ci(app): deploy forks when member clicks the button (#71) #182
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| branches: [ master ] | |
| jobs: | |
| install-build-lint-test: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| strategy: | |
| matrix: | |
| node-version: [10.x, 12.x, 14.x] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v1 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Get yarn cache directory path | |
| id: yarn-cache-dir-path | |
| run: echo "::set-output name=dir::$(yarn cache dir)" | |
| - uses: actions/cache@v2 | |
| id: yarn-node_modules | |
| with: | |
| path: | | |
| ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
| **/node_modules | |
| key: ${{ runner.os }}-${{ matrix.node-version }}-yarn-node_modules-${{ hashFiles('yarn.lock') }} | |
| - name: Install dependencies | |
| if: steps.yarn-node_modules.outputs.cache-hit != 'true' | |
| run: yarn reinstall | |
| - uses: actions/cache@v2 | |
| id: libs | |
| with: | |
| path: | | |
| **/lib | |
| **/*.tsbuildinfo | |
| key: ${{ runner.os }}-${{ matrix.node-version }}-lib-${{ hashFiles('yarn.lock') }}-${{ hashFiles('**/tsconfig.json') }}-${{ hashFiles('**/src') }} | |
| restore-keys: | | |
| ${{ runner.os }}-${{ matrix.node-version }}-lib-${{ hashFiles('yarn.lock') }}-${{ hashFiles('**/tsconfig.json') }}- | |
| ${{ runner.os }}-${{ matrix.node-version }}-lib-${{ hashFiles('yarn.lock') }}- | |
| - name: Build All | |
| if: steps.libs.outputs.cache-hit != 'true' | |
| run: yarn build --verbose | |
| - name: Lint All | |
| run: yarn lint | |
| - name: Test Praisal & report coverage | |
| uses: paambaati/codeclimate-action@v2.6.0 | |
| env: | |
| CC_TEST_REPORTER_ID: 73ce349159b6e9697d0c0a094ee7ee7e812762200f48696fba8eae814183d5fd | |
| with: | |
| coverageCommand: yarn test:coverage | |
| deploy_web_dev: | |
| runs-on: ubuntu-20.04 | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} | |
| steps: | |
| # Allow to deploy forks to env, when member clicks the button. See https://michaelheap.com/access-secrets-from-forks/ | |
| - name: Get User Permission | |
| id: checkAccess | |
| uses: actions-cool/check-user-permission@v2 | |
| with: | |
| require: write | |
| username: ${{ github.triggering_actor }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check User Permission | |
| if: steps.checkAccess.outputs.require-result == 'false' | |
| run: | | |
| echo "${{ github.triggering_actor }} does not have permissions on this repo." | |
| echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" | |
| echo "Job originally triggered by ${{ github.actor }}" | |
| exit 1 | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} # This is dangerous without the first access check | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '12.x' # TODO: upgrade to non-obselete Node. See one good reason here https://stackoverflow.com/a/69699772 | |
| - uses: actions/cache@v2 | |
| id: yarn-node_modules | |
| with: | |
| path: | | |
| ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
| **/node_modules | |
| key: ${{ runner.os }}-${{ matrix.node-version }}-yarn-node_modules-${{ hashFiles('yarn.lock') }} | |
| - name: Install dependencies | |
| if: steps.yarn-node_modules.outputs.cache-hit != 'true' | |
| working-directory: ./workspaces/app | |
| run: yarn | |
| - uses: actions/cache@v2 | |
| id: libs | |
| with: | |
| path: | | |
| **/lib | |
| **/*.tsbuildinfo | |
| key: ${{ runner.os }}-${{ matrix.node-version }}-lib-${{ hashFiles('yarn.lock') }}-${{ hashFiles('**/tsconfig.json') }}-${{ hashFiles('**/src') }} | |
| restore-keys: | | |
| ${{ runner.os }}-${{ matrix.node-version }}-lib-${{ hashFiles('yarn.lock') }}-${{ hashFiles('**/tsconfig.json') }}- | |
| ${{ runner.os }}-${{ matrix.node-version }}-lib-${{ hashFiles('yarn.lock') }}- | |
| - name: Build App deps | |
| if: steps.libs.outputs.cache-hit != 'true' | |
| working-directory: ./workspaces/app/ | |
| run: yarn build --verbose | |
| - name: Package | |
| working-directory: ./workspaces/app/ | |
| run: yarn package | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Deploy | |
| run: aws s3 sync ./workspaces/app/dist/ s3://dev.spaceengineerspraisal.net/ --acl public-read | |
| - name: Invalidate Cache | |
| run: aws cloudfront create-invalidation --distribution-id ${{ secrets.DEV_CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*" |