name: Workflow on: pull_request: branches: - master push: branches: - master # This ensures that previous jobs for the PR are canceled when the PR is # updated. concurrency: group: ${{ github.workflow }}-${{ github.head_ref }} cancel-in-progress: true jobs: lint-job: name: Checking Lint runs-on: [ubuntu-latest] strategy: matrix: go-version: [1.23.x] os: [ubuntu-latest] steps: - name: Check out code uses: actions/checkout@v3 - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }} uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} id: go - name: Build on ${{ matrix.os }} env: GO111MODULE: on GOOS: linux run: | make verifiers ui-assets-istanbul-coverage: name: "Assets with Istanbul Plugin for coverage" runs-on: ubuntu-latest strategy: matrix: go-version: [1.23.x] os: [ubuntu-latest] steps: - name: Check out code uses: actions/checkout@v3 - name: Enable Corepack run: corepack enable - uses: actions/setup-node@v4 with: node-version-file: .nvmrc cache: "yarn" cache-dependency-path: web-app/yarn.lock - uses: actions/cache@v4 id: assets-cache-istanbul-coverage name: Assets Cache Istanbul Coverage with: path: | ./web-app/build/ key: ${{ runner.os }}-assets-istanbul-coverage-${{ github.run_id }} - name: Install Dependencies working-directory: ./web-app continue-on-error: false run: | yarn install --immutable - name: Check for Warnings in build output working-directory: ./web-app continue-on-error: false run: | ./check-warnings-istanbul-coverage.sh - name: Check if Files are Prettified working-directory: ./web-app continue-on-error: false run: | ./check-prettier.sh reuse-golang-dependencies: name: reuse golang dependencies runs-on: ubuntu-latest strategy: matrix: go-version: [1.23.x] os: [ubuntu-latest] steps: - name: Check out code uses: actions/checkout@v3 - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }} uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} id: go - name: Build on ${{ matrix.os }} env: GO111MODULE: on GOOS: linux run: | go mod download semgrep-static-code-analysis: name: "semgrep checks" runs-on: ubuntu-latest strategy: matrix: os: [ubuntu-latest] steps: - name: Check out source code uses: actions/checkout@v3 - name: Scanning code on ${{ matrix.os }} continue-on-error: false run: | # Install semgrep rather than using a container due to: # https://github.com/actions/checkout/issues/334 sudo apt install -y python3-pip || apt install -y python3-pip pip3 install semgrep semgrep --config semgrep.yaml $(pwd)/web-app --error compile-binary-istanbul-coverage: name: "Compile Console Binary with Istanbul Plugin for Coverage" needs: - lint-job - ui-assets-istanbul-coverage - reuse-golang-dependencies - semgrep-static-code-analysis runs-on: ${{ matrix.os }} strategy: matrix: go-version: [1.23.x] os: [ubuntu-latest] steps: - name: Check out code uses: actions/checkout@v3 - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }} uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} id: go - uses: actions/cache@v4 name: Console Binary Cache Istanbul Coverage with: path: | ./console key: ${{ runner.os }}-binary-istanbul-coverage-${{ github.run_id }} - uses: actions/cache@v4 id: assets-cache-istanbul-coverage name: Assets Cache Istanbul Coverage with: path: | ./web-app/build/ key: ${{ runner.os }}-assets-istanbul-coverage-${{ github.run_id }} - name: Build on ${{ matrix.os }} env: GO111MODULE: on GOOS: linux run: | make console playwright: needs: - compile-binary-istanbul-coverage timeout-minutes: 60 runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Enable Corepack run: corepack enable - uses: actions/setup-node@v4 with: node-version: 18 - name: Install dependencies run: | echo "Install dependencies" cd $GITHUB_WORKSPACE/web-app yarn add -D playwright yarn add -D @playwright/test yarn add -D babel-plugin-istanbul yarn add -D nyc yarn add -D react-app-rewired yarn add -D create-react-app yarn init -y echo "yarn install" yarn install - name: Install Playwright Browsers run: npx playwright install --with-deps - uses: actions/cache@v4 name: Console Binary Cache Istanbul Coverage with: path: | ./console key: ${{ runner.os }}-binary-istanbul-coverage-${{ github.run_id }} - name: Start Console, front-end app and initialize users/policies run: | (./console server) & (make initialize-permissions) - name: Run Playwright tests run: | echo "Run tests under playwright folder only" cd $GITHUB_WORKSPACE/web-app yarn remove playwright yarn add --dev @playwright/test echo "npx playwright test" npx playwright test # To run the tests echo "npx nyc report" npx nyc report # To see report printed in logs as text echo "npx nyc report --reporter=html" npx nyc report --reporter=html # to see report in ./coverage/index.html - uses: actions/upload-artifact@v4 if: always() with: name: playwright-report path: playwright-report/ retention-days: 30 - uses: actions/upload-artifact@v4 if: always() with: name: coverage path: coverage/ retention-days: 30