Build #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
- ready_for_review | |
merge_group: | |
workflow_dispatch: | |
inputs: | |
dryRun: | |
description: 'Dry-Run' | |
default: 'true' | |
required: false | |
permissions: | |
contents: read | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.number || github.ref }} | |
cancel-in-progress: ${{ github.ref_name != 'main' }} | |
env: | |
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
NODE_VERSION: 20 | |
PDM_VERSION: 2.18.1 # renovate: datasource=pypi depName=pdm | |
DRY_RUN: true | |
TEST_LEGACY_DECRYPTION: true | |
SPARSE_CHECKOUT: |- | |
.github/actions/ | |
data/ | |
tools/ | |
package.json | |
pnpm-lock.yaml | |
jobs: | |
setup: | |
runs-on: ubuntu-latest | |
outputs: | |
os-matrix: ${{ steps.os-matrix.outputs.os-matrix }} | |
os-matrix-is-full: ${{ steps.os-matrix-is-full.outputs.os-matrix-is-full }} | |
os-matrix-prefetch: ${{ steps.os-matrix-prefetch.outputs.matrix }} | |
test-shard-matrix: ${{ steps.schedule-test-shards.outputs.test-shard-matrix }} | |
test-matrix-empty: ${{ steps.schedule-test-shards.outputs.test-matrix-empty }} | |
steps: | |
- name: Calculate `os-matrix-is-full` output | |
id: os-matrix-is-full | |
env: | |
IS_FULL: >- | |
${{ | |
( | |
github.event_name != 'pull_request' || | |
contains(github.event.pull_request.labels.*.name, 'ci:fulltest') | |
) && 'true' || '' | |
}} | |
run: | | |
echo 'OS_MATRIX_IS_FULL=${{ env.IS_FULL }}' >> "$GITHUB_ENV" | |
echo 'os-matrix-is-full=${{ env.IS_FULL }}' >> "$GITHUB_OUTPUT" | |
- name: Calculate `os-matrix` output | |
id: os-matrix | |
env: | |
OS_ALL: '["ubuntu-latest", "macos-latest", "windows-latest"]' | |
OS_LINUX_ONLY: '["ubuntu-latest"]' | |
run: | | |
echo 'os-matrix=${{ | |
env.OS_MATRIX_IS_FULL && env.OS_ALL || env.OS_LINUX_ONLY | |
}}' >> "$GITHUB_OUTPUT" | |
- name: Detect changed files | |
if: ${{ github.event_name == 'pull_request' }} | |
id: changed-files | |
env: | |
GH_TOKEN: ${{ github.token }} | |
GH_REPO: ${{ github.event.repository.full_name }} | |
PR_URL: >- | |
https://api.github.com/repos/{owner}/{repo}/compare/${{ | |
github.event.pull_request.base.sha | |
}}...${{ | |
github.event.pull_request.head.sha | |
}} | |
JQ_FILTER: >- | |
"changed-files=" + ([.files[].filename] | tostring) | |
run: gh api ${{ env.PR_URL }} | jq -rc '${{ env.JQ_FILTER }}' >> "$GITHUB_OUTPUT" | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
filter: blob:none # we don't need all blobs | |
sparse-checkout: ${{ env.SPARSE_CHECKOUT }} | |
show-progress: false | |
- name: Calculate matrix for `node_modules` prefetch | |
uses: ./.github/actions/calculate-prefetch-matrix | |
id: os-matrix-prefetch | |
with: | |
repo: ${{ github.event.repository.full_name }} | |
token: ${{ github.token }} | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Prefetch test modules for `ubuntu-latest` | |
id: setup-node | |
uses: ./.github/actions/setup-node | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
os: ${{ runner.os }} | |
save-cache: true | |
- name: Schedule test shards | |
id: schedule-test-shards | |
env: | |
ALL_PLATFORMS: ${{ env.OS_MATRIX_IS_FULL }} | |
FILTER_SHARDS: ${{ github.event.pull_request.draft && 'true' || '' }} | |
CHANGED_FILES: ${{ steps.changed-files.outputs.changed-files }} | |
run: | | |
echo "$(pnpm -s schedule-test-shards)" >> "$GITHUB_OUTPUT" | |
setup-build: | |
runs-on: ubuntu-latest | |
outputs: | |
node-version: ${{ env.NODE_VERSION }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
filter: blob:none # we don't need all blobs | |
sparse-checkout: ${{ env.SPARSE_CHECKOUT }} | |
show-progress: false | |
- name: Prefetch build modules for `ubuntu-latest` | |
uses: ./.github/actions/setup-node | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
os: ${{ runner.os }} | |
save-cache: true | |
prefetch: | |
needs: [setup] | |
# We can't check `needs.setup.outputs.os-matrix-is-full` here, | |
# as it will lead to further complications that aren't solvable | |
# with current GitHub Actions feature set. | |
# | |
# Although this job sometimes may act as short-lived `no-op`, | |
# it's actually the best option available. | |
# | |
# However, in draft mode we can skip this step. | |
if: | | |
!(github.event.pull_request.draft == true && | |
needs.setup.outputs.test-matrix-empty == 'true') | |
strategy: | |
matrix: | |
os: ${{ fromJSON(needs.setup.outputs.os-matrix-prefetch) }} | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout code | |
if: needs.setup.outputs.os-matrix-is-full && runner.os != 'Linux' | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
filter: blob:none # we don't need all blobs | |
sparse-checkout: ${{ env.SPARSE_CHECKOUT }} | |
show-progress: false | |
- name: Setup Node.js | |
if: needs.setup.outputs.os-matrix-is-full && runner.os != 'Linux' | |
uses: ./.github/actions/setup-node | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
os: ${{ runner.os }} | |
save-cache: true | |
lint-eslint: | |
needs: | |
- setup-build | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
permissions: | |
actions: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
show-progress: false | |
- name: Setup Node.js | |
uses: ./.github/actions/setup-node | |
with: | |
node-version: ${{ needs.setup-build.outputs.node-version }} | |
os: ${{ runner.os }} | |
- name: Restore eslint cache | |
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: .cache/eslint | |
key: eslint-main-cache | |
- name: Lint | |
run: pnpm eslint-ci | |
- name: Remove cache | |
if: github.event_name == 'push' | |
env: | |
GH_TOKEN: ${{ github.token }} | |
GH_REPO: ${{ github.event.repository.full_name }} | |
run: | | |
gh api --method DELETE /repos/{owner}/{repo}/actions/caches?key=eslint-main-cache || | |
echo "Cache not found" | |
- name: Save eslint cache | |
if: github.event_name == 'push' | |
uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: .cache/eslint | |
key: eslint-main-cache | |
lint-other: | |
needs: | |
- setup-build | |
runs-on: ubuntu-latest | |
timeout-minutes: 7 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
show-progress: false | |
- name: Setup Node.js | |
uses: ./.github/actions/setup-node | |
with: | |
node-version: ${{ needs.setup-build.outputs.node-version }} | |
os: ${{ runner.os }} | |
- name: Type check | |
run: pnpm type-check | |
- name: Lint project file structure | |
run: pnpm ls-lint | |
- name: Check git version | |
run: pnpm git-check | |
- name: Test schema | |
run: pnpm test-schema | |
build: | |
needs: | |
- setup-build | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
if: github.event.pull_request.draft != true | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
show-progress: false | |
- name: Setup Node.js | |
uses: ./.github/actions/setup-node | |
with: | |
node-version: ${{ needs.setup-build.outputs.node-version }} | |
os: ${{ runner.os }} | |
- name: Build | |
run: pnpm build | |
- name: Build docker | |
run: pnpm build:docker build --tries=3 | |
env: | |
LOG_LEVEL: debug | |
- name: Pack | |
run: pnpm test-e2e:pack | |
- name: Upload | |
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
with: | |
name: renovate-package | |
path: renovate-0.0.0-semantic-release.tgz | |
test-e2e: | |
needs: [build] | |
runs-on: 'ubuntu-latest' | |
timeout-minutes: 7 | |
if: github.event.pull_request.draft != true | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
show-progress: false | |
- name: Setup pnpm | |
uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
with: | |
standalone: true | |
- name: Setup Node.js | |
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Download package | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: renovate-package | |
- name: Install dependencies | |
run: pnpm test-e2e:install | |
- name: E2E Test | |
run: pnpm test-e2e:run | |
release: | |
needs: | |
- setup-build | |
- lint-eslint | |
- lint-other | |
- build | |
if: github.repository == 'renovatebot/renovate' && github.event_name != 'pull_request' | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
permissions: | |
contents: write | |
issues: write | |
pull-requests: write | |
id-token: write | |
packages: write | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
fetch-depth: 0 # zero stands for full checkout, which is required for semantic-release | |
filter: blob:none # we don't need all blobs, only the full tree | |
show-progress: false | |
- name: docker-config | |
uses: containerbase/internal-tools@8547f01d73522b44482b8757716e4e1d73cf3a66 # v3.4.7 | |
with: | |
command: docker-config | |
- name: Setup Node.js | |
uses: ./.github/actions/setup-node | |
with: | |
node-version: ${{ needs.setup-build.outputs.node-version }} | |
os: ${{ runner.os }} | |
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 | |
- name: Docker registry login | |
run: | | |
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin | |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin | |
- name: Check dry run | |
run: | | |
if [[ "${{github.event_name}}" == "workflow_dispatch" && "${{ github.event.inputs.dryRun }}" != "true" ]]; then | |
echo "DRY_RUN=false" >> "$GITHUB_ENV" | |
elif [[ "${{github.ref}}" == "refs/heads/${{env.DEFAULT_BRANCH}}" ]]; then | |
echo "DRY_RUN=false" >> "$GITHUB_ENV" | |
elif [[ "${{github.ref}}" =~ ^refs/heads/v[0-9]+(\.[0-9]+)?$ ]]; then | |
echo "DRY_RUN=false" >> "$GITHUB_ENV" | |
fi | |
- name: semantic-release | |
run: | | |
pnpm semantic-release --dry-run ${{env.DRY_RUN}} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} # TODO: use action token? | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
LOG_LEVEL: debug |