name: "pull-request" on: workflow_call: inputs: dry-run-flag: description: "enable dry-run on artifact push" required: false type: boolean default: true devel: description: "devel" required: false type: boolean default: false cron-run: description: "disables jobs which should not run when cron runs e2es" required: false type: boolean default: false pull_request: types: [opened, synchronize, reopened] branches: - develop - master - develop-patch* - master-patch* concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: BASE_REF: ${{ github.base_ref }} HEAD_REF: ${{ github.head_ref }} GH_COMMIT: ${{ github.sha }} GH_BUILD_NUMBER: ${{ github.run_id }} LOG_LEVEL: "ERROR" NODE_OPTIONS: "--max-old-space-size=5120" jobs: pre-checks: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Ensure SHA pinned actions uses: hyland/github-actions-ensure-sha-pinned-actions@22ca7a8cf33e873ba1d6fbcd2b71fa0ec5006b17 # v1.1.0 - name: Check package-lock.json version run: | if [[ $(jq '.lockfileVersion == 3' package-lock.json) == "true" ]] ; then echo "package-lock.json has a correct version" else echo "package-lock must be version 3" exit 1 fi check-if-pr-is-approved: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Get branch name uses: Alfresco/alfresco-build-tools/.github/actions/get-branch-name@45b096a6666afcf321d6979aedda63b0998d3c60 # v12.5.1 - name: Save commit message uses: Alfresco/alfresco-build-tools/.github/actions/get-commit-message@45b096a6666afcf321d6979aedda63b0998d3c60 # v12.5.1 with: header-only: true - name: ci:force flag parser shell: bash env: EVENT_NAME: ${{ github.event_name }} ACTOR: ${{ github.actor }} run: | if [ "$EVENT_NAME" == "schedule" ] || [ "$ACTOR" == "dependabot[bot]" ]; then echo -e "\033[32mci:force check can be skipped\033[0m" skip_check="true" elif [[ "$COMMIT_MESSAGE" == *"[ci:force]"* ]]; then echo -e "\033[32m[ci:force] flag detected. No need for approval.\033[0m" skip_check="true" fi - name: Get PR number if: ${{ github.event_name != 'schedule' && github.event_name != 'workflow_dispatch' }} uses: kamatama41/get-pr-number-action@0bcaab5752c0b699149e74667c8ce2f764cbb7fa # v0.9.1 id: action with: github_token: ${{ secrets.GITHUB_TOKEN }} - name: show pr number shell: bash env: PR_NUMBER: ${{ steps.action.outputs.number }} run: | echo "PR: $PR_NUMBER" - name: check if pr is approved env: DEVEL_FLAG: ${{ inputs.devel }} GH_TOKEN: ${{ github.token }} skip_check: "false" EVENT_NAME: ${{ github.event_name }} ACTOR: ${{ github.actor }} PR_NUMBER: ${{ steps.action.outputs.number }} run: | if [ "$EVENT_NAME" == "schedule" ] || [ "$ACTOR" == "dependabot[bot]" ]; then echo -e "\033[32mci:force check can be skipped\033[0m" skip_check="true" elif [[ "$COMMIT_MESSAGE" == *"[ci:force]"* ]]; then echo -e "\033[32m[ci:force] flag detected. No need for approval.\033[0m" skip_check="true" fi if [ "$ACTOR" == "dependabot[bot]" ] || [ "$ACTOR" == "alfresco-build" ]; then echo -e "\033[32mCommit by $ACTOR. No need for approval.\033[0m" skip_check="true" fi if [ "$EVENT_NAME" == "schedule" ] || [ "$EVENT_NAME" == "workflow_dispatch" ]; then echo -e "\033[32mSchedule event\033[0m" skip_check="true" fi if [[ "$DEVEL_FLAG" == "true" ]]; then echo -e "\033[32mDevel flag\033[0m" skip_check="true" fi if [ "$skip_check" == "false" ]; then echo "Checking PR approval" prNumber=$PR_NUMBER echo "PR: $prNumber" checkApproval=$(gh api /repos/$GITHUB_REPOSITORY/pulls/$prNumber/reviews | jq '.[] | select(.state == "APPROVED") | .user.login') if [[ $checkApproval ]]; then echo -e "\033[32mPR approved\033[0m" else echo -e "\033[31mPR NOT approved\033[0m" exit 1 fi fi setup: # long timeout required when cache has to be recreated timeout-minutes: 30 name: "Setup" runs-on: ubuntu-latest needs: [check-if-pr-is-approved, pre-checks] steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup - name: install run: | npm ci npm run bundle:js-api npm run bundle:cli - uses: ./.github/actions/upload-node-modules-and-artifacts unit-tests: timeout-minutes: 30 name: "Unit tests: ${{ matrix.unit-tests.name }}" runs-on: ubuntu-latest needs: [setup] strategy: fail-fast: false # max-parallel: 4 matrix: unit-tests: - name: js-api exclude: "core,insights,content-services,process-services,process-services-cloud,eslint-plugin-eslint-angular" - name: content-services exclude: "insights,core,extensions,process-services,process-services-cloud,eslint-plugin-eslint-angular,js-api" - name: core exclude: "insights,content-services,process-services,process-services-cloud,eslint-plugin-eslint-angular,js-api" - name: insights exclude: "core,extensions,content-services,process-services-cloud,process-services,eslint-plugin-eslint-angular,js-api" - name: process-services exclude: "core,extensions,content-services,process-services-cloud,insights,eslint-plugin-eslint-angular,js-api" - name: process-services-cloud exclude: "insights,core,extensions,content-services,process-services$,eslint-plugin-eslint-angular,js-api" steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup - uses: ./.github/actions/download-node-modules-and-artifacts - name: Run unit tests env: EXCLUDE_PATTERN: ${{ matrix.unit-tests.exclude }} run: | /usr/bin/xvfb-run --auto-servernum npm run test:affected -- $NX_CALCULATION_FLAGS --exclude=$EXCLUDE_PATTERN lint: # long timeout required when cache has to be recreated timeout-minutes: 30 name: "Lint" runs-on: ubuntu-latest needs: [setup] steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup - uses: ./.github/actions/download-node-modules-and-artifacts - run: npm run lint:affected -- $NX_CALCULATION_FLAGS build-libs: # long timeout required when cache has to be recreated timeout-minutes: 30 name: "Build libs" runs-on: ubuntu-latest needs: [setup] steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup - uses: ./.github/actions/download-node-modules-and-artifacts - run: NX_REJECT_UNKNOWN_LOCAL_CACHE=0 npm run build:affected -- $NX_CALCULATION_FLAGS --prod - uses: ./.github/actions/upload-node-modules-and-artifacts build-storybook: timeout-minutes: 30 name: "Build storybook" runs-on: ubuntu-latest needs: [setup] steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup - uses: ./.github/actions/download-node-modules-and-artifacts - run: npm run build-storybook - uses: ./.github/actions/upload-node-modules-and-artifacts PR-forbidden-labels: if: ${{ inputs.cron-run == '' || inputs.cron-run == 'false' }} runs-on: ubuntu-latest steps: - id: checkoutRepo name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 1 - name: PR contains forbidden labels id: pr-forbidden uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const issueHasLabels = require('./scripts/github/update/check-issue-has-label.js'); const checkLabels = ['next version ➡️', 'do not merge🙅🏻‍♂️']; const hasLabel = await issueHasLabels({github, context, checkLabels}) if(hasLabel) { core.setFailed('The PR contains a forbidden label! You are not allowed to merge until the label is there.'); } - name: Check value after env: STEP_RESULT: ${{ toJson(steps.pr-forbidden.*.result) }} HAS_FAILURE: ${{ contains(toJson(steps.pr-forbidden.*.result), 'failure') }} run: | echo "Step result: $STEP_RESULT" echo "Has failure: $HAS_FAILURE" finalize: if: ${{ always() }} runs-on: ubuntu-latest name: Final Results needs: [ check-if-pr-is-approved, pre-checks, setup, unit-tests, lint, build-libs, build-storybook, ] steps: - name: Check job execution status if: >- ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} run: exit 1