feat(j-s): User National Id #73705
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Monorepo pipeline - pull request | |
| on: | |
| pull_request: {} | |
| workflow_dispatch: {} | |
| defaults: | |
| run: | |
| shell: bash | |
| concurrency: | |
| # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-a-fallback-value | |
| group: pullrequest-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| env: | |
| COMPOSE_HTTP_TIMEOUT: 180 | |
| SKIP_GENERATED_CACHE: ${{ contains(github.event.pull_request.labels.*.name, 'skip-generated-cache') }} | |
| NX_AFFECTED_ALL: ${{ contains(github.event.pull_request.labels.*.name, 'nx-affected-all') }} | |
| NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| DISABLE_CHUNKS: 'true' | |
| DISABLE_GROUPING: 'false' | |
| DISABLE_PROBLEMATIC: 'false' | |
| CHUNK_SIZE: '8' | |
| MAX_JOBS: '3' | |
| NX_PARALLEL: '2' | |
| NX_MAX_PARALLEL: '4' | |
| NX_TASKS_RUNNER: ci | |
| S3_DOCKER_CACHE_BUCKET: ${{ secrets.S3_DOCKER_CACHE_BUCKET }} | |
| RUNS_ON_S3_BUCKET_CACHE: ${{ secrets.S3_DOCKER_CACHE_BUCKET }} | |
| AWS_REGION: eu-west-1 | |
| GENERATED_FILES: ${{ github.sha }}.tar.gz | |
| jobs: | |
| prepare: | |
| runs-on: arc-runners | |
| timeout-minutes: 35 | |
| env: | |
| AFFECTED_ALL: ${{ secrets.AFFECTED_ALL }} | |
| SERVERSIDE_FEATURES_ON: '' | |
| DOCKER_REGISTRY: 821090935708.dkr.ecr.eu-west-1.amazonaws.com | |
| DOCKER_BASE_IMAGE_REGISTRY: 821090935708.dkr.ecr.eu-west-1.amazonaws.com/ecr-public | |
| CI_DEBUG: ${{ contains(github.event.pull_request.labels.*.name, 'ci debug') }} | |
| SKIP_TESTS: ${{ contains(github.event.pull_request.labels.*.name, 'test nothing') }} | |
| outputs: | |
| TEST_CHUNKS: ${{ steps.test_projects.outputs.CHUNKS }} | |
| E2E_CHUNKS: ${{ steps.e2e_projects.outputs.CHUNKS }} | |
| E2E_BUILD_ID: ${{ steps.e2e_projects.outputs.BUILD_ID }} | |
| LINT_CHUNKS: ${{ steps.lint_projects.outputs.CHUNKS }} | |
| BUILD_CHUNKS: ${{ steps.build_projects.outputs.CHUNKS }} | |
| NX_BASE: ${{ steps.export-sha.outputs.NX_BASE }} | |
| DEPLOY_FEATURE: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-feature') }} | |
| CACHE_KEY: ${{ steps.set-cache-key.outputs.CACHE_KEY }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set cache key | |
| id: set-cache-key | |
| run: | | |
| echo "CACHE_KEY=${{ runner.os }}-deps-cypress-${{ hashFiles('yarn.lock') }}-1" >> $GITHUB_OUTPUT | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| - name: Prepare generated files | |
| run: | | |
| echo "generated files: ${{ env.GENERATED_FILES }}" | |
| node ./scripts/ci/generate-files.mjs ${{ env.GENERATED_FILES }} | |
| tar -xzvf ${{ env.GENERATED_FILES }} | |
| - name: Cache Generated files | |
| uses: runs-on/cache/save@v4 | |
| with: | |
| path: | | |
| ${{ env.GENERATED_FILES }} | |
| key: generated-files-${{ github.sha }} | |
| - name: Derive appropriate SHAs | |
| uses: nrwl/nx-set-shas@v4 | |
| - run: | | |
| echo "BASE: ${{ env.NX_BASE }}" | |
| echo "HEAD: ${{ env.NX_HEAD }}" | |
| - name: Checking out relevant branches | |
| id: export-sha | |
| run: | | |
| set -euo pipefail | |
| echo "CHUNK_SIZE: $CHUNK_SIZE" | |
| echo "MAX_JOBS: $MAX_JOBS" | |
| echo "NX_PARALLEL: $NX_PARALLEL" | |
| set -x | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "CI Bot" | |
| BASE_SHA=${{ env.NX_BASE }} | |
| HEAD_SHA=${{ env.NX_HEAD }} | |
| echo "BASE=$BASE_SHA" >> "$GITHUB_ENV" | |
| echo "NX_BASE=$BASE_SHA" >> "$GITHUB_OUTPUT" | |
| echo "Current base SHA is '$BASE_SHA' and head SHA is '$HEAD_SHA'" | |
| echo "{\"base_sha\": \"$BASE_SHA\", \"head_sha\":\"$HEAD_SHA\"}" > event.json | |
| # This is to increase the retention days for our GitHub Actions run events | |
| # See this for more information: | |
| # https://github.blog/changelog/2020-10-08-github-actions-ability-to-change-retention-days-for-artifacts-and-logs/ | |
| - name: Keep PR run event | |
| uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4 | |
| # Don't run this step locally | |
| if: ${{ !github.event.localrun }} | |
| with: | |
| name: pr-event | |
| path: event.json | |
| retention-days: 90 | |
| include-hidden-files: true | |
| if-no-files-found: error | |
| - name: License audit Node modules | |
| run: ./scripts/ci/20_license-audit.sh | |
| - name: Check user permissions | |
| uses: actions-cool/check-user-permission@v2 | |
| id: check-permission | |
| # This fails locally without a token, and only prevents "admin" label usage | |
| if: ${{ !github.event.localrun }} | |
| - name: Set magic env if test-everything label is set | |
| if: ${{ contains(github.event.pull_request.labels.*.name, 'test everything') && steps.check-permission.outcome == 'success' && steps.check-permission.outputs['user-permission'] == 'admin' }} | |
| run: | | |
| echo "AFFECTED_ALL=7913-$GITHUB_HEAD_REF" >> "$GITHUB_ENV" | |
| - name: Warn if user does not have the required permissions | |
| if: ${{ contains(github.event.pull_request.labels.*.name, 'test everything') && steps.check-permission.outcome == 'success'&& steps.check-permission.outputs['user-permission'] != 'admin' }} | |
| run: | | |
| echo "## WARN permissions" >> "$GITHUB_STEP_SUMMARY" | |
| echo "User '$GITHUB_ACTOR' does not have the required permissions to apply the 'test everything' label" >> "$GITHUB_STEP_SUMMARY" | |
| - name: Prepare lint targets | |
| id: lint_projects | |
| env: | |
| # Linting is easy, no need to split/chunk it | |
| DISABLE_CHUNKS: 'true' | |
| DISABLE_GROUPING: 'true' | |
| DISABLE_PROBLEMATIC: 'true' | |
| run: | | |
| set -euo pipefail | |
| CHUNKS="$(./scripts/ci/generate-chunks.sh lint)" | |
| if [[ "$CHUNKS" != "[]" ]]; then | |
| echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Prepare test targets | |
| id: test_projects | |
| run: | | |
| set -euo pipefail | |
| CHUNKS="$(./scripts/ci/generate-chunks.sh test)" | |
| if [[ "$CHUNKS" != "[]" ]]; then | |
| echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Prepare e2e targets | |
| id: e2e_projects | |
| env: | |
| CHUNK_SIZE: 1 | |
| run: | | |
| set -euo pipefail | |
| CHUNKS="$(./scripts/ci/generate-chunks.sh e2e-ci)" | |
| if [[ "$CHUNKS" != "[]" ]]; then | |
| echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT" | |
| fi | |
| echo BUILD_ID="$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER-$(uuidgen)" >> "$GITHUB_OUTPUT" | |
| - name: Prepare build targets | |
| id: build_projects | |
| run: | | |
| set -euo pipefail | |
| CHUNKS="$(./scripts/ci/generate-chunks.sh build)" | |
| if [[ "$CHUNKS" != "[]" ]]; then | |
| echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Check release-manager approval | |
| id: check-release-manager-approval | |
| if: ${{ contains(github.event.pull_request.head.ref, '/pre-release/') }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| node -r esbuild-register .github/actions/check-team-approval.ts release-managers | |
| tests: | |
| needs: | |
| - prepare | |
| if: ${{ needs.prepare.outputs.TEST_CHUNKS && needs.prepare.outputs.DEPLOY_FEATURE != 'true' }} | |
| runs-on: arc-runners | |
| timeout-minutes: 45 | |
| env: | |
| AFFECTED_PROJECTS: ${{ matrix.projects }} | |
| NX_BASE: ${{ needs.prepare.outputs.NX_BASE }} | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.prepare.outputs.TEST_CHUNKS) }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| - name: Restore generated files | |
| uses: runs-on/cache/restore@v4 | |
| id: restore-generated-files-cache | |
| with: | |
| path: | | |
| ${{ env.GENERATED_FILES }} | |
| key: generated-files-${{ github.sha }} | |
| - name: Extract generated files | |
| run: | | |
| tar -xzvf ${{ env.GENERATED_FILES }} | |
| - name: Run unit tests | |
| uses: ./.github/actions/unit-test | |
| with: | |
| dd-api-key: '${{ secrets.DD_API_KEY }}' | |
| codecov-token: ${{ secrets.CODECOV_TOKEN }} | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| docker-registry: 821090935708.dkr.ecr.eu-west-1.amazonaws.com/ | |
| e2e: | |
| needs: | |
| - prepare | |
| if: ${{ needs.prepare.outputs.E2E_CHUNKS && needs.prepare.outputs.DEPLOY_FEATURE != 'true' }} | |
| runs-on: arc-runners | |
| timeout-minutes: 45 | |
| env: | |
| AFFECTED_PROJECT: ${{ matrix.projects }} | |
| CYPRESS_PROJECT_ID: 4q7jz8 | |
| CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} | |
| API_MOCKS: 'true' | |
| NODE_OPTIONS: --max-old-space-size=4096 | |
| E2E_BUILD_ID: '${{ needs.prepare.outputs.E2E_BUILD_ID }}-${{ github.run_attempt }}' | |
| NX_BASE: ${{ needs.prepare.outputs.NX_BASE }} | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.prepare.outputs.E2E_CHUNKS) }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| - name: Restore generated files | |
| uses: runs-on/cache/restore@v4 | |
| id: restore-generated-files-cache | |
| with: | |
| path: | | |
| ${{ env.GENERATED_FILES }} | |
| key: generated-files-${{ github.sha }} | |
| - name: Extract generated files | |
| run: | | |
| tar -xzvf ${{ env.GENERATED_FILES }} | |
| - name: Running e2e tests | |
| run: ./scripts/ci/40_e2e.sh "${AFFECTED_PROJECT}" | |
| linting-workspace: | |
| needs: | |
| - prepare | |
| runs-on: arc-runners | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| - name: Restore generated files | |
| uses: runs-on/cache/restore@v4 | |
| id: restore-generated-files-cache | |
| with: | |
| path: | | |
| ${{ env.GENERATED_FILES }} | |
| key: generated-files-${{ github.sha }} | |
| - name: Extract generated files | |
| run: | | |
| tar -xzvf ${{ env.GENERATED_FILES }} | |
| - name: Linting workspace | |
| run: ./scripts/ci/20_lint-workspace.sh | |
| run-shellcheck: | |
| needs: | |
| - prepare | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: reviewdog/action-shellcheck@v1 | |
| with: | |
| github_token: ${{ secrets.github_token }} | |
| reporter: github-pr-review | |
| fail-level: info | |
| exclude: >- | |
| */node_modules/* | |
| formatting: | |
| needs: | |
| - prepare | |
| runs-on: arc-runners | |
| timeout-minutes: 15 | |
| env: | |
| NX_BASE: ${{ needs.prepare.outputs.NX_BASE }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| token: ${{ secrets.DIRTY_FIX_BOT_TOKEN }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| - name: Restore generated files | |
| uses: runs-on/cache/restore@v4 | |
| id: restore-generated-files-cache | |
| with: | |
| path: | | |
| ${{ env.GENERATED_FILES }} | |
| key: generated-files-${{ github.sha }} | |
| - name: NX format:check | |
| if: ${{ github.ref == 'ref/heads/main' }} | |
| run: ./scripts/ci/20_check-formatting.sh "check" | |
| # - name: NX format:write | |
| # if: ${{ github.event_name == 'pull_request' }} | |
| # run: | | |
| # ./scripts/ci/20_check-formatting.sh "write" | |
| # ./infra/scripts/ci/git-check-dirty.sh "/" "nx format:write" "dirtybot" | |
| linting: | |
| needs: | |
| - prepare | |
| runs-on: arc-runners | |
| timeout-minutes: 35 | |
| if: needs.prepare.outputs.LINT_CHUNKS | |
| env: | |
| AFFECTED_PROJECTS: ${{ matrix.projects }} | |
| NODE_OPTIONS: --max-old-space-size=4096 | |
| NX_BASE: ${{ needs.prepare.outputs.NX_BASE }} | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.prepare.outputs.LINT_CHUNKS) }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| - name: Restore generated files | |
| uses: runs-on/cache/restore@v4 | |
| id: restore-generated-files-cache | |
| with: | |
| path: | | |
| ${{ env.GENERATED_FILES }} | |
| key: generated-files-${{ github.sha }} | |
| - name: Extract generated files | |
| run: | | |
| tar -xzvf ${{ env.GENERATED_FILES }} | |
| - name: Linting | |
| run: ./scripts/ci/run-in-parallel-native.sh lint | |
| build: | |
| needs: | |
| - prepare | |
| runs-on: arc-runners | |
| timeout-minutes: 35 | |
| env: | |
| AFFECTED_PROJECTS: ${{ matrix.projects }} | |
| NX_BASE: ${{ needs.prepare.outputs.NX_BASE }} | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.prepare.outputs.BUILD_CHUNKS) }} | |
| if: ${{ needs.prepare.outputs.BUILD_CHUNKS && needs.prepare.outputs.DEPLOY_FEATURE != 'true' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| - name: Restore generated files | |
| uses: runs-on/cache/restore@v4 | |
| id: restore-generated-files-cache | |
| with: | |
| path: | | |
| ${{ env.GENERATED_FILES }} | |
| key: generated-files-${{ github.sha }} | |
| - name: Extract generated files | |
| run: | | |
| tar -xzvf ${{ env.GENERATED_FILES }} | |
| - name: Building | |
| run: ./scripts/ci/run-in-parallel-native.sh build | |
| success: | |
| runs-on: arc-runners | |
| if: ${{ !cancelled() }} | |
| needs: | |
| - prepare | |
| - linting-workspace | |
| - tests | |
| - linting | |
| - run-shellcheck | |
| - formatting | |
| - e2e | |
| - build | |
| steps: | |
| - name: Check prepare success | |
| run: '[[ ${{ needs.prepare.result }} == "success" ]] || exit 1' | |
| - name: Notify about deploy-feature label | |
| if: ${{ github.event.pull_request.auto_merge && needs.prepare.outputs.DEPLOY_FEATURE == 'true' }} | |
| run: | | |
| echo "- 👉 Remove the \`deploy-feature\` label if you want this PR to be merged automatically" >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| - name: Check tests success | |
| run: '[[ ${{ needs.tests.result }} != "failure" ]] || exit 1' | |
| - name: Check e2e success | |
| run: '[[ ${{ needs.e2e.result }} != "failure" ]] || exit 1' | |
| - name: Check linting success | |
| run: '[[ ${{ needs.linting.result }} != "failure" ]] || exit 1' | |
| - name: Check run-shellcheck success | |
| run: '[[ ${{ needs.run-shellcheck.result }} != "failure" ]] || exit 1' | |
| - name: Check formatting success | |
| run: '[[ ${{ needs.formatting.result }} != "failure" ]] || exit 1' | |
| - name: Check build success | |
| run: '[[ ${{ needs.build.result }} != "failure" ]] || exit 1' | |
| - name: Announce success | |
| run: echo "Build is successful" |