Skip to content

Optimise Docker builds #11340

Optimise Docker builds

Optimise Docker builds #11340

Workflow file for this run

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
#
# OpenCRVS is also distributed under the terms of the Civil Registration
# & Healthcare Disclaimer located at http://opencrvs.org/license.
#
# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
name: Lint, run unit tests and security scans
on: [pull_request]
jobs:
setup:
runs-on: ubuntu-22.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Get list of packages
id: set-matrix
run: |
PACKAGES=$(ls -d packages/* | jq -R -s -c 'split("\n")[:-1]')
echo "Found packages: $PACKAGES"
echo "matrix=${PACKAGES}" >> $GITHUB_OUTPUT
test:
needs: setup
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
package: ${{fromJson(needs.setup.outputs.matrix)}}
steps:
- name: Checking out git repo
uses: actions/checkout@v4
- name: Check package.json and scripts
id: check-scripts
run: |
if [ ! -f "${{ matrix.package }}/package.json" ]; then
echo "No package.json found for ${{ matrix.package }}. Stopping pipeline."
echo "skip=true" >> $GITHUB_OUTPUT
else
echo "skip=false" >> $GITHUB_OUTPUT
if ! grep -q "\"test\":" "${{ matrix.package }}/package.json"; then
echo "Test not found in ${{ matrix.package }}"
echo "skip-test=true" >> $GITHUB_OUTPUT
else
echo "skip=false" >> $GITHUB_OUTPUT
fi
if ! grep -q "\"lint\":" "${{ matrix.package }}/package.json"; then
echo "Lint scripts not found in ${{ matrix.package }}. Stopping pipeline."
echo "skip-lint=true" >> $GITHUB_OUTPUT
else
echo "skip-lint=false" >> $GITHUB_OUTPUT
fi
fi
- name: Use Node.js from .nvmrc
if: steps.check-scripts.outputs.skip != 'true'
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
- name: Remove other package directories
if: steps.check-scripts.outputs.skip != 'true'
run: |
for dir in packages/*; do
if [ "$dir" != "${{ matrix.package }}" ] && [ "$dir" != "packages/commons" ] && [ "$dir" != "packages/components" ]; then
if [ "${{ matrix.package }}" == "packages/client" ] && [ "$dir" == "packages/gateway" ] ; then
echo "Skipping $dir"
else
echo "Removing $dir"
rm -rf "$dir"
fi
fi
done
- name: Cache Node.js dependencies
uses: actions/cache@v4
with:
path: |
**/node_modules
~/.cache/yarn/v6
key: node-${{ hashFiles('**/yarn.lock', format('{0}/{1}',matrix.package,'package.json')) }}
restore-keys: |
${{ runner.os }}-node-
- name: Verify every file has a license header
if: steps.check-scripts.outputs.skip != 'true'
run: npx license-check-and-add check -f license-config.json
- name: Runs dependency installation
if: steps.check-scripts.outputs.skip != 'true'
run: CI="" yarn install --frozen-lockfile
# TODO: Move out of the matrix to be built once and shared
- name: Build common package
if: steps.check-scripts.outputs.skip != 'true'
run: cd packages/commons && yarn build
- name: Build components client and login
if: steps.check-scripts.outputs.skip != 'true'
run: |
if [[ "${{ matrix.package }}" == "packages/client" || "${{ matrix.package }}" == "packages/login" ]]; then
cd packages/components && yarn build
fi
# TODO: should run parallel to unit tests as can take as much as unit tests
- name: Run linting
if: steps.check-scripts.outputs.skip != 'true' && steps.check-scripts.outputs.skip-lint != 'true'
run: cd ${{ matrix.package }} && yarn lint
- name: Run Unit Test
if: steps.check-scripts.outputs.skip != 'true' && steps.check-scripts.outputs.skip-test != 'true'
run: cd ${{ matrix.package }} && yarn test
security-scans:
needs: setup
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/[email protected]
with:
scan-type: 'fs'
scan-ref: '.'
trivy-config: trivy.yaml