.github/workflows/publish.yml

name: Publish

concurrency:
  cancel-in-progress: true
  group: ${{ github.workflow }}-${{ github.event.pull_request.head.label || github.ref }}

on:
  push:
    branches:
      - '*'

  pull_request:
    types:
      - opened
      - synchronize
      - reopened

jobs:
  build-lint-test-docker-release:
    timeout-minutes: 30
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest

    runs-on: ${{ matrix.os }}
    # Service containers to run with `container-job`
    # services:
    #   # Label used to access the service container
    #   postgres:
    #     # Docker Hub image
    #     image: 'postgres:alpine'
    #     # Provide the password for postgres
    #     env:
    #       POSTGRES_USER: prisma_user
    #       POSTGRES_PASSWORD: CHANGE_ME_PLEASE_OR_I_WILL_CRY
    #       POSTGRES_DB: prisma
    #     # Set health checks to wait until postgres has started
    #     options: >-
    #       --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

    #   redis:
    #     # Docker Hub image
    #     image: redis:alpine
    #     # Set health checks to wait until redis has started
    #     options: >-
    #       --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5

    #     ports:
    #       # Maps port 6379 on service container to the host
    #       - 6379:6379

    steps:
      - name: Check out current repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      # Limit Docker builds to only necessary changes.
      # Unfortunately, this includes dependency changes as well due to the Dockerfile possibly breaking on lack of installed dependencies for building the application.
      - name: Verify Changed files
        uses: tj-actions/verify-changed-files@v20
        id: verify-changed-files
        with:
          files: |
            Dockerfile
            docker-compose.yml
            **/*/package.json
            **/*/pnpm-lock.yaml

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: '.nvmrc'

      - name: Restore backend build from cache
        if: ${{ !github.event.act }}
        uses: actions/cache@v4
        with:
          path: |
            ${{ github.workspace }}/backend/dist
            ${{ github.workspace }}/**/tsconfig.tsbuildinfo
          # Generate a new cache whenever packages or source files change.
          key: ${{ runner.os }}-backend-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('backend/src/**.[jt]s?', 'backend/src/**.json') }}
          # If source files changed but packages didn't, rebuild from a prior cache.
          restore-keys: |
            ${{ runner.os }}-backend-${{ hashFiles('**/pnpm-lock.yaml') }}-

      # see https://github.com/vercel/next.js/pull/27362
      - name: Restore frontend build from cache
        if: ${{ !github.event.act }}
        uses: actions/cache@v4
        with:
          path: |
            ${{ github.workspace }}/frontend/.next/cache
            ${{ github.workspace }}/.cache
            ~/.cache
            ${{ github.workspace }}/**/tsconfig.tsbuildinfo
          # Generate a new cache whenever packages or source files change.
          key: ${{ runner.os }}-frontend-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('frontend/src/**.[jt]sx?', 'frontend/src/**.json') }}
          # If source files changed but packages didn't, rebuild from a prior cache.
          restore-keys: |
            ${{ runner.os }}-frontend-${{ hashFiles('**/pnpm-lock.yaml') }}-

      - name: 📥 Monorepo install all deps & pnpm
        uses: ./.github/actions/pnpm-install

      # - name: Create and seed test database
      #   working-directory: backend
      #   run: |
      #     pnpm exec prisma db push
      #     pnpm exec prisma db seed
      #   env:
      #     PRISMA_DATABASE_URL: postgresql://postgres:postgres@localhost:5432/auth-backend?schema=public
      - name: 👁️ Ensure Code is Linted
        run: |
          pnpm lint:check
      - name: 🚧 Ensure Code is Formatted
        run: |
          pnpm format:check
      - name: 📝 Rename .env.example to .env
        run: |
          mv .env.example .env
      - name: 🏄‍♂️ Copy .env to backend
        run: |
          cp .env backend/.env
      - name: 🤖 Build Project
        run: |
          pnpm build
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: 🐳 Build Docker Compose
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        run: |
          docker compose build
      - name: Bring up dependent containers
        run: |
          docker compose up redis db db2 -d
      # TODO: Make this more graceful and make it only test if our Dockerfile builds when changes are made to it.
      - name: 🥳 Run Jest Tests (project-wide)
        run: |
          pnpm test:jest
      - name: Run Cypress
        uses: cypress-io/github-action@v6
        with:
          working-directory: frontend
          start: pnpm dev:cypress
          wait-on: 'http://localhost:3000, http://localhost:8000'
      - name: 📤 Upload Code coverage to Codecov
        if: ${{ !github.event.act }}
        uses: codecov/codecov-action@v5

      - uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: cypress-screenshots
          path: ./frontend/cypress/screenshots
      - uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: cypress-videos
          path: ./frontend/cypress/videos
      - uses: actions/upload-artifact@v4
        if: ${{ !github.event.act }}
        with:
          name: Frontend Build
          path: |
            ./frontend/.next
            ./frontend/out
            ./frontend/public
      - uses: actions/upload-artifact@v4
        if: ${{ !github.event.act }}
        with:
          name: Backend Build
          path: ./backend/dist
      - name: Import GPG key
        id: import_gpg
        if: ${{ !github.event.act }} && github.event_name != 'pull_request'
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: false
          git_push_gpgsign: false
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: 🌋 Publish to the great interwebs.
        uses: cycjimmy/semantic-release-action@v4
        if: ${{ !github.event.act }} && github.event_name != 'pull_request'
        env:
          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
          GIT_AUTHOR_NAME: ${{ steps.import_gpg.outputs.name }}
          GIT_AUTHOR_EMAIL: ${{ steps.import_gpg.outputs.email }}
          GIT_COMMITTER_NAME: ${{ steps.import_gpg.outputs.name }}
          GIT_COMMITTER_EMAIL: ${{ steps.import_gpg.outputs.email }}
          signingKeyId: ${{ steps.import_gpg.outputs.keyid }}
          signingKey: ${{ secrets.GPG_PRIVATE_KEY }}
          signingPassword: ${{ secrets.PASSPHRASE }}
          GH_URL: 'https://api.github.com/'
          HUSKY: 0