-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
326 lines (309 loc) · 10 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
name: ci
on:
push:
branches: main
pull_request:
merge_group:
types: [checks_requested]
jobs:
check-diff:
runs-on: macos-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 #v1
with:
ruby-version: '3.1.6'
env:
BUNDLE_GEMFILE: ios/Gemfile
- run: yarn setup
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
else
echo "No changes detected"
fi
dedupe:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- run: yarn setup --node
- name: Deduplicate dependencies
run: yarn deduplicate
- name: Print error if duplicates found
shell: bash
run: |
if ! git diff --exit-code; then
echo "Duplicate dependencies detected; run 'yarn deduplicate' to remove them"
exit 1
fi
scripts:
runs-on: ubuntu-20.04
strategy:
matrix:
scripts:
- lint
- lint:tsc
- audit:ci
- test:depcheck
- test:tgz-check
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- run: yarn setup --node
- run: yarn ${{ matrix['scripts'] }}
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
else
echo "No changes detected"
fi
unit-tests:
runs-on: ubuntu-20.04
strategy:
matrix:
shard: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- run: yarn setup
# The "10" in this command is the total number of shards. It must be kept
# in sync with the length of matrix.shard
- run: yarn test:unit --shard=${{ matrix.shard }}/10 --forceExit --silent --coverageReporters=json
env:
NODE_OPTIONS: --max_old_space_size=20480
- name: Rename coverage report to include shard number
shell: bash
run: |
mv ./tests/coverage/coverage-final.json ./tests/coverage/coverage-${{ matrix.shard }}.json
- uses: actions/upload-artifact@v3
with:
name: coverage-${{ matrix.shard }}
path: ./tests/coverage/coverage-${{ matrix.shard }}.json
if-no-files-found: error
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
else
echo "No changes detected"
fi
merge-unit-tests:
runs-on: ubuntu-20.04
needs: unit-tests
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- run: yarn setup
- uses: actions/download-artifact@v3
with:
path: tests/coverage/
- name: Gather partial coverage reports into one directory
shell: bash
run: |
mv ./tests/coverage/coverage-*/* ./tests/coverage
- run: yarn test:merge-coverage
- run: yarn test:validate-coverage
- uses: actions/upload-artifact@v3
with:
name: coverage
path: ./tests/merged-coverage/lcov.info
if-no-files-found: error
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
else
echo "No changes detected"
fi
js-bundle-size-check:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- name: Install dependencies
run: yarn setup
- name: Generate iOS bundle
run: yarn gen-bundle:ios
- name: Check bundle size
run: ./scripts/js-bundle-stats.sh ios/main.jsbundle 40
- name: Upload iOS bundle
uses: actions/upload-artifact@v4
with:
name: ios-bundle
path: ios/main.jsbundle
ship-js-bundle-size-check:
runs-on: ubuntu-latest
needs: [js-bundle-size-check]
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- uses: actions/checkout@v4
- name: Download iOS bundle
uses: actions/download-artifact@v4
with:
name: ios-bundle
path: ios/main.jsbundle
- name: Push bundle size to mobile_bundlesize_stats repo
run: ./scripts/push-bundle-size.sh
env:
GITHUB_ACTOR: metamaskbot
GITHUB_TOKEN: ${{ secrets.MOBILE_BUNDLESIZE_TOKEN }}
sonar-cloud:
runs-on: ubuntu-20.04
needs: merge-unit-tests
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # SonarCloud needs a full checkout to perform necessary analysis
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
- uses: actions/download-artifact@v3
with:
name: coverage
path: coverage/
- name: Upload coverage reports to Codecov
if: ${{ always() }}
uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
- name: SonarCloud Scan
if: ${{ env.HAVE_SONAR_TOKEN == 'true' }}
# This is SonarSource/[email protected]
uses: SonarSource/sonarcloud-github-action@4b4d7634dab97dcee0b75763a54a6dc92a9e6bc1
env:
HAVE_SONAR_TOKEN: ${{ secrets.SONAR_TOKEN != '' }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
else
echo "No changes detected"
fi
# Revert git update-index --no-assume-unchanged for each entry
echo "Reverting assume unchanged for the following paths:"
for path in "${EXCLUDES[@]}"; do
echo "$path"
git update-index --no-assume-unchanged "$path"
done
sonar-cloud-quality-gate-status:
runs-on: ubuntu-latest
needs: sonar-cloud
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: SonarCloud Quality Gate Status
id: sonar-status
env:
REPO: ${{ github.repository }}
ISSUE_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Skip step if event is a PR
if [[ "${{ github.event_name }}" != "pull_request" ]]; then
echo "This job only runs for pull requests."
exit 0
fi
# Bypass step if skip-sonar-cloud label is found
LABEL=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
"https://api.github.com/repos/$REPO/issues/$ISSUE_NUMBER/labels" | \
jq -r '.[] | select(.name=="skip-sonar-cloud") | .name')
if [[ "$LABEL" == "skip-sonar-cloud" ]]; then
echo "skip-sonar-cloud label found. Skipping SonarCloud Quality Gate check."
else
sleep 30
PROJECT_KEY="metamask-mobile"
PR_NUMBER="${{ github.event.pull_request.number }}"
SONAR_TOKEN="${{ secrets.SONAR_TOKEN }}"
if [ -z "$PR_NUMBER" ]; then
echo "No pull request number found. Failing the check."
exit 1
fi
RESPONSE=$(curl -s -u "$SONAR_TOKEN:" \
"https://sonarcloud.io/api/qualitygates/project_status?projectKey=$PROJECT_KEY&pullRequest=$PR_NUMBER")
echo "SonarCloud API Response: $RESPONSE"
STATUS=$(echo "$RESPONSE" | jq -r '.projectStatus.status')
if [[ "$STATUS" == "ERROR" ]]; then
echo "Quality Gate failed."
exit 1
elif [[ "$STATUS" == "OK" ]]; then
echo "Quality Gate passed."
else
echo "Could not determine Quality Gate status."
exit 1
fi
fi
check-workflows:
name: Check workflows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download actionlint
id: download-actionlint
run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/62dc61a45fc95efe8c800af7a557ab0b9165d63b/scripts/download-actionlint.bash) 1.7.1
shell: bash
- name: Check workflow files
run: ${{ steps.download-actionlint.outputs.executable }} -color
shell: bash
all-jobs-pass:
name: All jobs pass
runs-on: ubuntu-20.04
needs:
[
check-diff,
dedupe,
scripts,
unit-tests,
check-workflows,
js-bundle-size-check,
sonar-cloud-quality-gate-status,
]
outputs:
ALL_JOBS_PASSED: ${{ steps.jobs-passed-status.outputs.ALL_JOBS_PASSED }}
steps:
- name: Set jobs passed status
id: jobs-passed-status
run: echo "ALL_JOBS_PASSED=true" >> "$GITHUB_OUTPUT"
check-all-jobs-pass:
name: Check all jobs pass
runs-on: ubuntu-20.04
needs: all-jobs-pass
if: always()
steps:
- run: |
if [[ "${{ needs.all-jobs-pass.outputs.ALL_JOBS_PASSED }}" == "true" ]]; then
echo "All jobs passed. Unblock PR."
else
echo "All jobs passed step skipped. Block PR."
exit 1
fi