Skip to content

Sandbox offscreen poc #22457

Sandbox offscreen poc

Sandbox offscreen poc #22457

Workflow file for this run

name: CI
on:
pull_request:
branches: [main]
## Ideally we could include the following `paths-ignore` option to avoid unnecessary runs, but
## it conflicts with branch protection rules that always require successful CI job status checks
## See: https://github.com/orgs/community/discussions/13690
# paths-ignore:
# - "**.md"
# - .gitignore
# - .editorconfig
# - LICENSE
# - "**.iml"
# - .idea/**
push:
branches:
- release/**
env:
# Creates and uploads sourcemaps to Application error telemetry, and save the built extension as an artifact
PUBLIC_RELEASE: ${{ github.ref == 'refs/heads/main' }}
# Staging URL, also directly used by webpack
SERVICE_URL: https://app-stg.pixiebrix.com/
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
# The tests currently take ~16 minutes to run. Anything longer is probably due to a flaky test.
timeout-minutes: 25
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: package.json
cache: npm
- run: npm ci
- run: npm run test -- --coverage
- uses: actions/upload-artifact@v4
with:
name: extension-test-coverage
path: coverage/coverage-final.json
upload-to-codecov:
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: extension-test-coverage
- name: Upload coverage to Codecov
uses: Wandalen/wretry.action@v3.5.0
with:
action: codecov/codecov-action@v4
with: |
fail_ci_if_error: true
verbose: true
token: ${{ secrets.CODECOV_TOKEN }}
# This upload endpoint from CodeCov is very flaky
# Retry every 15 seconds, for up to 10 minutes
attempt_delay: 15000
attempt_limit: 40
build:
name: build
runs-on: ubuntu-latest
env:
SOURCE_MAP_URL_BASE: https://pixiebrix-extension-source-maps.s3.amazonaws.com
SOURCE_MAP_PATH: sourcemaps/${{ github.job }}/${{ github.sha }}/mv3
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: package.json
cache: npm
- run: npm ci
- run: npm run build:webpack
env:
MV: 3
RELEASE_CHANNEL: stable
ENVIRONMENT: staging
EXTERNALLY_CONNECTABLE: "${{ env.SERVICE_URL }}*"
MARKETPLACE_URL: ${{ secrets.STAGING_MARKETPLACE_URL }}
CHROME_EXTENSION_ID: kkomancachnjkdalpcokenmjlimmbaog
CHROME_MANIFEST_KEY: ${{ secrets.CHROME_MANIFEST_STAGING_PUBLIC_KEY }}
DATADOG_APPLICATION_ID: ${{ secrets.DATADOG_APPLICATION_ID }}
DATADOG_CLIENT_TOKEN: ${{ secrets.DATADOG_CLIENT_TOKEN }}
- name: Save extension
uses: actions/upload-artifact@v4
if: ${{ fromJSON(env.PUBLIC_RELEASE)}}
with:
name: build-staging
path: |
dist
!dist/**/*.map
retention-days: 5
if-no-files-found: error
# The polyfill cannot be used outside the extension context
- run: "! grep 'loaded in a browser extension' dist/pageScript.js --files-with-matches"
name: Detect browser-polyfill in pageScript.js
# The messenger cannot be executed twice; only load it in contentScriptCore
# https://github.com/pixiebrix/webext-messenger/issues/88
# - contentScript.js can't have it because the file could be injected multiple times, guarding contentScriptCore
# - loadActivationEnhancements.js can't have it because it's always loaded alongside contentScript.js
- run: "! grep '__getTabData' dist/loadActivationEnhancements.js dist/contentScript.js dist/setExtensionIdInApp.js --files-with-matches"
name: Detect webext-messenger unwanted bundles
- uses: actions/upload-artifact@v4
name: Save report.html
with:
name: build-staging-bundle-dependency-report
path: report.html
retention-days: 5
if-no-files-found: error
generate-headers:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: package.json
cache: npm
- run: npm ci
- run: npm run generate:headers
- uses: actions/upload-artifact@v4
name: Save headers.json
with:
name: brick-headers
path: headers.json
retention-days: 5
if-no-files-found: error
types:
# Surface type errors in GitHub’s UI faster and outside webpack
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: package.json
cache: npm
- run: npm ci
- run: npm run build:typescript
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: package.json
cache: npm
- run: npm ci
- run: npm run lint:full
dead-code:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: package.json
cache: npm
- run: npm ci
# Detect dead code with enforced rules
- run: npm run dead-code
# Detect dead code that is only used by tests
- run: npm run dead-code:prod
# Also run the remaining "warn" rules
- run: npm run dead-code:base -- --no-exit-code
# https://pre-commit.com/#usage-in-continuous-integration
prettier:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: pre-commit/action@v3.0.1
with:
extra_args: prettier # only run the prettier hook since eslint is already run in the lint job
end-to-end-tests:
name: end-to-end-tests
uses: ./.github/workflows/end-to-end-tests.yml
secrets: inherit
report-comment:
name: Create report
if: always()
runs-on: ubuntu-latest
timeout-minutes: 5
needs: end-to-end-tests
# Allow dependabot to append the comment to the PR
permissions:
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: package.json
cache: npm
- name: Download blob reports from GitHub Actions Artifacts
uses: actions/download-artifact@v4
with:
path: 7z-blob-reports
pattern: end-to-end-tests-report-*
merge-multiple: true
- name: Unzip password protected Playwright reports
if: always()
shell: bash
env:
ARTIFACT_ZIP_PASSWORD: ${{ secrets.ARTIFACT_ZIP_PASSWORD }}
run: 7z -y x -p"$ARTIFACT_ZIP_PASSWORD" -o./blob-reports "./7z-blob-reports/*.7z"
- name: Merge blob reports
run: PLAYWRIGHT_JSON_OUTPUT_NAME=./playwright-report/results.json npx playwright merge-reports --reporter=html,json ./blob-reports
- name: Password protect merged Playwright report
if: always()
shell: bash
env:
ARTIFACT_ZIP_PASSWORD: ${{ secrets.ARTIFACT_ZIP_PASSWORD }}
run: 7z a ./playwright-report.7z ./playwright-report/* -p"$ARTIFACT_ZIP_PASSWORD"
- name: Upload zipped merged Playwright Report to GitHub Actions Artifacts
id: upload-merged-playwright-report-step
if: always()
uses: actions/upload-artifact@v4
with:
name: end-to-end-tests-report
path: ./playwright-report.7z
retention-days: 5
compression-level: 0 # already compressed with 7z
- name: Create report comment
id: report-summary
uses: daun/playwright-report-summary@v3
with:
comment-title: "Playwright test results"
report-file: ./playwright-report/results.json
report-url: ${{ steps.upload-merged-playwright-report-step.outputs.artifact-url }}
custom-info: "For more information on how to debug and view this report, [see our readme](https://github.com/pixiebrix/pixiebrix-extension/blob/main/end-to-end-tests/README.md#github-ci-integration)"
if: (success() || failure()) && github.event_name == 'pull_request'