adding aria-label to scroll to top button #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
push: | |
branches: | |
- 'main' | |
env: | |
HUGO_VERSION: 0.125.3 | |
DASH_CONTAINER_REGISTRY_LOCATION: europe-west1 | |
DASH_CONTAINER_REGISTRY: cr-webapps | |
DASH_CONTAINER_NAME: dashboard | |
DASH_CR_LOCATION: europe-west1 | |
DASH_CR_SERVICE: dashboard | |
jobs: | |
# Path Filtering | |
filter-paths: | |
name: Filter Paths | |
runs-on: ubuntu-latest | |
outputs: | |
homepage: ${{ steps.filter.outputs.homepage }} | |
dashboard: ${{ steps.filter.outputs.dashboard }} | |
functions: ${{ steps.filter.outputs.functions }} | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Filter Paths | |
id: filter | |
uses: dorny/paths-filter@v3.0.2 | |
with: | |
filters: | | |
homepage: | |
- 'homepage/**' | |
dashboard: | |
- 'dashboard/**' | |
functions: | |
- 'functions/**' | |
# START: Cloud Functions | |
func-lint-typecheck: | |
name: 'Functions: Lint & Type Check' | |
runs-on: ubuntu-latest | |
needs: filter-paths | |
if: needs.filter-paths.outputs.functions == 'true' | |
permissions: | |
checks: write | |
pull-requests: read | |
contents: read | |
defaults: | |
run: | |
working-directory: functions | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Setup Nodejs Environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: yarn | |
cache-dependency-path: 'functions/yarn.lock' | |
- name: Install Dependencies | |
run: yarn --frozen-lockfile | |
- name: Lint | |
run: yarn lint:nofix --output-file eslint_report.json --format json | |
continue-on-error: true | |
- name: Type Check | |
run: yarn tsc --noEmit > typescript.log | |
continue-on-error: true | |
- name: Annotate Code | |
uses: DerLev/eslint-annotations@v2 | |
with: | |
eslint-report: functions/eslint_report.json | |
typescript-log: functions/typescript.log | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
error-on-warn: true | |
status-check-name: 'Functions: Annotations' | |
fail-in-pr: false | |
add-notice-with-url: false | |
# END: Cloud Functions | |
# START: Homepage - Hugo + React | |
home-lint-typecheck: | |
name: 'Homepage: Lint & Type Check' | |
runs-on: ubuntu-latest | |
needs: filter-paths | |
if: needs.filter-paths.outputs.homepage == 'true' | |
permissions: | |
checks: write | |
pull-requests: read | |
contents: read | |
defaults: | |
run: | |
working-directory: homepage | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Setup Nodejs Environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: yarn | |
cache-dependency-path: 'homepage/yarn.lock' | |
- name: Install Dependencies | |
run: yarn --frozen-lockfile | |
- name: Lint | |
run: yarn lint:nofix --output-file eslint_report.json --format json | |
continue-on-error: true | |
- name: Type Check | |
run: yarn tsc > typescript.log | |
continue-on-error: true | |
- name: Annotate Code | |
uses: DerLev/eslint-annotations@v2 | |
with: | |
eslint-report: homepage/eslint_report.json | |
typescript-log: homepage/typescript.log | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
error-on-warn: true | |
status-check-name: 'Homepage: Annotations' | |
fail-in-pr: false | |
add-notice-with-url: false | |
home-build-deploy: | |
name: 'Homepage: Build & Deploy Site on Firebase Hosting' | |
runs-on: ubuntu-latest | |
needs: [home-lint-typecheck] | |
permissions: | |
contents: read | |
id-token: write | |
environment: Production | |
defaults: | |
run: | |
working-directory: homepage | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
fetch-tags: false | |
- name: Install Hugo CLI | |
run: | | |
wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${{ env.HUGO_VERSION }}/hugo_extended_${{ env.HUGO_VERSION }}_linux-amd64.deb \ | |
&& sudo dpkg -i ${{ runner.temp }}/hugo.deb | |
- name: Setup Nodejs Environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: yarn | |
cache-dependency-path: 'homepage/yarn.lock' | |
- name: Install Yarn Dependencies | |
run: yarn --frozen-lockfile | |
- name: Build React Client Components | |
run: yarn build | |
- name: Build Hugo Site | |
run: hugo --gc | |
- name: Delete Original Image Files | |
run: ./delete-droplist-content.sh | |
- name: Generate Workbox Service Worker | |
run: yarn gulp:workbox | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }} | |
service_account: ${{ secrets.GCP_SA_EMAIL }} | |
- name: Get GCP Credentials File | |
id: creds | |
run: echo "cerdsJson=$(cat ${{ steps.auth.outputs.credentials_file_path }})" >> "$GITHUB_OUTPUT" | |
- name: Deploy Site on Firebase Hosting | |
uses: FirebaseExtended/action-hosting-deploy@v0 | |
with: | |
repoToken: ${{ secrets.GITHUB_TOKEN }} | |
firebaseServiceAccount: ${{ steps.creds.outputs.cerdsJson }} | |
channelId: live | |
projectId: ${{ vars.GCP_PROJECT_ID }} | |
entryPoint: homepage/ | |
# END: Homepage - Hugo + React | |
# START: Cloud Run Service dashboard | |
dash-lint-typecheck: | |
name: 'Dashboard: Lint & Type Check' | |
runs-on: ubuntu-latest | |
needs: filter-paths | |
if: needs.filter-paths.outputs.dashboard == 'true' | |
permissions: | |
checks: write | |
pull-requests: read | |
contents: read | |
defaults: | |
run: | |
working-directory: dashboard | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Setup Nodejs Environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: yarn | |
cache-dependency-path: 'dashboard/yarn.lock' | |
- name: Install Dependencies | |
run: yarn --frozen-lockfile | |
- name: Lint | |
run: yarn lint:nofix --output-file eslint_report.json --format json | |
continue-on-error: true | |
- name: Type Check | |
run: yarn tsc > typescript.log | |
continue-on-error: true | |
- name: Annotate Code | |
uses: DerLev/eslint-annotations@v2 | |
with: | |
eslint-report: dashboard/eslint_report.json | |
typescript-log: dashboard/typescript.log | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
error-on-warn: true | |
status-check-name: 'Dashboard: Annotations' | |
fail-in-pr: false | |
add-notice-with-url: false | |
dash-delete-outdated-ar: | |
name: 'Dashboard: Delete outdated Container Images from Artifact Registry' | |
runs-on: ubuntu-latest | |
needs: dash-lint-typecheck | |
permissions: | |
id-token: write | |
steps: | |
- name: Prevent Auth from printing warning | |
run: echo "Shut up!" > dont_warn.txt | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }} | |
service_account: ${{ secrets.GCP_SA_EMAIL }} | |
- name: Cleanup Artifact Registry | |
uses: docker://europe-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli | |
with: | |
args: >- | |
-repo=${{ env.DASH_CONTAINER_REGISTRY_LOCATION }}-docker.pkg.dev/${{ vars.GCP_PROJECT_ID }}/${{ env.DASH_CONTAINER_REGISTRY }}/${{ env.DASH_CONTAINER_NAME }} | |
-keep=6 | |
-tag-filter-any=.* | |
dash-delete-outdated-cr: | |
name: 'Dashboard: Delete outdated Cloud Run Revisions' | |
runs-on: ubuntu-latest | |
needs: dash-lint-typecheck | |
permissions: | |
id-token: write | |
steps: | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }} | |
service_account: ${{ secrets.GCP_SA_EMAIL }} | |
token_format: access_token | |
access_token_lifetime: 60s | |
create_credentials_file: false | |
- name: Only leave the 2 most recent Revisions | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const response = await fetch("https://run.googleapis.com/v2/projects/${{ vars.GCP_PROJECT_ID }}/locations/${{ env.DASH_CR_LOCATION }}/services/${{ env.DASH_CR_SERVICE }}/revisions", { headers: { 'Authorization': "Bearer ${{ steps.auth.outputs.access_token }}" } }) | |
.then(res => res.json()); | |
const toBeDeleted = response.revisions.sort((a, b) => (new Date(b.createTime) - new Date(a.createTime))).slice(2); | |
const deletionPromises = []; | |
for(const revision of toBeDeleted) { | |
deletionPromises.push(fetch(`https://run.googleapis.com/v2/${revision.name}`, { method: 'DELETE', headers: { 'Authorization': "Bearer ${{ steps.auth.outputs.access_token }}" } })); | |
} | |
await Promise.all(deletionPromises); | |
dash-build-deploy: | |
name: 'Dashboard: Build Container & Deploy on Cloud Run' | |
runs-on: ubuntu-latest | |
needs: [dash-delete-outdated-ar, dash-delete-outdated-cr] | |
permissions: | |
contents: read | |
id-token: write | |
environment: Production Dashboard | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }} | |
service_account: ${{ secrets.GCP_SA_EMAIL }} | |
token_format: access_token | |
access_token_lifetime: 600s | |
- name: Login to GCP Artifact Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.DASH_CONTAINER_REGISTRY_LOCATION }}-docker.pkg.dev | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: Extract Metadata for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.DASH_CONTAINER_REGISTRY_LOCATION }}-docker.pkg.dev/${{ vars.GCP_PROJECT_ID }}/${{ env.DASH_CONTAINER_REGISTRY }}/${{ env.DASH_CONTAINER_NAME }} | |
tags: | | |
type=raw,value=latest | |
type=sha,prefix=,format=long | |
- name: Build and Push Docker Image | |
uses: docker/build-push-action@v5 | |
with: | |
context: dashboard/ | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.DASH_CONTAINER_NAME }} | |
cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-${{ env.DASH_CONTAINER_NAME }} | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v2 | |
- name: Get short commit SHA | |
id: commit_sha | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const sha = "${{ github.sha }}" | |
const shortSha = sha.substring(0, 7) | |
core.setOutput('shortSha', shortSha) | |
- name: Create new Cloud Run Revision | |
run: gcloud run deploy ${{ env.DASH_CR_SERVICE }} --image ${{ env.DASH_CONTAINER_REGISTRY_LOCATION }}-docker.pkg.dev/${{ vars.GCP_PROJECT_ID }}/${{ env.DASH_CONTAINER_REGISTRY }}/${{ env.DASH_CONTAINER_NAME }}:${{ github.sha }} --region ${{ env.DASH_CR_LOCATION }} --tag sha-${{ steps.commit_sha.outputs.shortSha }} | |
# END: Cloud Run Service dashboard |