Skip to content
CI

ci(.github): migrate infra to GHA #50

Sign in to view logs

ci(.github): migrate infra to GHA

ci(.github): migrate infra to GHA #50

Workflow file for this run

.github/workflows/pr.yml at 3ad245c
name: CI
on:
push:
branches:
- master
pull_request:
env:
NX_PARALLEL: 8 # ubuntu-latest = 8-core CPU / 32 GB of RAM
NX_PREFER_TS_NODE: true
NX_VERBOSE_LOGGING: true
BROWSERSLIST_IGNORE_OLD_DATA: true
# Deploy host and URL
# DEPLOY_BASE_PATH: ''
DEPLOY_HOST: fluentuipr.z22.web.core.windows.net
DEPLOY_URL: https://fluentuipr.z22.web.core.windows.net/${{ github.event.pull_request.number || github.ref_name }}
# DEPLOYHOST: fluentuipr.z22.web.core.windows.net
# DEPLOYURL: https://${{ env.DEPLOYHOST }}/
# GitHub Secrets for Azure access
# This service principal ("subscription" is a misleading name) only has access to the fluentuipr storage account
AZURE_SUBSCRIPTION: Azure PR deploy - NEW
AZURE_STORAGE: fluentuipr
IS_PR: ${{ github.event_name == 'pull_request' }}
TARGET_BRANCH: ${{ github.event.pull_request.base.ref || '' }}
DEPLOY_BASE_PATH: pull/${{github.event.pull_request.number}}
# DEPLOY_BASE_PATH: ${{ github.event.pull_request.number ? 'pull/' + github.event.pull_request.number : 'heads/' + github.ref_name }}
# SKIP_COMPONENT_GOVERNANCE_DETECTION: true
jobs:
main:
runs-on: macos-14-xlarge
permissions:
contents: 'read'
actions: 'read'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Derive appropriate SHAs for base and head for `nx affected` commands
uses: nrwl/nx-set-shas@v4
with:
main-branch-name: 'master'
- uses: actions/setup-node@v4
with:
cache: 'yarn'
node-version: '20'
- run: echo number of CPUs "$(getconf _NPROCESSORS_ONLN)"
- run: yarn install --frozen-lockfile
- run: yarn nx run workspace-plugin:test --nxBail
- name: Workspace lint
run: |
yarn nx run workspace-plugin:check-graph
yarn nx g @fluentui/workspace-plugin:tsconfig-base-all --verify
yarn nx g @fluentui/workspace-plugin:normalize-package-dependencies --verify
- name: Type-check just.config.ts files
run: |
# following packages need to be build in advance:
# @fluentui/api-docs is used within apps/public-docsite-resources/just.config.ts,
# @fluentui/digest is used within packages/fluentui/perf-test-northstar/just.config.ts, thus it needs to be build in advance
#
# NOTE: we are running this via nx in order to get cache hits later on
yarn nx run-many -t build -p api-docs digest
yarn tsc -p ./tsconfig.just-scripts-configs.json
- name: 'check packages: installed dependencies versions'
run: |
yarn check:installed-dependencies-versions
- name: check formatting
run: |
yarn nx format:check --base origin/master
- name: build, test, lint, test-ssr (affected)
run: |
yarn nx affected -t build test lint type-check test-ssr test-integration verify-packaging --exclude react,react-northstar --nxBail
- name: 'Check for unstaged changes'
run: |
git status --porcelain
git diff-index --quiet HEAD -- || exit 1
e2e-and-deploy:
runs-on: macos-14-xlarge
permissions:
contents: 'read'
actions: 'read'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Derive appropriate SHAs for base and head for `nx affected` commands
uses: nrwl/nx-set-shas@v4
with:
main-branch-name: 'master'
- uses: actions/setup-node@v4
with:
cache: 'yarn'
node-version: '20'
- run: echo number of CPUs "$(getconf _NPROCESSORS_ONLN)"
- run: yarn install --frozen-lockfile
- name: Install Playwright dependencies
run: yarn playwright install --with-deps
- name: Verify Cypress install
run: yarn cypress verify
- name: Cypress/Playwright E2E tests
if: github.event_name == 'pull_request'
run: yarn nx affected -t e2e --nxBail --parallel 1
- name: Cypress/Playwright E2E tests (non-PR)
if: github.event_name != 'pull_request'
run: yarn nx run-many -t e2e --nxBail --parallel 1
- name: Bundle
if: github.event_name == 'pull_request'
run: yarn nx affected -t bundle --nxBail
- name: Bundle (non-PR)
if: github.event_name != 'pull_request'
run: yarn nx run-many -t bundle --nxBail
- name: Build Storybooks
if: github.event_name == 'pull_request'
run: yarn nx affected -t build-storybook --nxBail
- name: Build Storybooks (non-PR)
if: github.event_name != 'pull_request'
run: yarn nx run-many -t build-storybook --nxBail
- name: Generate PR Deploy Site
if: github.event_name == 'pull_request'
run: yarn nx run pr-deploy-site:generate:site
- name: Upload PR deploy site
continue-on-error: true
if: github.event_name == 'pull_request'
uses: azure/cli@v2
with:
azcliversion: latest
inlineScript: |
az storage blob upload-batch \
--destination '$web' \
--source apps/pr-deploy-site/dist \
--account-name ${{ secrets.AZURE_STORAGE }} \
--destination-path ${{ env.DEPLOY_BASE_PATH }} \
--auth-mode login \
--overwrite
- name: Update PR deploy site GitHub status
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const { context, github } = require('@actions/github');
const { owner, repo } = context.repo;
const pull_request = context.payload.pull_request;
await github.repos.createCommitStatus({
owner: 'microsoft',
repo: 'fluentui',
sha: pull_request.head.sha,
state: 'success',
context: 'Pull request demo site',
description: 'Click "Details" to go to the deployed demo site for this pull request',
target_url: process.env.DEPLOY_URL + '/'
});
env:
DEPLOY_URL: ${{ env.DEPLOY_URL }}
bundle-size:
runs-on: macos-14-xlarge
permissions:
pull-requests: write
contents: 'read'
actions: 'read'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Derive appropriate SHAs for base and head for `nx affected` commands
uses: nrwl/nx-set-shas@v4
with:
main-branch-name: 'master'
- uses: actions/setup-node@v4
with:
cache: 'yarn'
node-version: '20'
- run: echo number of CPUs "$(getconf _NPROCESSORS_ONLN)"
- run: yarn install --frozen-lockfile
- name: Build packages & create reports (PR only)
if: github.event_name == 'pull_request'
run: yarn nx affected -t bundle-size --nxBail
- name: Compare bundle size with base (PR only)
if: github.event_name == 'pull_request'
run: npx monosize compare-reports --branch=${{ github.event.pull_request.base.ref }} --output=markdown --quiet > ./monosize-report.md
- name: Compare Reports Output
run: cat ./monosize-report.md
- name: Read the monosize report
id: read_report
if: ${{ github.event_name == 'pull_request' }}
run: |
if [ -f monosize-report.md ]; then
report=$(cat monosize-report.md)
echo "report<<EOF" >> $GITHUB_ENV
echo "$report" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
else
echo "No report found"
fi
- name: Post results to PR (PR only)
if: github.event_name == 'pull_request'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Use a GitHub token (this is automatically provided)
script: |
const run = require('./.github/bundle-size-comment');
await run({github,context,core});
# - name: Post results to PR (PR only)
# if: github.event_name == 'pull_request'
# uses: marocchino/sticky-pull-request-comment@v2
# with:
# path: monosize-report.md
- name: Build all packages & create reports (non-PR)
if: github.event_name != 'pull_request'
run: yarn nx run-many -t bundle-size --nxBail
- name: Upload a report (base only)
continue-on-error: true
if: github.event_name != 'pull_request'
uses: azure/cli@v2
with:
azcliversion: latest
inlineScript: |
yarn monosize upload-report --branch=${{ github.ref }} --commit-sha ${{ github.sha }}
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_SERVICE_CONNECTION_ID: ${{ secrets.AZURE_SERVICE_CONNECTION_ID }}
BUNDLESIZE_ACCOUNT_NAME: ${{ secrets.BUNDLESIZE_ACCOUNT_NAME }}
SYSTEM_ACCESSTOKEN: ${{ secrets.GITHUB_TOKEN }}