From 9ba2dd7b2a0243cdbcbbefcf97300e7dbfcf3fc4 Mon Sep 17 00:00:00 2001 From: Filipe Medeiros Date: Sat, 24 May 2025 13:45:07 +0200 Subject: [PATCH] add actions back --- .github/workflows/cla.yml | 36 +++++++++ .github/workflows/deploy-pull-request.yml | 56 +++++++++++++ .github/workflows/docker-pr.yml | 19 +++++ .github/workflows/lockfile.yml | 26 ++++++ .github/workflows/netlify-dev.yml | 39 +++++++++ .github/workflows/prod-deploy.yml | 99 +++++++++++++++++++++++ 6 files changed, 275 insertions(+) create mode 100644 .github/workflows/cla.yml create mode 100644 .github/workflows/deploy-pull-request.yml create mode 100644 .github/workflows/docker-pr.yml create mode 100644 .github/workflows/lockfile.yml create mode 100644 .github/workflows/netlify-dev.yml create mode 100644 .github/workflows/prod-deploy.yml diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml new file mode 100644 index 00000000..29fe7eb2 --- /dev/null +++ b/.github/workflows/cla.yml @@ -0,0 +1,36 @@ +name: 'CLA Assistant' +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] + +jobs: + CLAssistant: + runs-on: ubuntu-latest + steps: + - name: 'CLA Assistant' + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' + # Beta Release + uses: cla-assistant/github-action@v2.6.1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # the below token should have repo scope and must be manually added by you in the repository's secret + PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_PAT }} + with: + path-to-signatures: 'signatures.json' + path-to-document: 'https://github.com/cinnyapp/cla/blob/main/cla.md' # e.g. a CLA or a DCO document + # branch should not be protected + branch: 'main' + allowlist: ajbura,bot* + + #below are the optional inputs - If the optional inputs are not given, then default values will be taken + remote-organization-name: cinnyapp + remote-repository-name: cla + #create-file-commit-message: 'For example: Creating file for storing CLA Signatures' + #signed-commit-message: 'For example: $contributorName has signed the CLA in #$pullRequestNo' + #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign' + #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA' + #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.' + #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true) + #use-dco-flag: true - If you are using DCO instead of CLA diff --git a/.github/workflows/deploy-pull-request.yml b/.github/workflows/deploy-pull-request.yml new file mode 100644 index 00000000..9c0bea78 --- /dev/null +++ b/.github/workflows/deploy-pull-request.yml @@ -0,0 +1,56 @@ +name: Deploy PR to Netlify + +on: + workflow_run: + workflows: ["Build pull request"] + types: [completed] + +jobs: + deploy-pull-request: + name: Deploy pull request + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + if: ${{ github.event.workflow_run.conclusion == 'success' }} + steps: + - name: Download pr number + uses: dawidd6/action-download-artifact@07ab29fd4a977ae4d2b275087cf67563dfdf0295 + with: + workflow: ${{ github.event.workflow.id }} + run_id: ${{ github.event.workflow_run.id }} + name: pr + - name: Output pr number + id: pr + run: echo "id=$(> $GITHUB_OUTPUT + - name: Download artifact + uses: dawidd6/action-download-artifact@07ab29fd4a977ae4d2b275087cf67563dfdf0295 + with: + workflow: ${{ github.event.workflow.id }} + run_id: ${{ github.event.workflow_run.id }} + name: preview + path: dist + - name: Deploy to Netlify + id: netlify + uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 + with: + publish-dir: dist + deploy-message: "Deploy PR ${{ steps.pr.outputs.id }}" + alias: ${{ steps.pr.outputs.id }} + # These don't work because we're in workflow_run + enable-pull-request-comment: false + enable-commit-comment: false + env: + NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} + NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID_PR_CINNY }} + timeout-minutes: 1 + - name: Comment preview on PR + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + pr_number: ${{ steps.pr.outputs.id }} + comment_tag: ${{ steps.pr.outputs.id }} + message: | + Preview: ${{ steps.netlify.outputs.deploy-url }} + ⚠️ Exercise caution. Use test accounts. ⚠️ \ No newline at end of file diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml new file mode 100644 index 00000000..4e88c78d --- /dev/null +++ b/.github/workflows/docker-pr.yml @@ -0,0 +1,19 @@ +name: 'Docker check' + +on: + pull_request: + paths: + - 'Dockerfile' + - '.github/workflows/docker-pr.yml' + +jobs: + docker-build: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4.2.0 + - name: Build Docker image + uses: docker/build-push-action@v6.15.0 + with: + context: . + push: false diff --git a/.github/workflows/lockfile.yml b/.github/workflows/lockfile.yml new file mode 100644 index 00000000..be52eb50 --- /dev/null +++ b/.github/workflows/lockfile.yml @@ -0,0 +1,26 @@ +name: NPM Lockfile Changes + +on: + pull_request: + paths: + - 'package-lock.json' + +jobs: + lockfile_changes: + runs-on: ubuntu-latest + # Permission overwrite is required for Dependabot PRs, see "Common issues" below. + permissions: + contents: read + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v4.2.0 + - name: NPM Lockfile Changes + uses: codepunkt/npm-lockfile-changes@b40543471c36394409466fdb277a73a0856d7891 + with: + token: ${{ secrets.GITHUB_TOKEN }} + # Optional inputs, can be deleted safely if you are happy with default values. + collapsibleThreshold: 25 + failOnDowngrade: false + path: package-lock.json + updateComment: true \ No newline at end of file diff --git a/.github/workflows/netlify-dev.yml b/.github/workflows/netlify-dev.yml new file mode 100644 index 00000000..34308c21 --- /dev/null +++ b/.github/workflows/netlify-dev.yml @@ -0,0 +1,39 @@ +name: Deploy to Netlify (dev) + +on: + push: + branches: + - dev + +jobs: + deploy-to-netlify: + name: Deploy to Netlify + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4.2.0 + - name: Setup node + uses: actions/setup-node@v4.3.0 + with: + node-version: 20.12.2 + cache: 'npm' + - name: Install dependencies + run: npm ci + - name: Build app + env: + NODE_OPTIONS: '--max_old_space_size=4096' + run: npm run build + - name: Deploy to Netlify + uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 + with: + publish-dir: dist + deploy-message: 'Dev deploy ${{ github.sha }}' + enable-commit-comment: false + github-token: ${{ secrets.GITHUB_TOKEN }} + production-deploy: true + github-deployment-environment: nightly + github-deployment-description: 'Nightly deployment on each commit to dev branch' + env: + NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} + NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID_DEV }} + timeout-minutes: 1 diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml new file mode 100644 index 00000000..44205ff2 --- /dev/null +++ b/.github/workflows/prod-deploy.yml @@ -0,0 +1,99 @@ +name: Production deploy + +on: + release: + types: [published] + +jobs: + deploy-and-tarball: + name: Netlify deploy and tarball + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4.2.0 + - name: Setup node + uses: actions/setup-node@v4.3.0 + with: + node-version: 20.12.2 + cache: 'npm' + - name: Install dependencies + run: npm ci + - name: Build app + env: + NODE_OPTIONS: '--max_old_space_size=4096' + run: npm run build + - name: Deploy to Netlify + uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 + with: + publish-dir: dist + deploy-message: 'Prod deploy ${{ github.ref_name }}' + enable-commit-comment: false + github-token: ${{ secrets.GITHUB_TOKEN }} + production-deploy: true + github-deployment-environment: stable + github-deployment-description: 'Stable deployment on each release' + env: + NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} + NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID_APP }} + timeout-minutes: 1 + - name: Get version from tag + id: vars + run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT + - name: Create tar.gz + run: tar -czvf cinny-${{ steps.vars.outputs.tag }}.tar.gz dist + - name: Sign tar.gz + run: | + echo '${{ secrets.GNUPG_KEY }}' | gpg --batch --import + # Sadly a few lines in the private key match a few lines in the public key, + # As a result just --export --armor gives us a few lines replaced with *** + # making it useless for importing the signing key. Instead, we dump it as + # non-armored and hex-encode it so that its printable. + echo "PGP Signing key, in raw PGP format in hex. Import with cat ... | xxd -r -p - | gpg --import" + gpg --export | xxd -p + echo '${{ secrets.GNUPG_PASSPHRASE }}' | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 --armor --detach-sign cinny-${{ steps.vars.outputs.tag }}.tar.gz + - name: Upload tagged release + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda + with: + files: | + cinny-${{ steps.vars.outputs.tag }}.tar.gz + cinny-${{ steps.vars.outputs.tag }}.tar.gz.asc + + publish-image: + name: Push Docker image to Docker Hub, ghcr + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@v4.2.0 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3.6.0 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.10.0 + - name: Login to Docker Hub + uses: docker/login-action@v3.4.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Login to the Container registry + uses: docker/login-action@v3.4.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5.7.0 + with: + images: | + ${{ secrets.DOCKER_USERNAME }}/cinny + ghcr.io/${{ github.repository }} + - name: Build and push Docker image + uses: docker/build-push-action@v6.15.0 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }}