chore(deps): update github/codeql-action action to v3 #1244
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| concurrency: | |
| cancel-in-progress: true | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.head.label || github.ref }} | |
| on: | |
| push: | |
| branches: | |
| - '*' | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| jobs: | |
| build-lint-test-docker-release: | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| runs-on: ${{ matrix.os }} | |
| # Service containers to run with `container-job` | |
| # services: | |
| # # Label used to access the service container | |
| # postgres: | |
| # # Docker Hub image | |
| # image: 'postgres:alpine' | |
| # # Provide the password for postgres | |
| # env: | |
| # POSTGRES_USER: prisma_user | |
| # POSTGRES_PASSWORD: CHANGE_ME_PLEASE_OR_I_WILL_CRY | |
| # POSTGRES_DB: prisma | |
| # # Set health checks to wait until postgres has started | |
| # options: >- | |
| # --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| # redis: | |
| # # Docker Hub image | |
| # image: redis:alpine | |
| # # Set health checks to wait until redis has started | |
| # options: >- | |
| # --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5 | |
| # ports: | |
| # # Maps port 6379 on service container to the host | |
| # - 6379:6379 | |
| steps: | |
| - name: Check out current repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| # Limit Docker builds to only necessary changes. | |
| # Unfortunately, this includes dependency changes as well due to the Dockerfile possibly breaking on lack of installed dependencies for building the application. | |
| - name: Verify Changed files | |
| uses: tj-actions/verify-changed-files@v20 | |
| id: verify-changed-files | |
| with: | |
| files: | | |
| Dockerfile | |
| docker-compose.yml | |
| **/*/package.json | |
| **/*/pnpm-lock.yaml | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - name: Restore backend build from cache | |
| if: ${{ !github.event.act }} | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ${{ github.workspace }}/backend/dist | |
| ${{ github.workspace }}/**/tsconfig.tsbuildinfo | |
| # Generate a new cache whenever packages or source files change. | |
| key: ${{ runner.os }}-backend-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('backend/src/**.[jt]s?', 'backend/src/**.json') }} | |
| # If source files changed but packages didn't, rebuild from a prior cache. | |
| restore-keys: | | |
| ${{ runner.os }}-backend-${{ hashFiles('**/pnpm-lock.yaml') }}- | |
| # see https://github.com/vercel/next.js/pull/27362 | |
| - name: Restore frontend build from cache | |
| if: ${{ !github.event.act }} | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ${{ github.workspace }}/frontend/.next/cache | |
| ${{ github.workspace }}/.cache | |
| ~/.cache | |
| ${{ github.workspace }}/**/tsconfig.tsbuildinfo | |
| # Generate a new cache whenever packages or source files change. | |
| key: ${{ runner.os }}-frontend-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('frontend/src/**.[jt]sx?', 'frontend/src/**.json') }} | |
| # If source files changed but packages didn't, rebuild from a prior cache. | |
| restore-keys: | | |
| ${{ runner.os }}-frontend-${{ hashFiles('**/pnpm-lock.yaml') }}- | |
| - name: π₯ Monorepo install all deps & pnpm | |
| uses: ./.github/actions/pnpm-install | |
| # - name: Create and seed test database | |
| # working-directory: backend | |
| # run: | | |
| # pnpm exec prisma db push | |
| # pnpm exec prisma db seed | |
| # env: | |
| # PRISMA_DATABASE_URL: postgresql://postgres:postgres@localhost:5432/auth-backend?schema=public | |
| - name: ποΈ Ensure Code is Linted | |
| run: | | |
| pnpm lint:check | |
| - name: π§ Ensure Code is Formatted | |
| run: | | |
| pnpm format:check | |
| - name: π Rename .env.example to .env | |
| run: | | |
| mv .env.example .env | |
| - name: πββοΈ Copy .env to backend | |
| run: | | |
| cp .env backend/.env | |
| - name: π€ Build Project | |
| run: | | |
| pnpm build | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: π³ Build Docker Compose | |
| if: steps.verify-changed-files.outputs.files_changed == 'true' | |
| run: | | |
| docker compose build | |
| - name: Bring up dependent containers | |
| run: | | |
| docker compose up redis db db2 -d | |
| # TODO: Make this more graceful and make it only test if our Dockerfile builds when changes are made to it. | |
| - name: π₯³ Run Jest Tests (project-wide) | |
| run: | | |
| pnpm test:jest | |
| - name: Run Cypress | |
| uses: cypress-io/github-action@v6 | |
| with: | |
| working-directory: frontend | |
| start: pnpm dev:cypress | |
| wait-on: 'http://localhost:3000, http://localhost:8000' | |
| - name: π€ Upload Code coverage to Codecov | |
| if: ${{ !github.event.act }} | |
| uses: codecov/codecov-action@v5 | |
| - uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-screenshots | |
| path: ./frontend/cypress/screenshots | |
| - uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-videos | |
| path: ./frontend/cypress/videos | |
| - uses: actions/upload-artifact@v4 | |
| if: ${{ !github.event.act }} | |
| with: | |
| name: Frontend Build | |
| path: | | |
| ./frontend/.next | |
| ./frontend/out | |
| ./frontend/public | |
| - uses: actions/upload-artifact@v4 | |
| if: ${{ !github.event.act }} | |
| with: | |
| name: Backend Build | |
| path: ./backend/dist | |
| - name: Import GPG key | |
| id: import_gpg | |
| if: ${{ !github.event.act }} && github.event_name != 'pull_request' | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_tag_gpgsign: false | |
| git_push_gpgsign: false | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: π Publish to the great interwebs. | |
| uses: cycjimmy/semantic-release-action@v4 | |
| if: ${{ !github.event.act }} && github.event_name != 'pull_request' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| GIT_AUTHOR_NAME: ${{ steps.import_gpg.outputs.name }} | |
| GIT_AUTHOR_EMAIL: ${{ steps.import_gpg.outputs.email }} | |
| GIT_COMMITTER_NAME: ${{ steps.import_gpg.outputs.name }} | |
| GIT_COMMITTER_EMAIL: ${{ steps.import_gpg.outputs.email }} | |
| signingKeyId: ${{ steps.import_gpg.outputs.keyid }} | |
| signingKey: ${{ secrets.GPG_PRIVATE_KEY }} | |
| signingPassword: ${{ secrets.PASSPHRASE }} | |
| GH_URL: 'https://api.github.com/' | |
| HUSKY: 0 |