, 'automerge') && contains(github.event.pull_request.head.ref, '/pre-release/') }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -euo pipefail
node -r esbuild-register .github/actions/check-team-approval.ts release-managers
tests:
needs:
- prepare
if: needs.prepare.outputs.TEST_CHUNKS
runs-on: ec2-runners
container:
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest
timeout-minutes: 35
env:
AFFECTED_PROJECTS: ${{ matrix.projects }}
MAX_JOBS: 1
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.prepare.outputs.TEST_CHUNKS) }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
- name: Setup yarn
run: corepack enable
- name: Get cache
id: get-cache
uses: ./.github/actions/get-cache
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
keys: ${{ needs.prepare.outputs.CACHE_KEYS }}
enable-cache: 'node_modules,cypress,generated-files'
- uses: ./.github/actions/unit-test
with:
dd-api-key: '${{ secrets.DD_API_KEY }}'
codecov-token: ${{ secrets.CODECOV_TOKEN }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
docker-registry: 821090935708.dkr.ecr.eu-west-1.amazonaws.com/
e2e:
needs:
- prepare
if: needs.prepare.outputs.E2E_CHUNKS
runs-on: ec2-runners
container:
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest
timeout-minutes: 35
env:
AFFECTED_PROJECT: ${{ matrix.projects }}
CYPRESS_PROJECT_ID: 4q7jz8
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
API_MOCKS: 'true'
NODE_OPTIONS: --max-old-space-size=4096
E2E_BUILD_ID: '${{ needs.prepare.outputs.E2E_BUILD_ID }}-${{ github.run_attempt }}'
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.prepare.outputs.E2E_CHUNKS) }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
- name: Setup yarn
run: corepack enable
- name: Get cache
id: get-cache
uses: ./.github/actions/get-cache
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
keys: ${{ needs.prepare.outputs.CACHE_KEYS }}
enable-cache: 'node_modules,cypress,generated-files'
- name: Running e2e tests
run: ./scripts/ci/40_e2e.sh "${AFFECTED_PROJECT}"
linting-workspace:
needs:
- prepare
runs-on: ec2-runners
container:
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
- name: Setup yarn
run: corepack enable
- name: Get cache
id: get-cache
uses: ./.github/actions/get-cache
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
keys: ${{ needs.prepare.outputs.CACHE_KEYS }}
enable-cache: 'node_modules,generated-files'
- name: Linting workspace
run: ./scripts/ci/20_lint-workspace.sh
run-shellcheck:
needs:
- prepare
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: reviewdog/action-shellcheck@v1
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-review
fail_on_error: true
level: info
exclude: >-
*/node_modules/*
formatting:
needs:
- prepare
runs-on: ec2-runners
container:
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request' }}
with:
token: ${{ secrets.DIRTY_FIX_BOT_TOKEN }}
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/checkout@v4
if: ${{ github.ref == 'ref/heads/main' }}
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
- name: Setup yarn
run: corepack enable
- name: Get cache
id: get-cache
uses: ./.github/actions/get-cache
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
keys: ${{ needs.prepare.outputs.CACHE_KEYS }}
enable-cache: 'node_modules'
- name: NX format:check
if: ${{ github.ref == 'ref/heads/main' }}
run: ./scripts/ci/20_check-formatting.sh "check"
- name: NX format:write
if: ${{ github.event_name == 'pull_request' }}
run: |
./scripts/ci/20_check-formatting.sh "write"
./infra/scripts/ci/git-check-dirty.sh "/" "nx format:write" "dirtybot"
linting:
needs:
- prepare
runs-on: ec2-runners
container:
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest
timeout-minutes: 35
if: needs.prepare.outputs.LINT_CHUNKS
env:
AFFECTED_PROJECTS: ${{ matrix.projects }}
NODE_OPTIONS: --max-old-space-size=4096
MAX_JOBS: 3
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.prepare.outputs.LINT_CHUNKS) }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
- name: Setup yarn
run: corepack enable
- name: Get cache
id: get-cache
uses: ./.github/actions/get-cache
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
keys: ${{ needs.prepare.outputs.CACHE_KEYS }}
enable-cache: 'node_modules,generated-files'
- name: Linting
run: ./scripts/ci/run-in-parallel-native.sh lint
build:
needs:
- prepare
runs-on: ec2-runners
container:
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest
timeout-minutes: 35
env:
AFFECTED_PROJECTS: ${{ matrix.projects }}
MAX_JOBS: 2
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.prepare.outputs.BUILD_CHUNKS) }}
if: needs.prepare.outputs.BUILD_CHUNKS
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
- name: Setup yarn
run: corepack enable
- name: Get cache
id: get-cache
uses: ./.github/actions/get-cache
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
keys: ${{ needs.prepare.outputs.CACHE_KEYS }}
enable-cache: 'node_modules,generated-files'
- name: Building
run: ./scripts/ci/run-in-parallel-native.sh build
success:
runs-on: ec2-runners
container:
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest
if: ${{ !cancelled() }}
needs:
- prepare
- linting-workspace
- tests
- linting
- run-shellcheck
- formatting
- e2e
- build
steps:
- name: Check prepare success
run: '[[ ${{ needs.prepare.result }} == "success" ]] || exit 1'
- name: Check tests success
run: '[[ ${{ needs.tests.result }} != "failure" ]] || exit 1'
- name: Check e2e success
run: '[[ ${{ needs.e2e.result }} != "failure" ]] || exit 1'
- name: Check linting success
run: '[[ ${{ needs.linting.result }} != "failure" ]] || exit 1'
- name: Check run-shellcheck success
run: '[[ ${{ needs.run-shellcheck.result }} != "failure" ]] || exit 1'
- name: Check formatting success
run: '[[ ${{ needs.formatting.result }} != "failure" ]] || exit 1'
- name: Check build success
run: '[[ ${{ needs.build.result }} != "failure" ]] || exit 1'
- name: Announce success
run: echo "Build is successful"