144 lines
5.5 KiB
YAML
144 lines
5.5 KiB
YAML
---
|
|
name: "dashboard: check and build"
|
|
on:
|
|
pull_request_target:
|
|
paths:
|
|
- '.github/workflows/wf_build_artifacts.yaml'
|
|
- '.github/workflows/wf_check.yaml'
|
|
- '.github/workflows/dashboard_checks.yaml'
|
|
|
|
# common build
|
|
- 'flake.nix'
|
|
- 'flake.lock'
|
|
- 'nixops/**'
|
|
- 'build/**'
|
|
|
|
# common javascript
|
|
- ".npmrc"
|
|
- ".prettierignore"
|
|
- ".prettierrc.js"
|
|
- "audit-ci.jsonc"
|
|
- "package.json"
|
|
- "pnpm-workspace.yaml"
|
|
- "pnpm-lock.yaml"
|
|
- "turbo.json"
|
|
|
|
# dashboard
|
|
- "dashboard/**"
|
|
|
|
# nhost-js
|
|
- packages/nhost-js/**
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
|
|
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
|
|
|
|
jobs:
|
|
check-permissions:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- run: |
|
|
echo "github.event_name: ${{ github.event_name }}"
|
|
echo "github.event.pull_request.author_association: ${{ github.event.pull_request.author_association }}"
|
|
- name: "This task will run and fail if user has no permissions and label safe_to_test isn't present"
|
|
if: "github.event_name == 'pull_request_target' && ! ( contains(github.event.pull_request.labels.*.name, 'safe_to_test') || contains(fromJson('[\"OWNER\", \"MEMBER\", \"COLLABORATOR\"]'), github.event.pull_request.author_association) )"
|
|
run: |
|
|
exit 1
|
|
|
|
deploy-vercel:
|
|
uses: ./.github/workflows/wf_deploy_vercel.yaml
|
|
needs:
|
|
- check-permissions
|
|
with:
|
|
NAME: dashboard
|
|
GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
|
|
ENVIRONMENT: preview
|
|
secrets:
|
|
AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
|
|
NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
|
|
NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
|
|
VERCEL_TEAM_ID: ${{ secrets.DASHBOARD_VERCEL_TEAM_ID }}
|
|
VERCEL_PROJECT_ID: ${{ secrets.DASHBOARD_STAGING_VERCEL_PROJECT_ID }}
|
|
VERCEL_DEPLOY_TOKEN: ${{ secrets.DASHBOARD_VERCEL_DEPLOY_TOKEN }}
|
|
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
|
|
|
|
|
|
build_artifacts:
|
|
uses: ./.github/workflows/wf_build_artifacts.yaml
|
|
needs:
|
|
- check-permissions
|
|
with:
|
|
NAME: dashboard
|
|
PATH: dashboard
|
|
GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
|
|
VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
|
|
DOCKER: true
|
|
OS_MATRIX: '["blacksmith-2vcpu-ubuntu-2404"]'
|
|
secrets:
|
|
AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
|
|
NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
|
|
NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
|
|
|
|
|
|
tests:
|
|
uses: ./.github/workflows/wf_check.yaml
|
|
needs:
|
|
- check-permissions
|
|
- build_artifacts
|
|
with:
|
|
NAME: dashboard
|
|
PATH: dashboard
|
|
GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
|
|
secrets:
|
|
AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
|
|
NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
|
|
NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
|
|
|
|
|
|
e2e_staging:
|
|
uses: ./.github/workflows/dashboard_wf_e2e_staging.yaml
|
|
needs:
|
|
- check-permissions
|
|
- deploy-vercel
|
|
- build_artifacts
|
|
with:
|
|
NAME: dashboard
|
|
PATH: dashboard
|
|
GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
|
|
NHOST_TEST_DASHBOARD_URL: ${{ needs.deploy-vercel.outputs.preview-url }}
|
|
NHOST_TEST_PROJECT_NAME: ${{ vars.NHOST_TEST_PROJECT_NAME }}
|
|
NHOST_TEST_ORGANIZATION_NAME: ${{ vars.NHOST_TEST_ORGANIZATION_NAME }}
|
|
NHOST_TEST_ORGANIZATION_SLUG: ${{ vars.NHOST_TEST_ORGANIZATION_SLUG }}
|
|
NHOST_TEST_PERSONAL_ORG_SLUG: ${{ vars.NHOST_TEST_PERSONAL_ORG_SLUG }}
|
|
NHOST_TEST_PROJECT_SUBDOMAIN: ${{ vars.NHOST_TEST_PROJECT_SUBDOMAIN }}
|
|
NHOST_TEST_PROJECT_REMOTE_SCHEMA_NAME: ${{ vars.NHOST_TEST_PROJECT_REMOTE_SCHEMA_NAME }}
|
|
NHOST_PRO_TEST_PROJECT_NAME: ${{ vars.NHOST_PRO_TEST_PROJECT_NAME }}
|
|
secrets:
|
|
AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
|
|
NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
|
|
NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
|
|
DASHBOARD_VERCEL_DEPLOY_TOKEN: ${{ secrets.DASHBOARD_VERCEL_DEPLOY_TOKEN }}
|
|
DASHBOARD_VERCEL_TEAM_ID: ${{ secrets.DASHBOARD_VERCEL_TEAM_ID }}
|
|
DASHBOARD_STAGING_VERCEL_PROJECT_ID: ${{ secrets.DASHBOARD_STAGING_VERCEL_PROJECT_ID }}
|
|
NHOST_TEST_USER_EMAIL: ${{ secrets.NHOST_TEST_USER_EMAIL }}
|
|
NHOST_TEST_USER_PASSWORD: ${{ secrets.NHOST_TEST_USER_PASSWORD }}
|
|
NHOST_TEST_PROJECT_ADMIN_SECRET: ${{ secrets.NHOST_TEST_PROJECT_ADMIN_SECRET }}
|
|
NHOST_TEST_ONBOARDING_USER: ${{ secrets.NHOST_TEST_ONBOARDING_USER }}
|
|
PLAYWRIGHT_REPORT_ENCRYPTION_KEY: ${{ secrets.PLAYWRIGHT_REPORT_ENCRYPTION_KEY }}
|
|
NHOST_TEST_STAGING_SUBDOMAIN: ${{ secrets.NHOST_TEST_STAGING_SUBDOMAIN }}
|
|
NHOST_TEST_STAGING_REGION: ${{ secrets.NHOST_TEST_STAGING_REGION }}
|
|
|
|
remove_label:
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- check-permissions
|
|
steps:
|
|
- uses: actions-ecosystem/action-remove-labels@v1
|
|
with:
|
|
labels: |
|
|
safe_to_test
|
|
if: contains(github.event.pull_request.labels.*.name, 'safe_to_test')
|