Poc/pms health checks #8

Workflow file for this run

.github/workflows/health_checks.yml at f9058b8

	name: health_checks

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	workflow_dispatch:

	jobs:
	install:
	strategy:
	matrix:
	# Windows install must happen on the same worker size as subsequent jobs.
	# Larger workers use different drive (C: instead of D:) to check out project and NPM installation
	# creates file system links that include drive letter.
	os: [ubuntu-latest, macos-latest, amplify-backend_windows-latest_8-core]
	runs-on: ${{ matrix.os }}
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/install_with_cache
	build:
	runs-on: ubuntu-latest
	needs:
	- install
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/build_with_cache
	test_with_coverage:
	needs:
	- build
	strategy:
	matrix:
	os: [ubuntu-latest, macos-latest, amplify-backend_windows-latest_8-core]
	runs-on: ${{ matrix.os }}
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_build_cache
	- run: npm run set-script-shell
	- run: npm run test:coverage:threshold
	test_scripts:
	needs:
	- build
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_build_cache
	- run: \|
	npm run set-script-shell
	npm run test:scripts
	test_with_baseline_dependencies:
	needs:
	- install
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_install_cache
	- name: Pin some dependencies to nearest patch and rebuild
	run: \|
	npx tsx scripts/set_baseline_dependency_versions.ts
	npm install
	# print out diff for auditing or troubleshooting
	git diff
	npm run build
	- name: Run unit and integration tests
	run: \|
	npm run set-script-shell
	npm run test
	check_api_changes:
	if: github.event_name == 'pull_request'
	needs:
	- build
	runs-on: ubuntu-latest
	timeout-minutes: 10
	steps:
	- name: Checkout pull request ref
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_build_cache
	- name: Publish packages locally
	timeout-minutes: 2
	run: \|
	npm run start:npm-proxy
	# keep git diff with version increment to make sure test projects resolve right version
	npm run publish:local -- --keepGitDiff
	- name: Checkout base branch
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	with:
	path: base-branch-content
	ref: ${{ github.event.pull_request.base.sha }}
	- name: Check API changes
	run: \|
	mkdir api-validation-projects
	npx tsx scripts/check_api_changes.ts base-branch-content api-validation-projects
	do_include_e2e:
	runs-on: ubuntu-latest
	permissions:
	# This is required so that the step can read the labels on the pull request
	pull-requests: read
	env:
	# The gh cli expects the token at this environment variable
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	outputs:
	run_e2e: ${{ steps.check.outputs.run_e2e }}
	steps:
	# if this workflow is running on a push (ie merge to main), then e2e tests always run
	# if this workflow is triggered manually, then e2e tests always run
	# if the workflow is running on a pull request, we perform an additional check for the run-e2e label
	# this is not a security measure (that is already handled by the pull_request event behavior) but rather a way for PR authors to easily check e2e test results if they wish
	# the reason it doesn't run all the time is because it will always fail for external contributor PRs (they don't have access to repo secrets) and we don't want to waste resources running e2e on every PR commit
	- name: Check event is push to main or pull request has run-e2e label
	id: check
	run: \|
	if [[ ${{ github.event_name }} == 'push' ]] \|\| [[ ${{ github.event_name }} == 'workflow_dispatch' ]] \|\| gh api /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }} \| jq -r '.labels[].name' \| grep run-e2e --quiet; then
	echo setting run_e2e to true;
	echo "run_e2e=true" >> "$GITHUB_OUTPUT";
	else
	echo setting run_e2e to false;
	echo "run_e2e=false" >> "$GITHUB_OUTPUT";
	fi
	do_include_package_manager_tests:
	runs-on: ubuntu-latest
	permissions:
	# This is required so that the step can read the labels on the pull request
	pull-requests: read
	env:
	# The gh cli expects the token at this environment variable
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	outputs:
	run_package_manager_tests: ${{ steps.check.outputs.run_package_manager_tests }}
	steps:
	# if this workflow is running on a push (ie merge to main), then package_manager_tests always run
	# if this workflow is triggered manually, then package_manager_tests always run
	# if the workflow is running on a pull request, we perform an additional check for the run-package-manager-tests label
	# this is not a security measure (that is already handled by the pull_request event behavior) but rather a way for PR authors to easily check package manager tests results if they wish
	# the reason it doesn't run all the time is because it will always fail for external contributor PRs (they don't have access to repo secrets) and we don't want to waste resources running package_manager_tests on every PR commit
	- name: Check event is push to main or pull request has run-package-manager-tests label
	id: check
	run: \|
	if [[ ${{ github.event_name }} == 'push' ]] \|\| [[ ${{ github.event_name }} == 'workflow_dispatch' ]] \|\| gh api /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }} \| jq -r '.labels[].name' \| grep run-package-manager-tests --quiet; then
	echo setting run_package_manager_tests to true;
	echo "run_package_manager_tests=true" >> "$GITHUB_OUTPUT";
	else
	echo setting run_package_manager_tests to false;
	echo "run_package_manager_tests=false" >> "$GITHUB_OUTPUT";
	fi
	run_e2e_tests:
	if: needs.do_include_e2e.outputs.run_e2e == 'true'
	strategy:
	# will finish running other test matrices even if one fails
	fail-fast: false
	matrix:
	os:
	[
	amplify-backend_ubuntu-latest_4-core,
	macos-latest-xl,
	amplify-backend_windows-latest_8-core,
	]
	runs-on: ${{ matrix.os }}
	timeout-minutes: 25
	needs:
	- do_include_e2e
	- build
	permissions:
	# these permissions are required for the configure-aws-credentials action to get a JWT from GitHub
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_build_cache
	- run: cd packages/cli && npm link
	- name: Configure test tooling credentials
	uses: ./.github/actions/setup_profile
	with:
	role-to-assume: ${{ secrets.E2E_TOOLING_ROLE_ARN }}
	aws-region: us-west-2
	profile-name: e2e-tooling
	- name: Configure test execution credentials
	uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # version 3.0.1
	with:
	role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }}
	aws-region: us-west-2
	- name: Run E2E tests
	run: npm run e2e
	run_package_manager_tests_tests:
	if: needs.do_include_package_manager_tests.outputs.run_package_manager_tests == 'true'
	strategy:
	# will finish running other test matrices even if one fails
	fail-fast: false
	matrix:
	os: [ubuntu-latest, macos-latest, windows-latest]
	pkg-manager: [npm, yarn-classic, yarn-modern, pnpm]
	node-version: [20]
	exclude:
	- os: windows-latest
	pkg-manager: pnpm
	env:
	PACKAGE_MANAGER: ${{ matrix.pkg-manager }}
	runs-on: ${{ matrix.os }}
	timeout-minutes: 60
	needs:
	- build
	- do_include_package_manager_tests
	permissions:
	# these permissions are required for the configure-aws-credentials action to get a JWT from GitHub
	id-token: write
	contents: read
	steps:
	- name: Checkout aws-amplify/amplify-cli repo
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- name: Setup Node.js
	uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # version 3.8.1
	with:
	node-version: ${{ matrix.node-version }}
	- name: Restore Build Cache
	uses: ./.github/actions/restore_build_cache
	- name: Configure test tooling credentials
	uses: ./.github/actions/setup_profile
	with:
	role-to-assume: ${{ secrets.E2E_TOOLING_ROLE_ARN }}
	aws-region: us-west-2
	profile-name: e2e-tooling
	- name: Configure test execution credentials
	uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # version 3.0.1
	with:
	role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }}
	aws-region: us-west-2
	- name: Run E2E flow tests with ${{ matrix.pkg-manager }}
	shell: bash
	run: \|
	PACKAGE_MANAGER=${{matrix.pkg-manager}} npm run test:dir packages/integration-tests/src/package_manager_sanity_checks.test.ts
	lint:
	runs-on: ubuntu-latest
	needs:
	- build
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_build_cache
	- run: npm run lint
	check_dependencies:
	runs-on: ubuntu-latest
	needs:
	- install
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_install_cache
	- run: npm run check:dependencies
	check_tsconfig_refs:
	runs-on: ubuntu-latest
	needs:
	- install
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_install_cache
	- run: npm run check:tsconfig-refs
	check_api_extract:
	runs-on: ubuntu-latest
	needs:
	- build
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_build_cache
	- run: npm run check:api
	docs_build_and_publish:
	runs-on: ubuntu-latest
	needs:
	- build
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_build_cache
	- run: npm run docs
	- if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
	uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # version 3.9.3
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	publish_dir: ./docs
	publish_branch: docs
	check_pr_size:
	if: github.event_name == 'pull_request'
	runs-on: ubuntu-latest
	needs:
	- install
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_install_cache
	- run: git fetch origin
	- run: npm run diff:check ${{ github.event.pull_request.base.sha }}
	check_pr_has_changeset:
	if: github.event_name == 'pull_request' && github.event.pull_request.user.login != 'github-actions[bot]'
	runs-on: ubuntu-latest
	needs:
	- install
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	with:
	# fetch full history so that changeset can properly compute divergence point
	fetch-depth: 0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_install_cache
	- name: Validate that PR has change set
	run: \|
	npx changeset status --since origin/main
	- name: Validate that change set has necessary dependency updates
	run: \|
	npx changeset version
	npm run check:dependencies
	check_package_versions:
	if: github.event_name == 'pull_request'
	runs-on: ubuntu-latest
	needs:
	- install
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_install_cache
	- run: npm run check:package-versions
	update_or_publish_versions:
	if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
	needs:
	- build
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	- uses: ./.github/actions/setup_node
	- uses: ./.github/actions/restore_build_cache
	- name: Create release pull request or publish to npm
	uses: changesets/action@f13b1baaa620fde937751f5d2c3572b9da32af23 # version 1.4.5
	with:
	publish: npm run publish
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
	codeql:
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	- name: Checkout repository
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
	with:
	# Minimal depth 2 so we can checkout the commit before possible merge commit.
	fetch-depth: 2
	- name: Initialize CodeQL
	uses: github/codeql-action/init@e4262713b504983e61c7728f5452be240d9385a7 # version 2.14.3
	with:
	languages: javascript
	queries: +security-and-quality
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@e4262713b504983e61c7728f5452be240d9385a7 # version 2.14.3
	with:
	category: /language:javascript

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Poc/pms health checks #8

Workflow file

Poc/pms health checks #8

Jobs

Run details

Workflow file for this run