Add support for event specific password protection #3042
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & test | |
| on: | |
| pull_request: | |
| paths: | |
| - "backend/**" | |
| - "frontend/**" | |
| - "docs/docs/setup/config.toml" | |
| - "util/dev-config/*" | |
| - ".deployment/templates/config.toml" | |
| - "util/dummy-login/dist/index.js" | |
| - ".github/workflows/ci.yml" | |
| - ".github/workflows/deploy.yml" | |
| push: | |
| branches: | |
| - "*" | |
| tags-ignore: | |
| - "*" | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUSTFLAGS: --deny warnings | |
| jobs: | |
| build: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # Figure out build mode | |
| - name: Determine build mode | |
| run: | | |
| target_dir="target" | |
| if (( "$(date +%w)" % 2 == 0 )); then | |
| sudo apt install -y musl-dev musl-tools | |
| rustup target add x86_64-unknown-linux-musl | |
| printf -- "--target=x86_64-unknown-linux-musl " >> .cargo-flags | |
| printf "musl" >> .cache-key | |
| target_dir="${target_dir}/x86_64-unknown-linux-musl" | |
| else | |
| printf "gnu" >> .cache-key | |
| fi | |
| if [[ "$GITHUB_REPOSITORY" == "elan-ev/tobira" ]] && [ "$GITHUB_REF" == "refs/heads/main" ]; then | |
| printf -- "--profile=release-ci" >> .cargo-flags | |
| printf -- "-release" >> .cache-key | |
| echo "ci_targetdir=${target_dir}/release-ci" >> $GITHUB_ENV | |
| echo "ci_webpack_flags=production" >> $GITHUB_ENV | |
| else | |
| printf -- "--features=embed-in-debug" >> .cargo-flags | |
| printf -- "-dev" >> .cache-key | |
| echo "ci_targetdir=${target_dir}/debug" >> $GITHUB_ENV | |
| echo "ci_webpack_flags=development" >> $GITHUB_ENV | |
| fi | |
| echo "cache_key=$(cat .cache-key)" >> $GITHUB_ENV | |
| - name: Restore backend cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: '${{ env.cache_key }}' | |
| workspaces: backend | |
| # Frontend cache: only the NPM folder is cached, not the node_modules, as | |
| # recommended here: https://github.com/actions/cache/blob/main/examples.md#node---npm | |
| - name: Restore NPM cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('frontend/package-lock.json') }} | |
| # ----- Build the frontend ----- | |
| # We also lint and typecheck, as it is convenient and fastest to do here. | |
| - name: Installing frontend dependencies (npm ci) | |
| working-directory: frontend | |
| run: npm ci | |
| - name: Generate GraphQL query types | |
| working-directory: frontend | |
| run: npx relay-compiler | |
| - name: Lint frontend | |
| working-directory: frontend | |
| run: npx eslint --max-warnings 0 . | |
| - name: Build frontend | |
| working-directory: frontend | |
| run: npx webpack --mode=${{ env.ci_webpack_flags }} | |
| - name: Typecheck frontend | |
| working-directory: frontend | |
| run: npx tsc | |
| # ----- Build the backend ----- | |
| - name: Build backend | |
| working-directory: backend | |
| run: cargo build $(cat ../.cargo-flags) | |
| # ----- Prepare binary ----- | |
| - name: Move Tobira binary | |
| run: mv backend/${{ env.ci_targetdir }}/tobira tobira | |
| - name: Compress Tobira binary | |
| run: objcopy --compress-debug-sections tobira | |
| # Prepare the ID (used in the subdomain) for deployment. This has to be done | |
| # here because in the `deploy` workflow, we don't have access to the correct | |
| # `GITHUB_REF` anymore. | |
| - name: Write deploy ID to file | |
| run: ./.deployment/deploy-id.sh "$GITHUB_REF" > .deploy-id | |
| # Archive files to be used in the `deploy` workflow | |
| - name: Upload binary and deployment files as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-deployment-files | |
| retention-days: 1 | |
| include-hidden-files: true | |
| path: | | |
| tobira | |
| util/dev-config/logo-large.svg | |
| util/dev-config/logo-small.svg | |
| util/dev-config/logo-large-dark.svg | |
| util/dev-config/favicon.svg | |
| .deploy-id | |
| .cache-key | |
| .cargo-flags | |
| .deployment/templates/config.toml | |
| util/dummy-login/dist/index.js | |
| # This is uploaded for the test job, specifically `cargo test` | |
| - name: Upload frontend artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: frontend-artifacts | |
| retention-days: 1 | |
| path: frontend/build | |
| # -------------------------------------------------------------------------- | |
| test: | |
| runs-on: ubuntu-20.04 | |
| needs: build | |
| services: | |
| postgres: | |
| image: postgres:12 | |
| env: | |
| POSTGRES_USER: tobira | |
| POSTGRES_PASSWORD: tobira | |
| POSTGRES_DB: tobira | |
| ports: | |
| - 5432:5432 | |
| options: '--name tobira_pg' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| lfs: true | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: test-deployment-files | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: frontend-artifacts | |
| path: ./frontend/build | |
| - run: chmod +x tobira | |
| # Perform simple checks | |
| - name: Make sure `schema.graphql` is up to date | |
| run: ./tobira export-api-schema | diff -u --color=always - frontend/src/schema.graphql | |
| - name: Make sure `docs/docs/setup/config.toml` is up to date | |
| run: ./tobira write-config | diff -u --color=always - docs/docs/setup/config.toml | |
| # Run backend tests | |
| - name: Read cache key | |
| run: echo "cache_key=$(cat .cache-key)" >> $GITHUB_ENV | |
| - name: Install MUSL dependencies | |
| if: startsWith(env.cache_key, 'musl') | |
| run: | | |
| sudo apt install -y musl-dev musl-tools | |
| rustup target add x86_64-unknown-linux-musl | |
| - name: Restore backend cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: '${{ env.cache_key }}' | |
| workspaces: backend | |
| save-if: false | |
| - name: Test backend | |
| working-directory: backend | |
| run: cargo test $(cat ../.cargo-flags) | |
| # Test DB migrations | |
| - name: Download latest DB dump | |
| run: curl --silent --output db-dump.xz -L https://github.com/elan-ev/tobira/raw/db-dumps/db-dump-latest.xz | |
| - name: Decompress DB dump | |
| run: xz -d db-dump.xz | |
| # We need to use the same version as the DB, so we use 'docker exec' | |
| - name: Restore DB dump | |
| run: | | |
| docker exec -i tobira_pg pg_restore \ | |
| --dbname postgresql://tobira:tobira@localhost/postgres \ | |
| --clean \ | |
| --create \ | |
| --if-exists \ | |
| < db-dump || true | |
| - name: Run migrations | |
| run: ./tobira db migrate --config util/dev-config/config.toml | |
| # Run UI Playwright tests | |
| - name: Start docker containers | |
| working-directory: util/containers | |
| run: | | |
| docker compose -f docker-compose.yml up -d \ | |
| tobira-login-handler \ | |
| tobira-meilisearch \ | |
| tobira-ui-test-files | |
| - name: Link Tobira binary to location expected by Playwright tests | |
| run: | | |
| mkdir -p backend/target/debug/ | |
| ln -s "$(pwd)/tobira" backend/target/debug/tobira | |
| - name: Install Playwright | |
| working-directory: frontend | |
| run: npm i @playwright/test | |
| - name: Install Playwright browsers | |
| working-directory: frontend | |
| run: npx playwright install --with-deps | |
| - name: Run playwright tests | |
| working-directory: frontend | |
| run: npx playwright test | |
| - name: Upload test results | |
| # A test might need a retry to succeed or run longer than expected. | |
| # In these cases the results should also be saved, since they might | |
| # indicate what went wrong. Hence `always()` instead of on `failure()`. | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: playwright-report | |
| path: frontend/playwright-report/ | |
| retention-days: 7 |