Sandbox offscreen poc #22457
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
branches: [main] | |
## Ideally we could include the following `paths-ignore` option to avoid unnecessary runs, but | |
## it conflicts with branch protection rules that always require successful CI job status checks | |
## See: https://github.com/orgs/community/discussions/13690 | |
# paths-ignore: | |
# - "**.md" | |
# - .gitignore | |
# - .editorconfig | |
# - LICENSE | |
# - "**.iml" | |
# - .idea/** | |
push: | |
branches: | |
- release/** | |
env: | |
# Creates and uploads sourcemaps to Application error telemetry, and save the built extension as an artifact | |
PUBLIC_RELEASE: ${{ github.ref == 'refs/heads/main' }} | |
# Staging URL, also directly used by webpack | |
SERVICE_URL: https://app-stg.pixiebrix.com/ | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
# The tests currently take ~16 minutes to run. Anything longer is probably due to a flaky test. | |
timeout-minutes: 25 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: package.json | |
cache: npm | |
- run: npm ci | |
- run: npm run test -- --coverage | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: extension-test-coverage | |
path: coverage/coverage-final.json | |
upload-to-codecov: | |
needs: test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: extension-test-coverage | |
- name: Upload coverage to Codecov | |
uses: Wandalen/wretry.action@v3.5.0 | |
with: | |
action: codecov/codecov-action@v4 | |
with: | | |
fail_ci_if_error: true | |
verbose: true | |
token: ${{ secrets.CODECOV_TOKEN }} | |
# This upload endpoint from CodeCov is very flaky | |
# Retry every 15 seconds, for up to 10 minutes | |
attempt_delay: 15000 | |
attempt_limit: 40 | |
build: | |
name: build | |
runs-on: ubuntu-latest | |
env: | |
SOURCE_MAP_URL_BASE: https://pixiebrix-extension-source-maps.s3.amazonaws.com | |
SOURCE_MAP_PATH: sourcemaps/${{ github.job }}/${{ github.sha }}/mv3 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: package.json | |
cache: npm | |
- run: npm ci | |
- run: npm run build:webpack | |
env: | |
MV: 3 | |
RELEASE_CHANNEL: stable | |
ENVIRONMENT: staging | |
EXTERNALLY_CONNECTABLE: "${{ env.SERVICE_URL }}*" | |
MARKETPLACE_URL: ${{ secrets.STAGING_MARKETPLACE_URL }} | |
CHROME_EXTENSION_ID: kkomancachnjkdalpcokenmjlimmbaog | |
CHROME_MANIFEST_KEY: ${{ secrets.CHROME_MANIFEST_STAGING_PUBLIC_KEY }} | |
DATADOG_APPLICATION_ID: ${{ secrets.DATADOG_APPLICATION_ID }} | |
DATADOG_CLIENT_TOKEN: ${{ secrets.DATADOG_CLIENT_TOKEN }} | |
- name: Save extension | |
uses: actions/upload-artifact@v4 | |
if: ${{ fromJSON(env.PUBLIC_RELEASE)}} | |
with: | |
name: build-staging | |
path: | | |
dist | |
!dist/**/*.map | |
retention-days: 5 | |
if-no-files-found: error | |
# The polyfill cannot be used outside the extension context | |
- run: "! grep 'loaded in a browser extension' dist/pageScript.js --files-with-matches" | |
name: Detect browser-polyfill in pageScript.js | |
# The messenger cannot be executed twice; only load it in contentScriptCore | |
# https://github.com/pixiebrix/webext-messenger/issues/88 | |
# - contentScript.js can't have it because the file could be injected multiple times, guarding contentScriptCore | |
# - loadActivationEnhancements.js can't have it because it's always loaded alongside contentScript.js | |
- run: "! grep '__getTabData' dist/loadActivationEnhancements.js dist/contentScript.js dist/setExtensionIdInApp.js --files-with-matches" | |
name: Detect webext-messenger unwanted bundles | |
- uses: actions/upload-artifact@v4 | |
name: Save report.html | |
with: | |
name: build-staging-bundle-dependency-report | |
path: report.html | |
retention-days: 5 | |
if-no-files-found: error | |
generate-headers: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: package.json | |
cache: npm | |
- run: npm ci | |
- run: npm run generate:headers | |
- uses: actions/upload-artifact@v4 | |
name: Save headers.json | |
with: | |
name: brick-headers | |
path: headers.json | |
retention-days: 5 | |
if-no-files-found: error | |
types: | |
# Surface type errors in GitHub’s UI faster and outside webpack | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: package.json | |
cache: npm | |
- run: npm ci | |
- run: npm run build:typescript | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: package.json | |
cache: npm | |
- run: npm ci | |
- run: npm run lint:full | |
dead-code: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: package.json | |
cache: npm | |
- run: npm ci | |
# Detect dead code with enforced rules | |
- run: npm run dead-code | |
# Detect dead code that is only used by tests | |
- run: npm run dead-code:prod | |
# Also run the remaining "warn" rules | |
- run: npm run dead-code:base -- --no-exit-code | |
# https://pre-commit.com/#usage-in-continuous-integration | |
prettier: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
- uses: pre-commit/action@v3.0.1 | |
with: | |
extra_args: prettier # only run the prettier hook since eslint is already run in the lint job | |
end-to-end-tests: | |
name: end-to-end-tests | |
uses: ./.github/workflows/end-to-end-tests.yml | |
secrets: inherit | |
report-comment: | |
name: Create report | |
if: always() | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
needs: end-to-end-tests | |
# Allow dependabot to append the comment to the PR | |
permissions: | |
pull-requests: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: package.json | |
cache: npm | |
- name: Download blob reports from GitHub Actions Artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: 7z-blob-reports | |
pattern: end-to-end-tests-report-* | |
merge-multiple: true | |
- name: Unzip password protected Playwright reports | |
if: always() | |
shell: bash | |
env: | |
ARTIFACT_ZIP_PASSWORD: ${{ secrets.ARTIFACT_ZIP_PASSWORD }} | |
run: 7z -y x -p"$ARTIFACT_ZIP_PASSWORD" -o./blob-reports "./7z-blob-reports/*.7z" | |
- name: Merge blob reports | |
run: PLAYWRIGHT_JSON_OUTPUT_NAME=./playwright-report/results.json npx playwright merge-reports --reporter=html,json ./blob-reports | |
- name: Password protect merged Playwright report | |
if: always() | |
shell: bash | |
env: | |
ARTIFACT_ZIP_PASSWORD: ${{ secrets.ARTIFACT_ZIP_PASSWORD }} | |
run: 7z a ./playwright-report.7z ./playwright-report/* -p"$ARTIFACT_ZIP_PASSWORD" | |
- name: Upload zipped merged Playwright Report to GitHub Actions Artifacts | |
id: upload-merged-playwright-report-step | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: end-to-end-tests-report | |
path: ./playwright-report.7z | |
retention-days: 5 | |
compression-level: 0 # already compressed with 7z | |
- name: Create report comment | |
id: report-summary | |
uses: daun/playwright-report-summary@v3 | |
with: | |
comment-title: "Playwright test results" | |
report-file: ./playwright-report/results.json | |
report-url: ${{ steps.upload-merged-playwright-report-step.outputs.artifact-url }} | |
custom-info: "For more information on how to debug and view this report, [see our readme](https://github.com/pixiebrix/pixiebrix-extension/blob/main/end-to-end-tests/README.md#github-ci-integration)" | |
if: (success() || failure()) && github.event_name == 'pull_request' |