name: "pull-request" on: workflow_call: inputs: dry-run-flag: description: 'enable dry-run on artifact push' required: false type: boolean default: true devel: description: 'devel' required: false type: boolean default: false cron-run: description: 'disables jobs which should not run when cron runs e2es' required: false type: boolean default: false pull_request: types: [opened, synchronize, reopened] branches: - develop - master - develop-patch* - master-patch* concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: BASE_REF: ${{ github.base_ref }} HEAD_REF: ${{ github.head_ref }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} GITHUB_BRANCH: ${{ github.ref_name }} GH_BUILD_DIR: ${{ github.workspace }} GH_COMMIT: ${{ github.sha }} BUILD_ID: ${{ github.run_id }} GH_RUN_NUMBER: ${{ github.run_attempt }} GH_BUILD_NUMBER: ${{ github.run_id }} JOB_ID: ${{ github.run_id }} LOG_LEVEL: "ERROR" S3_BUILD_BUCKET_SHORT_NAME: ${{ secrets.S3_BUILD_BUCKET_SHORT_NAME }} NODE_OPTIONS: "--max-old-space-size=5120" DOCKER_REPOSITORY_DOMAIN: ${{ secrets.DOCKER_REPOSITORY_DOMAIN }} DOCKER_REPOSITORY_USER: ${{ secrets.DOCKER_REPOSITORY_USER }} DOCKER_REPOSITORY_PASSWORD: ${{ secrets.DOCKER_REPOSITORY_PASSWORD }} DOCKER_REPOSITORY_STORYBOOK: "${{ secrets.DOCKER_REPOSITORY_DOMAIN }}/alfresco/storybook" REPO_OWNER: "Alfresco" REPO_NAME: "alfresco-ng2-components" STORYBOOK_DIR: "./dist/storybook/stories" BUILT_LIBS_DIR: "./dist/libs" NODE_MODULES_DIR: "./node_modules" REDIRECT_URI: / jobs: pre-checks: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Ensure SHA pinned actions uses: zgosalvez/github-actions-ensure-sha-pinned-actions@2d6823da4039243036c86d76f503c84e2ded2517 # v3.0.24 - name: Check package-lock.json version run: | if [[ $(jq '.lockfileVersion == 3' package-lock.json) == "true" ]] ; then echo "package-lock.json has a correct version" else echo "package-lock must be version 3" exit 1 fi check-if-pr-is-approved: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Get branch name uses: Alfresco/alfresco-build-tools/.github/actions/get-branch-name@09293790e3d482b6376a602f607e009ef1025698 # v8.19.0 - name: Save commit message uses: Alfresco/alfresco-build-tools/.github/actions/get-commit-message@09293790e3d482b6376a602f607e009ef1025698 # v8.19.0 - name: ci:force flag parser shell: bash run: | if [ "${{ github.event_name }}" == "schedule" ] || [ "${{ github.actor }}" == "dependabot[bot]" ]; then echo -e "\033[32mci:force check can be skipped\033[0m" skip_check="true" elif [[ "$COMMIT_MESSAGE" == *"[ci:force]"* ]]; then echo -e "\033[32m[ci:force] flag detected. No need for approval.\033[0m" skip_check="true" fi - name: Get PR number if: ${{ github.event_name != 'schedule' && github.event_name != 'workflow_dispatch' }} uses: kamatama41/get-pr-number-action@0bcaab5752c0b699149e74667c8ce2f764cbb7fa # v0.9.1 id: action with: github_token: ${{ secrets.GITHUB_TOKEN }} - name: show pr number shell: bash run: | echo "PR: ${{ steps.action.outputs.number }}" - name: check if pr is approved env: DEVEL_FLAG: ${{ inputs.devel }} GH_TOKEN: ${{ github.token }} skip_check: "false" run: | if [ "${{ github.event_name }}" == "schedule" ] || [ "${{ github.actor }}" == "dependabot[bot]" ]; then echo -e "\033[32mci:force check can be skipped\033[0m" skip_check="true" elif [[ "$COMMIT_MESSAGE" == *"[ci:force]"* ]]; then echo -e "\033[32m[ci:force] flag detected. No need for approval.\033[0m" skip_check="true" fi if [ "${{ github.actor }}" == "dependabot[bot]" ] || [ "${{ github.actor }}" == "alfresco-build" ]; then echo -e "\033[32mCommit by ${{ github.actor }}. No need for approval.\033[0m" skip_check="true" fi if [ "${{ github.event_name }}" == "schedule" ] || [ "${{ github.event_name }}" == "workflow_dispatch" ]; then echo -e "\033[32mSchedule event\033[0m" skip_check="true" fi if [[ "$DEVEL_FLAG" == "true" ]]; then echo -e "\033[32mDevel flag\033[0m" skip_check="true" fi if [ "$skip_check" == "false" ]; then echo "Checking PR approval" prNumber=${{ steps.action.outputs.number }} echo "PR: $prNumber" checkApproval=$(gh api /repos/$GITHUB_REPOSITORY/pulls/$prNumber/reviews | jq '.[] | select(.state == "APPROVED") | .user.login') if [[ $checkApproval ]]; then echo -e "\033[32mPR approved\033[0m" else echo -e "\033[31mPR NOT approved\033[0m" exit 1 fi fi setup: # long timeout required when cache has to be recreated timeout-minutes: 30 name: "Setup" runs-on: ubuntu-latest needs: [check-if-pr-is-approved, pre-checks] steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup - name: install run: | npm ci npx nx run js-api:bundle npx nx run cli:bundle - uses: ./.github/actions/upload-node-modules-and-artifacts unit-tests: timeout-minutes: 30 name: "Unit tests: ${{ matrix.unit-tests.name }}" runs-on: ubuntu-latest needs: [setup] strategy: fail-fast: false # max-parallel: 4 matrix: unit-tests: - name: js-api exclude: "core,insights,content-services,process-services,process-services-cloud,eslint-plugin-eslint-angular" - name: content-services exclude: "insights,core,extensions,process-services,process-services-cloud,eslint-plugin-eslint-angular,js-api" - name: core exclude: "insights,content-services,process-services,process-services-cloud,eslint-plugin-eslint-angular,js-api" - name: insights exclude: "core,extensions,content-services,process-services-cloud,process-services,eslint-plugin-eslint-angular,js-api" - name: process-services exclude: "core,extensions,content-services,process-services-cloud,insights,eslint-plugin-eslint-angular,js-api" - name: process-services-cloud exclude: "insights,core,extensions,content-services,process-services$,eslint-plugin-eslint-angular,js-api" steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup - uses: ./.github/actions/download-node-modules-and-artifacts - name: Run unit tests run: | /usr/bin/xvfb-run --auto-servernum npx nx affected:test $NX_CALCULATION_FLAGS --exclude=${{ matrix.unit-tests.exclude }} lint: # long timeout required when cache has to be recreated timeout-minutes: 30 name: "Lint" runs-on: ubuntu-latest needs: [setup] steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup - uses: ./.github/actions/download-node-modules-and-artifacts - run: npx nx affected --target=lint $NX_CALCULATION_FLAGS build-libs: # long timeout required when cache has to be recreated timeout-minutes: 30 name: "Build libs" runs-on: ubuntu-latest needs: [setup] steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup - uses: ./.github/actions/download-node-modules-and-artifacts - run: NX_REJECT_UNKNOWN_LOCAL_CACHE=0 npx nx affected:build $NX_CALCULATION_FLAGS --prod - run: NX_REJECT_UNKNOWN_LOCAL_CACHE=0 npx nx affected --target=build-storybook $NX_CALCULATION_FLAGS --configuration=ci - uses: ./.github/actions/upload-node-modules-and-artifacts PR-forbidden-labels: if: ${{ inputs.cron-run == '' || inputs.cron-run == 'false' }} runs-on: ubuntu-latest steps: - id: checkoutRepo name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - name: PR contains forbidden labels id: pr-forbidden uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const issueHasLabels = require('./scripts/github/update/check-issue-has-label.js'); const checkLabels = ['next version ➡️', 'do not merge🙅🏻‍♂️']; const hasLabel = await issueHasLabels({github, context, checkLabels}) if(hasLabel) { core.setFailed('The PR contains a forbidden label! You are not allowed to merge until the label is there.'); } - name: Check value after run: | echo "result ${{ toJson(steps.pr-forbidden.*.result) }}" && echo "result ${{ steps.pr-forbidden.*.result }}" echo "result ${{ contains(toJson(steps.pr-forbidden.*.result), 'failure') }}" finalize: if: ${{ always() }} runs-on: ubuntu-latest name: Final Results needs: [check-if-pr-is-approved, pre-checks, setup, unit-tests, lint, build-libs] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: identify-slack-group id: groups if: ${{ github.event_name == 'schedule' }} uses: ./.github/actions/slack-group-area with: affected: ${{ steps.e2e-result.outputs.result }} - uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 name: Nofify QA failure if: ${{ github.event_name == 'schedule' && contains(needs.*.result, 'failure') }} env: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} with: channel-id: 'C016SMNNL8L' #guild-channel slack-message: "🔴 Warning: The daily ADF cronjob failed\nWorkflow run : \nDetails: ${{ steps.e2e-result.outputs.result }}\nArea: ${{ steps.groups.outputs.groups}}" - name: workflow failure run: exit 1 if: ${{ contains(needs.*.result, 'failure') }} - name: workflow canceled run: exit 1 if: ${{ contains(needs.*.result, 'cancelled') }} - name: workflow success run: exit 0 if: ${{ contains(needs.*.result, 'success') }}