Skip to content

ci: comment out nx step for fixing missing SHA #511

ci: comment out nx step for fixing missing SHA

ci: comment out nx step for fixing missing SHA #511

Workflow file for this run

name: CI
on:
push:
branches:
- main
pull_request: {}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
NX_CLOUD_ACCESS_TOKEN: ${{secrets.NX_CLOUD_ACCESS_TOKEN}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install pnpm
uses: pnpm/action-setup@v2
with:
version: 7
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
# - name: Set base and head SHAs for nx
# uses: nrwl/nx-set-shas@v3
- name: Run linting
run: NX_BRANCH=$GITHUB_HEAD_REF pnpx nx affected --target=lint --parallel=10
# +++ COMMENTED OUT BECAUSE THIS IS A SEPARATE ISSUE: https://github.com/Frachtwerk/essencium-frontend/issues/221 +++
# unit-tests:
# name: Unit Tests
# runs-on: ubuntu-latest
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
# with:
# fetch-depth: 0
# - name: Install pnpm
# uses: pnpm/action-setup@v2
# with:
# version: 7
# - name: Setup Node
# uses: actions/setup-node@v3
# with:
# node-version: 18
# cache: 'pnpm'
# - name: Install dependencies
# run: pnpm install --frozen-lockfile
# - name: Set base and head SHAs for nx
# uses: nrwl/nx-set-shas@v3
# - name: Run unit tests
# run: NX_BRANCH=$GITHUB_HEAD_REF pnpx nx affected --target=test:unit --parallel=10
# e2e-tests:
# name: E2E Tests
# runs-on: ubuntu-latest
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
# with:
# fetch-depth: 0
# - name: Install pnpm
# uses: pnpm/action-setup@v2
# with:
# version: 7
# - name: Setup Node
# uses: actions/setup-node@v3
# with:
# node-version: 18
# cache: 'pnpm'
# - name: Install dependencies
# run: pnpm install --frozen-lockfile
# - name: Get installed Playwright version
# run: echo "PLAYWRIGHT_VERSION=$(node -e "console.log(require('./packages/app/package.json').dependencies['@playwright/test'])")" >> $GITHUB_ENV
# - name: Cache Playwright
# uses: actions/cache@v3
# id: playwright-cache
# with:
# path: ~/.cache/ms-playwright
# key: ${{ runner.os }}-playwright-${{ env.PLAYWRIGHT_VERSION }}
# - name: Install Playwright
# run: pnpx playwright install --with-deps
# - name: Run E2E tests
# run: pnpm test:e2e
# env:
# ADMIN_USERNAME: ${{ secrets.ADMIN_USERNAME }}
# ADMIN_PASSWORD: ${{ secrets.ADMIN_PASSWORD }}
# Not active as long as repo is private, because otherwise the Artifact storage quota will be exceeded.
# - name: Upload E2E test results
# uses: actions/upload-artifact@v3
# if: always()
# with:
# name: e2e-test-results
# path: |
# packages/app/test-results
# packages/app/playwright-report
security:
name: Vulnerability Scan
runs-on: ubuntu-20.04
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install pnpm
uses: pnpm/action-setup@v2
with:
version: 7
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Set base and head SHAs for nx
uses: nrwl/nx-set-shas@v3
- name: Build
if: steps.cache-dist.outputs.cache-hit != 'true'
run: NX_BRANCH=$GITHUB_HEAD_REF pnpx nx build @frachtwerk/essencium-app
env:
ADMIN_USERNAME: ${{ secrets.ADMIN_USERNAME }}
ADMIN_PASSWORD: ${{ secrets.ADMIN_PASSWORD }}
- name: Upload 'lib' dist folder
uses: actions/upload-artifact@v3
with:
name: lib-dist
path: packages/lib/dist
- name: Upload 'types' dist folder
uses: actions/upload-artifact@v3
with:
name: types-dist
path: packages/types/dist
- name: Cache dist folder for 'app' package
id: cache-dist
uses: actions/cache@v3
env:
cache-name: cache-dist
with:
path: packages/app/dist
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('pnpm-lock.yaml') }}
release:
name: Release
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs: [lint, build, security] # [lint, unit-tests, e2e-tests, build, security]
steps:
- name: Release Please
uses: google-github-actions/release-please-action@v3
id: release
with:
release-type: node
command: manifest
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install pnpm
uses: pnpm/action-setup@v2
with:
version: 7
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18
cache: 'pnpm'
registry-url: 'https://registry.npmjs.org'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Download 'lib' dist folder
uses: actions/download-artifact@v3
with:
name: lib-dist
path: packages/lib/dist
- name: Download 'types' dist folder
uses: actions/download-artifact@v3
with:
name: types-dist
path: packages/types/dist
- name: Publish 'lib' package
run: pnpm publish --filter "@frachtwerk/essencium-lib" --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Publish 'types' package
run: pnpm publish --filter "@frachtwerk/essencium-types" --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Publish 'prettier-config-essencium' package
run: pnpm publish --filter "@frachtwerk/prettier-config-essencium" --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Publish 'eslint-config-essencium' package
run: pnpm publish --filter "@frachtwerk/eslint-config-essencium" --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}