Merge pull request #194 from learnsoftwaredevelopment/added-nodejs-with-docker-db-github-workflow

JonathanLeeWH · web-flow · commit d5d0d883dc15 · 2021-07-03T12:18:34.000+08:00
Added additional GitHub Actions workflow which connects to a docker `mongodb` instance
diff --git a/.github/ci/docker-compose-test-ci-db-only.yml b/.github/ci/docker-compose-test-ci-db-only.yml
@@ -0,0 +1,16 @@
+version: '3.8'
+
+services:
+  mongo:
+    image: mongo
+    restart: always
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: root
+      MONGO_INITDB_ROOT_PASSWORD: password
+    volumes:
+      - db-data:/data/db
+    ports:
+      - 27017:27017
+
+volumes:
+  db-data:
diff --git a/.github/workflows/node.js-with-docker-db.yml b/.github/workflows/node.js-with-docker-db.yml
@@ -0,0 +1,83 @@
+# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node while connecting to a mongodb docker instance
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
+
+name: Node.js with docker db CI
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+    # Added in response to recent changes by GitHub on 1 March 2021 involving dependabot pull requests running with read only permissions which resulted in by default GitHub secrets are unable to be read.
+  # References:
+  # https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target (Announcement of changes to be made to dependabot pull requests)
+  # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ (Recommended security mitigations by GitHub)
+  # https://github.com/dependabot/dependabot-core/issues/3253#issuecomment-797125425 (Ongoing GitHub issues by users in response to the changes)
+  pull_request_target:
+    branches: [master]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    timeout-minutes: 18
+
+    strategy:
+      matrix:
+        node-version: [14.x]
+
+    # If the Pull Request is coming from a fork (pull_request_target), ensure it's opened by "dependabot[bot]". Otherwise, clone it normally.
+    # References:
+    # https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target
+    # https://github.com/dependabot/dependabot-core/issues/3253#issuecomment-797125425 (dependabot PM recommended solution)
+
+    if:
+      ${{ (github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]') ||
+      (github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]') }}
+
+    steps:
+      - name: checkout
+        if: ${{ github.event_name != 'pull_request_target' }}
+        uses: actions/checkout@v2.3.4
+
+      - name: checkout Pull Request (dependabot[bot] only)
+        if: ${{ github.event_name == 'pull_request_target' }}
+        uses: actions/checkout@v2.3.4
+        with:
+          # Without ref with pull_request_target, it does not actually build the PR, instead it builds the latest changeset from the target repository which is not the intended behaviour. (Reference: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ [Last example])
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      # Pull the latest image to build, and avoid caching pull-only images.
+      # (docker pull is faster than caching in most cases.)
+      - name: docker-compose pull
+        run: docker-compose pull
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v2.2.0
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: npm
+      - name: npm ci
+        run: npm ci
+      - name: npm run build
+        run: npm run build --if-present
+      - name: Build and Start mongodb in docker instance
+        shell: bash
+        run: docker-compose up --file ./.github/ci/docker-compose-test-ci-db-only.yml up --build --detach
+      - name: Running test cases
+        run: npm test-ci
+        env:
+          PORT: ${{ secrets.PORT }}
+          TEST_MONGODB_URI: mongodb://root:password@mongo:27017/softwareRepositoryTest?authSource=admin
+          FIREBASE_CLIENT_API_KEY: ${{ secrets.FIREBASE_CLIENT_API_KEY }}
+          # Your firebase service account information
+          FIREBASE_ADMIN_SA_TYPE: ${{ secrets.FIREBASE_ADMIN_SA_TYPE }}
+          FIREBASE_ADMIN_SA_PROJECT_ID: ${{ secrets.FIREBASE_ADMIN_SA_PROJECT_ID }}
+          FIREBASE_ADMIN_SA_PRIVATE_KEY_ID: ${{ secrets.FIREBASE_ADMIN_SA_PRIVATE_KEY_ID }}
+          FIREBASE_ADMIN_SA_PRIVATE_KEY: ${{ secrets.FIREBASE_ADMIN_SA_PRIVATE_KEY }}
+          FIREBASE_ADMIN_SA_CLIENT_EMAIL: ${{ secrets.FIREBASE_ADMIN_SA_CLIENT_EMAIL }}
+          FIREBASE_ADMIN_SA_CLIENT_ID: ${{ secrets.FIREBASE_ADMIN_SA_CLIENT_ID }}
+          FIREBASE_ADMIN_SA_AUTH_URI: ${{ secrets.FIREBASE_ADMIN_SA_AUTH_URI }}
+          FIREBASE_ADMIN_SA_TOKEN_URI: ${{ secrets.FIREBASE_ADMIN_SA_TOKEN_URI }}
+          FIREBASE_ADMIN_SA_AUTH_PROVIDER_X509_CERT_URL: ${{ secrets.FIREBASE_ADMIN_SA_AUTH_PROVIDER_X509_CERT_URL}}
+          FIREBASE_ADMIN_SA_CLIENT_X509_CERT_URL: ${{ secrets.FIREBASE_ADMIN_SA_CLIENT_X509_CERT_URL}}
