-
Notifications
You must be signed in to change notification settings - Fork 8.1k
169 lines (141 loc) · 6.95 KB
/
pr-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# This is more or less a copy of
# https://github.com/mdn/content/blob/main/.github/workflows/pr-test.yml
# but done in a way that it first checks out mdn/translated-content (or
# fork of) and _then_ checks out mdn/content which has the relevant
# CI related tooling.
name: PR Test
on:
# The `GITHUB_TOKEN` in workflows triggered by the `pull_request_target` event
# is granted read/write repository access.
# Please pay attention to limit the permissions of each job!
# https://docs.github.com/actions/using-jobs/assigning-permissions-to-jobs
pull_request_target:
branches:
- main
jobs:
tests:
# do not run on PRs in forks
if: github.repository == 'mdn/translated-content'
runs-on: ubuntu-latest
# Set the permissions to `read-all`, preventing the workflow from
# any accidental write access to the repository.
permissions: read-all
outputs:
has_assets: ${{ steps.build-content.outputs.has_assets }}
env:
BASE_SHA: ${{ github.event.pull_request.base.sha }}
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
# If we don't do this the built files will end up in
# `node_modules/@mdn/yari/client/build/` and we don't want that
# to get pushed into the cache.
BUILD_OUT_ROOT: /tmp/build
steps:
- uses: actions/checkout@v4
with:
ref: "${{ env.HEAD_SHA }}"
- name: Get changed files
run: |
# Use the GitHub API to get the list of changed files
# documentation: https://docs.github.com/rest/commits/commits#compare-two-commits
DIFF_DOCUMENTS=$(gh api repos/{owner}/{repo}/compare/${{ env.BASE_SHA }}...${{ env.HEAD_SHA }} \
--jq '.files | .[] | select(.status|IN("added", "modified", "renamed", "copied", "changed")) | .filename')
# filter out files that are not markdown files
GIT_DIFF_CONTENT=$(echo "${DIFF_DOCUMENTS}" | egrep -i "^files/.*\.md$" | xargs)
echo "GIT_DIFF_CONTENT=${GIT_DIFF_CONTENT}" >> $GITHUB_ENV
# filter out files that are not attachments
# note that we should get the absolute path of the changed attachments
GIT_DIFF_FILES=$(echo "${DIFF_DOCUMENTS}" | egrep -i "^files/.*\.(png|jpeg|jpg|gif|svg|webp)$" | xargs readlink -e | xargs)
echo "GIT_DIFF_FILES=${GIT_DIFF_FILES}" >> $GITHUB_ENV
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@v4
if: ${{ env.GIT_DIFF_CONTENT }} || ${{ env.GIT_DIFF_FILES }}
with:
repository: mdn/content
path: mdn/content
- name: Setup Node.js environment
if: ${{ env.GIT_DIFF_CONTENT }} || ${{ env.GIT_DIFF_FILES }}
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
cache: yarn
cache-dependency-path: mdn/content/yarn.lock
- name: Install all yarn packages
if: ${{ env.GIT_DIFF_CONTENT }} || ${{ env.GIT_DIFF_FILES }}
working-directory: ${{ github.workspace }}/mdn/content
run: yarn --frozen-lockfile
env:
# https://github.com/microsoft/vscode-ripgrep#github-api-limit-note
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build changed content
id: build-content
if: ${{ env.GIT_DIFF_CONTENT }}
env:
CONTENT_ROOT: ${{ github.workspace }}/mdn/content/files
CONTENT_TRANSLATED_ROOT: ${{ github.workspace }}/files
# This is so that if there's a single 'unsafe_html' flaw, it
# completely fails the build.
# But all other flaws should be 'warn', so that we can include
# information about the flaws when we analyze the built PR.
BUILD_FLAW_LEVELS: "unsafe_html: error, *:warn"
# Because we build these pages in a way that you get a toolbar,
# so the flaws can be displayed, but we don't want any of the
# other toolbar features like "Fix fixable flaws" or "Quick-edit"
# we set this to disable that stuff.
REACT_APP_CRUD_MODE_READONLY: true
BUILD_LIVE_SAMPLES_BASE_URL: https://live.mdnyalp.dev
BUILD_LEGACY_LIVE_SAMPLES_BASE_URL: https://live-samples.mdn.allizom.net
# In these builds, we never care for or need the ability to sign in.
# This environment variable will disable that functionality entirely.
REACT_APP_DISABLE_AUTH: true
# TODO: This should be implicit when `CI=true`
BUILD_NO_PROGRESSBAR: true
# Playground
REACT_APP_PLAYGROUND_BASE_HOST: mdnyalp.dev
working-directory: ${{ github.workspace }}/mdn/content
run: |
mkdir -p ${{ env.BUILD_OUT_ROOT }}
# Don't use `yarn build` (from mdn/content) because that one hardcodes
# the BUILD_OUT_ROOT and CONTENT_ROOT env vars.
node node_modules/@mdn/yari/build/cli.js ${{ env.GIT_DIFF_CONTENT }}
echo "Disk usage size of build"
du -sh ${{ env.BUILD_OUT_ROOT }}
# Save the PR number into the build
echo ${{ github.event.number }} > ${{ env.BUILD_OUT_ROOT }}/NR
# Download the raw diff blob and store that inside the build
# directory.
# The purpose of this is for the PR Review Companion to later
# be able to use this raw diff file for the benefit of analyzing.
wget https://github.com/${{ github.repository }}/compare/${{ env.BASE_SHA }}...${{ env.HEAD_SHA }}.diff -O ${{ env.BUILD_OUT_ROOT }}/DIFF
# Set the output variable so the next job could skip if there are no assets
echo "has_assets=true" >> "$GITHUB_OUTPUT"
- name: Merge static assets with built documents
if: ${{ env.GIT_DIFF_CONTENT }}
run: |
# Exclude the .map files, as they're used for debugging JS and CSS.
rsync -a --exclude "*.map" ${{ github.workspace }}/mdn/content/node_modules/@mdn/yari/client/build/ ${{ env.BUILD_OUT_ROOT }}
# Show the final disk usage size of the build.
du -sh ${{ env.BUILD_OUT_ROOT }}
- uses: actions/upload-artifact@v4
if: ${{ env.GIT_DIFF_CONTENT }}
with:
name: build
path: ${{ env.BUILD_OUT_ROOT }}
- name: Check changed files
if: ${{ env.GIT_DIFF_FILES }}
env:
CONTENT_ROOT: ${{ github.workspace }}/mdn/content/files
CONTENT_TRANSLATED_ROOT: ${{ github.workspace }}/files
working-directory: ${{ github.workspace }}/mdn/content
run: |
echo ${{ env.GIT_DIFF_FILES }}
yarn filecheck ${{ env.GIT_DIFF_FILES }}
review:
needs: tests
if: ${{ needs.tests.outputs.has_assets }}
# write permissions are required to create a comment in the corresponding PR
permissions: write-all
uses: ./.github/workflows/pr-review-companion.yml
# inherit the secrets from the parent workflow
# https://docs.github.com/actions/using-workflows/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow
secrets: inherit