shelter: show icon in header and footer (#801) #4783
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: π· Monorepo Pipeline | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
env: | |
AWS_REGION: us-west-2 | |
AWS_ACCOUNT_ID: 174477281453 | |
ASSUMED_ROLE: arn:aws:iam::174477281453:role/github-actions-oidc-role | |
ECR_REGISTRY: 174477281453.dkr.ecr.us-west-2.amazonaws.com | |
COMPOSE_FILE: docker-compose.yml:docker-compose-ci.yml | |
jobs: | |
BuildTestDeploy: | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read # Required to find the last successful workflow run | |
contents: read # Required for actions/checkout | |
id-token: write # Required for requesting the JWT | |
pull-requests: read | |
checks: write # Required for graphql inspector | |
steps: | |
- name: π¦ Turnstyle | |
uses: softprops/turnstyle@master | |
if: github.ref == 'refs/heads/main' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: π Check out repo | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Checks out all branches and tags. Maybe we can make this better in the future? | |
# This line is needed for nx affected to work when CI is running on a PR | |
- name: π Track main if PR | |
if: github.ref != 'refs/heads/main' | |
run: git branch --track main origin/main | |
- name: π§ Configure NX SHAs | |
uses: nrwl/nx-set-shas@v4 | |
- name: π§ Set Environment Variables | |
run: | | |
RAW_BRANCH_NAME=${{ github.head_ref || github.ref_name }} | |
SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) | |
# Sanitize branch name by replacing '/' with '-' and removing any other invalid characters | |
BRANCH_NAME=$(echo $RAW_BRANCH_NAME | sed 's|/|-|g' | sed 's|[^a-zA-Z0-9_.-]||g') | |
if [ "$BRANCH_NAME" == "main" ]; then | |
IMAGE_TAG_PREFIX="main" | |
else | |
IMAGE_TAG_PREFIX="dev-$BRANCH_NAME" | |
fi | |
DOCKER_TAG="$IMAGE_TAG_PREFIX-$SHORT_SHA" | |
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV | |
echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV | |
echo "IMAGE_TAG_PREFIX=$IMAGE_TAG_PREFIX" >> $GITHUB_ENV | |
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV | |
echo "MONOREPO_IMAGE=${{ env.ECR_REGISTRY }}/monorepo" >> $GITHUB_ENV | |
- name: π³ Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: π³ Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
if: ${{ env.BRANCH_NAME == 'main' }} | |
with: | |
role-to-assume: ${{ env.ASSUMED_ROLE }} | |
role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
aws-region: ${{ env.AWS_REGION }} | |
- name: π³ Login to Amazon ECR | |
uses: aws-actions/amazon-ecr-login@v2 | |
if: ${{ env.BRANCH_NAME == 'main' }} | |
# Build and Push Monorepo Image for each commit using GitHub Actions cache | |
- name: ποΈ Build Monorepo Docker image | |
uses: docker/build-push-action@v6 | |
with: | |
file: Dockerfile | |
load: true | |
push: ${{ env.BRANCH_NAME == 'main' }} | |
tags: | | |
${{ env.MONOREPO_IMAGE }}:${{ env.DOCKER_TAG }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: π Prep Container Permissions | |
run: | | |
sudo chown -R 1000:1000 .git | |
sudo setfacl --modify user:1000:rw /var/run/docker.sock | |
sudo setfacl -Rm u:1000:rwX,d:u:1000:rwX $HOME/.docker | |
- name: π Spin up monorepo environment | |
run: | | |
docker compose up -d | |
- name: π§Ή Lint | |
run: | | |
docker compose run better-angels bash <<'EOF' | |
yarn nx affected -t lint | |
EOF | |
- name: π΅οΈ Check for missing Django migrations | |
run: | | |
docker compose run better-angels bash <<'EOF' | |
yarn nx affected -t check-migrations | |
STATUS=$? | |
if [ $STATUS -ne 0 ]; then | |
echo "Error: Missing Django migrations! Make sure you have run 'python manage.py makemigrations <app_name>' locally and committed the changes." | |
exit 1 | |
else | |
echo "Success: No missing Django migrations!" | |
fi | |
EOF | |
- name: π Make sure GraphQL Schema is up to date | |
# TODO: Upon graphql mismatch, a github action could commit the changes and push into the branch | |
run: | | |
docker compose run better-angels bash <<'EOF' | |
yarn nx affected -t validate-graphql-schema | |
STATUS=$? | |
if [ $STATUS -ne 0 ]; then | |
echo "Error: The GraphQL schemas do not match! Make sure you have run 'yarn nx affected -t generate-graphql-schema' locally and committed the changes." | |
exit 1 | |
else | |
echo "Success: The GraphQL schemas match!" | |
fi | |
yarn nx affected -t generate-graphql-types | |
TYPE_GEN_STATUS=$? | |
git diff --exit-code '**/gql-types/*'; | |
DIFF_STATUS=$? | |
if [ $TYPE_GEN_STATUS -ne 0 ] || [ $DIFF_STATUS -ne 0 ]; then | |
echo "Error: The GraphQL types do not match or generation failed! Make sure you have run 'yarn nx affected -t generate-graphql-types' locally and committed the changes." | |
exit 1 | |
else | |
echo "Success: The GraphQL types match!" | |
fi | |
EOF | |
- name: π΅π»ββοΈ GraphQL Inspector | |
uses: kamilkisiela/graphql-inspector@master | |
# Warning: This now skips schema breaking checks in forked repositories. | |
# Resolve in: https://betterangels.atlassian.net/browse/DEV-690 | |
if: ${{ github.event.pull_request.head.repo.fork == false }} | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
schema: main:apps/betterangels-backend/schema.graphql | |
fail-on-breaking: true | |
approve-label: graphql-inspector:approved-breaking-change | |
- name: π¬ Typecheck | |
run: | | |
docker compose run better-angels bash <<'EOF' | |
yarn nx affected -t typecheck | |
EOF | |
- name: π§ͺ Test | |
run: | | |
docker compose run better-angels bash <<'EOF' | |
# Exclude Betterangels Frontend Given its CI is not setup yet | |
yarn nx affected -t test | |
EOF | |
- name: π οΈ Build and Push Artifacts | |
if: ${{ env.BRANCH_NAME == 'main' }} | |
run: | | |
docker compose run better-angels bash <<'EOF' | |
# Exclude Betterangels Frontend Given its CI is not setup yet | |
yarn nx affected -t build --exclude=betterangels,shelter | |
EOF | |
env: | |
AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }} | |
INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: π Deploy Changes | |
if: ${{ env.BRANCH_NAME == 'main' }} | |
run: | | |
docker compose run better-angels bash <<'EOF' | |
# Exclude Betterangels Frontend Given its CI is not setup yet | |
yarn nx affected -t deploy --exclude=betterangels,shelter | |
EOF | |
- name: βΉοΈ Spin down monorepo environment | |
if: always() | |
run: | | |
docker compose down | |
sudo chown -R 1001:1001 .git |