Skip to content

shelter: show icon in header and footer (DEV-1177) #4773

shelter: show icon in header and footer (DEV-1177)

shelter: show icon in header and footer (DEV-1177) #4773

Workflow file for this run

name: πŸ‘· Monorepo Pipeline
on:
push:
branches:
- main
pull_request:
env:
AWS_REGION: us-west-2
AWS_ACCOUNT_ID: 174477281453
ASSUMED_ROLE: arn:aws:iam::174477281453:role/github-actions-oidc-role
ECR_REGISTRY: 174477281453.dkr.ecr.us-west-2.amazonaws.com
COMPOSE_FILE: docker-compose.yml:docker-compose-ci.yml
jobs:
BuildTestDeploy:
runs-on: ubuntu-latest
permissions:
actions: read # Required to find the last successful workflow run
contents: read # Required for actions/checkout
id-token: write # Required for requesting the JWT
pull-requests: read
checks: write # Required for graphql inspector
steps:
- name: 🚦 Turnstyle
uses: softprops/turnstyle@master
if: github.ref == 'refs/heads/main'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: πŸ— Check out repo
uses: actions/checkout@v4
with:
fetch-depth: 0 # Checks out all branches and tags. Maybe we can make this better in the future?
# This line is needed for nx affected to work when CI is running on a PR
- name: πŸ”€ Track main if PR
if: github.ref != 'refs/heads/main'
run: git branch --track main origin/main
- name: πŸ”§ Configure NX SHAs
uses: nrwl/nx-set-shas@v4
- name: πŸ”§ Set Environment Variables
run: |
RAW_BRANCH_NAME=${{ github.head_ref || github.ref_name }}
SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7)
# Sanitize branch name by replacing '/' with '-' and removing any other invalid characters
BRANCH_NAME=$(echo $RAW_BRANCH_NAME | sed 's|/|-|g' | sed 's|[^a-zA-Z0-9_.-]||g')
if [ "$BRANCH_NAME" == "main" ]; then
IMAGE_TAG_PREFIX="main"
else
IMAGE_TAG_PREFIX="dev-$BRANCH_NAME"
fi
DOCKER_TAG="$IMAGE_TAG_PREFIX-$SHORT_SHA"
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV
echo "IMAGE_TAG_PREFIX=$IMAGE_TAG_PREFIX" >> $GITHUB_ENV
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
echo "MONOREPO_IMAGE=${{ env.ECR_REGISTRY }}/monorepo" >> $GITHUB_ENV
- name: 🐳 Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 🐳 Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
if: ${{ env.BRANCH_NAME == 'main' }}
with:
role-to-assume: ${{ env.ASSUMED_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
- name: 🐳 Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v2
if: ${{ env.BRANCH_NAME == 'main' }}
# Build and Push Monorepo Image for each commit using GitHub Actions cache
- name: πŸ—οΈ Build Monorepo Docker image
uses: docker/build-push-action@v6
with:
file: Dockerfile
load: true
push: ${{ env.BRANCH_NAME == 'main' }}
tags: |
${{ env.MONOREPO_IMAGE }}:${{ env.DOCKER_TAG }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: πŸ”‘ Prep Container Permissions
run: |
sudo chown -R 1000:1000 .git
sudo setfacl --modify user:1000:rw /var/run/docker.sock
sudo setfacl -Rm u:1000:rwX,d:u:1000:rwX $HOME/.docker
- name: πŸ”„ Spin up monorepo environment
run: |
docker compose up -d
- name: 🧹 Lint
run: |
docker compose run better-angels bash <<'EOF'
yarn nx affected -t lint
EOF
- name: πŸ•΅οΈ Check for missing Django migrations
run: |
docker compose run better-angels bash <<'EOF'
yarn nx affected -t check-migrations
STATUS=$?
if [ $STATUS -ne 0 ]; then
echo "Error: Missing Django migrations! Make sure you have run 'python manage.py makemigrations <app_name>' locally and committed the changes."
exit 1
else
echo "Success: No missing Django migrations!"
fi
EOF
- name: πŸ“ Make sure GraphQL Schema is up to date
# TODO: Upon graphql mismatch, a github action could commit the changes and push into the branch
run: |
docker compose run better-angels bash <<'EOF'
yarn nx affected -t validate-graphql-schema
STATUS=$?
if [ $STATUS -ne 0 ]; then
echo "Error: The GraphQL schemas do not match! Make sure you have run 'yarn nx affected -t generate-graphql-schema' locally and committed the changes."
exit 1
else
echo "Success: The GraphQL schemas match!"
fi
yarn nx affected -t generate-graphql-types
TYPE_GEN_STATUS=$?
git diff --exit-code '**/gql-types/*';
DIFF_STATUS=$?
if [ $TYPE_GEN_STATUS -ne 0 ] || [ $DIFF_STATUS -ne 0 ]; then
echo "Error: The GraphQL types do not match or generation failed! Make sure you have run 'yarn nx affected -t generate-graphql-types' locally and committed the changes."
exit 1
else
echo "Success: The GraphQL types match!"
fi
EOF
- name: πŸ•΅πŸ»β€β™‚οΈ GraphQL Inspector
uses: kamilkisiela/graphql-inspector@master
# Warning: This now skips schema breaking checks in forked repositories.
# Resolve in: https://betterangels.atlassian.net/browse/DEV-690
if: ${{ github.event.pull_request.head.repo.fork == false }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
schema: main:apps/betterangels-backend/schema.graphql
fail-on-breaking: true
approve-label: graphql-inspector:approved-breaking-change
- name: πŸ”¬ Typecheck
run: |
docker compose run better-angels bash <<'EOF'
yarn nx affected -t typecheck
EOF
- name: πŸ§ͺ Test
run: |
docker compose run better-angels bash <<'EOF'
# Exclude Betterangels Frontend Given its CI is not setup yet
yarn nx affected -t test
EOF
- name: πŸ› οΈ Build and Push Artifacts
if: ${{ env.BRANCH_NAME == 'main' }}
run: |
docker compose run better-angels bash <<'EOF'
# Exclude Betterangels Frontend Given its CI is not setup yet
yarn nx affected -t build --exclude=betterangels,shelter
EOF
env:
AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }}
INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: πŸš€ Deploy Changes
if: ${{ env.BRANCH_NAME == 'main' }}
run: |
docker compose run better-angels bash <<'EOF'
# Exclude Betterangels Frontend Given its CI is not setup yet
yarn nx affected -t deploy --exclude=betterangels,shelter
EOF
- name: ⏹️ Spin down monorepo environment
if: always()
run: |
docker compose down
sudo chown -R 1001:1001 .git