.github/workflows/ci.yaml - third_party/github/aspect-build/rules_js - Git at Google

 name: CI

 # Controls when the action will run.
 on:
     # Triggers the workflow on push or pull request events but only for the main branch
     push:
         branches: [main]
     pull_request:
         branches: [main]

     # Allows you to run this workflow manually from the Actions tab
     workflow_dispatch:

 jobs:
     # Dynamically generate a bit of JSON depending on whether our action has access to repository secrets.
     # When running on a pull_request from a fork, the author is untrusted so the secret will be absent.
     # Insanely complex for how simple this requirement is... inspired from
     # https://stackoverflow.com/questions/65384420/how-to-make-a-github-action-matrix-element-conditional
     matrix-prep:
         runs-on: ubuntu-latest
         env:
             ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }}
         steps:
             - id: local
               run: echo "::set-output name=config::local"
             - id: maybe-rbe
               if: ${{ env.ENGFLOW_PRIVATE_KEY != '' }}
               run: echo "::set-output name=config::rbe"
         outputs:
             # Will look like '["local", "rbe"]'
             configs: ${{ toJSON(steps.*.outputs.config) }}

     test:
         # The type of runner that the job will run on
         runs-on: ubuntu-latest
         needs: matrix-prep

         strategy:
             matrix:
                 config: ${{ fromJSON(needs.matrix-prep.outputs.configs) }}
                 folder:
                     - '.'
                     # Broken by the bazel 5.3.0 upgrade
                     # TODO: figure out and re-enable
                     # - 'e2e/bzlmod'
                     - 'e2e/npm_link_package'
                     - 'e2e/npm_link_package-esm'
                     - 'e2e/pnpm_workspace'
                     - 'e2e/pnpm_workspace_rerooted'
                     - 'e2e/npm_translate_package_lock'
                     - 'e2e/npm_translate_yarn_lock'
                     - 'e2e/package_json_module'
                     - 'e2e/rules_foo'
                     - 'e2e/js_image'

         # Steps represent a sequence of tasks that will be executed as part of the job
         steps:
             # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
             - uses: actions/checkout@v3
             - name: Mount bazel caches
               uses: actions/cache@v3
               with:
                   path: |
                       ~/.cache/bazel
                       ~/.cache/bazel-repo
                   key: bazel-cache-${{ hashFiles('**/BUILD.bazel', '**/*.bzl', 'WORKSPACE', '**/*.js') }}
                   restore-keys: bazel-cache-
             - name: Write engflow credentials
               if: ${{ matrix.config == 'rbe' }}
               working-directory: ${{ matrix.folder }}
               run: |
                   touch engflow.crt engflow.key
                   chmod 0600 engflow.crt engflow.key
                   echo "$ENGFLOW_CLIENT_CRT" > engflow.crt
                   echo "$ENGFLOW_PRIVATE_KEY" > engflow.key
                   echo "USE_BAZEL_VERSION=last_green" >> $GITHUB_ENV
               env:
                   ENGFLOW_CLIENT_CRT: ${{ secrets.ENGFLOW_CLIENT_CRT }}
                   ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }}
             - name: bazel test //...
               env:
                   # Bazelisk will download bazel to here
                   XDG_CACHE_HOME: ~/.cache/bazel-repo
               working-directory: ${{ matrix.folder }}
               run: |
                   bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc --bazelrc=.bazelrc test --config=${{ matrix.config }}  //...
                   ls $(bazel info output_base)/external | grep -v __links | grep -vz unused

             - name: bazel coverage //...
               env:
                   # Bazelisk will download bazel to here
                   XDG_CACHE_HOME: ~/.cache/bazel-repo
               working-directory: ${{ matrix.folder }}
               # Coverage does not work properly with RBE. See: bazelbuild/bazel#4685
               if: ${{ matrix.config == 'local' }}
               run: |
                   bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc --bazelrc=.bazelrc coverage --config=${{ matrix.config }} --instrument_test_targets //...
	name: CI

	# Controls when the action will run.
	on:
	# Triggers the workflow on push or pull request events but only for the main branch
	push:
	branches: [main]
	pull_request:
	branches: [main]

	# Allows you to run this workflow manually from the Actions tab
	workflow_dispatch:

	jobs:
	# Dynamically generate a bit of JSON depending on whether our action has access to repository secrets.
	# When running on a pull_request from a fork, the author is untrusted so the secret will be absent.
	# Insanely complex for how simple this requirement is... inspired from
	# https://stackoverflow.com/questions/65384420/how-to-make-a-github-action-matrix-element-conditional
	matrix-prep:
	runs-on: ubuntu-latest
	env:
	ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }}
	steps:
	- id: local
	run: echo "::set-output name=config::local"
	- id: maybe-rbe
	if: ${{ env.ENGFLOW_PRIVATE_KEY != '' }}
	run: echo "::set-output name=config::rbe"
	outputs:
	# Will look like '["local", "rbe"]'
	configs: ${{ toJSON(steps.*.outputs.config) }}

	test:
	# The type of runner that the job will run on
	runs-on: ubuntu-latest
	needs: matrix-prep

	strategy:
	matrix:
	config: ${{ fromJSON(needs.matrix-prep.outputs.configs) }}
	folder:
	- '.'
	# Broken by the bazel 5.3.0 upgrade
	# TODO: figure out and re-enable
	# - 'e2e/bzlmod'
	- 'e2e/npm_link_package'
	- 'e2e/npm_link_package-esm'
	- 'e2e/pnpm_workspace'
	- 'e2e/pnpm_workspace_rerooted'
	- 'e2e/npm_translate_package_lock'
	- 'e2e/npm_translate_yarn_lock'
	- 'e2e/package_json_module'
	- 'e2e/rules_foo'
	- 'e2e/js_image'

	# Steps represent a sequence of tasks that will be executed as part of the job
	steps:
	# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
	- uses: actions/checkout@v3
	- name: Mount bazel caches
	uses: actions/cache@v3
	with:
	path: \|
	~/.cache/bazel
	~/.cache/bazel-repo
	key: bazel-cache-${{ hashFiles('/BUILD.bazel', '/.bzl', 'WORKSPACE', '/.js') }}
	restore-keys: bazel-cache-
	- name: Write engflow credentials
	if: ${{ matrix.config == 'rbe' }}
	working-directory: ${{ matrix.folder }}
	run: \|
	touch engflow.crt engflow.key
	chmod 0600 engflow.crt engflow.key
	echo "$ENGFLOW_CLIENT_CRT" > engflow.crt
	echo "$ENGFLOW_PRIVATE_KEY" > engflow.key
	echo "USE_BAZEL_VERSION=last_green" >> $GITHUB_ENV
	env:
	ENGFLOW_CLIENT_CRT: ${{ secrets.ENGFLOW_CLIENT_CRT }}
	ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }}
	- name: bazel test //...
	env:
	# Bazelisk will download bazel to here
	XDG_CACHE_HOME: ~/.cache/bazel-repo
	working-directory: ${{ matrix.folder }}
	run: \|
	bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc --bazelrc=.bazelrc test --config=${{ matrix.config }} //...
	ls $(bazel info output_base)/external \| grep -v __links \| grep -vz unused

	- name: bazel coverage //...
	env:
	# Bazelisk will download bazel to here
	XDG_CACHE_HOME: ~/.cache/bazel-repo
	working-directory: ${{ matrix.folder }}
	# Coverage does not work properly with RBE. See: bazelbuild/bazel#4685
	if: ${{ matrix.config == 'local' }}
	run: \|
	bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc --bazelrc=.bazelrc coverage --config=${{ matrix.config }} --instrument_test_targets //...