feat: profile obfuscation and Podman migration #3690
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request | |
on: | |
pull_request: | |
branches: [master] | |
paths-ignore: | |
- 'tools/bumblebee/**' | |
concurrency: | |
group: pr_${{ github.head_ref }} | |
cancel-in-progress: true | |
jobs: | |
pr_lint: | |
name: Lint and Format | |
runs-on: ubuntu-latest | |
steps: | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install dependencies | |
uses: bahmutov/npm-install@v1 | |
- name: Format & Lint (npm run lint && npm run ci:format) | |
run: | | |
npm run ci:format | |
npm run lint | |
pr_test: | |
name: Test | |
runs-on: ubuntu-latest | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install dependencies | |
uses: bahmutov/npm-install@v1 | |
- name: Test (client) | |
run: npm run test:ci | |
working-directory: client | |
- name: Test (server) | |
run: npm run test:ci | |
if: success() || failure() | |
working-directory: server | |
- name: Test (nestjs) | |
run: npm run test:ci | |
if: success() || failure() | |
working-directory: nestjs | |
- name: Upload test report (client) | |
uses: actions/upload-artifact@v3 | |
if: success() || failure() | |
with: | |
name: test-report-client | |
path: reports/jest-junit-client.xml | |
- name: Upload test report (server) | |
uses: actions/upload-artifact@v3 | |
if: success() || failure() | |
with: | |
name: test-report-server | |
path: reports/jest-junit-server.xml | |
- name: Upload test report (nestjs) | |
uses: actions/upload-artifact@v3 | |
if: success() || failure() | |
with: | |
name: test-report-nestjs | |
path: reports/jest-junit-nestjs.xml | |
pr_build: | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Restore next cache | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-next | |
with: | |
path: | | |
client/.next/cache | |
key: ${{ runner.os }}-${{ env.cache-name }}-${{ github.ref_name }}-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.cache-name }}-${{ github.ref_name }} | |
- name: Restore Docker layers | |
uses: actions/cache@v3 | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-single-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-single-buildx | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
with: | |
platforms: linux/amd64 | |
- name: Login to ECR | |
uses: docker/login-action@v1 | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
with: | |
registry: 511361162520.dkr.ecr.eu-central-1.amazonaws.com | |
username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Install dependencies | |
uses: bahmutov/npm-install@v1 | |
env: | |
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 'true' | |
- name: Build (npm run build) | |
env: | |
AWS_LAMBDA: 'true' | |
NODE_ENV: production | |
RSSHCOOL_UI_GCP_MAPS_API_KEY: ${{ secrets.RSSHCOOL_UI_GCP_MAPS_API_KEY }} | |
run: | | |
npm run build | |
- name: Prepare | |
working-directory: ./setup/cdk | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
run: | | |
mkdir -p /tmp/.buildx-cache | |
mkdir -p /tmp/.buildx-cache-new | |
- name: Upload to CDN | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
working-directory: ./client | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: eu-central-1 | |
run: | | |
aws s3 cp .next/static s3://cdn.rs.school/_next/static/ --recursive --cache-control "public,max-age=15552000,immutable" | |
- name: Build client lambda | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
working-directory: ./client | |
run: npm run build:lambda | |
- name: Package Client | |
uses: docker/build-push-action@v3 | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
with: | |
platforms: linux/amd64 | |
provenance: false | |
context: . | |
file: ./client/Dockerfile.lambda | |
push: true | |
tags: 511361162520.dkr.ecr.eu-central-1.amazonaws.com/rsschool-ui:pr${{ github.event.pull_request.number }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
- name: Pull AWS SSM Params | |
uses: deptno/[email protected] | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: eu-central-1 | |
with: | |
ssm-path: /staging/app | |
format: dotenv | |
output: server/.env | |
- name: Package Server | |
uses: docker/build-push-action@v3 | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
with: | |
platforms: linux/amd64 | |
provenance: false | |
context: . | |
file: ./server/Dockerfile.lambda | |
push: true | |
tags: 511361162520.dkr.ecr.eu-central-1.amazonaws.com/rsschool-server:pr${{ github.event.pull_request.number }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
- name: Pull AWS SSM Params | |
uses: deptno/[email protected] | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: eu-central-1 | |
with: | |
ssm-path: /staging/app | |
format: dotenv | |
output: nestjs/.env | |
- name: Package Nestjs | |
uses: docker/build-push-action@v3 | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
with: | |
platforms: linux/amd64 | |
provenance: false | |
context: . | |
file: ./nestjs/Dockerfile.lambda | |
push: true | |
tags: 511361162520.dkr.ecr.eu-central-1.amazonaws.com/rsschool-nestjs:pr${{ github.event.pull_request.number }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
- name: Move cache | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
pr_deploy: | |
needs: [pr_build] | |
name: Deploy | |
timeout-minutes: 60 | |
runs-on: ubuntu-latest | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
steps: | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Restore npm cache | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-npm | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/package.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.cache-name }}- | |
${{ runner.os }}- | |
- name: Install dependencies | |
working-directory: ./setup/cdk | |
run: npm ci | |
- name: Deploy | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: eu-central-1 | |
working-directory: ./setup/cdk | |
run: | | |
npx cdk deploy --require-approval never -c feature=pr${{ github.event.pull_request.number }} -c deployId=${GITHUB_RUN_ID} | |
- name: Create GitHub deployment | |
uses: apalchys/[email protected] | |
id: deployment | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
pr: true | |
pr_id: ${{ github.event.pull_request.number }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
target_url: https://pr${{ github.event.pull_request.number }}.app.rs.school | |
environment: pr${{ github.event.pull_request.number }} | |
initial_status: success | |
pr_e2e: | |
needs: [pr_deploy] | |
name: End-to-End Tests | |
timeout-minutes: 10 | |
runs-on: ubuntu-latest | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Restore npm cache | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-npm | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/package.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.cache-name }}- | |
${{ runner.os }}- | |
- name: Restore browsers cache | |
uses: actions/cache@v3 | |
with: | |
path: '~/.cache/ms-playwright/' | |
key: ${{ runner.os }}-browsers | |
- name: Install Dependencies | |
working-directory: ./client | |
run: npm ci | |
- name: Install Playwright | |
working-directory: ./client | |
run: npx playwright install --with-deps | |
- name: Run Playwright tests | |
working-directory: ./client | |
env: | |
CI: 'true' | |
BASE_URL: https://pr${{ github.event.pull_request.number }}.app.rs.school | |
run: npx playwright test | |
- name: Save Report | |
uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: playwright-report | |
path: client/playwright-report/ | |
retention-days: 15 |