feat(rental-agreement): security deposit #66547
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Monorepo pipeline - pull request | |
on: | |
pull_request: {} | |
workflow_dispatch: {} | |
defaults: | |
run: | |
shell: bash | |
concurrency: | |
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-a-fallback-value | |
group: pullrequest-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
env: | |
COMPOSE_HTTP_TIMEOUT: 180 | |
SKIP_GENERATED_CACHE: ${{ contains(github.event.pull_request.labels.*.name, 'skip-generated-cache') }} | |
NX_AFFECTED_ALL: ${{ contains(github.event.pull_request.labels.*.name, 'nx-affected-all') }} | |
jobs: | |
prepare: | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
timeout-minutes: 35 | |
env: | |
AFFECTED_ALL: ${{ secrets.AFFECTED_ALL }} | |
CHUNK_SIZE: 7 | |
SERVERSIDE_FEATURES_ON: '' | |
DOCKER_REGISTRY: 821090935708.dkr.ecr.eu-west-1.amazonaws.com/ | |
DOCKER_BASE_IMAGE_REGISTRY: 821090935708.dkr.ecr.eu-west-1.amazonaws.com/ecr-public | |
outputs: | |
TEST_CHUNKS: ${{ steps.test_projects.outputs.CHUNKS }} | |
E2E_CHUNKS: ${{ steps.e2e_projects.outputs.CHUNKS }} | |
E2E_BUILD_ID: ${{ steps.e2e_projects.outputs.BUILD_ID }} | |
LINT_CHUNKS: ${{ steps.lint_projects.outputs.CHUNKS }} | |
BUILD_CHUNKS: ${{ steps.build_projects.outputs.CHUNKS }} | |
CACHE_KEYS: ${{ steps.get-cache.outputs.keys }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: 'package.json' | |
- name: Setup yarn | |
run: corepack enable | |
- name: Check node version | |
run: | | |
set -euo pipefail | |
node -v | |
ls -l `which node` | |
- name: Checking out relevant branches | |
run: | | |
set -euo pipefail | |
git checkout "$GITHUB_HEAD_REF" | |
git checkout "$GITHUB_BASE_REF" | |
git checkout "$GITHUB_SHA" | |
git config --global user.email "[email protected]" | |
git config --global user.name "CI Bot" | |
BASE_SHA="$(git merge-base HEAD "$GITHUB_BASE_REF")" | |
HEAD_SHA="$(git merge-base HEAD "$GITHUB_HEAD_REF")" | |
echo "Current base SHA is '$BASE_SHA' and head SHA is '$HEAD_SHA'" | |
echo "{\"base_sha\": \"$BASE_SHA\", \"head_sha\":\"$HEAD_SHA\"}" > event.json | |
# This is to increase the retention days for our GitHub Actions run events | |
# See this for more information: | |
# https://github.blog/changelog/2020-10-08-github-actions-ability-to-change-retention-days-for-artifacts-and-logs/ | |
- name: Keep PR run event | |
uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4 | |
with: | |
name: pr-event | |
path: event.json | |
retention-days: 90 | |
include-hidden-files: true | |
if-no-files-found: error | |
- name: Get cache | |
id: get-cache | |
uses: ./.github/actions/get-cache | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
enable-cache: 'node_modules,cypress,generated-files' | |
- run: | | |
set -euo pipefail | |
echo "HEAD=$GITHUB_SHA" >> "$GITHUB_ENV" | |
export HEAD_REF="$GITHUB_HEAD_REF" | |
export BASE_REF="$GITHUB_BASE_REF" | |
export PR_REF="$GITHUB_SHA" | |
export SHELL=/usr/bin/bash | |
export WORKFLOW_ID=pullrequest | |
source ./scripts/ci/00_prepare-base-tags.sh "$(git merge-base HEAD "$GITHUB_BASE_REF")" | |
git checkout "$GITHUB_SHA" | |
echo "BASE=$BASE" >> "$GITHUB_ENV" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HTML_URL: ${{ github.event.pull_request.html_url }} | |
ISSUE_REPORTING_SLACK_WEBHOOK_URL: ${{ secrets.SLACK_BUILD_ISSUES_REPORTING_WEBHOOK_URL }} | |
name: Preparing HEAD and BASE tags | |
- name: License audit Node modules | |
run: ./scripts/ci/20_license-audit.sh | |
- name: Check user permissions | |
uses: actions-cool/check-user-permission@v2 | |
id: check-permission | |
- name: Set magic env if test-everything label is set | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'test everything') && steps.check-permission.outputs['user-permission'] == 'admin' }} | |
run: | | |
echo "AFFECTED_ALL=7913-$GITHUB_HEAD_REF" >> "$GITHUB_ENV" | |
- name: Warn if user does not have the required permissions | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'test everything') && steps.check-permission.outputs['user-permission'] != 'admin' }} | |
run: | | |
echo "## WARN permissions" >> "$GITHUB_STEP_SUMMARY" | |
echo "User '$GITHUB_ACTOR' does not have the required permissions to apply the 'test everything' label" >> "$GITHUB_STEP_SUMMARY" | |
- name: Prepare lint targets | |
id: lint_projects | |
run: | | |
set -euo pipefail | |
CHUNKS="$(./scripts/ci/generate-chunks.sh lint)" | |
if [[ "$CHUNKS" != "[]" ]]; then | |
echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Prepare test targets | |
id: test_projects | |
run: | | |
set -euo pipefail | |
CHUNKS="$(./scripts/ci/generate-chunks.sh test)" | |
if [[ "$CHUNKS" != "[]" ]]; then | |
echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Prepare e2e targets | |
id: e2e_projects | |
env: | |
CHUNK_SIZE: 1 | |
run: | | |
set -euo pipefail | |
CHUNKS="$(./scripts/ci/generate-chunks.sh e2e-ci)" | |
if [[ "$CHUNKS" != "[]" ]]; then | |
echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT" | |
fi | |
echo BUILD_ID="$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER-$(uuidgen)" >> "$GITHUB_OUTPUT" | |
- name: Prepare build targets | |
id: build_projects | |
env: | |
CHUNK_SIZE: 4 | |
run: | | |
set -euo pipefail | |
CHUNKS="$(./scripts/ci/generate-chunks.sh build)" | |
if [[ "$CHUNKS" != "[]" ]]; then | |
echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Check release-manager approval | |
id: check-release-manager-approval | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'automerge') && contains(github.event.pull_request.head.ref, '/pre-release/') }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
set -euo pipefail | |
node -r esbuild-register .github/actions/check-team-approval.ts release-managers | |
tests: | |
needs: | |
- prepare | |
if: needs.prepare.outputs.TEST_CHUNKS | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
timeout-minutes: 35 | |
env: | |
AFFECTED_PROJECTS: ${{ matrix.projects }} | |
MAX_JOBS: 1 | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.prepare.outputs.TEST_CHUNKS) }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: 'package.json' | |
- name: Setup yarn | |
run: corepack enable | |
- name: Get cache | |
id: get-cache | |
uses: ./.github/actions/get-cache | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
keys: ${{ needs.prepare.outputs.CACHE_KEYS }} | |
enable-cache: 'node_modules,cypress,generated-files' | |
- uses: ./.github/actions/unit-test | |
with: | |
dd-api-key: '${{ secrets.DD_API_KEY }}' | |
codecov-token: ${{ secrets.CODECOV_TOKEN }} | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
docker-registry: 821090935708.dkr.ecr.eu-west-1.amazonaws.com/ | |
e2e: | |
needs: | |
- prepare | |
if: needs.prepare.outputs.E2E_CHUNKS | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
timeout-minutes: 35 | |
env: | |
AFFECTED_PROJECT: ${{ matrix.projects }} | |
CYPRESS_PROJECT_ID: 4q7jz8 | |
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} | |
API_MOCKS: 'true' | |
NODE_OPTIONS: --max-old-space-size=4096 | |
E2E_BUILD_ID: '${{ needs.prepare.outputs.E2E_BUILD_ID }}-${{ github.run_attempt }}' | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.prepare.outputs.E2E_CHUNKS) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: 'package.json' | |
- name: Setup yarn | |
run: corepack enable | |
- name: Get cache | |
id: get-cache | |
uses: ./.github/actions/get-cache | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
keys: ${{ needs.prepare.outputs.CACHE_KEYS }} | |
enable-cache: 'node_modules,cypress,generated-files' | |
- name: Running e2e tests | |
run: ./scripts/ci/40_e2e.sh "${AFFECTED_PROJECT}" | |
linting-workspace: | |
needs: | |
- prepare | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: 'package.json' | |
- name: Setup yarn | |
run: corepack enable | |
- name: Get cache | |
id: get-cache | |
uses: ./.github/actions/get-cache | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
keys: ${{ needs.prepare.outputs.CACHE_KEYS }} | |
enable-cache: 'node_modules,generated-files' | |
- name: Linting workspace | |
run: ./scripts/ci/20_lint-workspace.sh | |
run-shellcheck: | |
needs: | |
- prepare | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: reviewdog/action-shellcheck@v1 | |
with: | |
github_token: ${{ secrets.github_token }} | |
reporter: github-pr-review | |
fail_on_error: true | |
level: info | |
exclude: >- | |
*/node_modules/* | |
formatting: | |
needs: | |
- prepare | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v4 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
token: ${{ secrets.DIRTY_FIX_BOT_TOKEN }} | |
ref: ${{ github.event.pull_request.head.ref }} | |
- uses: actions/checkout@v4 | |
if: ${{ github.ref == 'ref/heads/main' }} | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: 'package.json' | |
- name: Setup yarn | |
run: corepack enable | |
- name: Get cache | |
id: get-cache | |
uses: ./.github/actions/get-cache | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
keys: ${{ needs.prepare.outputs.CACHE_KEYS }} | |
enable-cache: 'node_modules' | |
- name: NX format:check | |
if: ${{ github.ref == 'ref/heads/main' }} | |
run: ./scripts/ci/20_check-formatting.sh "check" | |
- name: NX format:write | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
./scripts/ci/20_check-formatting.sh "write" | |
./infra/scripts/ci/git-check-dirty.sh "/" "nx format:write" "dirtybot" | |
linting: | |
needs: | |
- prepare | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
timeout-minutes: 35 | |
if: needs.prepare.outputs.LINT_CHUNKS | |
env: | |
AFFECTED_PROJECTS: ${{ matrix.projects }} | |
NODE_OPTIONS: --max-old-space-size=4096 | |
MAX_JOBS: 3 | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.prepare.outputs.LINT_CHUNKS) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: 'package.json' | |
- name: Setup yarn | |
run: corepack enable | |
- name: Get cache | |
id: get-cache | |
uses: ./.github/actions/get-cache | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
keys: ${{ needs.prepare.outputs.CACHE_KEYS }} | |
enable-cache: 'node_modules,generated-files' | |
- name: Linting | |
run: ./scripts/ci/run-in-parallel-native.sh lint | |
build: | |
needs: | |
- prepare | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
timeout-minutes: 35 | |
env: | |
AFFECTED_PROJECTS: ${{ matrix.projects }} | |
MAX_JOBS: 2 | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.prepare.outputs.BUILD_CHUNKS) }} | |
if: needs.prepare.outputs.BUILD_CHUNKS | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: 'package.json' | |
- name: Setup yarn | |
run: corepack enable | |
- name: Get cache | |
id: get-cache | |
uses: ./.github/actions/get-cache | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
keys: ${{ needs.prepare.outputs.CACHE_KEYS }} | |
enable-cache: 'node_modules,generated-files' | |
- name: Building | |
run: ./scripts/ci/run-in-parallel-native.sh build | |
success: | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
if: ${{ !cancelled() }} | |
needs: | |
- prepare | |
- linting-workspace | |
- tests | |
- linting | |
- run-shellcheck | |
- formatting | |
- e2e | |
- build | |
steps: | |
- name: Check prepare success | |
run: '[[ ${{ needs.prepare.result }} == "success" ]] || exit 1' | |
- name: Check tests success | |
run: '[[ ${{ needs.tests.result }} != "failure" ]] || exit 1' | |
- name: Check e2e success | |
run: '[[ ${{ needs.e2e.result }} != "failure" ]] || exit 1' | |
- name: Check linting success | |
run: '[[ ${{ needs.linting.result }} != "failure" ]] || exit 1' | |
- name: Check run-shellcheck success | |
run: '[[ ${{ needs.run-shellcheck.result }} != "failure" ]] || exit 1' | |
- name: Check formatting success | |
run: '[[ ${{ needs.formatting.result }} != "failure" ]] || exit 1' | |
- name: Check build success | |
run: '[[ ${{ needs.build.result }} != "failure" ]] || exit 1' | |
- name: Announce success | |
run: echo "Build is successful" |