WEBUI-1496: Remove usage of unsafe-eval from CSP #3404
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Preview | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, labeled] | |
branches: | |
- maintenance-3.1.x | |
workflow_dispatch: | |
inputs: | |
branch_name: | |
description: 'The name of the branch to preview.' | |
default: 'maintenance-3.1.x' | |
required: true | |
caller_id: | |
description: 'run identifier' | |
default: 'maintenance-3.1.x' | |
type: string | |
required: false | |
env: | |
DOCKER_REGISTRY: us-east1-docker.pkg.dev | |
DOCKER_IMAGE: ${{ secrets.GKE_PROJECT }}/webui/nuxeo-web-ui | |
GKE_CLUSTER: jx-prod | |
GKE_ZONE: us-east1-b | |
jobs: | |
id: | |
name: Remote Caller ID ${{ github.event.inputs.caller_id }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: ${{ github.event.inputs.id }} | |
run: echo run identifier ${{ github.event.inputs.id }} | |
preview: | |
needs: id | |
name: Setup | |
outputs: | |
url: ${{ steps.preview.outputs.url }} | |
if: (github.event.action == 'labeled' && github.event.label.name == 'preview') || contains(github.event.pull_request.labels.*.name, 'preview') || github.event_name == 'workflow_dispatch' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
registry-url: 'https://packages.nuxeo.com/repository/npm-public/' | |
scope: '@nuxeo' | |
- name: Setup branch name (pull_request) | |
if: github.event_name == 'pull_request' | |
run: | | |
BRANCH_NAME=${GITHUB_HEAD_REF##*/} | |
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV | |
- name: Setup branch name (workflow_dispatch) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
BRANCH_NAME=${{ github.event.inputs.branch_name }} | |
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV | |
- name: Determine nuxeo-web-ui branch to use | |
uses: nuxeo/ui-team-gh-actions/get-branch@ca09d5c52a62e297502d3572c36d813be927982a | |
id: pick_nuxeo_web_ui_branch | |
with: | |
repository: nuxeo/nuxeo-web-ui | |
branch: ${BRANCH_NAME} | |
default-branch: maintenance-3.1.x | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ steps.pick_nuxeo_web_ui_branch.outputs.branch }} | |
- name: Prepare environment | |
run: | | |
echo "VERSION=$(npx -c 'echo "$npm_package_version"')-$BRANCH_NAME" >> $GITHUB_ENV | |
echo "PREVIEW_NAMESPACE=$(printf '%.53s' $(echo nuxeo-web-ui-$(echo $BRANCH_NAME | sed 's/[^[:alnum:]-]/-/g' | tr '[:upper:]' '[:lower:]')))" >> $GITHUB_ENV | |
- name: Determine nuxeo-elements branch to use | |
id: pick_nuxeo_elements_branch | |
uses: nuxeo/ui-team-gh-actions/get-branch@ca09d5c52a62e297502d3572c36d813be927982a | |
with: | |
repository: nuxeo/nuxeo-elements | |
branch: ${BRANCH_NAME} | |
default-branch: maintenance-3.1.x | |
- name: Checkout the nuxeo-elements repo | |
uses: actions/checkout@v2 | |
with: | |
repository: nuxeo/nuxeo-elements | |
path: nuxeo-elements | |
fetch-depth: 1 | |
ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} | |
- name: Install | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
run: | | |
npm install nuxeo-elements/core | |
npm install nuxeo-elements/ui | |
npm install nuxeo-elements/dataviz | |
npm install | |
- name: Webpack build | |
run: | | |
npm run build | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.DOCKER_REGISTRY }} | |
username: _json_key | |
password: ${{ secrets.GKE_SA_KEY }} | |
- name: Build and push server image | |
uses: docker/build-push-action@v2 | |
with: | |
context: server | |
pull: true | |
push: true | |
file: server/Dockerfile | |
tags: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}/server:${{ env.VERSION }} | |
- name: Build and push image | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
pull: true | |
push: true | |
file: Dockerfile | |
tags: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:${{ env.VERSION }} | |
build-args: SERVER_IMAGE=${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}/server:${{ env.VERSION }} | |
- name: Get GKE credentials | |
uses: google-github-actions/[email protected] | |
with: | |
cluster_name: ${{ env.GKE_CLUSTER }} | |
location: ${{ env.GKE_ZONE }} | |
project_id: ${{ secrets.GKE_PROJECT }} | |
credentials: ${{ secrets.GKE_SA_KEY }} | |
- name: Check preview namespace | |
id: preview_ns | |
run: | | |
echo ::set-output name=exists::$(kubectl get namespace ${PREVIEW_NAMESPACE}) | |
- name: Create preview namespace | |
if: ${{ !steps.preview_ns.outputs.exists }} | |
run: | | |
kubectl create namespace ${PREVIEW_NAMESPACE} | |
- name: Install preview | |
id: preview | |
working-directory: ./charts/preview | |
run: | | |
# add helm jx repo | |
helm repo add jx https://jenkins-x-charts.github.io/v2/ | |
# substitute env variables in values.yaml | |
mv values.yaml values.yaml.tosubst | |
envsubst < values.yaml.tosubst > values.yaml | |
# update helm deps | |
helm dependency update . | |
# install | |
helm upgrade --install --namespace ${PREVIEW_NAMESPACE} ${PREVIEW_NAMESPACE} . | |
# ensure the deployment is restarted to pull the new preview image | |
kubectl rollout restart deployment ${PREVIEW_NAMESPACE}-preview --namespace ${PREVIEW_NAMESPACE} | |
echo "PREVIEW_URL=https://preview-${PREVIEW_NAMESPACE}.webui.dev.nuxeo.com" >> $GITHUB_ENV | |
echo ::set-output name=url::"https://preview-${PREVIEW_NAMESPACE}.webui.dev.nuxeo.com" | |
- uses: actions/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
github.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: `:star: PR built and available [here](${process.env.PREVIEW_URL})` | |
}) | |
result: | |
name: "Result: ${{ needs.preview.outputs.url }}" | |
needs: preview | |
runs-on: ubuntu-latest | |
if: github.event_name == 'workflow_dispatch' | |
steps: | |
- name: "Result: ${{ needs.preview.outputs.url }}" | |
run: | | |
echo ${{ needs.preview.outputs.url }} |