Skip to content

chore(pie-monorepo): DSW-000 snyk policy file #9330

chore(pie-monorepo): DSW-000 snyk policy file

chore(pie-monorepo): DSW-000 snyk policy file #9330

Workflow file for this run

name: Build
on:
pull_request:
types: [opened, synchronize, reopened, "ready_for_review"]
paths-ignore:
- "apps/examples/**"
- ".husky/**"
- ".idea/**"
- "stories/**"
- ".vscode/**"
- "README.md"
- "CONTRIBUTING.md"
- "CHANGELOG.md"
- "LICENSE"
push:
branches:
- main
concurrency:
group: CI-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
env:
PERCY_TOKEN_PIE_DOCS: ${{ secrets.PERCY_TOKEN_PIE_DOCS }}
PERCY_TOKEN_PIE_ASSISTIVE_TEXT: ${{ secrets.PERCY_TOKEN_PIE_ASSISTIVE_TEXT }}
PERCY_TOKEN_PIE_BUTTON: ${{ secrets.PERCY_TOKEN_PIE_BUTTON }}
PERCY_TOKEN_PIE_CARD: ${{ secrets.PERCY_TOKEN_PIE_CARD }}
PERCY_TOKEN_PIE_CHECKBOX: ${{ secrets.PERCY_TOKEN_PIE_CHECKBOX }}
PERCY_TOKEN_PIE_CHECKBOX_GROUP: ${{ secrets.PERCY_TOKEN_PIE_CHECKBOX_GROUP }}
PERCY_TOKEN_PIE_CHIP: ${{ secrets.PERCY_TOKEN_PIE_CHIP }}
PERCY_TOKEN_PIE_COOKIE_BANNER: ${{ secrets.PERCY_TOKEN_PIE_COOKIE_BANNER }}
PERCY_TOKEN_PIE_DIVIDER: ${{ secrets.PERCY_TOKEN_PIE_DIVIDER }}
PERCY_TOKEN_PIE_FORM_LABEL: ${{ secrets.PERCY_TOKEN_PIE_FORM_LABEL }}
PERCY_TOKEN_PIE_ICON_BUTTON: ${{ secrets.PERCY_TOKEN_PIE_ICON_BUTTON }}
PERCY_TOKEN_PIE_ICONS_WEBC: ${{ secrets.PERCY_TOKEN_PIE_ICONS_WEBC }}
PERCY_TOKEN_PIE_LINK: ${{ secrets.PERCY_TOKEN_PIE_LINK }}
PERCY_TOKEN_PIE_MODAL: ${{ secrets.PERCY_TOKEN_PIE_MODAL }}
PERCY_TOKEN_PIE_NOTIFICATION: ${{ secrets.PERCY_TOKEN_PIE_NOTIFICATION }}
PERCY_TOKEN_PIE_SPINNER: ${{ secrets.PERCY_TOKEN_PIE_SPINNER }}
PERCY_TOKEN_PIE_SWITCH: ${{ secrets.PERCY_TOKEN_PIE_SWITCH }}
PERCY_TOKEN_PIE_TAG: ${{ secrets.PERCY_TOKEN_PIE_TAG }}
PERCY_TOKEN_PIE_TEXT_INPUT: ${{ secrets.PERCY_TOKEN_PIE_TEXT_INPUT }}
PERCY_TOKEN_PIE_TEXTAREA: ${{ secrets.PERCY_TOKEN_PIE_TEXTAREA }}
PERCY_TOKEN_PIE_TOAST: ${{ secrets.PERCY_TOKEN_PIE_TOAST }}
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
PERCY_DO_NOT_CAPTURE_RESPONSIVE_ASSETS: true
PERCY_PAGE_LOAD_TIMEOUT: 60000
PERCY_NETWORK_IDLE_WAIT_TIMEOUT: 60000
jobs:
dependency-changeset:
if: github.actor == 'renovate-bot' || github.actor == 'renovate[bot]' || contains(github.ref_name, 'snyk-fix-')
uses: the-guild-org/shared-config/.github/workflows/changesets-dependencies.yaml@main
secrets:
githubToken: ${{ secrets.GITHUB_TOKEN }}
check-change-type:
name: Get change type
runs-on: ubuntu-latest
outputs:
pie-docs-change: ${{ steps.docs-check.outputs.docs-change }}
web-components-change: ${{ steps.component-check.outputs.web-components-change }}
storybook-change: ${{ steps.storybook-check.outputs.storybook-change }}
steps:
# Checkout the Repo
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
# Setup Repo
- name: Setup Repo
uses: ./.github/actions/setup-repo
with:
node-version: 20
os: ubuntu-latest
- name: Verify if pie-docs has changes
id: docs-check
run: |
DOCS_CHANGE=$(npx -y turbo run build --filter='pie-docs[origin/main]' --dry=json | jq '.packages | length > 0')
echo "Change Detected: $DOCS_CHANGE"
echo "docs-change=$DOCS_CHANGE" >> $GITHUB_OUTPUT
- name: Verify if web components have changes
id: component-check
run: |
COMPONENT_CHANGE=$(npx -y turbo run build --filter='{./packages/components/*}...[origin/main]' --dry=json | jq '.packages | length > 0')
echo "Change Detected: $COMPONENT_CHANGE"
echo "web-components-change=$COMPONENT_CHANGE" >> $GITHUB_OUTPUT
- name: Verify if storybook has changes
id: storybook-check
run: |
STORYBOOK_CHANGE=$(npx -y turbo run build --filter='pie-storybook[origin/main]' --dry=json | jq '.packages | length > 0')
echo "Change Detected: $STORYBOOK_CHANGE"
echo "storybook-change=$STORYBOOK_CHANGE" >> $GITHUB_OUTPUT
lint-styles:
runs-on: ubuntu-latest
steps:
# Checkout the Repo
- name: Checkout
uses: actions/checkout@v3
# Setup Repo
- name: Setup Repo
uses: ./.github/actions/setup-repo
with:
node-version: 20
os: ubuntu-latest
# Lint Styles
- name: Lint Styles
uses: ./.github/actions/run-script
with:
script-name: "lint:style"
concurrency: 10
lint-js:
runs-on: ubuntu-latest
steps:
# Checkout the Repo
- name: Checkout
uses: actions/checkout@v3
# Setup Repo
- name: Setup Repo
uses: ./.github/actions/setup-repo
with:
node-version: 20
os: ubuntu-latest
# Lint JS
- name: Lint JavaScript
uses: ./.github/actions/run-script
with:
script-name: "lint:scripts"
build-windows-node-20:
uses: ./.github/workflows/install-build.yml
with:
os: windows-latest
node-version: 20
secrets: inherit
build-ubuntu-node-18:
uses: ./.github/workflows/install-build.yml
with:
os: ubuntu-latest
node-version: 18
secrets: inherit
build-ubuntu-node-20:
uses: ./.github/workflows/install-build.yml
needs: ['lint-js', 'lint-styles', 'check-change-type']
with:
os: ubuntu-latest
node-version: 20
secrets: inherit
unit-tests:
needs: 'build-ubuntu-node-20'
runs-on: ubuntu-latest
steps:
# Checkout the Repo
- name: Checkout
uses: actions/checkout@v3
# Setup Repo
- name: Setup Repo
uses: ./.github/actions/setup-repo
with:
node-version: 20
os: ubuntu-latest
# Restore Packages from Cache
- name: Build Packages
uses: ./.github/actions/run-script
with:
script-name: "build"
# Run Unit Tests
- name: Unit Tests
uses: ./.github/actions/run-script
with:
script-name: "test:ci"
deploy-storybook:
needs: unit-tests
if: (needs.check-change-type.outputs.web-components-change == 'true' || needs.check-change-type.outputs.storybook-change == 'true') || github.ref == 'refs/heads/main'
uses: ./.github/workflows/amplify-deploy.yml
with:
os: ubuntu-latest
node-version: 20
amplify-app-id: d17ja0ul7nrdy0
package-name: 'pie-storybook'
package-dist-directory: ./apps/pie-storybook/dist
bucket-name-preview: 'pie-storybook-preview'
bucket-name-main: 'pie-storybook'
secrets: inherit
# TODO: DSW-1151 - Move this into a reusable action so it's not duplicated
browser-tests-components:
needs: [build-ubuntu-node-20, deploy-storybook]
if: needs.check-change-type.outputs.web-components-change == 'true' || github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
# Checkout the Repo
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
# Setup Repo
- name: Setup Repo
uses: ./.github/actions/setup-repo
with:
node-version: 20
os: ubuntu-latest
# Setup Playwright
- name: Setup Playwright
uses: ./.github/actions/setup-playwright
# Run System / a11y Tests
- name: Run All System / Component / a11y Tests
uses: ./.github/actions/run-script
with:
script-name: "test:browsers:ci --filter='./packages/components/*'"
- uses: actions/upload-artifact@v3
if: always()
with:
name: browsers-report
path: browsers-report/
retention-days: 7
# Run Visual Tests
- name: Run All Visual Tests
uses: ./.github/actions/run-script
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
with:
script-name: "test:visual:ci --filter='{./packages/components/*}[HEAD^1]'"
concurrency: 1
- name: Run Changed Package Visual Tests
uses: ./.github/actions/run-script
if: (github.event_name == 'pull_request' && github.event.pull_request.draft == false) && github.ref != 'refs/heads/main'
with:
script-name: "test:visual:ci --filter='{./packages/components/*}...[origin/main]'"
concurrency: 1
- uses: actions/upload-artifact@v3
if: always()
with:
name: visual-report
path: visual-report/
retention-days: 7
env:
STORYBOOK_AMPLIFY_ID: d17ja0ul7nrdy0
PR_NUMBER: ${{ github.event.number }}
deploy-docs:
needs: unit-tests
uses: ./.github/workflows/amplify-deploy.yml
if: needs.check-change-type.outputs.pie-docs-change == 'true' || github.ref == 'refs/heads/main'
with:
os: ubuntu-latest
node-version: 20
amplify-app-id: dvskdcoepjoyf
package-name: 'pie-docs'
package-dist-directory: ./apps/pie-docs/dist
bucket-name-preview: 'pie-docs-preview'
bucket-name-main: 'pie-docs'
secrets: inherit
browser-tests-docs:
needs: deploy-docs
runs-on: ubuntu-latest
steps:
# Checkout the Repo
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
# Setup Repo
- name: Setup Repo
uses: ./.github/actions/setup-repo
with:
node-version: 20
os: ubuntu-latest
# Setup Playwright
- name: Setup Playwright
uses: ./.github/actions/setup-playwright
# Run System / a11y Tests
- name: Run All System / a11y Tests
uses: ./.github/actions/run-script
with:
script-name: "test:browsers:ci --filter=pie-docs"
- uses: actions/upload-artifact@v3
if: always()
with:
name: browsers-report
path: browsers-report/
retention-days: 7
# Run Visual Tests
- name: Run All Visual Tests
uses: ./.github/actions/run-script
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
with:
script-name: "test:visual:ci --filter=pie-docs[HEAD^1]"
concurrency: 1
- name: Run Changed Package Visual Tests
uses: ./.github/actions/run-script
if: (github.event_name == 'pull_request' && github.event.pull_request.draft == false) && github.ref != 'refs/heads/main'
with:
script-name: "test:visual:ci --filter=pie-docs"
concurrency: 1
- uses: actions/upload-artifact@v3
if: always()
with:
name: visual-report
path: visual-report/
retention-days: 7
env:
DOCS_AMPLIFY_ID: dvskdcoepjoyf
PR_NUMBER: ${{ github.event.number }}
release:
needs: [ 'unit-tests', 'lint-js']
if: github.event_name != 'pull_request'
uses: ./.github/workflows/changeset-release.yml
with:
os: ubuntu-latest
node-version: 20
secrets: inherit
check-all-jobs:
if: always()
needs:
- lint-styles
- lint-js
- build-ubuntu-node-18
- build-windows-node-20
- build-ubuntu-node-20
- unit-tests
- browser-tests-components
- deploy-docs
- deploy-storybook
- browser-tests-docs
runs-on: ubuntu-latest
steps:
- name: Verify if the required jobs succeeded
uses: re-actors/alls-green@release/v1
with:
# "allowed-skips" lists jobs that are optional but should not fail
allowed-skips: browser-tests-components, deploy-docs, deploy-storybook, browser-tests-docs
jobs: ${{ toJSON(needs) }}