-
-
Notifications
You must be signed in to change notification settings - Fork 50
209 lines (184 loc) · 8.43 KB
/
safe_app_ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt)
# Licensed under the EUPL-1.2-or-later.
#
# You may obtain a copy of the Licence at:
# https://joinup.ec.europa.eu/software/page/eupl
#
# SPDX-License-Identifier: EUPL-1.2
# This workflow handles the CI for the app.
#
# Therefore, it's only triggered on pull requests that make changes to the app.
# It only contains jobs that don't require any secrets. The jobs that require
# secrets are handled in the "unsafe_app_ci.yml" workflow.
name: safe-app-ci
concurrency:
group: safe-app-ci-${{ github.head_ref }}
# In order to conserve the use of GitHub Actions, we cancel the running action
# of the previous commit. This means that if you first commit "A" and then
# commit "B" to the pull request a few minutes later, the workflow for commit
# "A" will be cancelled.
cancel-in-progress: true
on:
# Triggers the workflow on pull request events
pull_request:
types:
- opened
- synchronize
- reopened
# It's important to trigger this workflow again when the pull is changing
# from a draft pull request to a ready for review pull request.
#
# Some jobs are skipped when the pull request is a draft. Therefore, we
# need to trigger these jobs again when the pull request is changing to
# ready for review.
- ready_for_review
merge_group:
types:
- checks_requested
env:
CI_CD_DART_SCRIPTS_PACKAGE_PATH: "tools/sz_repo_cli/"
# Set permissions to none.
#
# Using the broad default permissions is considered a bad security practice
# and would cause alerts from our scanning tools.
permissions: {}
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# We can't use the official "paths" filter because it has no support for merge
# groups and we would need some kind of fallback CI when a check is required
# but ignored because of the path filter.
#
# See:
# * https://github.com/community/community/discussions/45899 (merge groups)
# * https://github.com/github/docs/commit/4364076e0fb56c2579ae90cd048939eaa2c18954
# (workaround for required checks with path filters)
changes:
runs-on: ubuntu-22.04
outputs:
changesFound: ${{ steps.filter.outputs.changesFound }}
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- uses: AurorNZ/paths-filter@3b1f3abc3371cca888d8eb03dfa70bc8a9867629
id: filter
with:
filters: |
changesFound:
# When we change the Flutter version, we need to trigger this workflow.
- ".fvm/fvm_config.json"
# We only build and deploy a new version, when a user relevant files
# changed.
- "app/**"
- "lib/**"
# We trigger also this workflow, if this workflow is changed, so that new
# changes will be applied.
- ".github/workflows/safe_app_ci.yml"
# The following paths are excluded from the above paths. It's important to
# list the paths at the end of the file, so that the exclude paths are
# applied.
#
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-including-and-excluding-paths.
- "!**/*.md"
- "!**/*.mdx"
- "!**/*.gitignore"
- "!**/firebase.json"
- "!**/.firebaserc"
- "!app/android/fastlane/**"
analyze:
needs: changes
runs-on: ubuntu-22.04
# In draft PRs we might use TODOs temporarily.
# In this case the analyze pipeline would fail, thus we won't run it.
if: ${{ github.event.pull_request.draft == false && needs.changes.outputs.changesFound == 'true' }}
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Set Flutter version from FVM config file to environment variables
id: fvm-config-action
uses: kuhnroyal/flutter-fvm-config-action@4155f8ca4c30a4f2f50df69caa0e4259f6cd1142
- uses: subosito/flutter-action@44ac965b96f18d999802d4b807e3256d5a3f9fa1
with:
flutter-version: ${{ steps.fvm-config-action.outputs.FLUTTER_VERSION }}
channel: ${{ steps.fvm-config-action.outputs.FLUTTER_CHANNEL }}
- name: Activate sz_repo_cli package
run: flutter pub global activate --source path "$CI_CD_DART_SCRIPTS_PACKAGE_PATH"
# So we can just use "sz COMMAND" instead of "dart ../path/to/script.dart ..."
- run: echo $(realpath ./bin) >> $GITHUB_PATH
- name: Run code analysis via "sz analyze" (formatting, issues, spacing ...)
# We don't run the analysis in parallel to prevent
# https://github.com/SharezoneApp/sharezone-app/issues/1658.
run: |
sz analyze \
--max-concurrent-packages 1 \
--package-timeout-minutes 15
# We split the tests into two jobs, because we want to run the golden tests on
# a macOS runner, because the golden tests were generated on macOS. To reduce
# the time that macOS runner are used, we run the other tests on a Linux
# runner.
test-without-goldens:
needs: changes
if: ${{ needs.changes.outputs.changesFound == 'true' }}
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Set Flutter version from FVM config file to environment variables
id: fvm-config-action
uses: kuhnroyal/flutter-fvm-config-action@4155f8ca4c30a4f2f50df69caa0e4259f6cd1142
- uses: subosito/flutter-action@44ac965b96f18d999802d4b807e3256d5a3f9fa1
with:
flutter-version: ${{ steps.fvm-config-action.outputs.FLUTTER_VERSION }}
channel: ${{ steps.fvm-config-action.outputs.FLUTTER_CHANNEL }}
- name: Activate sz_repo_cli package
run: flutter pub global activate --source path "$CI_CD_DART_SCRIPTS_PACKAGE_PATH"
# So we can just use "sz COMMAND" instead of "dart ../path/to/script.dart ..."
- run: echo $(pwd)/bin >> $GITHUB_PATH
- name: Run tests via "sz test"
# We don't run the analysis in parallel to prevent
# https://github.com/SharezoneApp/sharezone-app/issues/1658.
run: |
sz test \
-c 1 \
--package-timeout-minutes 15 \
--exclude-goldens
# We split the tests into two jobs, because we want to run the golden tests on
# a macOS runner, because the golden tests were generated on macOS. To reduce
# the time that macOS runner are used, we run the other tests on a Linux
# runner.
test-with-goldens:
needs: changes
if: ${{ needs.changes.outputs.changesFound == 'true' }}
# Due to https://github.com/flutter/flutter/issues/111739 our golden tests
# require macOS arm64. Therefore, we need to use macos-14.
runs-on: macos-14
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Set Flutter version from FVM config file to environment variables
id: fvm-config-action
uses: kuhnroyal/flutter-fvm-config-action@4155f8ca4c30a4f2f50df69caa0e4259f6cd1142
- uses: subosito/flutter-action@44ac965b96f18d999802d4b807e3256d5a3f9fa1
with:
flutter-version: ${{ steps.fvm-config-action.outputs.FLUTTER_VERSION }}
channel: ${{ steps.fvm-config-action.outputs.FLUTTER_CHANNEL }}
- name: Install Sharezone CLI
run: |
flutter pub global activate --source path "$CI_CD_DART_SCRIPTS_PACKAGE_PATH"
echo $(pwd)/bin >> $GITHUB_PATH
- name: Run tests via "sz test"
# We don't run the analysis in parallel to prevent
# https://github.com/SharezoneApp/sharezone-app/issues/1658.
run: |
sz test \
-c 1 \
--package-timeout-minutes 15 \
--only-goldens
# Uploads the results of failed tests as .zip to GitHub.
#
# You can find the file under the "Summary" Tab on GitHub when all jobs of
# this workflows finished.
- name: Upload failed golden tests
if: failure()
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874
with:
name: failed-golden-tests
# When golden test fail then the results are stored in "failures"
# folders. Since golden tests run in several different places (e.g. /app,
# or packages in /lib) the failures folder will be spread in different places.
path: "**/failures/*.png"