-
Notifications
You must be signed in to change notification settings - Fork 0
234 lines (195 loc) · 7.68 KB
/
build-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
---
name: Build assets for SimpleSAMLphp 2.1
on: # yamllint disable-line rule:truthy
push:
branches: ['release-*']
pull_request:
branches: ['*']
workflow_dispatch:
jobs:
quality:
name: Quality checks
runs-on: ['ubuntu-latest']
if: ${{ github.event.commits[0].author.name != 'dependabot[bot]' }}
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.ASSETS_COMMIT_TOKEN }}
ref: ${{ github.head_ref || github.ref_name }}
# Full git history is needed to get a proper list of changed files within `super-linter`
fetch-depth: 0
- name: Fetch changes
# Without fetching, we might miss new tags due to caching in Github Actions
run: git fetch --all
- name: Remove generated files
# Remove generated files; we can't lint them and we want to detect removed files during build
run: find css/ fonts/ icons/ js/ -type f -not -name '.gitkeep' -delete
- name: Lint Code Base
uses: super-linter/super-linter/slim@v7
env:
DEFAULT_BRANCH: ${{ github.head_ref || github.ref_name }}
# CSS Linter will choke on generated assets
IGNORE_GENERATED_FILES: true
FILTER_REGEX_EXCLUDE: '(css|js|fonts|icons)/.*'
# To report GitHub Actions status checks
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
LINTER_RULES_PATH: 'tools/linters'
VALIDATE_ALL_CODEBASE: true
VALIDATE_CSS: true
VALIDATE_JAVASCRIPT_ES: true
VALIDATE_JSON: true
VALIDATE_MARKDOWN: true
VALIDATE_YAML: true
VALIDATE_GITHUB_ACTIONS: true
- name: Zip artifact for deployment
run: |
zip release.zip -r .
- uses: actions/upload-artifact@v4
with:
name: release
path: release.zip
retention-days: 1
build:
name: Build assets
runs-on: ['ubuntu-latest']
needs: quality
outputs:
files_changed: ${{ steps.changes.outputs.files_changed }}
steps:
- uses: actions/setup-node@v4
with:
node-version: 18
- uses: actions/download-artifact@v4
with:
name: release
- name: unzip artifact for deployment
run: |
unzip release.zip
rm release.zip
- name: Install & build assets
run: |
# Make sure the lock-file is up to date before we run clean-install
npm install --package-lock-only
npm clean-install
npm audit fix
npx browserslist@latest --update-db
npm run build
# Remove artifact from build-process that should not be published
rm js/stylesheet.js js/stylesheet.js.map
rm js/postSubmit.js js/postSubmit.js.map
- name: Fix git safe.directory in container
run: |
mkdir -p /home/runner/work/_temp/_github_home
printf "[safe]\n\tdirectory = /github/workspace" > /home/runner/work/_temp/_github_home/.gitconfig
- name: Diff the changes after building
shell: pwsh
# Give an id to the step, so we can reference it later
id: changes
run: |
git add --all
$Diff = git diff --cached --name-only
# Check if a file under css/ js/ icons/ or fonts/ that has changed (added, modified, deleted)
$SourceDiff = $Diff | Where-Object {
$_ -match '^css/' -or
$_ -match '^fonts/' -or
$_ -match '^icons/' -or
$_ -match '^js/'
}
echo "Changed files"
echo $SourceDiff
$HasSourceDiff = $SourceDiff.Length -gt 0
echo "($($SourceDiff.Length) changes)"
echo "files_changed=$HasSourceDiff" >> $env:GITHUB_OUTPUT
- name: Zip artifact for deployment
if: steps.changes.outputs.files_changed == 'true' || steps.changes.outputs.packages_changed
run: zip build.zip -r .
- uses: actions/upload-artifact@v4
if: steps.changes.outputs.files_changed == 'true' || steps.changes.outputs.packages_changed
with:
name: build
path: build.zip
retention-days: 1
version:
name: Determine next version
runs-on: ['ubuntu-latest']
needs: build
if: |
always() &&
needs.build.outputs.files_changed == 'true' &&
(github.event_name == 'push' || github.event_name == 'workflow_dispatch')
outputs:
version: ${{ steps.asset_version.outputs.version }}
steps:
- uses: actions/download-artifact@v4
with:
name: build
- name: unzip artifact for deployment
run: |
unzip build.zip
rm build.zip
- uses: paulhatch/[email protected]
id: asset_version
with:
# The prefix to use to identify tags
tag_prefix: "v"
# A string which, if present in a git commit, indicates that a change represents a
# major (breaking) change, supports regular expressions wrapped with '/'
major_pattern: "(MAJOR)"
# Same as above except indicating a minor change, supports regular expressions wrapped with '/'
minor_pattern: "(MINOR)"
# A string to determine the format of the version output
version_format: "${major}.${minor}.${patch}"
# Optional path to check for changes. If any changes are detected in the path the
# 'changed' output will true. Enter multiple paths separated by spaces.
change_path: "css/** js/** fonts/** icons/** package.json package-lock.json"
commit:
name: Commit changes to assets
needs: version
runs-on: [ubuntu-latest]
steps:
- uses: actions/download-artifact@v4
with:
name: build
- name: unzip artifact for deployment
run: |
unzip build.zip
rm build.zip
- name: Add & Commit
uses: EndBug/add-and-commit@v9
with:
# The arguments for the `git add` command (see the paragraph below for more info)
# Default: '.'
add: "['resources/*', 'css/*', 'fonts/*', 'icons/*', 'js/*']"
# Determines the way the action fills missing author name and email. Three options are available:
# - github_actor -> UserName <[email protected]>
# - user_info -> Your Display Name <[email protected]>
# - github_actions -> github-actions <email associated with the github logo>
# Default: github_actor
default_author: github_actions
# The message for the commit.
# Default: 'Commit from GitHub Actions (name of the workflow)'
message: "[skip ci] Auto-rebuild assets"
# The way the action should handle pathspec errors from the add and remove commands.
# Three options are available:
# - ignore -> errors will be logged but the step won't fail
# - exitImmediately -> the action will stop right away, and the step will fail
# - exitAtEnd -> the action will go on, every pathspec error will be logged at the end, the step will fail.
# Default: ignore
pathspec_error_handling: exitImmediately
# Arguments for the git tag command (the tag name always needs to be the first word not preceded by an hyphen)
# Default: ''
tag: "v${{ needs.version.outputs.version }}"
cleanup:
name: Cleanup artifacts
needs: [build, commit]
runs-on: [ubuntu-latest]
if: |
always() &&
needs.commit.result == 'success' ||
(needs.build.result == 'success' && needs.commit.result == 'skipped')
steps:
- uses: geekyeggo/delete-artifact@v5
with:
name: |
release
build