-
Notifications
You must be signed in to change notification settings - Fork 8
269 lines (223 loc) · 10.1 KB
/
ci_workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
name: CI Workflow
on:
push:
# trigger on all branches except for dependabot-triggered push events
branches-ignore: [dependabot/**]
tags:
- 'v*' # trigger on all tags
paths-ignore:
- '**.md' # ignore changes in markdown files
pull_request:
branches: [develop]
types: [opened, synchronize, reopened]
permissions:
contents: read
# globals
env:
# general settings
MAIN_REPO_OWNER: webern-unibas-ch # Main repo owner (default: webern-unibas-ch; should not be changed)
# dev settings
DEV_GH_PAGES_BRANCH: gh-pages
DEV_GH_PAGES_DIR: gh-pages-dir
DIST_DIR: dist
jobs:
test:
name: Run tests (Node v${{ matrix.node-version }}, ${{ matrix.os }})
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
node-version: [20.13, 22.11, 23.x]
outputs:
sha: ${{ steps.get-sha.outputs.SHA }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # Get all history and branches
- name: Get git sha
id: get-sha
run: echo "SHA=$(git describe)" >> $GITHUB_OUTPUT
- name: Verify git sha
run: |
echo "SHA: ${{ steps.get-sha.outputs.SHA }}"
- name: Set up node ${{ matrix.node-version}}
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ matrix.node-version }}
- name: Set up corepack (for getting yarn)
run: corepack enable
- name: Get yarn cache ${{ matrix.node-version}}
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: 'yarn'
- name: yarn install dependencies
run: |
yarn install --immutable
- name: Run CI tests with coverage
run: |
yarn run test:ci
- name: Upload code coverage
if: matrix.node-version == 22.11 # upload coverage report for current node version only
uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
with:
flags: unittests
env_vars: ${{ matrix.os }},${{ matrix.node-version }}
- name: Perform SonarQube scan
if: matrix.node-version == 22.11 && github.event_name != 'pull_request' && github.repository_owner == env.MAIN_REPO_OWNER # perform SonarQube scan only for current node version and not with pull requests or forks(token issue)
uses: SonarSource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Test build for GH Pages (all but develop)
if: github.ref != 'refs/heads/develop'
run: |
yarn run build:gh
- name: Test build for GH Pages (develop)
if: github.ref == 'refs/heads/develop'
run: |
echo "Updating dev-version"
yarn run pre-release --release-as ${{ steps.get-sha.outputs.SHA }} --skip.changelog --skip.commit --skip.tag
echo "Building dev-version"
yarn run build:dev
- name: Upload build artifacts (main && develop)
# upload build artifacts for current node version and main or develop branch only
if: matrix.node-version == 22.11 && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: dist
path: ${{ github.workspace }}/${{ env.DIST_DIR }}
retention-days: 1
deploy_dev:
# run only on develop
if: github.ref == 'refs/heads/develop'
name: Deploy app from develop (Node v${{ matrix.node-version }}, ${{ matrix.os }})
runs-on: ${{ matrix.os }}
needs: test
permissions:
contents: write
env:
SHA: ${{ needs.test.outputs.sha }}
strategy:
matrix:
os: [ubuntu-latest]
node-version: [22.11]
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# ref (branch, tag or SHA) to check out
ref: ${{ env.DEV_GH_PAGES_BRANCH }}
# relative path under $GITHUB_WORKSPACE to place the repository
path: ${{ env.DEV_GH_PAGES_DIR }}
- name: Download build artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/[email protected]
with:
name: dist
path: ${{ github.workspace }}/${{ env.DIST_DIR }}
- name: Configure git
working-directory: ${{ env.DEV_GH_PAGES_DIR }}
run: |
echo "Configuring git"
git config user.name "github-actions"
git config user.email "[email protected]"
- name: Remove existing files from dev
working-directory: ${{ env.DEV_GH_PAGES_DIR }}
run: |
echo "Removing existing files from dev"
git rm -r dev/* || true
- name: Copy artifacts to gh-pages
run: |
cp -r ${{ env.DIST_DIR }}/awg-app/. ${{ env.DEV_GH_PAGES_DIR }}/dev/
- name: Commit files
working-directory: ${{ env.DEV_GH_PAGES_DIR }}
run: |
echo "Running git commit"
git add .
git commit -m "Staging dev (${{ env.SHA }}) on gh-pages"
- name: Push changes to gh-pages (dry-run mode)
working-directory: ${{ env.DEV_GH_PAGES_DIR }}
run: git push -v --dry-run origin HEAD:$DEV_GH_PAGES_BRANCH
- name: Push changes to gh-pages
working-directory: ${{ env.DEV_GH_PAGES_DIR }}
run: git push -v origin HEAD:$DEV_GH_PAGES_BRANCH
- name: Congratulations
if: ${{ success() }}
run: echo "🎉 New develop build deployed 🎊"
deploy:
# run only on main
if: github.ref == 'refs/heads/main'
name: Deploy app from main (Node v${{ matrix.node-version }}, ${{ matrix.os }})
runs-on: ${{ matrix.os }}
needs: test
permissions:
contents: write
strategy:
matrix:
os: [ubuntu-latest]
node-version: [22.11]
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up node ${{ matrix.node-version}}
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: yarn install dependencies
run: |
yarn install
- name: Build app for GH Pages
run: |
yarn run build:gh
- name: Deploy to GH Pages
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
yarn run deploy:ci
release:
# run only on tags
if: startsWith(github.ref, 'refs/tags/')
name: Create Release from tag
runs-on: ${{ matrix.os }}
needs: test
permissions:
contents: write
strategy:
matrix:
os: [ubuntu-latest]
node-version: [22.11]
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Get tag version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}
- name: Create Release
id: create_release
if: ${{ success() && startsWith(github.ref, 'refs/tags/') }}
uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_VERSION: ${{ steps.get_version.outputs.VERSION }}
with:
name: Release ${{ env.TAG_VERSION }}
body: "A web application for the online edition of the [Anton Webern Gesamtausgabe](https://www.anton-webern.ch), located at the Department of Musicology of the University of Basel. It is written in [Angular](https://angular.io/) and runs on [edition.anton-webern.ch](https://edition.anton-webern.ch).\n\n Changes since last release: https://github.com/${{ github.repository }}/blob/${{ env.TAG_VERSION }}/CHANGELOG.md"
draft: false
prerelease: false