Create SECURITY.md #6386
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- trunk | |
pull_request: | |
jobs: | |
# This step: | |
# * Warms up the node_modules cache | |
# * Performs linting and typechecking | |
# | |
# The linting tasks take ~5s to complete and it doesn't | |
# make sense to separate them into separate steps that would | |
# take ~25s just to run git clone and restore node_modules. | |
lint-and-typecheck: | |
name: 'Lint and typecheck' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: ./.github/actions/prepare-playground | |
- run: npx nx affected --target=lint | |
- run: npx nx affected --target=typecheck | |
lint-and-test-php: | |
name: 'Lint and test PHP' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- run: npm install | |
- name: Set up PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
# @TODO: Running the tests on PHP 7.2 | |
php-version: '8.1' | |
tools: phpunit-polyfills | |
- name: Install Composer dependencies | |
uses: ramsey/composer-install@v3 | |
with: | |
ignore-cache: 'yes' | |
composer-options: '--optimize-autoloader' | |
working-directory: 'packages/playground/data-liberation' | |
- run: npx nx run playground-data-liberation:lint:php | |
- run: npx nx run playground-data-liberation:test:phpunit | |
test-unit-asyncify: | |
runs-on: ubuntu-latest | |
needs: [lint-and-typecheck] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: ./.github/actions/prepare-playground | |
with: | |
node-version: 22 | |
- run: node --expose-gc node_modules/nx/bin/nx affected --target=test --configuration=ci | |
# Most of these tests pass locally but the process is crashing | |
# on the CI runner. | |
# | |
# test-unit-jspi: | |
# runs-on: ubuntu-latest | |
# needs: [lint-and-typecheck] | |
# steps: | |
# - uses: actions/checkout@v4 | |
# with: | |
# submodules: true | |
# - uses: ./.github/actions/prepare-playground | |
# with: | |
# # @TODO: Switch to the production version once it's released | |
# node-version: 23.0.0-nightly2024100909d10b50dc | |
# - run: node --experimental-wasm-jspi --experimental-wasm-stack-switching --expose-gc node_modules/nx/bin/nx affected --target=test --configuration=ci | |
test-e2e: | |
runs-on: ubuntu-latest | |
needs: [lint-and-typecheck] | |
# Run as root to allow node to bind to port 80 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: ./.github/actions/prepare-playground | |
- run: sudo ./node_modules/.bin/cypress install --force | |
- run: sudo CYPRESS_CI=1 npx nx e2e playground-website --configuration=ci --verbose | |
# Upload the Cypress screenshots as artifacts if the job fails | |
- uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: cypress-screenshots | |
path: dist/cypress/packages/playground/website/screenshots | |
test-e2e-playwright-prepare: | |
runs-on: ubuntu-latest | |
needs: [lint-and-typecheck] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: ./.github/actions/prepare-playground | |
- name: Install Playwright Browsers | |
run: sudo npx playwright install --with-deps | |
- name: Prepare app deploy and offline mode | |
run: npx nx e2e:playwright:prepare-app-deploy-and-offline-mode playground-website | |
- name: Zip dist | |
run: zip -r dist.zip dist | |
- name: Upload dist | |
uses: actions/upload-artifact@v4 | |
with: | |
name: playwright-dist | |
path: dist.zip | |
test-e2e-playwright: | |
runs-on: ubuntu-latest | |
needs: [test-e2e-playwright-prepare] | |
strategy: | |
fail-fast: false | |
matrix: | |
part: ['chromium', 'firefox', 'webkit'] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: ./.github/actions/prepare-playground | |
- name: Download dist | |
uses: actions/download-artifact@v4 | |
with: | |
name: playwright-dist | |
- name: Unzip dist | |
run: unzip dist.zip | |
- name: Install Playwright Browser | |
run: sudo npx playwright install ${{ matrix.part }} --with-deps | |
- name: Run Playwright tests - ${{ matrix.part }} | |
run: | | |
if [ "${{ matrix.part }}" = "firefox" ]; then | |
sudo -E HOME=/root XDG_RUNTIME_DIR=/root CI=true npx playwright test --config=packages/playground/website/playwright/playwright.ci.config.ts --project=${{ matrix.part }} | |
else | |
sudo CI=true npx playwright test --config=packages/playground/website/playwright/playwright.ci.config.ts --project=${{ matrix.part }} | |
fi | |
- uses: actions/upload-artifact@v4 | |
if: ${{ !cancelled() }} | |
with: | |
name: playwright-report-${{ matrix.part }} | |
path: packages/playground/website/playwright-report/ | |
if-no-files-found: ignore | |
- uses: actions/upload-artifact@v4 | |
if: ${{ !cancelled() }} | |
with: | |
name: playwright-snapshots-${{ matrix.part }} | |
path: packages/playground/website/playwright/e2e/deployment.spec.ts-snapshots/ | |
if-no-files-found: ignore | |
build: | |
runs-on: ubuntu-latest | |
needs: [lint-and-typecheck] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: ./.github/actions/prepare-playground | |
- run: npx nx affected --target=build --parallel=3 --verbose | |
# Deploy documentation job | |
deploy_docs: | |
if: github.ref == 'refs/heads/trunk' && github.event_name == 'push' | |
# Add a dependency to the build job | |
needs: [test-unit-asyncify, test-e2e, build] | |
name: 'Deploy doc site' | |
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment | |
permissions: | |
pages: write # to deploy to Pages | |
id-token: write # to verify the deployment originates from an appropriate source | |
# Deploy to the github-pages environment | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
# Specify runner + deployment step | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: ./.github/actions/prepare-playground | |
- run: npm run build:docs | |
- uses: actions/upload-pages-artifact@v1 | |
with: { path: dist/docs/build } | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v2 |