-
Notifications
You must be signed in to change notification settings - Fork 3
349 lines (295 loc) · 10.5 KB
/
ci.yml
File metadata and controls
349 lines (295 loc) · 10.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
name: Secutils
permissions:
contents: read
on:
push:
branches: [ main ]
paths-ignore:
- '*.md'
- '.husky/**'
- 'dev/tools/**'
- 'LICENSE'
env:
CARGO_TERM_COLOR: always
jobs:
ci-api:
name: Build API (Linux)
runs-on: ubuntu-latest
env:
DATABASE_URL: postgres://postgres@localhost:5432/secutils
services:
postgres:
image: postgres:16
env:
POSTGRES_HOST_AUTH_METHOD: trust
ports:
- 5432:5432
steps:
- uses: actions/checkout@v6
with:
submodules: true
- name: Install Protoc
uses: arduino/setup-protoc@v3
# Always install nightly toolchain for `Rustfmt`.
- name: Install toolchains
run: |
rustup toolchain install stable nightly
rustup override set stable
rustup component add clippy
rustup component add --toolchain nightly rustfmt
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2
with:
shared-key: "ci-api"
cache-all-crates: true
- name: Check format
run: cargo +nightly fmt --all -- --check
- name: Cache sqlx-cli
id: cache-sqlx
uses: actions/cache@v5
with:
path: |
~/.cargo/bin/sqlx
~/.cargo/bin/cargo-sqlx
key: sqlx-cli-0.8.6-${{ runner.os }}
- name: Install sqlx-cli
if: steps.cache-sqlx.outputs.cache-hit != 'true'
run: |
curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash
cargo binstall --no-confirm sqlx-cli
- name: Check database schema
run: |
cargo sqlx database create
cargo sqlx migrate run
cargo sqlx prepare --check
- name: Test (default features)
run: cargo test
- name: Clippy
run: cargo clippy --workspace --all-targets -- -D warnings
ci-webui:
name: Build Web UI (Linux)
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v6
with:
ref: ${{ github.ref }}
- uses: actions/setup-node@v6
with:
node-version-file: '.nvmrc'
cache: 'npm'
- name: Install dependencies
run: npm --prefix components/secutils-webui ci
- name: Test
run: npm --prefix components/secutils-webui run test
- name: Build
run: npm --prefix components/secutils-webui run build
- name: Analyze bundle sizes
run: npm --prefix components/secutils-webui run analyze
- name: Commit bundle size history
if: success() && github.ref == 'refs/heads/main'
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add components/secutils-webui/.bundlesize/history.jsonl
git diff --cached --quiet || git commit -m "chore: update bundle size history [skip ci]" && git push
ci-perf:
name: JS Runtime Perf Harness (Linux)
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v6
with:
ref: ${{ github.ref }}
# `benches/js-runtime-perf` is a workspace member that depends on
# `secutils`, which pulls in `retrack-types` from the retrack
# submodule. Without it, `cargo metadata`/`cargo build` fail to load
# the workspace manifest.
submodules: true
- name: Install Protoc
uses: arduino/setup-protoc@v3
- name: Install Rust toolchain
run: |
rustup toolchain install stable
rustup override set stable
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2
with:
shared-key: "ci-perf"
cache-all-crates: true
# The `v8` crate's build script downloads `librusty_v8.a` into
# `~/.cargo/.rusty_v8/`; cache it so we don't re-download ~30MB
# every run.
cache-directories: |
~/.cargo/.rusty_v8
# `Swatinem/rust-cache` only preserves `target/<profile>/{build,.fingerprint,deps}`
# during its save-time cleanup, which strips the non-standard
# `target/release/gn_out/` directory where the `v8` build script places
# the `librusty_v8.a` static archive. Without this step, the restored
# `.fingerprint/v8-*` makes cargo skip the build script while the static
# archive is missing, and linking fails with "could not find native
# static library `rusty_v8`". Clearing the v8 fingerprint forces the
# build script to re-run and re-populate `gn_out/obj/librusty_v8.a`
# (using the cached download under `~/.cargo/.rusty_v8/`).
- name: Force v8 build script rerun
run: rm -rf target/release/.fingerprint/v8-* target/release/build/v8-*
- uses: actions/setup-node@v6
with:
node-version-file: '.nvmrc'
- name: Run perf harness and record history
run: make perf ANALYZE=1
- name: Upload perf report JSON
uses: actions/upload-artifact@v7
with:
name: perf-report
path: /tmp/perf.json
retention-days: 30
- name: Commit perf history
if: success() && github.ref == 'refs/heads/main'
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add .perf/history.jsonl
git diff --cached --quiet || git commit -m "chore: update JS runtime perf history [skip ci]" && git push
ci-docs:
name: Build Docs (Linux)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
with:
node-version-file: '.nvmrc'
cache: 'npm'
- name: Install dependencies
run: npm --prefix components/secutils-docs ci
- name: Build
run: npm --prefix components/secutils-docs run build
ci-docker:
name: Build Docker Images
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
submodules: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build all Docker images
uses: docker/bake-action@v6
with:
files: |
dev/docker/docker-compose.yml
dev/docker/docker-compose.e2e.yml
dev/docker/docker-compose.ci-cache.yml
load: true
set: |
retrack.cache-from=type=gha,scope=retrack
retrack.cache-to=type=gha,mode=max,scope=retrack,ignore-error=true
retrack_web_scraper.cache-from=type=gha,scope=retrack-web-scraper
retrack_web_scraper.cache-to=type=gha,mode=max,scope=retrack-web-scraper,ignore-error=true
secutils_api.cache-from=type=gha,scope=secutils-api
secutils_api.cache-to=type=gha,mode=max,scope=secutils-api,ignore-error=true
secutils_webui.cache-from=type=gha,scope=secutils-webui
secutils_webui.cache-to=type=gha,mode=max,scope=secutils-webui,ignore-error=true
- name: Save Docker images
run: >
docker save
ci-retrack ci-retrack-web-scraper ci-retrack-web-scraper-camoufox
ci-secutils-api ci-secutils-docs ci-secutils-webui
| zstd -T0 -3 > docker-images.tar.zst
- name: Upload Docker images
uses: actions/upload-artifact@v7
with:
path: docker-images.tar.zst
retention-days: 1
archive: false
ci-e2e:
name: E2E Tests (Linux)
runs-on: ubuntu-latest
needs: [ci-api, ci-webui, ci-docs, ci-docker]
steps:
- uses: actions/checkout@v6
with:
submodules: true
- uses: actions/setup-node@v6
with:
node-version-file: '.nvmrc'
cache: 'npm'
cache-dependency-path: e2e/package-lock.json
- name: Download Docker images
uses: actions/download-artifact@v8
with:
name: docker-images.tar.zst
- name: Load Docker images
run: zstd -dc docker-images.tar.zst | docker load
- name: Cache Playwright browsers
uses: actions/cache@v5
with:
path: ~/.cache/ms-playwright
key: playwright-${{ hashFiles('e2e/package-lock.json') }}
- name: Install Playwright
working-directory: e2e
run: |
npm ci
npx playwright install --with-deps chromium
- name: Run standalone tests (no Docker stack needed)
working-directory: e2e
run: npx playwright test --config=playwright.standalone.config.ts
- name: Start services
run: >
docker compose
-f dev/docker/docker-compose.yml
-f dev/docker/docker-compose.e2e.yml
-f dev/docker/docker-compose.ci-cache.yml
up -d --wait
- name: Verify services are ready
run: |
curl -sf --retry 12 --retry-delay 5 --retry-all-errors http://localhost:7070/api/status
curl -sf --retry 6 --retry-delay 5 --retry-all-errors http://localhost:7171/
- name: Run Playwright tests
working-directory: e2e
run: npx playwright test
env:
BASE_URL: http://localhost:7171
- name: Generate doc screenshots
if: success()
working-directory: e2e
run: npx playwright test --config playwright.docs.config.ts
env:
BASE_URL: http://localhost:7171
- name: Upload doc screenshots
uses: actions/upload-artifact@v7
if: success()
with:
name: doc-screenshots
path: components/secutils-docs/static/img/docs/guides/
retention-days: 14
- name: Upload Playwright report
uses: actions/upload-artifact@v7
if: ${{ !cancelled() }}
with:
name: playwright-report
path: e2e/playwright-report/
retention-days: 14
- name: Collect Docker logs on failure
if: failure()
run: >
docker compose
-f dev/docker/docker-compose.yml
-f dev/docker/docker-compose.e2e.yml
logs > docker-logs.txt 2>&1
- name: Upload Docker logs
uses: actions/upload-artifact@v7
if: failure()
with:
name: docker-logs
path: docker-logs.txt
retention-days: 7
- name: Stop services
if: always()
run: >
docker compose
-f dev/docker/docker-compose.yml
-f dev/docker/docker-compose.e2e.yml
down --volumes