feat: generate nonce and use it #5309
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
concurrency: | |
group: ci-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
MIX_ENV: test | |
MBTA_API_BASE_URL: ${{ secrets.MBTA_API_BASE_URL }} | |
MBTA_API_KEY: ${{ secrets.MBTA_API_KEY }} | |
jobs: | |
file_changes: | |
runs-on: ubuntu-latest | |
outputs: | |
ts: ${{ steps.changes.outputs.ts == 'true' }} | |
js: ${{ steps.changes.outputs.js == 'true' }} | |
ex: ${{ steps.changes.outputs.ex == 'true' }} | |
scss: ${{ steps.changes.outputs.scss == 'true' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@v3 | |
id: changes | |
with: | |
filters: | | |
ts: | |
- 'assets/ts/**' | |
js: | |
- 'assets/js/**' | |
ex: | |
- '**.ex' | |
- '**.exs' | |
- '**.eex' | |
- '**.heex' | |
scss: | |
- 'assets/css/**.scss' | |
build_image: | |
name: Build Docker image | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: docker build . | |
eslintts: | |
name: Linting / TypeScript | |
runs-on: ubuntu-latest | |
needs: file_changes | |
if: ${{ contains(github.head_ref, 'dependabot/') || needs.file_changes.outputs.ts }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- run: npm run ci:lint:ts | |
jslint: | |
name: Linting / JavaScript | |
runs-on: ubuntu-latest | |
needs: file_changes | |
if: ${{ contains(github.head_ref, 'dependabot/') ||needs.file_changes.outputs.js }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- run: npm run ci:lint:js | |
stylelint: | |
name: Linting / CSS | |
runs-on: ubuntu-latest | |
needs: file_changes | |
if: ${{ contains(github.head_ref, 'dependabot/') || needs.file_changes.outputs.scss }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- run: npm run ci:lint:scss | |
elixirlint: | |
name: Linting / Elixir | |
runs-on: ubuntu-latest | |
needs: file_changes | |
if: ${{ (contains(github.head_ref, 'dependabot/') || needs.file_changes.outputs.ex) && github.event_name == 'pull_request' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- run: git fetch origin main:main | |
- run: npm run ci:lint:ex | |
build_app: | |
name: Build application and assets | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- name: Cache _build | |
uses: actions/cache@v4 | |
with: | |
path: | | |
_build | |
priv | |
react_renderer/dist/app.js | |
key: ci-application-cache-${{ github.sha }} | |
- run: npm install --prefix assets -S -install-links deps/mbta_metro/priv/ | |
- run: npm --prefix assets run webpack:build | |
- run: npm --prefix assets run webpack:build:react | |
- run: mix compile --all-warnings | |
elixir_unit: | |
name: Unit tests / Elixir / mix coveralls.html | |
runs-on: ubuntu-latest | |
needs: [file_changes, build_app] | |
if: ${{ contains(github.head_ref, 'dependabot/') || needs.file_changes.outputs.ex }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- uses: actions/cache/restore@v4 | |
with: | |
path: | | |
_build | |
priv | |
react_renderer/dist/app.js | |
key: ci-application-cache-${{ github.sha }} | |
restore-keys: | | |
ci-application-cache- | |
- run: npm run ci:unit:exunit | |
- name: Upload coverage artifact | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Elixir test coverage report | |
path: cover/ | |
js_unit_1: | |
name: Unit tests / JavaScript / Mocha | |
runs-on: ubuntu-latest | |
needs: file_changes | |
if: ${{ contains(github.head_ref, 'dependabot/') || needs.file_changes.outputs.js }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- run: npm run ci:unit:mocha | |
js_unit_2: | |
name: Unit tests / JavaScript & TypeScript / Jest | |
runs-on: ubuntu-latest | |
needs: file_changes | |
if: ${{ contains(github.head_ref, 'dependabot/') || needs.file_changes.outputs.ts || needs.file_changes.outputs.js }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- run: TZ="America/New_York" npm run ci:unit:jest | |
type_dialyzer: | |
name: Type checks / Elixir | |
runs-on: ubuntu-latest | |
needs: file_changes | |
if: ${{ contains(github.head_ref, 'dependabot/') || needs.file_changes.outputs.ex }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- uses: mbta/actions/dialyzer@v2 | |
with: | |
cmd-line: "--ignore-exit-status" | |
type_typescript: | |
name: Type checks / TypeScript | |
runs-on: ubuntu-latest | |
needs: file_changes | |
if: ${{ contains(github.head_ref, 'dependabot/') || needs.file_changes.outputs.ts }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- run: npm run ci:types:ts | |
elixir_format_check: | |
name: Formatting / Elixir | |
runs-on: ubuntu-latest | |
needs: file_changes | |
if: ${{ contains(github.head_ref, 'dependabot/') || needs.file_changes.outputs.ex }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- run: npm run ci:format:ex | |
js_format_check: | |
name: Formatting / JavaScript & TypeScript | |
runs-on: ubuntu-latest | |
needs: file_changes | |
if: ${{ contains(github.head_ref, 'dependabot/') || needs.file_changes.outputs.js || needs.file_changes.outputs.ts }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-all | |
- run: npm run ci:format:ts |