[bot] [DO NOT MERGE] Test Auspice PR 1928 #1974
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
heroku-app: | |
description: Deploy to Heroku app (if set) | |
type: string | |
required: false | |
# Only one run per branch at a time. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
# This is the same as GitHub Action's `bash` keyword as of 20 June 2023: | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell | |
# | |
# Completely spelling it out here so that GitHub can't change it out from under us | |
# and we don't have to refer to the docs to know the expected behavior. | |
shell: bash --noprofile --norc -eo pipefail {0} | |
jobs: | |
# Lint regardless of build or test status and lint early. | |
lint: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: 'package.json' | |
- run: node --version | |
- run: npm ci | |
- run: npm run lint:server | |
- run: npm run lint:static-site | |
- run: node ./scripts/check-resource-index-match.js | |
type-check: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: 'package.json' | |
- run: npm ci | |
- run: npm run type-check:ci | |
# Build into Heroku slug so we can deploy the same build that we test. | |
build: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- run: ./scripts/heroku-build | |
- if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build | |
path: | | |
build/slug.tar.gz | |
build/slug.tar.gz.sha256sum | |
build/slug.json | |
# Run tests in Heroku runtime environment against our built slug. | |
test: | |
if: github.repository == 'nextstrain/nextstrain.org' | |
needs: build | |
runs-on: ubuntu-24.04 | |
container: | |
image: heroku/heroku:22 | |
env: | |
# Override NODE_ENV=production default in production build (slug) | |
NODE_ENV: development | |
# Set up Heroku runtime environment. See bash(1) or | |
# <https://www.gnu.org/software/bash/manual/bash.html#Invoked-non_002dinteractively>. | |
BASH_ENV: .heroku/BASH_ENV | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: build | |
path: build/ | |
- run: sha256sum --check build/slug.tar.gz.sha256sum | |
- run: tar --extract --file build/slug.tar.gz --xform 's,^[.]/app/,,' | |
- run: node --version | |
# (Re-)install dev deps which got pruned from production build (slug) | |
- run: npm ci | |
# configure AWS to run dev server necessary for `npm run test:ci` | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ vars.AWS_DEFAULT_REGION }} | |
aws-access-key-id: ${{ secrets.DEV_SERVER_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.DEV_SERVER_AWS_SECRET_ACCESS_KEY }} | |
- run: npm run test:ci | |
env: | |
# Tests make GitHub API requests which are rate limited. | |
# Use the GitHub Actions token for a limit of 1,000 requests per hour. | |
# <https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api#primary-rate-limit-for-github_token-in-github-actions> | |
GITHUB_TOKEN: ${{ github.token }} | |
- if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-logs | |
path: test/server.log | |
index-resources: | |
if: |2 | |
github.repository == 'nextstrain/nextstrain.org' | |
&& github.event_name == 'push' | |
&& github.ref == 'refs/heads/master' | |
needs: test | |
permissions: | |
id-token: write # needed to interact with GitHub's OIDC Token endpoint | |
contents: read | |
uses: ./.github/workflows/index-resources.yml | |
secrets: inherit | |
deploy: | |
if: |2 | |
!cancelled() | |
&& needs.build.result == 'success' | |
&& needs.test.result == 'success' | |
&& contains(fromJSON('["success", "skipped"]'), needs.index-resources.result) | |
&& github.repository == 'nextstrain/nextstrain.org' | |
&& ( (github.event_name == 'push' && github.ref == 'refs/heads/master') | |
|| (github.event_name == 'workflow_dispatch' && inputs.heroku-app) ) | |
# Wait for "build", "test", and "index-resources" jobs above to pass. | |
needs: | |
- build | |
- test | |
- index-resources | |
# Name a GitHub environment configuration¹ to auto-create deployment | |
# records in GitHub based on this job's progress/status. Also grants | |
# access to environment-specific secrets. | |
# | |
# The URL is specific to this deployment, not the environment (i.e. an | |
# environment have deployments at different URLs). | |
# | |
# ¹ https://github.com/nextstrain/nextstrain.org/settings/environments | |
environment: | |
name: ${{ inputs.heroku-app || 'nextstrain-canary' }} | |
url: ${{ inputs.heroku-app && format('https://{0}.herokuapp.com', inputs.heroku-app) || 'https://next.nextstrain.org' }} | |
# Deploy steps | |
runs-on: ubuntu-24.04 | |
env: | |
HEROKU_APP: ${{ inputs.heroku-app || 'nextstrain-canary' }} | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: build | |
path: build/ | |
- name: Login to Heroku | |
run: echo "machine api.heroku.com login $HEROKU_USER password $HEROKU_TOKEN" >> ~/.netrc | |
env: | |
HEROKU_USER: "${{ vars.HEROKU_USER }}" | |
HEROKU_TOKEN: "${{ secrets.HEROKU_TOKEN }}" | |
- name: Upload slug | |
run: | | |
# <https://devcenter.heroku.com/articles/platform-api-reference#slug-create> | |
curl https://api.heroku.com/apps/"$HEROKU_APP"/slugs \ | |
--data-binary @build/slug.json \ | |
--header 'Content-Type: application/json' \ | |
--header 'Accept: application/vnd.heroku+json; version=3' \ | |
--fail --silent --show-error --location --netrc \ | |
| tee slug.json | |
curl "$(jq -r .blob.url slug.json)" \ | |
--request "$(jq -r .blob.method slug.json | tr a-z A-Z)" \ | |
--header "Content-Type:" \ | |
--data-binary @build/slug.tar.gz \ | |
--fail --location --netrc \ | |
| cat | |
- name: Release slug | |
run: | | |
# <https://devcenter.heroku.com/articles/platform-api-reference#release-create> | |
curl https://api.heroku.com/apps/"$HEROKU_APP"/releases \ | |
--data-binary @<(jq '{slug: .id}' slug.json) \ | |
--header 'Content-Type: application/json' \ | |
--header 'Accept: application/vnd.heroku+json; version=3' \ | |
--fail --silent --show-error --location --netrc \ | |
| tee release.json | |
- if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: deploy | |
path: | | |
slug.json | |
release.json | |
- if: always() | |
name: Logout of Heroku | |
run: sed -i -e '/^machine api\.heroku\.com/d' ~/.netrc |