Add Login for OIDC client #13361
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous integration | |
on: | |
push: | |
branches: | |
- master | |
- '[0-9]+.[0-9]+' | |
tags: | |
- '*' | |
pull_request: | |
pull_request_target: | |
types: [labeled] | |
env: | |
HAS_SECRETS: ${{ secrets.HAS_SECRETS }} | |
MAIN_BRANCH: master | |
CI: true | |
jobs: | |
not-failed-backport: | |
name: Test that's not a failed backport | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 5 | |
steps: | |
- run: 'false' | |
if: github.event.head_commit.message == '[skip ci] Add instructions to finish the backport.' | |
main: | |
name: Continuous integration | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 50 | |
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
env: | |
PATH: /bin:/usr/bin:/usr/local/bin:/home/runner/.local/bin | |
steps: | |
- name: GitHub event | |
run: echo ${GITHUB_EVENT} | python3 -m json.tool | |
env: | |
GITHUB_EVENT: ${{ toJson(github) }} | |
- run: '! ls BACKPORT_TODO' | |
- run: /opt/google/chrome/chrome --version | |
- name: Get sha | |
id: sha | |
run: echo "sha=$(jq -r .pull_request.head.sha < ${GITHUB_EVENT_PATH})" >> $GITHUB_OUTPUT | |
if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name != 'push' | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
if: github.event_name != 'pull_request_target' | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ steps.sha.outputs.sha }} | |
if: github.event_name == 'pull_request_target' | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- uses: camptocamp/initialise-gopass-summon-action@v2 | |
with: | |
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
patterns: npm transifex | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- run: gopass show gs/ci/test-mask | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} | |
- run: python3 -m pip install --user --requirement=ci/requirements.txt | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cache/pre-commit | |
key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-" | |
- run: pre-commit run --all-files | |
- run: git diff --exit-code --patch > /tmp/pre-commit.patch || true | |
if: failure() | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Apply pre-commit fix.patch | |
path: /tmp/pre-commit.patch | |
retention-days: 1 | |
if: failure() | |
- name: Print environment information | |
run: c2cciutils-env | |
- run: | | |
sudo rm /etc/apt/sources.list.d/*.list | |
sudo apt update | |
sudo apt install g++-10 libgbm1 graphicsmagick fonts-liberation2 gettext | |
- run: buildtools/set-version | |
- run: make .build/node_modules.timestamp | |
# Lint | |
- run: npx tsc --version | |
- run: npm run typecheck | |
if: github.event_name != 'pull_request_target' | |
# First do the lint on TypeScript files to see the error in the many warnings messages | |
- run: make .build/eslint-ts.timestamp | |
if: github.event_name != 'pull_request_target' | |
- run: make lint | |
if: github.event_name != 'pull_request_target' | |
- run: make test | |
env: | |
NODE_OPTIONS: --openssl-legacy-provider | |
if: github.event_name != 'pull_request_target' | |
- run: make check-examples-checker | |
if: github.event_name != 'pull_request_target' | |
# Cypress tests | |
- run: make serve-gmf-apps & | |
if: github.event_name != 'pull_request_target' | |
- run: npm run test-cli | |
env: | |
NODE_OPTIONS: --openssl-legacy-provider | |
if: github.event_name != 'pull_request_target' | |
# Webpack build of ngeo/gmf examples and gmf apps | |
- run: make examples-hosted | |
env: | |
NODE_ENV: production | |
NODE_OPTIONS: --openssl-legacy-provider | |
- run: npm run build-storybook | |
env: | |
NODE_OPTIONS: --openssl-legacy-provider | |
- run: make check-examples | |
if: github.event_name != 'pull_request_target' | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Examples | |
path: examples | |
if-no-files-found: ignore | |
retention-days: 5 | |
if: always() | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: GMF Examples | |
path: contribs/gmf/examples | |
if-no-files-found: ignore | |
retention-days: 5 | |
if: always() | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Apps | |
path: contribs/gmf/apps | |
if-no-files-found: ignore | |
retention-days: 5 | |
if: always() | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Examples hosted | |
path: .build/examples-hosted | |
if-no-files-found: ignore | |
retention-days: 5 | |
if: always() | |
# Generate API doc, api, lib | |
- run: npm run doc -- srcapi/store/config.ts --json dist/typedoc.json | |
- run: npm run doc | |
- run: npm run build-api | |
env: | |
NODE_OPTIONS: --openssl-legacy-provider | |
- run: npm run dist | |
env: | |
NODE_OPTIONS: --openssl-legacy-provider | |
- run: npm run dist-spinner | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Npm logs | |
path: /home/runner/.npm/_logs | |
if-no-files-found: ignore | |
retention-days: 5 | |
if: failure() | |
- run: make transifex-send | |
if: env.HAS_SECRETS == 'HAS_SECRETS' && github.head_ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
- run: git diff | |
- run: buildtools/npm-publish | |
if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name == 'push' | |
- name: Publish Storybook to Chromatic to run visual tests | |
run: npm run chromatic -- --project-token=$(gopass show gs/ci/chromatic/ngeo_token) | |
env: | |
NODE_OPTIONS: --openssl-legacy-provider | |
if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name == 'push' | |
- name: Publish Storybook to Chromatic to run visual tests | |
run: | |
GITHUB_SHA=${GITHUB_SHA_} npm run chromatic -- --project-token=$(gopass show gs/ci/chromatic/ngeo_token) | |
--branch-name=${GITHUB_HEAD_REF} | |
env: | |
NODE_OPTIONS: --openssl-legacy-provider | |
GITHUB_SHA_: ${{ steps.sha.outputs.sha }} | |
if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name != 'push' | |
- name: Notify c2cgeoportal | |
run: > | |
curl --request POST --header "Content-Type: application/json" | |
--header 'Accept: application/vnd.github.v3+json' | |
--header "Authorization: token ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}" | |
https://api.github.com/repos/camptocamp/c2cgeoportal/dispatches | |
--data '{"event_type": "ngeo_${{ env.MAIN_BRANCH }}_updated"}' | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
- name: Prepare gh-pages | |
run: | | |
mkdir -p gh-pages | |
cp -ar api/dist gh-pages/api | |
cp -ar apidoc gh-pages/apidoc | |
cp -ar .build/examples-hosted gh-pages/examples | |
cp -ar .build/storybook gh-pages/storybook | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: gh-pages | |
path: gh-pages | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
gh-pages: | |
name: Github Pages | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
concurrency: gh-pages-push | |
needs: | |
- main | |
steps: | |
- name: GitHub event | |
run: echo ${GITHUB_EVENT} | python3 -m json.tool | |
env: | |
GITHUB_EVENT: ${{ toJson(github) }} | |
- uses: actions/checkout@v4 | |
with: | |
ref: gh-pages | |
fetch-depth: 0 | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- id: branch | |
run: echo "branch=${GITHUB_REF}" >> $GITHUB_OUTPUT | |
env: | |
GITHUB_REF: ${{ github.head_ref || github.ref_name }} | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- uses: actions/download-artifact@v4 | |
with: | |
name: gh-pages | |
path: ${{ steps.branch.outputs.branch }} | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- name: Rewrite root commit and force push | |
run: | | |
git config --global user.name "Continuous integration" | |
git config --global user.email "ci@comptocamp.org" | |
FIRST_COMMIT=$(git log --format='%H' | tail -1) | |
git reset --quiet --mixed $FIRST_COMMIT | |
git add ${{ steps.branch.outputs.branch }} | |
git commit --quiet --amend --message="Update GitHub pages" | |
git push --force | |
if: env.HAS_SECRETS == 'HAS_SECRETS' |