meta: updated collaborator guide and content-vs-code #2003
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Security Notes | |
| # Only selected Actions are allowed within this repository. Please refer to (https://github.com/nodejs/nodejs.org/settings/actions) | |
| # for the full list of available actions. If you want to add a new one, please reach out a maintainer with Admin permissions. | |
| # REVIEWERS, please always double-check security practices before merging a PR that contains Workflow changes!! | |
| # AUTHORS, please only use actions with explicit SHA references, and avoid using `@master` or `@main` references or `@version` tags. | |
| name: Pull Request Checks | |
| on: | |
| pull_request_target: | |
| branches: | |
| - main | |
| types: | |
| - labeled | |
| merge_group: | |
| defaults: | |
| run: | |
| # This ensures that the working directory is the root of the repository | |
| working-directory: ./ | |
| permissions: | |
| contents: read | |
| actions: read | |
| # This permission is required by `peter-evans/create-or-update-comment` | |
| # This permission is required by `MishaKav/jest-coverage-comment` | |
| pull-requests: write | |
| jobs: | |
| # This Job removes the label after it got applied to ensure that we can easily apply again when needed | |
| remove_pull_request_label: | |
| if: | | |
| github.event.action == 'labeled' && | |
| github.event.label.name == 'github_actions:pull-request' | |
| name: Remove Pull Request Label | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Remove GitHub Actions Label | |
| uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 | |
| with: | |
| labels: github_actions:pull-request | |
| base: | |
| # This Job ensures that these jobs run either on regular Pull Request Updates | |
| # Or if the PR gets labeled with `github_actions:pull-request` | |
| if: | | |
| github.event.action != 'labeled' || | |
| (github.event.action == 'labeled' && github.event.label.name == 'github_actions:pull-request') | |
| name: Base Tasks | |
| runs-on: ubuntu-latest | |
| outputs: | |
| fetch_depth: ${{ steps.calculate_current_commits.outputs.fetch_depth }} | |
| turbo_args: ${{ steps.turborepo_arguments.outputs.turbo_args }} | |
| steps: | |
| - name: Calculate Commits to Checkout | |
| id: calculate_current_commits | |
| # This calculates the amount of commits we should fetch during our shallow clone | |
| # This calculates the amount of commits this PR produced diverged from the base branch + 1 | |
| # Which should include the "merge" commit reference | |
| # In other words, the GitHub Action will always have the full history of the current PR | |
| # We need all the commits of the PR so that `turbo --filter` works correctly | |
| run: | | |
| if [ "${{ github.event_name }}" == "pull_request_target" ]; then | |
| echo "fetch_depth=$(( ${{ github.event.pull_request.commits }} + 1 ))" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "fetch_depth=1" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Provide Turborepo Arguments | |
| id: turborepo_arguments | |
| # `--filter` flag allows us to tell TurboRepo to only run a said command if there were any changes found in a given --filter range | |
| # It verifies if any change was done to any of the including `glob` patterns described for a said command on `turbo.json` | |
| # By default in this Workflow we use the `...[$TURBO_REF_FILTER]` as a value to the filter flag which tells Turborepo to look changes | |
| # between the latest base branch commit and all the commits of this PR; That's why we use the `pull_request.base.sha` as a ref to the last | |
| # commit on the base branch that this pull_request refers to. | |
| # We also set the Turborepo Cache to the `.turbo` folder | |
| # See https://turbo.build/repo/docs/reference/command-line-reference/run#--filter | |
| # See https://turbo.build/repo/docs/reference/command-line-reference/run#--cache-dir | |
| # See https://turbo.build/repo/docs/reference/command-line-reference/run#--force | |
| run: | | |
| if [ "${{ github.event_name }}" == "pull_request_target" ]; then | |
| echo "turbo_args=--filter=\"[HEAD~${{ github.event.pull_request.commits }}...HEAD]\" --cache-dir=.turbo/cache" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "turbo_args=--cache-dir=.turbo/cache" >> "$GITHUB_OUTPUT" | |
| fi | |
| lint: | |
| # This Job ensures that these jobs run either on regular Pull Request Updates | |
| # Or if the PR gets labeled with `github_actions:pull-request` | |
| if: | | |
| github.event.action != 'labeled' || | |
| (github.event.action == 'labeled' && github.event.label.name == 'github_actions:pull-request') | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| needs: [base] | |
| steps: | |
| - name: Git Checkout | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
| with: | |
| # Here we apply the Environment Variable created above on the "Calculate Commits to Checkout" | |
| fetch-depth: ${{ needs.base.outputs.fetch_depth }} | |
| - name: Restore Lint Cache | |
| uses: actions/cache/restore@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
| with: | |
| path: | | |
| .turbo/cache | |
| node_modules/.cache | |
| # We want to restore Turborepo Cache and ESlint and Prettier Cache | |
| key: cache-lint-${{ hashFiles('package-lock.json') }}- | |
| restore-keys: | | |
| cache-lint-${{ hashFiles('package-lock.json') }}- | |
| cache-lint- | |
| - name: Set up Node.js | |
| uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d | |
| with: | |
| # We want to ensure that the Node.js version running here respects our supported versions | |
| node-version-file: '.nvmrc' | |
| cache: 'npm' | |
| - name: Install NPM packages | |
| # We want to avoid NPM from running the Audit Step and Funding messages on a CI environment | |
| # We also use `npm i` instead of `npm ci` so that the node_modules/.cache folder doesn't get deleted | |
| run: npm i --no-audit --no-fund --ignore-scripts --userconfig=/dev/null | |
| - name: Run `turbo lint` | |
| # We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user | |
| # the `${{ needs.base.outputs.turbo_args }}` is a string substitution happening from the base job | |
| run: npx --package=turbo@latest -- turbo lint ${{ needs.base.outputs.turbo_args }} | |
| - name: Run `turbo prettier` | |
| # We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user | |
| # the `${{ needs.base.outputs.turbo_args }}` is a string substitution happening from the base job | |
| run: npx --package=turbo@latest -- turbo prettier ${{ needs.base.outputs.turbo_args }} | |
| - name: Save Lint Cache | |
| # We don't need to upload a Lint Cache for Dependabot PRs and also when the GitHub Event is not a Pull Request | |
| # i.e. if the Event is a Merge Queue Event | |
| if: | | |
| github.event_name == 'pull_request_target' && | |
| startsWith(github.event.pull_request.head.ref, 'dependabot/') == false | |
| uses: actions/cache/save@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
| with: | |
| path: | | |
| .turbo/cache | |
| node_modules/.cache | |
| key: cache-lint-${{ hashFiles('package-lock.json') }}-${{ hashFiles('.turbo/cache/**') }} | |
| tests: | |
| # This Job ensures that these jobs run either on regular Pull Request Updates | |
| # Or if the PR gets labeled with `github_actions:pull-request` | |
| if: | | |
| github.event.action != 'labeled' || | |
| (github.event.action == 'labeled' && github.event.label.name == 'github_actions:pull-request') | |
| name: Tests | |
| runs-on: ubuntu-latest | |
| needs: [base] | |
| environment: | |
| name: Storybook | |
| url: ${{ steps.chromatic-deploy.outputs.storybookUrl }} | |
| steps: | |
| - name: Git Checkout | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
| with: | |
| # Here we apply the Environment Variable created above on the "Calculate Commits to Checkout" | |
| fetch-depth: ${{ needs.base.outputs.fetch_depth }} | |
| - name: Restore Tests Cache | |
| uses: actions/cache/restore@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
| with: | |
| path: | | |
| .turbo/cache | |
| node_modules/.cache | |
| # We want to restore Turborepo Cache and Storybook Cache | |
| key: cache-tests-${{ hashFiles('package-lock.json') }}- | |
| restore-keys: | | |
| cache-tests-${{ hashFiles('package-lock.json') }}- | |
| cache-tests- | |
| - name: Set up Node.js | |
| uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d | |
| with: | |
| # We want to ensure that the Node.js version running here respects our supported versions | |
| node-version-file: '.nvmrc' | |
| cache: 'npm' | |
| - name: Install NPM packages | |
| # We want to avoid NPM from running the Audit Step and Funding messages on a CI environment | |
| # We also use `npm i` instead of `npm ci` so that the node_modules/.cache folder doesn't get deleted | |
| run: npm i --no-audit --no-fund --userconfig=/dev/null | |
| - name: Run Unit Tests | |
| # We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user | |
| # the `${{ needs.base.outputs.turbo_args }}` is a string substitution happening from the base job | |
| run: npx --package=turbo@latest -- turbo test:unit ${{ needs.base.outputs.turbo_args }} -- --ci --coverage | |
| - name: Build Storybook | |
| # Assigns an ID to be reused on other steps | |
| id: storybook_build | |
| # Skips a few steps if not on a Pull Request (Merge Group) or it is a Dependabot PR | |
| # i.e. if the Event is a Merge Queue Event | |
| if: | | |
| github.event_name == 'pull_request_target' && | |
| startsWith(github.event.pull_request.head.ref, 'dependabot/') == false | |
| # We Build Storybook Locally and then upload it so it can be used on another Workflow | |
| # We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user | |
| # the `${{ needs.base.outputs.turbo_args }}` is a string substitution happening from the base job | |
| # We also always want to run the Storybok Build (Force) to ensure that Chromatic can upload the Build | |
| run: npx --package=turbo@latest -- turbo storybook:build ${{ needs.base.outputs.turbo_args }} --force=true | |
| - name: Start Visual Regression Tests (Chromatic) | |
| # This assigns the Environment Deployment for Storybook | |
| id: chromatic-deploy | |
| # This prevents this step from running if "Storybook Build" got cancelled; Which gets cancelled if | |
| # the curruent branch comes from Dependabot or the Event is not a Pull Request (i.e. Merge Queue Event) | |
| if: steps.storybook_build.outcome == 'success' | |
| uses: chromaui/action@v1 | |
| with: | |
| projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }} | |
| storybookBuildDir: storybook-static | |
| exitOnceUploaded: true | |
| onlyChanged: true | |
| - name: Jest Coverage Comment | |
| # This prevents this step from running if "Storybook Build" got cancelled; Which gets cancelled if | |
| # the curruent branch comes from Dependabot or the Event is not a Pull Request (i.e. Merge Queue Event) | |
| if: steps.storybook_build.outcome == 'success' | |
| # This comments the current Jest Coverage Report containing JUnit XML reports | |
| # and a Code Coverage Summary | |
| uses: MishaKav/jest-coverage-comment@41b5ca01d1250de84537448d248b8d18152cb277 | |
| with: | |
| title: 'Unit Test Coverage Report' | |
| junitxml-path: ./junit.xml | |
| junitxml-title: Unit Test Report | |
| - name: Save Tests Cache | |
| # This prevents this step from running if "Storybook Build" got cancelled; Which gets cancelled if | |
| # the curruent branch comes from Dependabot or the Event is not a Pull Request (i.e. Merge Queue Event) | |
| if: steps.storybook_build.outcome == 'success' | |
| uses: actions/cache/save@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
| with: | |
| path: | | |
| .turbo/cache | |
| node_modules/.cache | |
| key: cache-tests-${{ hashFiles('package-lock.json') }}-${{ hashFiles('.turbo/cache/**') }} |