build: using Polykey
to handle environment secrets now
#171
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI / Merge | |
on: | |
push: | |
branches: | |
- staging | |
- feature* | |
jobs: | |
check-lint: | |
name: "Check / Lint" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run linting | |
run: | | |
npm install | |
npm run lint | |
npm run lint-shell | |
check-dry: | |
name: "Check / Dry Run" | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/matrixai/github-runner | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Dry run | |
run: nix build .#docker --dry-run | |
check-build: | |
name: "Check / Build" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run build | |
run: | | |
npm install | |
npm run build --verbose | |
check-matrix: | |
name: "Check / Matrix" | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: set-matrix | |
run: | | |
files=$(find tests/* -maxdepth 0 -type d -not -path "tests/integration" | sed 's/.*/"&"/' | paste -sd, -) | |
files=$files,$(find tests/* -maxdepth 0 -type f | grep -e "/*.test.ts" | sed 's/.*/"&"/' | paste -sd, -) | |
if [ -z "$files" ]; then | |
echo "matrix={\"shard\":[]}" >> $GITHUB_OUTPUT | |
else | |
echo "matrix={\"shard\":[$files]}" >> $GITHUB_OUTPUT | |
fi | |
check-test: | |
name: "Check / Test" | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: ${{fromJson(needs.check-matrix.outputs.matrix)}} | |
needs: check-matrix | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set artifact name | |
run: echo "SLUG=$(echo ${{ matrix.shard }} | sed 's/[/.]/-/g')" >> $GITHUB_ENV | |
- name: Run tests | |
run: | | |
npm install | |
npm run test -- \ | |
--coverageReporters json \ | |
--coverage \ | |
"${{ matrix.shard }}" | |
mv tmp/coverage/coverage-final.json "tmp/coverage/${{ env.SLUG }}.json" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: coverage-artifacts-${{ env.SLUG }} | |
path: tmp/coverage/ | |
check-coverage: | |
name: "Check / Coverage" | |
runs-on: ubuntu-latest | |
needs: check-test | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: coverage-artifacts-* | |
path: tmp/coverage/ | |
merge-multiple: true | |
- name: Merge coverage reports | |
run: npx nyc merge tmp/coverage/ tmp/coverage/cobertura-coverage.json | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: cobertura-coverage | |
path: tmp/coverage/cobertura-coverage.json | |
build-pull: | |
name: "Build / Pull Request" | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/staging' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Create pull request | |
env: | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
run: | | |
gh pr create \ | |
--head staging \ | |
--base master \ | |
--title "ci: merge staging to master" \ | |
--body "This is an automatic PR generated by the CI/CD pipeline. This will be automatically fast-forward merged if successful." \ | |
--assignee "@me" \ | |
--no-maintainer-edit || true | |
printf "Pipeline Attempt on $GITHUB_RUN_ID for $GITHUB_SHA\n\n$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ | |
| gh pr comment staging \ | |
--body-file - \ | |
--repo "$GITHUB_REPOSITORY" | |
integration-merge: | |
name: "Integration / Merge" | |
runs-on: ubuntu-latest | |
concurrency: | |
group: integration-merge | |
cancel-in-progress: true | |
needs: | |
- check-lint | |
- check-dry | |
- check-build | |
- check-test | |
- build-pull | |
if: github.ref == 'refs/heads/staging' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.GH_TOKEN }} | |
- name: Merge into master | |
env: | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} | |
GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }} | |
GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} | |
GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }} | |
run: | | |
printf "Pipeline Succeeded on $GITHUB_RUN_ID for $GITHUB_SHA\n\n$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ | |
| gh pr comment staging \ | |
--body-file - \ | |
--repo "$GITHUB_REPOSITORY" | |
git checkout master | |
git merge --ff-only "$GITHUB_SHA" | |
git push origin master |