Skip to content

Poc/pms health checks #9

Poc/pms health checks

Poc/pms health checks #9

Workflow file for this run

name: health_checks
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
jobs:
install:
strategy:
matrix:
# Windows install must happen on the same worker size as subsequent jobs.
# Larger workers use different drive (C: instead of D:) to check out project and NPM installation
# creates file system links that include drive letter.
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/install_with_cache
build:
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/build_with_cache
test_with_coverage:
needs:
- build
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: npm run set-script-shell
- run: npm run test:coverage:threshold
test_scripts:
needs:
- build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: |
npm run set-script-shell
npm run test:scripts
test_with_baseline_dependencies:
needs:
- install
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- name: Pin some dependencies to nearest patch and rebuild
run: |
npx tsx scripts/set_baseline_dependency_versions.ts
npm install
# print out diff for auditing or troubleshooting
git diff
npm run build
- name: Run unit and integration tests
run: |
npm run set-script-shell
npm run test
check_api_changes:
if: github.event_name == 'pull_request'
needs:
- build
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout pull request ref
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- name: Publish packages locally
timeout-minutes: 2
run: |
npm run start:npm-proxy
# keep git diff with version increment to make sure test projects resolve right version
npm run publish:local -- --keepGitDiff
- name: Checkout base branch
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
with:
path: base-branch-content
ref: ${{ github.event.pull_request.base.sha }}
- name: Check API changes
run: |
mkdir api-validation-projects
npx tsx scripts/check_api_changes.ts base-branch-content api-validation-projects
do_include_e2e:
runs-on: ubuntu-latest
permissions:
# This is required so that the step can read the labels on the pull request
pull-requests: read
env:
# The gh cli expects the token at this environment variable
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
run_e2e: ${{ steps.check.outputs.run_e2e }}
steps:
# if this workflow is running on a push (ie merge to main), then e2e tests always run
# if this workflow is triggered manually, then e2e tests always run
# if the workflow is running on a pull request, we perform an additional check for the run-e2e label
# this is not a security measure (that is already handled by the pull_request event behavior) but rather a way for PR authors to easily check e2e test results if they wish
# the reason it doesn't run all the time is because it will always fail for external contributor PRs (they don't have access to repo secrets) and we don't want to waste resources running e2e on every PR commit
- name: Check event is push to main or pull request has run-e2e label
id: check
run: |
if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'workflow_dispatch' ]] || gh api /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }} | jq -r '.labels[].name' | grep run-e2e --quiet; then
echo setting run_e2e to true;
echo "run_e2e=true" >> "$GITHUB_OUTPUT";
else
echo setting run_e2e to false;
echo "run_e2e=false" >> "$GITHUB_OUTPUT";
fi
do_include_package_manager_tests:
runs-on: ubuntu-latest
permissions:
# This is required so that the step can read the labels on the pull request
pull-requests: read
env:
# The gh cli expects the token at this environment variable
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
run_package_manager_tests: ${{ steps.check.outputs.run_package_manager_tests }}
steps:
# if this workflow is running on a push (ie merge to main), then package_manager_tests always run
# if this workflow is triggered manually, then package_manager_tests always run
# if the workflow is running on a pull request, we perform an additional check for the run-package-manager-tests label
# this is not a security measure (that is already handled by the pull_request event behavior) but rather a way for PR authors to easily check package manager tests results if they wish
# the reason it doesn't run all the time is because it will always fail for external contributor PRs (they don't have access to repo secrets) and we don't want to waste resources running package_manager_tests on every PR commit
- name: Check event is push to main or pull request has run-package-manager-tests label
id: check
run: |
if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'workflow_dispatch' ]] || gh api /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }} | jq -r '.labels[].name' | grep run-package-manager-tests --quiet; then
echo setting run_package_manager_tests to true;
echo "run_package_manager_tests=true" >> "$GITHUB_OUTPUT";
else
echo setting run_package_manager_tests to false;
echo "run_package_manager_tests=false" >> "$GITHUB_OUTPUT";
fi
run_e2e_tests:
if: needs.do_include_e2e.outputs.run_e2e == 'true'
strategy:
# will finish running other test matrices even if one fails
fail-fast: false
matrix:
os:
[
amplify-backend_ubuntu-latest_4-core,
macos-latest-xl,
windows-latest,
]
runs-on: ${{ matrix.os }}
timeout-minutes: 25
needs:
- do_include_e2e
- build
permissions:
# these permissions are required for the configure-aws-credentials action to get a JWT from GitHub
id-token: write
contents: read
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: cd packages/cli && npm link
- name: Configure test tooling credentials
uses: ./.github/actions/setup_profile
with:
role-to-assume: ${{ secrets.E2E_TOOLING_ROLE_ARN }}
aws-region: us-west-2
profile-name: e2e-tooling
- name: Configure test execution credentials
uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # version 3.0.1
with:
role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }}
aws-region: us-west-2
- name: Run E2E tests
run: npm run e2e
run_package_manager_tests_tests:
if: needs.do_include_package_manager_tests.outputs.run_package_manager_tests == 'true'
strategy:
# will finish running other test matrices even if one fails
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
pkg-manager: [npm, yarn-classic, yarn-modern, pnpm]
node-version: [20]
exclude:
- os: windows-latest
pkg-manager: pnpm
env:
PACKAGE_MANAGER: ${{ matrix.pkg-manager }}
runs-on: ${{ matrix.os }}
timeout-minutes: 60
needs:
- build
- do_include_package_manager_tests
permissions:
# these permissions are required for the configure-aws-credentials action to get a JWT from GitHub
id-token: write
contents: read
steps:
- name: Checkout aws-amplify/amplify-cli repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Node.js
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # version 3.8.1
with:
node-version: ${{ matrix.node-version }}
- name: Restore Build Cache
uses: ./.github/actions/restore_build_cache
- name: Configure test tooling credentials
uses: ./.github/actions/setup_profile
with:
role-to-assume: ${{ secrets.E2E_TOOLING_ROLE_ARN }}
aws-region: us-west-2
profile-name: e2e-tooling
- name: Configure test execution credentials
uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # version 3.0.1
with:
role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }}
aws-region: us-west-2
- name: Run E2E flow tests with ${{ matrix.pkg-manager }}
shell: bash
run: |
PACKAGE_MANAGER=${{matrix.pkg-manager}} npm run test:dir packages/integration-tests/src/package_manager_sanity_checks.test.ts
lint:
runs-on: ubuntu-latest
needs:
- build
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: npm run lint
check_dependencies:
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- run: npm run check:dependencies
check_tsconfig_refs:
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- run: npm run check:tsconfig-refs
check_api_extract:
runs-on: ubuntu-latest
needs:
- build
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: npm run check:api
docs_build_and_publish:
runs-on: ubuntu-latest
needs:
- build
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: npm run docs
- if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # version 3.9.3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs
publish_branch: docs
check_pr_size:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- run: git fetch origin
- run: npm run diff:check ${{ github.event.pull_request.base.sha }}
check_pr_has_changeset:
if: github.event_name == 'pull_request' && github.event.pull_request.user.login != 'github-actions[bot]'
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
with:
# fetch full history so that changeset can properly compute divergence point
fetch-depth: 0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- name: Validate that PR has change set
run: |
npx changeset status --since origin/main
- name: Validate that change set has necessary dependency updates
run: |
npx changeset version
npm run check:dependencies
check_package_versions:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- run: npm run check:package-versions
update_or_publish_versions:
if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
needs:
- build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- name: Create release pull request or publish to npm
uses: changesets/action@f13b1baaa620fde937751f5d2c3572b9da32af23 # version 1.4.5
with:
publish: npm run publish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
codeql:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
with:
# Minimal depth 2 so we can checkout the commit before possible merge commit.
fetch-depth: 2
- name: Initialize CodeQL
uses: github/codeql-action/init@e4262713b504983e61c7728f5452be240d9385a7 # version 2.14.3
with:
languages: javascript
queries: +security-and-quality
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@e4262713b504983e61c7728f5452be240d9385a7 # version 2.14.3
with:
category: /language:javascript