code-snippet-sharing/.github/workflows/ci.yml at 903d6cee9e73cfbb1bde8fc5fc5deca06768e3fc · nodeexx/code-snippet-sharing · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
name: ci

on:
    pull_request:
        branches:
            - main
            - stage
            - prod

jobs:
    ci:
        if: always()
        needs:
            [
                app-code-linting,
                app-tests-unit-node,
                app-tests-unit-dom,
                app-tests-playwright-e2e,
                app-tests-playwright-api,
                commits-linting,
                forbidden-comments-linting,
            ]
        runs-on: ubuntu-22.04
        steps:
            - name: Check jobs status
              run: if ${{ contains(needs.*.result, 'failure') }}; then exit 1; fi
            - name: Dependencies completed
              run: echo 'All dependencies completed'

    app-code-linting:
        runs-on: ubuntu-22.04
        steps:
            - name: Checkout
              uses: actions/checkout@v6
              with:
                  # Make sure the actual branch is checked out when running on pull requests
                  ref: ${{ github.head_ref }}
            - name: Reveal secret .env files
              uses: entrostat/git-secret-action@v4
              with:
                  gpg-private-key: ${{ secrets.GIT_SECRET_PRIVATE_KEY }}
            - name: Setup Node.js
              uses: actions/setup-node@v6
              with:
                  node-version: '24.13.1'
                  cache: 'npm'
                  cache-dependency-path: package-lock.json
            - name: Install NPM dependencies
              run: npm ci
            - name: Build and lint
              run: npm run build && npm run lint

    app-tests-unit-node:
        runs-on: ubuntu-22.04
        strategy:
            matrix:
                index: ['1']
        steps:
            - name: Checkout
              uses: actions/checkout@v6
              with:
                  # Make sure the actual branch is checked out when running on pull requests
                  ref: ${{ github.head_ref }}
            - name: Setup Node.js
              uses: actions/setup-node@v6
              with:
                  node-version: '24.13.1'
                  cache: 'npm'
                  cache-dependency-path: package-lock.json
            - name: Install NPM dependencies
              run: npm ci
            - name: Run node unit tests
              run: |
                  npm run test:unit:node -- --shard=${{matrix.index}}/1

    app-tests-unit-dom:
        runs-on: ubuntu-22.04
        strategy:
            matrix:
                index: ['1']
        steps:
            - name: Checkout
              uses: actions/checkout@v6
              with:
                  # Make sure the actual branch is checked out when running on pull requests
                  ref: ${{ github.head_ref }}
            - name: Setup Node.js
              uses: actions/setup-node@v6
              with:
                  node-version: '24.13.1'
                  cache: 'npm'
                  cache-dependency-path: package-lock.json
            - name: Install NPM dependencies
              run: npm ci
            - name: Run dom unit tests
              run: |
                  npm run test:unit:dom -- --shard=${{matrix.index}}/1

    app-tests-playwright-e2e:
        runs-on: ubuntu-22.04
        steps:
            - name: Checkout
              uses: actions/checkout@v6
              with:
                  ref: ${{ github.head_ref }}
            - name: Setup Node.js
              uses: actions/setup-node@v6
              with:
                  node-version: '24.13.1'
                  cache: 'npm'
                  cache-dependency-path: package-lock.json
            - name: Install NPM dependencies
              run: npm ci
            - name: Reveal secret .env files
              uses: entrostat/git-secret-action@v4
              with:
                  gpg-private-key: ${{ secrets.GIT_SECRET_PRIVATE_KEY }}
            - name: Prepare folders for failed test data
              run: mkdir --parents "${PWD}/reports/playwright/e2e/playwright-report" "${PWD}/reports/playwright/e2e/test-results"
            - name: Run E2E tests
              id: run-e2e-tests
              run: ./scripts/stack/local/all/e2e/headless.js
            - name: Upload data for failed tests
              if: failure() && steps.run-e2e-tests.outcome == 'failure'
              uses: actions/upload-artifact@v6
              with:
                  name: e2e-failed-tests-data
                  path: |
                      ${{ github.workspace }}/reports/playwright/e2e/playwright-report
                      ${{ github.workspace }}/reports/playwright/e2e/test-results
                  retention-days: 3

    app-tests-playwright-api:
        runs-on: ubuntu-22.04
        steps:
            - name: Checkout
              uses: actions/checkout@v6
              with:
                  ref: ${{ github.head_ref }}
            - name: Setup Node.js
              uses: actions/setup-node@v6
              with:
                  node-version: '24.13.1'
                  cache: 'npm'
                  cache-dependency-path: package-lock.json
            - name: Install NPM dependencies
              run: npm ci
            - name: Reveal secret .env files
              uses: entrostat/git-secret-action@v4
              with:
                  gpg-private-key: ${{ secrets.GIT_SECRET_PRIVATE_KEY }}
            - name: Prepare folders for failed test data
              run: mkdir --parents "${PWD}/reports/playwright/api/playwright-report" "${PWD}/reports/playwright/api/test-results"
            - name: Run API tests
              id: run-api-tests
              run: ./scripts/stack/local/all/api/headless.js
            - name: Upload data for failed tests
              if: failure() && steps.run-api-tests.outcome == 'failure'
              uses: actions/upload-artifact@v6
              with:
                  name: api-failed-tests-data
                  path: |
                      ${{ github.workspace }}/reports/playwright/api/playwright-report
                      ${{ github.workspace }}/reports/playwright/api/test-results
                  retention-days: 3

    commits-linting:
        runs-on: ubuntu-22.04
        steps:
            - name: Checkout
              uses: actions/checkout@v6
              with:
                  ref: ${{ github.head_ref }}
            - name: 'Validate PR commits messages'
              run: |
                  PATTERN="(^wip|^fixup)"
                  MESSAGES=$(git log -n ${{ github.event.pull_request.commits }} --pretty="%s")
                  if echo "$MESSAGES" | grep -Eqi "$PATTERN"; then
                    echo "Commits messages are not valid"
                    exit 1
                  fi
                  echo "Commits messages are valid"

    forbidden-comments-linting:
        runs-on: ubuntu-22.04
        steps:
            - name: Checkout
              uses: actions/checkout@v6
              with:
                  ref: ${{ github.head_ref }}
            - name: Setup todos CLI command
              run: |
                  curl -sSLo slsa-verifier https://github.com/slsa-framework/slsa-verifier/releases/download/v2.4.1/slsa-verifier-linux-amd64 \
                  && echo "e81900c9f11a44276e1552afb7c1f6ea7b13ad9c6efdb920d97f23a76659e25f  slsa-verifier" | sha256sum -c - \
                  && chmod +x slsa-verifier

                  curl -sSLo todos https://github.com/ianlewis/todos/releases/download/v0.8.0/todos-linux-amd64 \
                  && curl -sSLo todos.intoto.jsonl https://github.com/ianlewis/todos/releases/download/v0.8.0/todos-linux-amd64.intoto.jsonl \
                  && ./slsa-verifier verify-artifact todos --provenance-path todos.intoto.jsonl --source-uri github.com/ianlewis/todos --source-tag v0.8.0 \
                  && chmod +x todos \
                  && sudo cp todos /usr/local/bin
            - name: Run todos CLI command
              run: |
                  output=$(./todos --output github --todo-types PTODO .)

                  echo "$output"

                  if [[ -z $(echo "$output" | grep -v '^[[:space:]]*$') ]]; then
                      # No non-empty lines found
                      exit 0
                  else
                      # Non-empty lines found
                      exit 1
                  fi