| name: CI |
| |
| # Controls when the action will run. |
| on: |
| # Triggers the workflow on push or pull request events but only for the main branch |
| push: |
| branches: [main] |
| pull_request: |
| branches: [main] |
| |
| # Allows you to run this workflow manually from the Actions tab |
| workflow_dispatch: |
| |
| jobs: |
| # matrix-prep-* steps dynamically generate a bit of JSON depending on whether our action has |
| # access to repository secrets. When running on a pull_request from a fork, the author is |
| # untrusted so the secret will be absent. Insanely complex for how simple this requirement is... |
| # inspired from |
| # https://stackoverflow.com/questions/65384420/how-to-make-a-github-action-matrix-element-conditional |
| |
| matrix-prep-config: |
| # Prepares the 'config' axis of the test matrix |
| runs-on: ubuntu-latest |
| env: |
| ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }} |
| steps: |
| - id: local |
| run: echo "config=local" >> $GITHUB_OUTPUT |
| - id: rbe |
| run: echo "config=rbe" >> $GITHUB_OUTPUT |
| # Don't run RBE if there are no EngFlow creds which is the case on forks |
| if: ${{ env.ENGFLOW_PRIVATE_KEY != '' }} |
| outputs: |
| # Will look like '["local", "rbe"]' |
| configs: ${{ toJSON(steps.*.outputs.config) }} |
| |
| matrix-prep-bazelversion: |
| # Prepares the 'bazelversion' axis of the test matrix |
| runs-on: ubuntu-latest |
| steps: |
| - uses: actions/checkout@v3 |
| - id: bazel_6 |
| run: echo "bazelversion=$(head -n 1 .bazelversion)" >> $GITHUB_OUTPUT |
| - id: bazel_5 |
| run: echo "bazelversion=5.3.2" >> $GITHUB_OUTPUT |
| outputs: |
| # Will look like '["<version from .bazelversion>", "5.3.2"]' |
| bazelversions: ${{ toJSON(steps.*.outputs.bazelversion) }} |
| |
| matrix-prep-folder: |
| # Prepares the 'folder' axis of the test matrix |
| runs-on: ubuntu-latest |
| env: |
| ASPECT_NPM_AUTH_TOKEN: ${{ secrets.ASPECT_NPM_AUTH_TOKEN }} |
| steps: |
| - id: root |
| run: echo "folder=." >> $GITHUB_OUTPUT |
| - id: bzlmod |
| run: echo "folder=e2e/bzlmod" >> $GITHUB_OUTPUT |
| - id: js_image |
| run: echo "folder=e2e/js_image" >> $GITHUB_OUTPUT |
| - id: js_run_devserver |
| run: echo "folder=e2e/js_run_devserver" >> $GITHUB_OUTPUT |
| - id: npm_link_package-esm |
| run: echo "folder=e2e/npm_link_package-esm" >> $GITHUB_OUTPUT |
| - id: npm_link_package |
| run: echo "folder=e2e/npm_link_package" >> $GITHUB_OUTPUT |
| - id: npm_translate_lock_auth |
| run: echo "folder=e2e/npm_translate_lock_auth" >> $GITHUB_OUTPUT |
| # Don't run e2e/npm_translate_lock_auth if there is no auth token secret which is the case on forks. |
| if: ${{ env.ASPECT_NPM_AUTH_TOKEN != '' }} |
| - id: npm_translate_lock |
| run: echo "folder=e2e/npm_translate_lock" >> $GITHUB_OUTPUT |
| - id: npm_translate_package_lock |
| run: echo "folder=e2e/npm_translate_package_lock" >> $GITHUB_OUTPUT |
| - id: npm_translate_yarn_lock |
| run: echo "folder=e2e/npm_translate_yarn_lock" >> $GITHUB_OUTPUT |
| - id: package_json_module |
| run: echo "folder=e2e/package_json_module" >> $GITHUB_OUTPUT |
| - id: pnpm_workspace_rerooted |
| run: echo "folder=e2e/pnpm_workspace_rerooted" >> $GITHUB_OUTPUT |
| - id: pnpm_workspace |
| run: echo "folder=e2e/pnpm_workspace" >> $GITHUB_OUTPUT |
| - id: rules_foo |
| run: echo "folder=e2e/rules_foo" >> $GITHUB_OUTPUT |
| outputs: |
| # Will look like '[".", "e2e/bzlmod", ...]' |
| folders: ${{ toJSON(steps.*.outputs.folder) }} |
| |
| test: |
| runs-on: ubuntu-latest |
| |
| needs: |
| - matrix-prep-config |
| - matrix-prep-bazelversion |
| - matrix-prep-folder |
| |
| strategy: |
| fail-fast: false |
| matrix: |
| config: ${{ fromJSON(needs.matrix-prep-config.outputs.configs) }} |
| bazelversion: ${{ fromJSON(needs.matrix-prep-bazelversion.outputs.bazelversions) }} |
| folder: ${{ fromJSON(needs.matrix-prep-folder.outputs.folders) }} |
| exclude: |
| # Don't test RBE with Bazel 5 (not supported) |
| - config: rbe |
| bazelversion: 5.3.2 |
| # Don't test bzlmod with Bazel 5 (not supported) |
| - bazelversion: 5.3.2 |
| folder: e2e/bzlmod |
| |
| # Steps represent a sequence of tasks that will be executed as part of the job |
| steps: |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it |
| - uses: actions/checkout@v3 |
| |
| - name: Mount bazel caches |
| uses: actions/cache@v3 |
| with: |
| path: | |
| ~/.cache/bazel |
| ~/.cache/bazel-repo |
| key: bazel-cache-${{ hashFiles('**/BUILD.bazel', '**/*.bzl', 'WORKSPACE', '**/*.js') }} |
| restore-keys: bazel-cache- |
| |
| - name: Configure Bazel version |
| working-directory: ${{ matrix.folder }} |
| # Overwrite the .bazelversion instead of using USE_BAZEL_VERSION so that Bazelisk |
| # still bootstraps Aspect CLI from configuration in .bazeliskrc. Aspect CLI will |
| # then use .bazelversion to determine which Bazel version to use |
| run: echo "${{ matrix.bazelversion }}" > .bazelversion |
| |
| - name: Write EngFlow credentials |
| # Writes EngFlow credential files for RBE configurations |
| if: matrix.config == 'rbe' |
| working-directory: ${{ matrix.folder }} |
| run: | |
| touch engflow.crt engflow.key |
| chmod 0600 engflow.crt engflow.key |
| echo "$ENGFLOW_CLIENT_CRT" > engflow.crt |
| echo "$ENGFLOW_PRIVATE_KEY" > engflow.key |
| env: |
| ENGFLOW_CLIENT_CRT: ${{ secrets.ENGFLOW_CLIENT_CRT }} |
| ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }} |
| |
| - name: Check for test.sh |
| # Checks for the existence of test.sh in the folder. Downstream steps can use |
| # steps.has_test_sh.outputs.files_exists as a conditional. |
| id: has_test_sh |
| uses: andstor/file-existence-action@v1 |
| with: |
| files: '${{ matrix.folder }}/test.sh' |
| |
| - name: ./test.sh |
| # Run if there is a test.sh file in the folder. |
| if: steps.has_test_sh.outputs.files_exists == 'true' |
| working-directory: ${{ matrix.folder }} |
| shell: bash |
| run: ./test.sh |
| env: |
| # Bazelisk will download bazel to here |
| XDG_CACHE_HOME: ~/.cache/bazel-repo |
| |
| - name: bazel test //... |
| # Don't run if there is a test.sh file in the folder. |
| if: steps.has_test_sh.outputs.files_exists != 'true' |
| working-directory: ${{ matrix.folder }} |
| run: | |
| bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc --bazelrc=.bazelrc test --config=${{ matrix.config }} //... |
| ls $(bazel info output_base)/external | grep -v __links | grep -vz unused |
| env: |
| # Bazelisk will download bazel to here |
| XDG_CACHE_HOME: ~/.cache/bazel-repo |
| ASPECT_NPM_AUTH_TOKEN: ${{ secrets.ASPECT_NPM_AUTH_TOKEN }} |
| ASPECT_GH_PACKAGES_AUTH_TOKEN: ${{ secrets.ASPECT_GH_PACKAGES_AUTH_TOKEN }} |
| |
| - name: bazel coverage //... |
| # Don't run if there is a test.sh file in the folder. |
| # Don't run on RBE. Coverage does not work properly with RBE. See: bazelbuild/bazel#4685. |
| # Don't run coverage on e2e/bzlmod. It fails evaluating js/private/coverage/BUILD.bazel because write_source_files is not yet bzlmod compatible. |
| if: steps.has_test_sh.outputs.files_exists != 'true' && matrix.config == 'local' |
| working-directory: ${{ matrix.folder }} |
| run: | |
| bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc --bazelrc=.bazelrc coverage --config=${{ matrix.config }} --instrument_test_targets //... |
| env: |
| # Bazelisk will download bazel to here |
| XDG_CACHE_HOME: ~/.cache/bazel-repo |
| ASPECT_NPM_AUTH_TOKEN: ${{ secrets.ASPECT_NPM_AUTH_TOKEN }} |
| ASPECT_GH_PACKAGES_AUTH_TOKEN: ${{ secrets.ASPECT_GH_PACKAGES_AUTH_TOKEN }} |
