test: checkout before role changes #1691
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test, and Deliver Client | |
| env: | |
| do_sonarscan: >- | |
| ${{ github.event_name == 'push' || | |
| github.event.pull_request.head.repo.full_name == github.repository }} | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - release/[0-9]+.[0-9]+.[0-9]+ | |
| release: | |
| types: | |
| - created | |
| jobs: | |
| lib: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./lib | |
| timeout-minutes: 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: ${{ !fromJSON(env.do_sonarscan) && 1 || 0 }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| cache-dependency-path: './lib/package-lock.json' | |
| - run: npm ci | |
| - run: npm test | |
| - uses: fingerprintjs/action-coverage-report-md@v2 | |
| id: coverage-md | |
| with: | |
| srcBasePath: './' | |
| textReportPath: './lib/coverage/coverage.txt' | |
| - run: echo "${MARKDOWN_REPORT}" >>$GITHUB_STEP_SUMMARY | |
| env: | |
| MARKDOWN_REPORT: '${{ steps.coverage-md.outputs.markdownReport }}' | |
| - run: npm audit --omit dev && npm audit --audit-level high --omit dev | |
| - run: npm run license-check | |
| - run: npm run lint | |
| - run: npm pack | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: opentdf-sdk-lib | |
| path: ./lib/opentdf-sdk-*.tgz | |
| - name: SonarCloud Scan | |
| if: fromJSON(env.do_sonarscan) | |
| uses: SonarSource/sonarcloud-github-action@master | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| cli: | |
| needs: | |
| - lib | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./cli | |
| timeout-minutes: 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| cache-dependency-path: './cli/package-lock.json' | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: opentdf-sdk-lib | |
| path: lib/ | |
| - run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz | |
| - run: npm test | |
| - run: npm audit --omit dev && npm audit --audit-level high --omit dev | |
| - run: npm run license-check | |
| - run: npm run lint | |
| - run: npm pack | |
| - name: Setup Bats and bats libs | |
| uses: bats-core/[email protected] | |
| - run: bats bin/opentdf.bats | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: opentdf-ctl | |
| path: ./cli/opentdf-ctl-*.tgz | |
| # web-app: | |
| # needs: | |
| # - lib | |
| # runs-on: ubuntu-latest | |
| # defaults: | |
| # run: | |
| # working-directory: ./web-app | |
| # timeout-minutes: 5 | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: '20' | |
| # cache: 'npm' | |
| # cache-dependency-path: './web-app/package-lock.json' | |
| # - uses: actions/download-artifact@v4 | |
| # with: | |
| # name: opentdf-sdk-lib | |
| # path: lib/ | |
| # - run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz | |
| # - run: npm install | |
| # - run: npm audit --omit dev && npm audit --audit-level high --omit dev | |
| # - run: npm run license-check | |
| # - run: npm run lint | |
| # - run: npx playwright install | |
| # - run: npm test | |
| # - run: npm pack | |
| scripts: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: .github/workflows | |
| timeout-minutes: 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: 🦇🦇🦇🦇🦇🦇 | |
| run: docker run --rm -v "$PWD:/mnt" --workdir "/mnt" bats/bats:1.11.0 *.bats | |
| - name: 🦪 ✔ 🧼🧼🧼 | |
| run: >- | |
| docker run --rm -v "$PWD:/mnt" --workdir "/mnt" "koalaman/shellcheck:v0.10.0" | |
| --color=always *.sh | |
| # backend-roundtrip: | |
| # needs: | |
| # - cli | |
| # - lib | |
| # - web-app | |
| # runs-on: ubuntu-latest | |
| # defaults: | |
| # run: | |
| # working-directory: .github/workflows/roundtrip | |
| # timeout-minutes: 45 | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: '20' | |
| # cache: 'npm' | |
| # cache-dependency-path: './web-app/package-lock.json' | |
| # - uses: actions/download-artifact@v4 | |
| # with: | |
| # name: opentdf-sdk-lib | |
| # path: lib/ | |
| # - uses: actions/download-artifact@v4 | |
| # with: | |
| # name: opentdf-ctl | |
| # path: cli/ | |
| # - uses: yokawasa/[email protected] | |
| # with: | |
| # setup-tools: | | |
| # kubectl | |
| # helm | |
| # tilt | |
| # # This should be in sync with the minikube-deployed kube version below | |
| # kubectl: '1.30.0' | |
| # helm: '3.14.4' | |
| # tilt: '0.33.13' | |
| # - run: | | |
| # kubectl version --client | |
| # kustomize version | |
| # tilt version | |
| # - name: start minikube | |
| # id: minikube | |
| # uses: medyagh/setup-minikube@master | |
| # with: | |
| # minikube-version: 1.33.0 | |
| # # This should be in sync with the setup-tools version above | |
| # kubernetes-version: 1.30.0 | |
| # - name: Run tilt ci | |
| # env: | |
| # TEST_SCRIPT: ./wait-and-test.sh backend | |
| # OPENTDF_INGRESS_HOST_PORT: '5432' | |
| # PLAYWRIGHT_TESTS_TO_RUN: roundtrip | |
| # run: tilt ci | |
| platform-roundtrip: | |
| needs: | |
| - cli | |
| - lib | |
| # - web-app | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: .github/workflows/roundtrip | |
| timeout-minutes: 45 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| cache-dependency-path: './web-app/package-lock.json' | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: opentdf-sdk-lib | |
| path: lib/ | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: opentdf-ctl | |
| path: cli/ | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 | |
| with: | |
| go-version: '1.22' | |
| - name: Git clone backend | |
| run: | | |
| git clone https://github.com/opentdf/platform.git | |
| cd platform | |
| git checkout 88496cd | |
| cd .. | |
| go work init | |
| for x in platform/{protocol/go,lib/{fixtures,ocrypto},sdk,service}; do go work use "$x"; done | |
| - run: docker compose up -d --wait --wait-timeout 240 | |
| - env: | |
| PLAYWRIGHT_TESTS_TO_RUN: roundtrip | |
| run: |- | |
| ./wait-and-test.sh platform | |
| # platform-xtest: | |
| # needs: | |
| # - cli | |
| # - lib | |
| # uses: opentdf/tests/.github/workflows/xtest.yml@main | |
| # with: | |
| # js-ref: ${{ github.ref }} | |
| # deliver-ghp: | |
| # needs: | |
| # - lib | |
| # - cli | |
| # - web-app | |
| # - scripts | |
| # - platform-roundtrip | |
| # - platform-xtest | |
| # # - backend-roundtrip | |
| # runs-on: ubuntu-latest | |
| # timeout-minutes: 5 | |
| # # To publish from a release or feature branch, remove the ref == condition below | |
| # if: >- | |
| # (github.event_name == 'push' && github.ref == 'refs/heads/main') || | |
| # (github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) || | |
| # (github.event_name == 'release' && startsWith(github.ref, 'refs/tags/')) | |
| # outputs: | |
| # FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} | |
| # DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} | |
| # TARGET_VERSION: ${{ steps.check-version.outputs.TARGET_VERSION }} | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: '20' | |
| # registry-url: https://npm.pkg.github.com | |
| # - name: Check version number is same between tag, library, and/or release | |
| # id: check-version | |
| # run: |- | |
| # if [[ ${{ github.ref }} = refs/heads/release/* ]]; then | |
| # scripts/check-version-is.sh "${GITHUB_REF##*release/}" | |
| # elif [[ ${{ github.ref }} = refs/tags/sdk/v* ]]; then | |
| # scripts/check-version-is.sh "${GITHUB_REF_NAME#v}" | |
| # else | |
| # scripts/check-version-is.sh | |
| # fi | |
| # - name: Check version number is same between tag, library, and/or release | |
| # id: guess-build-metadata | |
| # run: |- | |
| # echo "FULL_VERSION=$(.github/workflows/gh-semver.sh)" >> $GITHUB_OUTPUT | |
| # echo "DIST_TAG=$(.github/workflows/guess-dist-tag.sh)" >> $GITHUB_OUTPUT | |
| # - run: make test | |
| # - run: make doc | |
| # - run: >- | |
| # echo "::notice file=lib/package.json::Will be published to | |
| # [GitHub Packages](https://github.com/opentdf/web-sdk/pkgs/npm/client) | |
| # as ${{ steps.guess-build-metadata.outputs.DIST_TAG }} | |
| # with version=[${{ steps.guess-build-metadata.outputs.FULL_VERSION }}]" | |
| # - run: >- | |
| # .github/workflows/publish-to.sh | |
| # "${{ steps.guess-build-metadata.outputs.FULL_VERSION }}" | |
| # "${{ steps.guess-build-metadata.outputs.DIST_TAG }}" | |
| # env: | |
| # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # - run: echo "- [Client Library](https://github.com/opentdf/web-sdk/pkgs/npm/client)">>$GITHUB_STEP_SUMMARY | |
| # - run: echo "- [Command Line Tool](https://github.com/opentdf/web-sdk/pkgs/npm/cli)">>$GITHUB_STEP_SUMMARY | |
| # - name: trigger xtest | |
| # run: >- | |
| # curl -XPOST -u "virtru-cloudnative:${{secrets.PERSONAL_ACCESS_TOKEN}}" | |
| # -H "Accept: application/vnd.github.everest-preview+json" | |
| # -H "Content-Type: application/json" | |
| # "https://api.github.com/repos/opentdf/backend/dispatches" | |
| # --data '{"event_type":"xtest","client_payload":{"version":"'${FULL_VERSION%%+*}'"}}' | |
| # env: | |
| # FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} | |
| # - name: Publish documentation to gh-pages | |
| # uses: JamesIves/[email protected] | |
| # with: | |
| # branch: gh-pages | |
| # folder: lib/dist/docs | |
| # deliver-npmjs: | |
| # runs-on: ubuntu-latest | |
| # timeout-minutes: 5 | |
| # environment: npmjs | |
| # needs: deliver-ghp | |
| # if: >- | |
| # (github.event_name == 'push' && github.ref == 'refs/heads/main') || | |
| # (github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) || | |
| # (github.event_name == 'release' && startsWith(github.ref, 'refs/tags/sdk/v')) | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: '20' | |
| # registry-url: 'https://registry.npmjs.org' | |
| # - run: make all | |
| # - run: >- | |
| # .github/workflows/publish-to.sh | |
| # "${{ needs.deliver-ghp.outputs.FULL_VERSION }}" | |
| # "${{ needs.deliver-ghp.outputs.DIST_TAG }}" | |
| # env: | |
| # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # - run: >- | |
| # echo "- [Client Library](https://www.npmjs.com/package/@opentdf/sdk/v/${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY | |
| # - run: >- | |
| # echo "- [Command Line Tool](https://www.npmjs.com/package/@opentdf/ctl/v/${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY | |
| # - run: >- | |
| # echo "- [unpkg](https://unpkg.com/browse/@opentdf/sdk@${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY |