[pull] main from google:main #3862
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build plugin | |
on: | |
push: | |
# Don't run for irrelevant changes. | |
paths-ignore: | |
- 'docs/**' | |
- '.storybook/**' | |
- '.wordpress-org/**' | |
- '__mocks__/**' | |
- '__static__/**' | |
- 'bin/**' | |
- 'packages/e2e-test-utils/**' | |
- 'packages/e2e-tests/**' | |
- 'packages/karma-*/**' | |
- 'tests/**' | |
- '**.md' | |
- '**.yml' | |
- '**.neon.dist' | |
- '**.xml.dist' | |
- '.editorconfig' | |
- '.eslint*' | |
- '.markdownlint*' | |
- '.phpstorm.meta.php' | |
- '.prettier*' | |
- '.stylelint*' | |
- '.github/workflows/**' | |
- '!.github/workflows/build-and-deploy.yml' | |
branches: | |
- main | |
- release/* | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- ready_for_review | |
# Don't run for irrelevant changes. | |
paths-ignore: | |
- 'docs/**' | |
- '.storybook/**' | |
- '.wordpress-org/**' | |
- '__mocks__/**' | |
- '__static__/**' | |
- 'bin/**' | |
- 'packages/e2e-test-utils/**' | |
- 'packages/e2e-tests/**' | |
- 'packages/karma-*/**' | |
- 'tests/**' | |
- '**.md' | |
- '**.yml' | |
- '**.neon.dist' | |
- '**.xml.dist' | |
- '.editorconfig' | |
- '.eslint*' | |
- '.markdownlint*' | |
- '.phpstorm.meta.php' | |
- '.prettier*' | |
- '.stylelint*' | |
- '.github/workflows/**' | |
- '!.github/workflows/build-and-deploy.yml' | |
permissions: | |
contents: read | |
pull-requests: write | |
# Cancels all previous workflow runs for pull requests that have not completed. | |
concurrency: | |
# The concurrency group contains the workflow name and the (target) branch name. | |
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
bundle-size: | |
name: Bundle size check | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
# The action cannot annotate the PR when run from a PR fork or authored by Dependabot. | |
if: > | |
github.event_name == 'pull_request' && | |
github.event.pull_request.draft == false && | |
github.event.pull_request.head.repo.fork == false && | |
github.event.pull_request.user.login != 'dependabot[bot]' | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 | |
with: | |
disable-file-monitoring: true | |
egress-policy: block | |
allowed-endpoints: > | |
cloudresourcemanager.googleapis.com:443 | |
codeserver.dev.6b7f1eeb-705b-4201-864d-2007030c8372.drush.in:2222 | |
dl.google.com:443 | |
github.com:443 | |
api.github.com:443 | |
oauth2.googleapis.com:443 | |
objects.githubusercontent.com:443 | |
packagist.org:443 | |
registry.npmjs.org:443 | |
storage.googleapis.com:443 | |
54.185.253.63:443 | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Setup Node | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af | |
with: | |
node-version-file: '.nvmrc' | |
cache: npm | |
- name: Bundle size check | |
uses: preactjs/compressed-size-action@6fa0e7ca017120c754863b31123c5ee2860fd434 | |
with: | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
pattern: '{assets/js/*.js,assets/css/*.css}' | |
build-script: 'build:js' | |
minimum-change-threshold: 100 | |
# Ignore chunk and module hashes in bundle filenames. | |
strip-hash: '.*-(\w{20})|^(\d{2,5})\.js$' | |
build: | |
name: Build & deploy | |
runs-on: ubuntu-latest | |
timeout-minutes: 20 | |
if: > | |
github.event.pull_request.draft == false && | |
github.event.pull_request.head.repo.fork == false && | |
github.event.pull_request.user.login != 'dependabot[bot]' | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 | |
with: | |
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Setup Node | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af | |
with: | |
node-version-file: '.nvmrc' | |
cache: npm | |
- name: Setup PHP | |
uses: shivammathur/setup-php@e6f75134d35752277f093989e72e140eaa222f35 | |
with: | |
php-version: '8.0' | |
coverage: none | |
tools: composer | |
- name: Install dependencies | |
run: npm ci | |
env: | |
PUPPETEER_SKIP_DOWNLOAD: true | |
- name: Install PHP dependencies | |
uses: ramsey/composer-install@57532f8be5bda426838819c5ee9afb8af389d51a | |
with: | |
composer-options: '--prefer-dist --no-progress --no-interaction' | |
- name: Setup Bun | |
uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 | |
with: | |
bun-version: latest | |
- name: Build plugin | |
run: | | |
bun run build:js | |
bun run workflow:version -- --nightly | |
mkdir -p build/web-stories-regular build/web-stories-dev | |
- name: Bundle regular version | |
run: | | |
bun run workflow:build-plugin -- --zip web-stories.zip | |
cp -r build/web-stories/ build/web-stories-regular/ | |
- name: Bundle development version | |
run: | | |
rm -rf assets/css/* assets/js/* | |
npx webpack --env=development | |
bun run workflow:build-plugin -- --zip web-stories-dev.zip | |
# Upload ZIP file to GCS for use in QA environment. | |
- name: Authenticate | |
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f | |
with: | |
credentials_json: ${{ secrets.GCP_SA_KEY }} | |
- name: Setup Cloud SDK | |
uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a | |
with: | |
project_id: ${{ secrets.GCP_PROJECT_ID }} | |
- name: Upload ZIP files to GCS | |
run: | | |
gsutil cp -r build/web-stories.zip gs://web-stories-wp-github-artifacts/${{ github.ref }}/web-stories.zip | |
gsutil cp -r build/web-stories-dev.zip gs://web-stories-wp-github-artifacts/${{ github.ref }}/web-stories-dev.zip | |
# Leave comment with links to plugin ZIPs. | |
- name: Check if a comment was already made | |
id: find-comment | |
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
comment-author: googleforcreators-bot | |
body-includes: Plugin builds for | |
# Only run this step if it's a PR. One way to check for that is if `github.head_ref` is not empty. | |
# Only run if the PR was not authored by Dependabot and it is not a draft or not from a fork. | |
if: > | |
github.head_ref && | |
github.event.pull_request.draft == false && | |
github.event.pull_request.head.repo.fork == false && | |
github.event.pull_request.user.login != 'dependabot[bot]' | |
- name: Get comment body | |
id: get-comment-body | |
# Setting a multi-line output requires escaping line-feeds. See <https://github.community/t/set-output-truncates-multiline-strings/16852/3>. | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
echo 'COMMENT_BODY<<EOF' >> $GITHUB_ENV | |
echo 'Plugin builds for ${{ github.event.pull_request.head.sha }} are ready :bellhop_bell:!' >> $GITHUB_ENV | |
echo '- Download [development build](https://storage.googleapis.com/web-stories-wp-github-artifacts/${{ github.ref }}/web-stories-dev.zip?${{ github.sha }})' >> $GITHUB_ENV | |
echo '- Download [production build](https://storage.googleapis.com/web-stories-wp-github-artifacts/${{ github.ref }}/web-stories.zip?${{ github.sha }})' >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
if: > | |
github.head_ref && | |
github.event.pull_request.draft == false && | |
github.event.pull_request.head.repo.fork == false && | |
github.event.pull_request.user.login != 'dependabot[bot]' | |
- name: Create or update comment on PR with links to plugin builds | |
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
comment-id: ${{ steps.find-comment.outputs.comment-id }} | |
edit-mode: replace | |
body: ${{ env.COMMENT_BODY }} | |
token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }} | |
if: > | |
github.head_ref && | |
github.event.pull_request.draft == false && | |
github.event.pull_request.head.repo.fork == false && | |
github.event.pull_request.user.login != 'dependabot[bot]' | |
# Deploy to staging site if on main branch. | |
- name: Setup SSH Keys and known_hosts | |
uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 | |
with: | |
ssh-private-key: ${{ secrets.PANTHEON_DEPLOY_KEY }} | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
- name: Deploy to staging | |
run: | | |
rm -rf build/web-stories | |
mv build/web-stories-regular/* build/web-stories | |
bash bin/deploy-to-test-environment.sh | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' |