mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-22 06:41:51 +00:00
68f2bac3a1
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v3.0.0</h2> <ul> <li>Node 20 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.308.0">Actions Runner v2.308.0</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/102">docker/setup-qemu-action#102</a></li> <li>Bump <code>@actions/core</code> from 1.10.0 to 1.10.1 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/103">docker/setup-qemu-action#103</a></li> <li>Bump semver from 6.3.0 to 6.3.1 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/89">docker/setup-qemu-action#89</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v2.2.0...v3.0.0">https://github.com/docker/setup-qemu-action/compare/v2.2.0...v3.0.0</a></p> <h2>v2.2.0</h2> <ul> <li>Trim off spaces in <code>platforms</code> input by <a href="https://github.com/Chocobo1"><code>@Chocobo1</code></a> in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/64">docker/setup-qemu-action#64</a></li> <li>Switch to actions-toolkit implementation by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/70">docker/setup-qemu-action#70</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/80">docker/setup-qemu-action#80</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/83">docker/setup-qemu-action#83</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v2.1.0...v2.2.0">https://github.com/docker/setup-qemu-action/compare/v2.1.0...v2.2.0</a></p> <h2>v2.1.0</h2> <ul> <li>Use context for inputs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> (<a href="https://redirect.github.com/docker/setup-qemu-action/issues/62">#62</a>)</li> <li>Use built-in <code>getExecOutput</code> by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> (<a href="https://redirect.github.com/docker/setup-qemu-action/issues/61">#61</a>)</li> <li>Remove workaround for <code>setOutput</code> by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> (<a href="https://redirect.github.com/docker/setup-qemu-action/issues/63">#63</a>)</li> <li>Bump <code>@actions/core</code> from 1.6.0 to 1.10.0 (<a href="https://redirect.github.com/docker/setup-qemu-action/issues/54">#54</a> <a href="https://redirect.github.com/docker/setup-qemu-action/issues/58">#58</a> <a href="https://redirect.github.com/docker/setup-qemu-action/issues/59">#59</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="68827325e0"><code>6882732</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/103">#103</a> from docker/dependabot/npm_and_yarn/actions/core-1.10.1</li> <li><a href="183f4af504"><code>183f4af</code></a> chore: update generated content</li> <li><a href="f17493529e"><code>f174935</code></a> build(deps): bump <code>@actions/core</code> from 1.10.0 to 1.10.1</li> <li><a href="2e423eb500"><code>2e423eb</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/89">#89</a> from docker/dependabot/npm_and_yarn/semver-6.3.1</li> <li><a href="ecc406afa7"><code>ecc406a</code></a> Bump semver from 6.3.0 to 6.3.1</li> <li><a href="12dec5e201"><code>12dec5e</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/102">#102</a> from crazy-max/update-node20</li> <li><a href="c29b312130"><code>c29b312</code></a> chore: node 20 as default runtime</li> <li><a href="34ae628c8f"><code>34ae628</code></a> chore: update generated content</li> <li><a href="1f3d2e1ac0"><code>1f3d2e1</code></a> chore: fix author in package.json</li> <li><a href="277dbe8c9c"><code>277dbe8</code></a> vendor: bump <code>@docker/actions-toolkit</code> from 0.3.0 to 0.12.0</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-qemu-action/compare/v2...v3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
525 lines
19 KiB
YAML
525 lines
19 KiB
YAML
name: Elixir
|
|
on:
|
|
merge_group:
|
|
types: [checks_requested]
|
|
pull_request:
|
|
paths:
|
|
- "elixir/**"
|
|
- ".github/workflows/elixir.yml"
|
|
workflow_call:
|
|
|
|
# Cancel old workflow runs if new code is pushed
|
|
concurrency:
|
|
group: "elixir-${{ github.workflow }}-${{ github.ref }}"
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
elixir_unit-test:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: ./elixir
|
|
env:
|
|
MIX_ENV: test
|
|
POSTGRES_HOST: localhost
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
services:
|
|
postgres:
|
|
image: postgres:15
|
|
ports:
|
|
- 5432:5432
|
|
env:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
steps:
|
|
- uses: erlef/setup-beam@v1
|
|
with:
|
|
otp-version: "26.0.2"
|
|
elixir-version: "1.15.2"
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/cache@v3
|
|
name: Elixir Deps Cache
|
|
env:
|
|
cache-name: cache-elixir-deps-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/deps
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
|
|
- uses: actions/cache@v3
|
|
name: Elixir Build Cache
|
|
env:
|
|
cache-name: cache-elixir-build-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/_build
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
|
|
- name: Install Dependencies
|
|
run: mix deps.get --only $MIX_ENV
|
|
- name: Compile Dependencies
|
|
run: mix deps.compile --skip-umbrella-children
|
|
- name: Compile Application
|
|
run: mix compile --warnings-as-errors
|
|
- name: Setup Database
|
|
run: |
|
|
mix ecto.create
|
|
mix ecto.migrate
|
|
- name: Run Tests
|
|
env:
|
|
E2E_MAX_WAIT_SECONDS: 20
|
|
run: |
|
|
mix test --warnings-as-errors
|
|
- name: Test Report
|
|
uses: dorny/test-reporter@v1
|
|
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && (success() || failure()) }}
|
|
with:
|
|
name: Elixir Unit Test Report
|
|
path: elixir/_build/test/lib/*/test-junit-report.xml
|
|
reporter: java-junit
|
|
elixir_type-check:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: ./elixir
|
|
env:
|
|
MIX_ENV: dev
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
steps:
|
|
- uses: erlef/setup-beam@v1
|
|
id: setup-beam
|
|
with:
|
|
otp-version: "26.0.2"
|
|
elixir-version: "1.15.2"
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/cache@v3
|
|
name: Elixir Deps Cache
|
|
env:
|
|
cache-name: cache-elixir-deps-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/deps
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
|
|
- uses: actions/cache@v3
|
|
name: Elixir Build Cache
|
|
env:
|
|
cache-name: cache-elixir-build-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/_build
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
|
|
- name: Install Dependencies
|
|
run: mix deps.get --only $MIX_ENV
|
|
- name: Compile Dependencies
|
|
run: mix deps.compile --skip-umbrella-children
|
|
- name: Compile Application
|
|
run: mix compile
|
|
# Don't cache PLTs based on mix.lock hash, as Dialyzer can incrementally update even old ones
|
|
# Cache key based on Elixir & Erlang version (also useful when running in matrix)
|
|
- name: Restore PLT cache
|
|
id: plt_cache
|
|
uses: actions/cache@v3
|
|
env:
|
|
cache-name: cache-erlang-plt-${{ env.MIX_ENV }}
|
|
with:
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-plt
|
|
restore-keys: |
|
|
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-plt
|
|
path: elixir/priv/plts
|
|
- name: Create PLTs
|
|
if: steps.plt_cache.outputs.cache-hit != 'true'
|
|
run: mix dialyzer --plt
|
|
- name: Run Dialyzer
|
|
run: mix dialyzer --format dialyxir
|
|
elixir_static-analysis:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: ./elixir
|
|
env:
|
|
MIX_ENV: test
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
steps:
|
|
- uses: erlef/setup-beam@v1
|
|
with:
|
|
otp-version: "26.0.2"
|
|
elixir-version: "1.15.2"
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/cache@v3
|
|
name: Elixir Deps Cache
|
|
env:
|
|
cache-name: cache-elixir-deps-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/deps
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
|
|
- uses: actions/cache@v3
|
|
name: Elixir Build Cache
|
|
env:
|
|
cache-name: cache-elixir-build-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/_build
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
|
|
- name: Install Dependencies
|
|
run: mix deps.get --only $MIX_ENV
|
|
- name: Compile Dependencies
|
|
run: mix deps.compile --skip-umbrella-children
|
|
- name: Compile Application
|
|
run: mix compile --force --warnings-as-errors
|
|
- name: Check For Retired Packages
|
|
run: mix hex.audit
|
|
- name: Check For Vulnerable Packages
|
|
run: mix deps.audit
|
|
- name: Run Sobelow vulnerability scanner for web app
|
|
working-directory: ./elixir/apps/web
|
|
run: mix sobelow --skip
|
|
- name: Check Formatting
|
|
run: mix format --check-formatted
|
|
- name: Run Credo
|
|
run: mix credo --strict
|
|
elixir_migrations-and-seed-test:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: ./elixir
|
|
env:
|
|
MIX_ENV: dev
|
|
POSTGRES_HOST: localhost
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
MAIN_BRANCH: main
|
|
services:
|
|
postgres:
|
|
image: postgres:15
|
|
ports:
|
|
- 5432:5432
|
|
env:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install package dependencies
|
|
run: |
|
|
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
|
|
wget -qO- https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/trusted.gpg.d/pgdg.asc &>/dev/null
|
|
sudo apt update
|
|
sudo apt-get install -q -y postgresql-client
|
|
- uses: erlef/setup-beam@v1
|
|
with:
|
|
otp-version: "26.0.2"
|
|
elixir-version: "1.15.2"
|
|
- uses: actions/cache@v3
|
|
name: Elixir Deps Cache
|
|
env:
|
|
cache-name: cache-elixir-deps-${{ env.MIX_ENV }}-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/deps
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
|
|
- uses: actions/cache@v3
|
|
name: Elixir Build Cache
|
|
env:
|
|
cache-name: cache-elixir-build-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/_build
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
|
|
- name: Install Dependencies
|
|
run: mix deps.get --only $MIX_ENV
|
|
- name: Compile
|
|
run: mix compile
|
|
- name: Download main branch DB dump
|
|
id: download-artifact
|
|
uses: dawidd6/action-download-artifact@v2
|
|
if: ${{ !contains(github.ref, env.MAIN_BRANCH) }}
|
|
with:
|
|
branch: ${{ env.MAIN_BRANCH }}
|
|
name: db-dump
|
|
path: elixir/apps/domain/priv/repo/
|
|
search_artifacts: true
|
|
workflow_conclusion: completed
|
|
if_no_artifact_found: fail
|
|
- name: Create Database
|
|
run: |
|
|
mix ecto.create
|
|
- name: Restore DB dump
|
|
if: ${{ !contains(github.ref, env.MAIN_BRANCH) }}
|
|
env:
|
|
PGPASSWORD: postgres
|
|
run: |
|
|
mix ecto.load
|
|
- name: Run new migrations
|
|
run: |
|
|
mix ecto.migrate
|
|
- name: Dump DB
|
|
if: contains(github.ref, env.MAIN_BRANCH)
|
|
env:
|
|
PGPASSWORD: postgres
|
|
run: |
|
|
pg_dump firezone_dev \
|
|
-U postgres -h localhost \
|
|
--file apps/domain/priv/repo/structure.sql \
|
|
--no-acl \
|
|
--no-owner
|
|
- name: Upload main branch DB dump
|
|
if: contains(github.ref, env.MAIN_BRANCH)
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: db-dump
|
|
path: elixir/apps/domain/priv/repo/structure.sql
|
|
- name: Run Seed
|
|
run: mix ecto.seed
|
|
elixir_acceptance-test:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: ./elixir
|
|
env:
|
|
MIX_ENV: test
|
|
POSTGRES_HOST: localhost
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
MIX_TEST_PARTITIONS: 4
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
MIX_TEST_PARTITION: [1, 2, 3, 4]
|
|
services:
|
|
postgres:
|
|
image: postgres:15
|
|
ports:
|
|
- 5432:5432
|
|
env:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
vault:
|
|
image: vault:1.12.2
|
|
env:
|
|
VAULT_ADDR: "http://127.0.0.1:8200"
|
|
VAULT_DEV_ROOT_TOKEN_ID: "firezone"
|
|
ports:
|
|
- 8200:8200/tcp
|
|
options: --cap-add=IPC_LOCK
|
|
steps:
|
|
- uses: nanasess/setup-chromedriver@v2
|
|
with:
|
|
# XXX: This is an unfortunate workaround due to this issue:
|
|
# https://github.com/nanasess/setup-chromedriver/issues/199
|
|
# Still, it may not hurt to pin chromedriver and/or Chrome for more repeatable tests and
|
|
# possibly even matrix these to multiple versions to increase browser coverage.
|
|
chromedriver-version: '115.0.5790.102'
|
|
- uses: erlef/setup-beam@v1
|
|
with:
|
|
otp-version: "26.0.2"
|
|
elixir-version: "1.15.2"
|
|
- uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18
|
|
- uses: pnpm/action-setup@v2
|
|
with:
|
|
version: 8
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/cache@v3
|
|
name: Elixir Deps Cache
|
|
env:
|
|
cache-name: cache-elixir-deps-${{ env.MIX_ENV }}-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/deps
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
|
|
- uses: actions/cache@v3
|
|
name: Elixir Build Cache
|
|
env:
|
|
cache-name: cache-elixir-build-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/_build
|
|
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
|
|
- uses: actions/cache@v3
|
|
name: pnpm Deps Cache
|
|
env:
|
|
cache-name: cache-pnpm-build-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/apps/web/assets/node_modules
|
|
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/pnpm-lock.yaml') }}
|
|
- uses: actions/cache@v3
|
|
name: Assets Cache
|
|
env:
|
|
cache-name: cache-assets-build-${{ env.MIX_ENV }}
|
|
with:
|
|
path: elixir/apps/web/priv/static/dist
|
|
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/pnpm-lock.yaml') }}
|
|
- run: |
|
|
export DISPLAY=:99
|
|
chromedriver --url-base=/wd/hub &
|
|
sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
|
|
- name: Install Dependencies
|
|
run: mix deps.get --only $MIX_ENV
|
|
- name: Compile Dependencies
|
|
run: mix deps.compile --skip-umbrella-children
|
|
- name: Compile Application
|
|
run: mix compile
|
|
- name: Install Front-End Dependencies
|
|
run: |
|
|
cd apps/web
|
|
mix assets.setup
|
|
- name: Build Assets
|
|
run: |
|
|
cd apps/web
|
|
mix assets.build
|
|
- name: Setup Database
|
|
run: |
|
|
mix ecto.create
|
|
mix ecto.migrate
|
|
- name: Run Acceptance Tests
|
|
env:
|
|
MIX_TEST_PARTITION: ${{ matrix.MIX_TEST_PARTITION }}
|
|
E2E_MAX_WAIT_SECONDS: 5
|
|
run: |
|
|
mix test --only acceptance:true \
|
|
--partitions=${{ env.MIX_TEST_PARTITIONS }} \
|
|
--no-compile \
|
|
--no-archives-check \
|
|
--no-deps-check \
|
|
|| pkill -f chromedriver \
|
|
|| mix test --only acceptance:true --failed \
|
|
|| pkill -f chromedriver \
|
|
|| mix test --only acceptance:true --failed
|
|
- name: Save Screenshots
|
|
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && always() }}
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: screenshots
|
|
path: elixir/apps/web/screenshots
|
|
- name: Test Report
|
|
uses: dorny/test-reporter@v1
|
|
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && (success() || failure()) }}
|
|
with:
|
|
name: Elixir Acceptance Test Report
|
|
path: elixir/_build/test/lib/*/test-junit-report.xml
|
|
reporter: java-junit
|
|
elixir_web-container-build:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: ./elixir
|
|
permissions:
|
|
contents: read
|
|
id-token: "write"
|
|
needs:
|
|
- elixir_unit-test
|
|
- elixir_acceptance-test
|
|
env:
|
|
APPLICATION_NAME: web
|
|
REGISTRY: us-east1-docker.pkg.dev
|
|
GCLOUD_PROJECT: firezone-staging
|
|
GOOGLE_CLOUD_PROJECT: firezone-staging
|
|
CLOUDSDK_PROJECT: firezone-staging
|
|
CLOUDSDK_CORE_PROJECT: firezone-staging
|
|
GCP_PROJECT: firezone-staging
|
|
steps:
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- uses: actions/checkout@v4
|
|
- id: auth
|
|
uses: google-github-actions/auth@v1
|
|
with:
|
|
token_format: "access_token"
|
|
workload_identity_provider: "projects/397012414171/locations/global/workloadIdentityPools/github-actions/providers/github-actions"
|
|
service_account: "github-actions@github-iam-387915.iam.gserviceaccount.com"
|
|
export_environment_variables: false
|
|
- name: Change current gcloud account
|
|
run: gcloud --quiet config set project ${GCLOUD_PROJECT}
|
|
- name: Login to Google Artifact Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: oauth2accesstoken
|
|
password: ${{ steps.auth.outputs.access_token }}
|
|
- name: Build Tag and Version ID
|
|
id: vsn
|
|
env:
|
|
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
|
|
run: |
|
|
TAG=$(echo ${BRANCH_NAME} | sed 's/\//_/g' | sed 's/\:/_/g')
|
|
echo "TAG=branch-${TAG}" >> $GITHUB_ENV
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
platforms: linux/amd64
|
|
build-args: |
|
|
APPLICATION_NAME=${{ env.APPLICATION_NAME }}
|
|
APPLICATION_VERSION=0.0.0-sha.${{ github.sha }}
|
|
context: elixir/
|
|
cache-from: type=gha,scope=${{ env.APPLICATION_NAME }}-${{ github.sha }}
|
|
cache-to: type=gha,mode=max,scope=${{ env.APPLICATION_NAME }}-${{ github.sha }}
|
|
file: elixir/Dockerfile
|
|
push: true
|
|
tags: ${{ env.REGISTRY }}/${{ env.GCLOUD_PROJECT }}/firezone/${{ env.APPLICATION_NAME }}:${{ env.TAG }} , ${{ env.REGISTRY }}/${{ env.GCLOUD_PROJECT }}/firezone/${{ env.APPLICATION_NAME }}:${{ github.sha }}
|
|
elixir_api-container-build:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: ./elixir
|
|
permissions:
|
|
contents: read
|
|
id-token: "write"
|
|
needs:
|
|
- elixir_unit-test
|
|
- elixir_acceptance-test
|
|
env:
|
|
APPLICATION_NAME: api
|
|
REGISTRY: us-east1-docker.pkg.dev
|
|
GCLOUD_PROJECT: firezone-staging
|
|
GOOGLE_CLOUD_PROJECT: firezone-staging
|
|
CLOUDSDK_PROJECT: firezone-staging
|
|
CLOUDSDK_CORE_PROJECT: firezone-staging
|
|
GCP_PROJECT: firezone-staging
|
|
steps:
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- uses: actions/checkout@v4
|
|
- id: auth
|
|
uses: google-github-actions/auth@v1
|
|
with:
|
|
token_format: "access_token"
|
|
workload_identity_provider: "projects/397012414171/locations/global/workloadIdentityPools/github-actions/providers/github-actions"
|
|
service_account: "github-actions@github-iam-387915.iam.gserviceaccount.com"
|
|
export_environment_variables: false
|
|
- name: Change current gcloud account
|
|
run: gcloud --quiet config set project ${GCLOUD_PROJECT}
|
|
- name: Login to Google Artifact Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: oauth2accesstoken
|
|
password: ${{ steps.auth.outputs.access_token }}
|
|
- name: Build Tag and Version ID
|
|
id: vsn
|
|
env:
|
|
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
|
|
run: |
|
|
TAG=$(echo ${BRANCH_NAME} | sed 's/\//_/g' | sed 's/\:/_/g')
|
|
echo "TAG=branch-${TAG}" >> $GITHUB_ENV
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
platforms: linux/amd64
|
|
build-args: |
|
|
APPLICATION_NAME=${{ env.APPLICATION_NAME }}
|
|
APPLICATION_VERSION=0.0.0-sha.${{ github.sha }}
|
|
context: elixir/
|
|
cache-from: type=gha,scope=${{ env.APPLICATION_NAME }}-${{ github.sha }}
|
|
cache-to: type=gha,mode=max,scope=${{ env.APPLICATION_NAME }}-${{ github.sha }}
|
|
file: elixir/Dockerfile
|
|
push: true
|
|
tags: ${{ env.REGISTRY }}/${{ env.GCLOUD_PROJECT }}/firezone/${{ env.APPLICATION_NAME }}:${{ env.TAG }} , ${{ env.REGISTRY }}/${{ env.GCLOUD_PROJECT }}/firezone/${{ env.APPLICATION_NAME }}:${{ github.sha }}
|
|
# TODO: add a sanity check to make sure the image is actually built
|
|
# and can be started
|