-
Notifications
You must be signed in to change notification settings - Fork 27
173 lines (150 loc) · 5.08 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
name: CI
on:
- push
jobs:
test:
runs-on: ubuntu-latest
services:
db:
image: postgres:16
env:
POSTGRES_PASSWORD: postgres
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Install packages
run: sudo apt-get update && sudo apt-get install --no-install-recommends -y google-chrome-stable curl libjemalloc2 libvips postgresql-client
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: .ruby-version
bundler-cache: true
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 20
- name: Enable Corepack
run: corepack enable
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
- name: Manage yarn, webpack and assets cache
uses: actions/cache@v4
# use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
id: yarn-cache
with:
path: |
${{ steps.yarn-cache-dir-path.outputs.dir }}
public/assets
public/packs-test
tmp/cache
tmp/shakapacker
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install yarn packages
run: yarn install --immutable
- name: Prepare config files
run: |
cp config/action_mailer.yml.ci config/action_mailer.yml
cp config/code_ocean.yml.ci config/code_ocean.yml
cp config/database.yml.ci config/database.yml
cp config/docker.yml.erb.ci config/docker.yml.erb
cp config/mnemosyne.yml.ci config/mnemosyne.yml
cp config/content_security_policy.yml.ci config/content_security_policy.yml
- name: Prepare database
env:
RAILS_ENV: test
run: bundler exec rake db:prepare
- name: Precompile assets
env:
RAILS_ENV: test
run: bundler exec rake assets:precompile
- name: Run tests
env:
RAILS_ENV: test
CC_TEST_REPORTER_ID: true
run: bundle exec rspec --color --format RSpec::Github::Formatter --format progress
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
if: ${{ success() || failure() }}
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Keep screenshots from failed system specs
uses: actions/upload-artifact@v4
if: failure()
with:
name: screenshots
path: ${{ github.workspace }}/tmp/screenshots
if-no-files-found: ignore
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: .ruby-version
bundler-cache: true
- name: Run rubocop
uses: reviewdog/action-rubocop@v2
with:
filter_mode: nofilter
rubocop_version: gemfile
rubocop_extensions: rubocop-rails:gemfile rubocop-rspec:gemfile rubocop-performance:gemfile
rubocop_flags: --parallel
reporter: github-check
skip_install: true
use_bundler: true
fail_on_error: true
slim-lint:
permissions:
# Required: Allow read access to the content for analysis.
contents: read
# Required: Allow write access to checks to allow the action to annotate code in the PR.
checks: write
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: .ruby-version
bundler-cache: true
- name: Run slim-lint
run: bundle exec slim-lint app/views --reporter checkstyle > checkstyle-result.xml
- name: Upload slim-lint results as GitHub annotations
uses: lcollins/[email protected]
# Only create GitHub annotations for the main repo (disable for forks):
if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository }}
with:
name: Slim-Lint Report
title: Analyze Slim templates for linting issues
path: checkstyle-result.xml
scan_ruby:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: .ruby-version
bundler-cache: true
- name: Scan for common Rails security vulnerabilities using static analysis
uses: reviewdog/action-brakeman@v2
with:
filter_mode: nofilter
reporter: github-check
skip_install: true
use_bundler: true
fail_on_error: true