Build #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - ready_for_review | |
| merge_group: | |
| workflow_dispatch: | |
| inputs: | |
| dryRun: | |
| description: 'Dry-Run' | |
| default: 'true' | |
| required: false | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.number || github.ref }} | |
| cancel-in-progress: ${{ github.ref_name != 'main' }} | |
| env: | |
| DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
| NODE_VERSION: 20 | |
| PDM_VERSION: 2.18.1 # renovate: datasource=pypi depName=pdm | |
| DRY_RUN: true | |
| TEST_LEGACY_DECRYPTION: true | |
| SPARSE_CHECKOUT: |- | |
| .github/actions/ | |
| data/ | |
| tools/ | |
| package.json | |
| pnpm-lock.yaml | |
| jobs: | |
| setup: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| os-matrix: ${{ steps.os-matrix.outputs.os-matrix }} | |
| os-matrix-is-full: ${{ steps.os-matrix-is-full.outputs.os-matrix-is-full }} | |
| os-matrix-prefetch: ${{ steps.os-matrix-prefetch.outputs.matrix }} | |
| test-shard-matrix: ${{ steps.schedule-test-shards.outputs.test-shard-matrix }} | |
| test-matrix-empty: ${{ steps.schedule-test-shards.outputs.test-matrix-empty }} | |
| steps: | |
| - name: Calculate `os-matrix-is-full` output | |
| id: os-matrix-is-full | |
| env: | |
| IS_FULL: >- | |
| ${{ | |
| ( | |
| github.event_name != 'pull_request' || | |
| contains(github.event.pull_request.labels.*.name, 'ci:fulltest') | |
| ) && 'true' || '' | |
| }} | |
| run: | | |
| echo 'OS_MATRIX_IS_FULL=${{ env.IS_FULL }}' >> "$GITHUB_ENV" | |
| echo 'os-matrix-is-full=${{ env.IS_FULL }}' >> "$GITHUB_OUTPUT" | |
| - name: Calculate `os-matrix` output | |
| id: os-matrix | |
| env: | |
| OS_ALL: '["ubuntu-latest", "macos-latest", "windows-latest"]' | |
| OS_LINUX_ONLY: '["ubuntu-latest"]' | |
| run: | | |
| echo 'os-matrix=${{ | |
| env.OS_MATRIX_IS_FULL && env.OS_ALL || env.OS_LINUX_ONLY | |
| }}' >> "$GITHUB_OUTPUT" | |
| - name: Detect changed files | |
| if: ${{ github.event_name == 'pull_request' }} | |
| id: changed-files | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| GH_REPO: ${{ github.event.repository.full_name }} | |
| PR_URL: >- | |
| https://api.github.com/repos/{owner}/{repo}/compare/${{ | |
| github.event.pull_request.base.sha | |
| }}...${{ | |
| github.event.pull_request.head.sha | |
| }} | |
| JQ_FILTER: >- | |
| "changed-files=" + ([.files[].filename] | tostring) | |
| run: gh api ${{ env.PR_URL }} | jq -rc '${{ env.JQ_FILTER }}' >> "$GITHUB_OUTPUT" | |
| - name: Checkout code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| filter: blob:none # we don't need all blobs | |
| sparse-checkout: ${{ env.SPARSE_CHECKOUT }} | |
| show-progress: false | |
| - name: Calculate matrix for `node_modules` prefetch | |
| uses: ./.github/actions/calculate-prefetch-matrix | |
| id: os-matrix-prefetch | |
| with: | |
| repo: ${{ github.event.repository.full_name }} | |
| token: ${{ github.token }} | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Prefetch test modules for `ubuntu-latest` | |
| id: setup-node | |
| uses: ./.github/actions/setup-node | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| os: ${{ runner.os }} | |
| save-cache: true | |
| - name: Schedule test shards | |
| id: schedule-test-shards | |
| env: | |
| ALL_PLATFORMS: ${{ env.OS_MATRIX_IS_FULL }} | |
| FILTER_SHARDS: ${{ github.event.pull_request.draft && 'true' || '' }} | |
| CHANGED_FILES: ${{ steps.changed-files.outputs.changed-files }} | |
| run: | | |
| echo "$(pnpm -s schedule-test-shards)" >> "$GITHUB_OUTPUT" | |
| setup-build: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| node-version: ${{ env.NODE_VERSION }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| filter: blob:none # we don't need all blobs | |
| sparse-checkout: ${{ env.SPARSE_CHECKOUT }} | |
| show-progress: false | |
| - name: Prefetch build modules for `ubuntu-latest` | |
| uses: ./.github/actions/setup-node | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| os: ${{ runner.os }} | |
| save-cache: true | |
| prefetch: | |
| needs: [setup] | |
| # We can't check `needs.setup.outputs.os-matrix-is-full` here, | |
| # as it will lead to further complications that aren't solvable | |
| # with current GitHub Actions feature set. | |
| # | |
| # Although this job sometimes may act as short-lived `no-op`, | |
| # it's actually the best option available. | |
| # | |
| # However, in draft mode we can skip this step. | |
| if: | | |
| !(github.event.pull_request.draft == true && | |
| needs.setup.outputs.test-matrix-empty == 'true') | |
| strategy: | |
| matrix: | |
| os: ${{ fromJSON(needs.setup.outputs.os-matrix-prefetch) }} | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| if: needs.setup.outputs.os-matrix-is-full && runner.os != 'Linux' | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| filter: blob:none # we don't need all blobs | |
| sparse-checkout: ${{ env.SPARSE_CHECKOUT }} | |
| show-progress: false | |
| - name: Setup Node.js | |
| if: needs.setup.outputs.os-matrix-is-full && runner.os != 'Linux' | |
| uses: ./.github/actions/setup-node | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| os: ${{ runner.os }} | |
| save-cache: true | |
| build: | |
| needs: | |
| - setup-build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| if: github.event.pull_request.draft != true | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| show-progress: false | |
| - name: Setup Node.js | |
| uses: ./.github/actions/setup-node | |
| with: | |
| node-version: ${{ needs.setup-build.outputs.node-version }} | |
| os: ${{ runner.os }} | |
| - name: Build | |
| run: pnpm build | |
| - name: Build docker | |
| run: pnpm build:docker build --tries=3 | |
| env: | |
| LOG_LEVEL: debug | |
| - name: Pack | |
| run: pnpm test-e2e:pack | |
| - name: Upload | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
| with: | |
| name: renovate-package | |
| path: renovate-0.0.0-semantic-release.tgz | |
| release: | |
| needs: | |
| - setup-build | |
| - build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| id-token: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 # zero stands for full checkout, which is required for semantic-release | |
| filter: blob:none # we don't need all blobs, only the full tree | |
| show-progress: false | |
| - name: docker-config | |
| uses: containerbase/internal-tools@8547f01d73522b44482b8757716e4e1d73cf3a66 # v3.4.7 | |
| with: | |
| command: docker-config | |
| - name: Setup Node.js | |
| uses: ./.github/actions/setup-node | |
| with: | |
| node-version: ${{ needs.setup-build.outputs.node-version }} | |
| os: ${{ runner.os }} | |
| - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 | |
| - name: Determine Version | |
| uses: gittools/actions/gitversion/[email protected] | |
| id: gitversion | |
| with: | |
| useConfigFile: true | |
| - name: Build image | |
| run: | | |
| docker build \ | |
| -f tools/docker/Dockerfile \ | |
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" \ | |
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}" \ | |
| --cache-from ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest \ | |
| . | |
| - name: Log into registry | |
| if: ${{ (github.ref == 'refs/heads/main') || (!startsWith(github.ref, 'refs/pull')) || startsWith(github.ref, 'refs/tags') }} | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Push image (latest, ShortSha) | |
| run: | | |
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" | |
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}" | |