Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test: Migrate CI to GtiHub [SDK-4450] #1437

Merged
merged 22 commits into from
Oct 13, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 0 additions & 55 deletions .circleci/config.yml

This file was deleted.

30 changes: 30 additions & 0 deletions .github/actions/build/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Build package
description: Build the SDK package

inputs:
node:
description: The Node version to use
required: false
default: 18

runs:
using: composite

steps:
- uses: actions/setup-node@v3
with:
node-version: ${{ inputs.node }}
cache: npm

- shell: bash
run: npm ci
env:
NODE_ENV: development

- shell: bash
run: npm run install:example
env:
NODE_ENV: development

- shell: bash
run: npm run build
25 changes: 25 additions & 0 deletions .github/actions/prepare/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Prepare test
description: Prepare an SDK test

inputs:
node:
description: The Node version to use
required: false
default: 18
cache:
description: The cache key identifier to use
required: true

runs:
using: composite

steps:
- uses: actions/setup-node@v3
with:
node-version: ${{ inputs.node }}
cache: npm

- uses: actions/cache/restore@v3
with:
path: .
key: ${{ inputs.cache }}
9 changes: 7 additions & 2 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,14 @@
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-major"]

- package-ecosystem: 'github-actions'
directory: '/'
schedule:
interval: 'daily'
57 changes: 57 additions & 0 deletions .github/workflows/browserstack.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Browserstack

on:
merge_group:
workflow_dispatch:
pull_request:
types:
- opened
- synchronize
push:
branches:
- main

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

env:
NODE_VERSION: 18
CACHE_KEY: '${{ github.event.pull_request.head.sha || github.ref }}-${{ github.run_id }}-${{ github.run_attempt }}'

jobs:
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true

browserstack:
needs: authorize # Require approval before running on forked pull requests

name: Run Tests
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}

- uses: ./.github/actions/build
with:
node: ${{ env.NODE_VERSION }}

- shell: bash
run: npm i --prefix=example-app --no-package-lock
env:
NODE_ENV: development

- shell: bash
run: npx start-server-and-test "start:example-local" http://localhost:3000 "browserstack-cypress run --build-name ${{ github.event.pull_request.head.sha || github.ref }} --no-wrap"
env:
BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
53 changes: 53 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: CodeQL

on:
merge_group:
pull_request:
types:
- opened
- synchronize
push:
branches:
- main
schedule:
- cron: '37 10 * * 2'

permissions:
actions: read
contents: read
security-events: write

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
analyze:
name: Check for Vulnerabilities
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
language: [javascript]

steps:
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.

- name: Checkout
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: +security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: '/language:${{ matrix.language }}'
110 changes: 110 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
name: Publish Release

on:
workflow_dispatch:
inputs:
branch:
description: The branch to release from
required: true
default: main
version:
description: The version being published. This should be a valid semver version, such as `1.0.0`.
required: true
default: ''
type: string
dry-run:
type: boolean
description: Perform a publishing dry run. This will not publish the release, but will validate the release and log the commands that would be run.
default: false

permissions:
contents: read
id-token: write # For publishing to NPM with provenance. Allows developers to run `npm audit signatures` and verify release signature of SDK. @see https://github.blog/2023-04-19-introducing-npm-package-provenance/
packages: write # For cross-publishing to GitHub Packages registry.

env:
NODE_VERSION: 18
NODE_ENV: development

jobs:
configure:
name: Validate input parameters
runs-on: ubuntu-latest

outputs:
vtag: ${{ steps.vtag.outputs.vtag }} # The fully constructed release tag to use for publishing
dry-run: ${{ steps.dry-run.outputs.dry-run }} # The dry-run flag to use for publishing, if applicable

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.inputs.branch }}

# Configure for dry-run, if applicable. @see https://docs.npmjs.com/cli/v9/commands/npm-publish#dry-run
- id: dry-run
if: ${{ github.event.inputs.dry-run == 'true' }}
name: Configure for `--dry-run`
run: |
echo "dry-run=--dry-run" >> $GITHUB_ENV
echo "dry-run=--dry-run" >> $GITHUB_OUTPUT

# Build the tag string from package.json version and release suffix. Produces something like `1.0.0-beta.1` for a beta, or `1.0.0` for a stable release.
- name: Build tag
id: vtag
run: |
PACKAGE_VERSION="${{ github.event.inputs.version }}"
echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_ENV
echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_OUTPUT

# Ensure tag does not already exist.
- name: Validate version
uses: actions/github-script@v6
env:
vtag: ${{ env.vtag }}
with:
script: |
const releaseMeta = github.rest.repos.listReleases.endpoint.merge({
owner: context.repo.owner,
repo: context.repo.repo,
});

const releases = await github.paginate(releaseMeta);

for (const release of releases) {
if (release.name === process.env.vtag) {
throw new Error(`${process.env.vtag} already exists`);
}
}

console.log(`${process.env.vtag} does not exist. Proceeding with release.`)

publish-npm:
needs: configure

name: Publish to NPM
runs-on: ubuntu-latest
environment: 'release'

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.inputs.branch }}

- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
evansims marked this conversation as resolved.
Show resolved Hide resolved
registry-url: 'https://registry.npmjs.org'

- name: Install dependencies
run: npm ci

- name: Publish release to NPM
run: npm publish --provenance --tag ${{ needs.configure.outputs.vtag }} ${{ needs.configure.outputs.dry-run }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
Loading
Loading