From d22abb68d151a407a558f4507910f2e91aa86e7b Mon Sep 17 00:00:00 2001 From: Dima Shevtsov Date: Tue, 20 Aug 2024 16:11:44 -0500 Subject: [PATCH] Refactor GitHub Actions workflows --- .github/super-linter.env | 8 +- .github/workflows/github-pages.yml | 23 +- .github/workflows/index.yml | 17 +- .github/workflows/publish.yml | 17 +- .github/workflows/stage.yml | 265 ++++++++++++------------ .github/workflows/test-pull-request.yml | 191 +++++++++-------- 6 files changed, 239 insertions(+), 282 deletions(-) diff --git a/.github/super-linter.env b/.github/super-linter.env index 9e96a8cc..38024130 100644 --- a/.github/super-linter.env +++ b/.github/super-linter.env @@ -1,7 +1,7 @@ IGNORE_GITIGNORED_FILES=true -VALIDATE_GITLEAKS=true -VALIDATE_MARKDOWN=true MARKDOWN_CONFIG_FILE=.markdownlint.yml -VALIDATE_YAML=true +VALIDATE_ALL_CODEBASE=false +VALIDATE_GITHUB_ACTIONS=true VALIDATE_JSON=true -BASH_SEVERITY=error +VALIDATE_MARKDOWN=true +VALIDATE_YAML=true diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml index fe8c1b49..051a76a7 100644 --- a/.github/workflows/github-pages.yml +++ b/.github/workflows/github-pages.yml @@ -1,28 +1,21 @@ --- name: Github Pages on: workflow_dispatch +permissions: {} jobs: build-and-deploy: runs-on: ubuntu-latest + permissions: + actions: read + contents: write steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node v16 - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main with: node-version-file: '.nvmrc' - cache: 'yarn' cache-dependency-path: 'yarn.lock' - - name: Enable Corepack for Yarn - run: corepack enable - - - name: Install Dependencies - run: yarn install - env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false - - name: Build site run: yarn build env: @@ -39,7 +32,6 @@ jobs: GOOGLE_OAUTH_CLIENT_SECRET: ${{ secrets.GOOGLE_OAUTH_CLIENT_SECRET }} GOOGLE_DOCS_TOKEN: ${{ secrets.GOOGLE_DOCS_TOKEN }} GOOGLE_DOCS_FOLDER_ID: ${{ secrets.GOOGLE_DOCS_FOLDER_ID }} - - name: Deploy to GH Pages uses: JamesIves/github-pages-deploy-action@v4 with: @@ -47,7 +39,6 @@ jobs: branch: gh-pages # The branch the action should deploy to. folder: public # The folder the action should deploy. clean: true # Automatically remove deleted files from deploy branch - - name: GH Pages URL id: gh-pages-url run: | diff --git a/.github/workflows/index.yml b/.github/workflows/index.yml index 46d4ea8c..381892ba 100644 --- a/.github/workflows/index.yml +++ b/.github/workflows/index.yml @@ -16,24 +16,13 @@ jobs: build-and-index: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node v16 - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main with: node-version-file: '.nvmrc' - cache: 'yarn' cache-dependency-path: 'yarn.lock' - - name: Enable Corepack for Yarn - run: corepack enable - - - name: Install Dependencies - run: yarn install - env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false - - name: Build site run: yarn build diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1bd9bb9d..845c8678 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -55,24 +55,13 @@ jobs: needs: [set-state, pre-build] runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node v16 - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main with: node-version-file: '.nvmrc' - cache: 'yarn' cache-dependency-path: 'yarn.lock' - - name: Enable Corepack for Yarn - run: corepack enable - - - name: Install Dependencies - run: yarn install - env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false - - name: Gatsby Cache uses: actions/cache@v3.3.2 with: diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml index fd153926..06551e32 100644 --- a/.github/workflows/stage.yml +++ b/.github/workflows/stage.yml @@ -1,139 +1,128 @@ --- -name: Staging deployment -on: - workflow_dispatch: - inputs: - clean: - description: 'Clean cache (yes|no)' - required: true - default: 'yes' - excludeSubfolder: - description: 'Exclude a subfolder from deletion' - required: false - default: '' -jobs: - set-state: - runs-on: ubuntu-latest - outputs: - clean_cache: ${{ contains(github.event.inputs.clean, 'yes') }} - path_prefix: ${{ steps.get_path_prefix.outputs.path_prefix }} - branch_short_ref: ${{ steps.get_branch.outputs.branch }} - exclude_subfolder: ${{ github.event.inputs.excludeSubfolder }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Get pathPrefix - uses: actions/github-script@v6 - id: get_path_prefix - with: - script: | - const script = require('./.github/scripts/get-path-prefix.js'); - script({ core }); - result-encoding: string - - name: Get branch name - shell: bash - run: echo "branch=${GITHUB_REF#refs/heads/}" >> "$GITHUB_OUTPUT" - id: get_branch - - echo-state: - needs: [set-state] - runs-on: ubuntu-latest - steps: - - run: echo "Clean cache - ${{ needs.set-state.outputs.clean_cache }}" - - run: echo "Repository org - ${{ github.event.repository.owner.login }}" - - run: echo "Repository name - ${{ github.event.repository.name }}" - - run: echo "Repository branch - ${{ needs.set-state.outputs.branch_short_ref }}" - - run: echo "Path prefix - ${{ needs.set-state.outputs.path_prefix }}" - - run: echo "Exclude subfolder - ${{ needs.set-state.outputs.exclude_subfolder }}" - - pre-build: - needs: [set-state] - runs-on: ubuntu-latest - steps: - - name: check dev azure connection string - if: env.AIO_AZURE_DEV_CONNECTION_STRING == null - run: | - echo "::error::Please set the Azure Blob Storage connection string as AIO_AZURE_DEV_CONNECTION_STRING in Github Secrets" - exit 1 - env: - AIO_AZURE_DEV_CONNECTION_STRING: ${{ secrets.AIO_AZURE_DEV_CONNECTION_STRING }} - - build: - defaults: - run: - shell: bash - needs: [set-state, pre-build] - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node v16 - uses: actions/setup-node@v3 - with: - node-version-file: '.nvmrc' - cache: 'yarn' - cache-dependency-path: 'yarn.lock' - - - name: Enable Corepack for Yarn - run: corepack enable - - - name: Install Dependencies - run: yarn install - env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false - - - name: Gatsby Cache - uses: actions/cache@v3.3.2 - with: - path: | - public - .cache - key: ${{ needs.set-state.outputs.branch_short_ref }}-gatsby-cache-${{ github.run_id }} - restore-keys: | - ${{ needs.set-state.outputs.branch_short_ref }}-gatsby-cache- - - - name: Clean Cache - if: needs.set-state.outputs.clean_cache == 'true' - run: yarn clean - - - name: Build site - run: yarn build - env: - PREFIX_PATHS: true # equivalent to --prefix-paths flag for 'gatsby build' - PATH_PREFIX: ${{ needs.set-state.outputs.path_prefix }} - GATSBY_ADOBE_LAUNCH_SRC: ${{ secrets.AIO_ADOBE_LAUNCH_DEV_SRC }} - GATSBY_ADDITIONAL_ADOBE_ANALYTICS_ACCOUNTS: ${{ secrets.AIO_REPORT_SUITE_DEV}} - GATSBY_ADOBE_ANALYTICS_ENV: 'dev' - REPO_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - REPO_OWNER: ${{ github.event.repository.owner.login }} - REPO_NAME: ${{ github.event.repository.name }} - REPO_BRANCH: ${{ needs.set-state.outputs.branch_short_ref }} - GOOGLE_OAUTH_CLIENT_ID: ${{ secrets.GOOGLE_OAUTH_CLIENT_ID }} - GOOGLE_OAUTH_CLIENT_SECRET: ${{ secrets.GOOGLE_OAUTH_CLIENT_SECRET }} - GOOGLE_DOCS_TOKEN: ${{ secrets.GOOGLE_DOCS_TOKEN }} - GOOGLE_DOCS_FOLDER_ID: ${{ secrets.GOOGLE_DOCS_FOLDER_ID }} - GATSBY_IMS_SRC: ${{ secrets.AIO_IMS_DEV_SRC }} - GATSBY_IMS_CONFIG: ${{ secrets.AIO_IMS_DEV_CONFIG }} - GATSBY_ALGOLIA_APPLICATION_ID: ${{ secrets.AIO_ALGOLIA_APPLICATION_ID }} - GATSBY_ALGOLIA_SEARCH_API_KEY: ${{ secrets.AIO_ALGOLIA_SEARCH_API_KEY }} - ALGOLIA_INDEXATION_MODE: skip - GATSBY_ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME || github.event.repository.name }} - GATSBY_FEDS_PRIVACY_ID: ${{ secrets.AIO_FEDS_PRIVACY_ID }} - GATSBY_SITE_DOMAIN_URL: https://developer-stage.adobe.com - - - name: Deploy - uses: AdobeDocs/static-website-deploy@master - with: - enabled-static-website: 'true' - source: 'public' - target: ${{ needs.set-state.outputs.path_prefix }} - connection-string: ${{ secrets.AIO_AZURE_DEV_CONNECTION_STRING }} - remove-existing-files: 'true' - exclude-subfolder: ${{ needs.set-state.outputs.exclude_subfolder }} - - name: Purge Fastly Cache - uses: AdobeDocs/gatsby-fastly-purge-action@master - with: - fastly-token: ${{ secrets.AIO_FASTLY_TOKEN }} - fastly-url: '${{ secrets.AIO_FASTLY_DEV_URL}}${{ needs.set-state.outputs.path_prefix }}' + name: Staging deployment + on: + workflow_dispatch: + inputs: + clean: + description: 'Clean cache (yes|no)' + required: true + default: 'yes' + excludeSubfolder: + description: 'Exclude a subfolder from deletion' + required: false + default: '' + jobs: + set-state: + runs-on: ubuntu-latest + outputs: + clean_cache: ${{ contains(github.event.inputs.clean, 'yes') }} + path_prefix: ${{ steps.get_path_prefix.outputs.path_prefix }} + branch_short_ref: ${{ steps.get_branch.outputs.branch }} + exclude_subfolder: ${{ github.event.inputs.excludeSubfolder }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Get pathPrefix + uses: actions/github-script@v6 + id: get_path_prefix + with: + script: | + const script = require('./.github/scripts/get-path-prefix.js'); + script({ core }); + result-encoding: string + - name: Get branch name + shell: bash + run: echo "branch=${GITHUB_REF#refs/heads/}" >> "$GITHUB_OUTPUT" + id: get_branch + + echo-state: + needs: [set-state] + runs-on: ubuntu-latest + steps: + - run: echo "Clean cache - ${{ needs.set-state.outputs.clean_cache }}" + - run: echo "Repository org - ${{ github.event.repository.owner.login }}" + - run: echo "Repository name - ${{ github.event.repository.name }}" + - run: echo "Repository branch - ${{ needs.set-state.outputs.branch_short_ref }}" + - run: echo "Path prefix - ${{ needs.set-state.outputs.path_prefix }}" + - run: echo "Exclude subfolder - ${{ needs.set-state.outputs.exclude_subfolder }}" + + pre-build: + needs: [set-state] + runs-on: ubuntu-latest + steps: + - name: check dev azure connection string + if: env.AIO_AZURE_DEV_CONNECTION_STRING == null + run: | + echo "::error::Please set the Azure Blob Storage connection string as AIO_AZURE_DEV_CONNECTION_STRING in Github Secrets" + exit 1 + env: + AIO_AZURE_DEV_CONNECTION_STRING: ${{ secrets.AIO_AZURE_DEV_CONNECTION_STRING }} + + build: + defaults: + run: + shell: bash + needs: [set-state, pre-build] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main + with: + node-version-file: '.nvmrc' + cache-dependency-path: 'yarn.lock' + + - name: Gatsby Cache + uses: actions/cache@v3.3.2 + with: + path: | + public + .cache + key: ${{ needs.set-state.outputs.branch_short_ref }}-gatsby-cache-${{ github.run_id }} + restore-keys: | + ${{ needs.set-state.outputs.branch_short_ref }}-gatsby-cache- + + - name: Clean Cache + if: needs.set-state.outputs.clean_cache == 'true' + run: yarn clean + + - name: Build site + run: yarn build + env: + PREFIX_PATHS: true # equivalent to --prefix-paths flag for 'gatsby build' + PATH_PREFIX: ${{ needs.set-state.outputs.path_prefix }} + GATSBY_ADOBE_LAUNCH_SRC: ${{ secrets.AIO_ADOBE_LAUNCH_DEV_SRC }} + GATSBY_ADDITIONAL_ADOBE_ANALYTICS_ACCOUNTS: ${{ secrets.AIO_REPORT_SUITE_DEV}} + GATSBY_ADOBE_ANALYTICS_ENV: 'dev' + REPO_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPO_OWNER: ${{ github.event.repository.owner.login }} + REPO_NAME: ${{ github.event.repository.name }} + REPO_BRANCH: ${{ needs.set-state.outputs.branch_short_ref }} + GOOGLE_OAUTH_CLIENT_ID: ${{ secrets.GOOGLE_OAUTH_CLIENT_ID }} + GOOGLE_OAUTH_CLIENT_SECRET: ${{ secrets.GOOGLE_OAUTH_CLIENT_SECRET }} + GOOGLE_DOCS_TOKEN: ${{ secrets.GOOGLE_DOCS_TOKEN }} + GOOGLE_DOCS_FOLDER_ID: ${{ secrets.GOOGLE_DOCS_FOLDER_ID }} + GATSBY_IMS_SRC: ${{ secrets.AIO_IMS_DEV_SRC }} + GATSBY_IMS_CONFIG: ${{ secrets.AIO_IMS_DEV_CONFIG }} + GATSBY_ALGOLIA_APPLICATION_ID: ${{ secrets.AIO_ALGOLIA_APPLICATION_ID }} + GATSBY_ALGOLIA_SEARCH_API_KEY: ${{ secrets.AIO_ALGOLIA_SEARCH_API_KEY }} + ALGOLIA_INDEXATION_MODE: skip + GATSBY_ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME || github.event.repository.name }} + GATSBY_FEDS_PRIVACY_ID: ${{ secrets.AIO_FEDS_PRIVACY_ID }} + GATSBY_SITE_DOMAIN_URL: https://developer-stage.adobe.com + + - name: Deploy + uses: AdobeDocs/static-website-deploy@master + with: + enabled-static-website: 'true' + source: 'public' + target: ${{ needs.set-state.outputs.path_prefix }} + connection-string: ${{ secrets.AIO_AZURE_DEV_CONNECTION_STRING }} + remove-existing-files: 'true' + exclude-subfolder: ${{ needs.set-state.outputs.exclude_subfolder }} + - name: Purge Fastly Cache + uses: AdobeDocs/gatsby-fastly-purge-action@master + with: + fastly-token: ${{ secrets.AIO_FASTLY_TOKEN }} + fastly-url: '${{ secrets.AIO_FASTLY_DEV_URL}}${{ needs.set-state.outputs.path_prefix }}' diff --git a/.github/workflows/test-pull-request.yml b/.github/workflows/test-pull-request.yml index 9a76c5ae..4b5d2f38 100644 --- a/.github/workflows/test-pull-request.yml +++ b/.github/workflows/test-pull-request.yml @@ -1,101 +1,100 @@ --- -########################### -########################### -## Pull request testing ## -########################### -########################### -name: Latest Pull Request - -# Documentation: -# - Workflow: https://help.github.com/en/articles/workflow-syntax-for-github-actions -# - SuperLinter: https://github.com/github/super-linter -# - Link validation: https://github.com/remarkjs/remark-validate-links - -###################################################### -# Start the job on a pull request to the main branch # -###################################################### -on: pull_request - -############### -# Set the Job # -############### -jobs: - lint: - # Set the agent to run on - runs-on: ubuntu-latest - - ############################################ - # Grant status permission for MULTI_STATUS # - ############################################ - permissions: - contents: read - packages: read - statuses: write - - ################## - # Load all steps # - ################## - steps: - ########################## - # Checkout the code base # - ########################## - - name: Checkout Code - uses: actions/checkout@v4 - with: - # Full git history is needed to get a proper list of changed files - # within `super-linter` - fetch-depth: 0 - - run: cat ".github/super-linter.env" >> "$GITHUB_ENV" - - ################################ - # Run Linters against code base # - ################################ - - name: Lint Code Base - # - # Use full version number to avoid cases when a next - # released version is buggy - # About slim image: https://github.com/github/super-linter#slim-image - uses: super-linter/super-linter/slim@v5.7.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DEFAULT_BRANCH: main - VALIDATE_ALL_CODEBASE: false - VALIDATE_GITHUB_ACTIONS: true - - test: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version-file: '.nvmrc' - cache: 'yarn' - cache-dependency-path: 'yarn.lock' - - - name: Install dependencies - run: yarn install - - - name: Run tests - run: yarn test + ########################### + ########################### + ## Pull request testing ## + ########################### + ########################### + name: Validate pull request + + # Documentation: + # - Workflow: https://help.github.com/en/articles/workflow-syntax-for-github-actions + # - SuperLinter: https://github.com/github/super-linter + # - Link validation: https://github.com/remarkjs/remark-validate-links - build: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 + ###################################################### + # Start the job on a pull request to the main branch # + ###################################################### + on: pull_request - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version-file: '.nvmrc' - cache: 'yarn' - cache-dependency-path: 'yarn.lock' + ################################################# + # Disable all permissions on the workflow level # + ################################################# + permissions: {} + + ############### + # Set the Job # + ############### + jobs: + lint: + # Set the agent to run on + runs-on: ubuntu-latest + + ############################################ + # Grant status permission for MULTI_STATUS # + ############################################ + permissions: + contents: read + statuses: write + + ################## + # Load all steps # + ################## + steps: + ########################## + # Checkout the code base # + ########################## + - name: Checkout Code + uses: actions/checkout@v4 + with: + # Full git history is needed to get a proper list of changed files + # within `super-linter` + fetch-depth: 0 + - name: Load super-linter configuration + run: cat .github/super-linter.env >> "$GITHUB_ENV" + + ################################ + # Run Linters against code base # + ################################ + - name: Lint Code Base + # + # Use full version number to avoid cases when a next + # released version is buggy + # About slim image: https://github.com/github/super-linter#slim-image + uses: super-linter/super-linter/slim@v7.0.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DEFAULT_BRANCH: main - - name: Install dependencies - run: yarn install + test: + runs-on: ubuntu-latest + needs: lint + permissions: + contents: read + statuses: write + steps: + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main + with: + node-version-file: '.nvmrc' + cache-dependency-path: 'yarn.lock' + + - name: Check links + run: yarn test - - name: Build site - run: yarn build + build: + runs-on: ubuntu-latest + needs: test + permissions: + contents: read + statuses: write + steps: + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main + with: + node-version-file: '.nvmrc' + cache-dependency-path: 'yarn.lock' + + - name: Build site + run: yarn build