.github/workflows/ci.yml at main

gui.do / barazo-web
fork atom
Barazo default frontend barazo.forum
fork atom
barazo-web / .github / workflows / ci.yml
at main 172 lines 5.0 kB view raw
wrap content
Guido X Jansen fix(ci): restore CI optimizations lost during rebase (#166) 19d ago
4d75e422
  1name: CI
  2
  3on:
  4  push:
  5    branches: [main, develop]
  6  pull_request:
  7    branches: [main, develop]
  8    paths:
  9      - 'src/**'
 10      - 'e2e/**'
 11      - 'public/**'
 12      - 'package.json'
 13      - 'pnpm-lock.yaml'
 14      - 'tsconfig.json'
 15      - 'vitest.config.ts'
 16      - 'next.config.ts'
 17      - 'tailwind.config.*'
 18      - 'playwright.config.ts'
 19      - 'lighthouserc.json'
 20      - '.github/workflows/ci.yml'
 21      - '.github/actions/**'
 22
 23concurrency:
 24  group: ${{ github.workflow }}-${{ github.ref }}
 25  cancel-in-progress: true
 26
 27permissions:
 28  contents: read
 29
 30jobs:
 31  lint:
 32    name: Lint
 33    runs-on: ubuntu-latest
 34    timeout-minutes: 10
 35    steps:
 36      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 37      - uses: ./.github/actions/setup
 38      - name: Run ESLint
 39        run: pnpm lint
 40      - name: Check formatting
 41        run: pnpm format:check
 42
 43  typecheck:
 44    name: Type Check
 45    runs-on: ubuntu-latest
 46    timeout-minutes: 10
 47    steps:
 48      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 49      - uses: ./.github/actions/setup
 50      - name: Run TypeScript
 51        run: pnpm typecheck
 52
 53  test:
 54    name: Test
 55    runs-on: ubuntu-latest
 56    timeout-minutes: 15
 57    steps:
 58      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 59      - uses: ./.github/actions/setup
 60      - name: Run tests
 61        run: pnpm test
 62
 63  build:
 64    name: Build
 65    runs-on: ubuntu-latest
 66    timeout-minutes: 20
 67    needs: [lint, typecheck, test]
 68    steps:
 69      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 70      - uses: ./.github/actions/setup
 71
 72      - name: Cache Next.js build
 73        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
 74        with:
 75          path: .next/cache
 76          key: nextjs-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('src/**', 'public/**', 'next.config.ts') }}
 77          restore-keys: |
 78            nextjs-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}-
 79            nextjs-${{ runner.os }}-
 80
 81      - name: Build application
 82        run: pnpm build
 83
 84  accessibility:
 85    name: Accessibility Audit
 86    runs-on: ubuntu-latest
 87    timeout-minutes: 30
 88    needs: build
 89    steps:
 90      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 91      - uses: ./.github/actions/setup
 92
 93      - name: Install Playwright browsers
 94        run: pnpm exec playwright install --with-deps chromium
 95
 96      - name: Cache Next.js build
 97        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
 98        with:
 99          path: .next/cache
100          key: nextjs-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('src/**', 'public/**', 'next.config.ts') }}
101          restore-keys: |
102            nextjs-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}-
103            nextjs-${{ runner.os }}-
104
105      - name: Build application
106        run: pnpm build
107
108      - name: Prepare standalone server
109        run: |
110          cp -r .next/static .next/standalone/.next/static
111          cp -r public .next/standalone/public
112
113      - name: Start standalone server
114        run: node .next/standalone/server.js &
115        env:
116          PORT: '3000'
117          HOSTNAME: '0.0.0.0'
118
119      - name: Wait for server
120        run: |
121          for i in $(seq 1 30); do
122            curl -s http://localhost:3000 > /dev/null 2>&1 && break
123            sleep 1
124          done
125
126      - name: Run Playwright a11y tests
127        run: pnpm test:e2e
128
129      - name: Run pa11y-ci
130        run: pnpm test:a11y
131
132      - name: Run Lighthouse CI
133        run: pnpm test:lighthouse
134        env:
135          CHROME_PATH: /usr/bin/google-chrome-stable
136
137      - name: Upload Playwright report
138        if: always()
139        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
140        with:
141          name: playwright-report
142          path: playwright-report/
143          retention-days: 7
144
145      - name: Upload Lighthouse report
146        if: always()
147        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
148        with:
149          name: lighthouse-report
150          path: .lighthouseci/
151          retention-days: 7
152
153  security:
154    name: Security Scan
155    runs-on: ubuntu-latest
156    timeout-minutes: 10
157    steps:
158      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
159      - uses: ./.github/actions/setup
160      - name: Security audit with retry
161        run: |
162          for attempt in 1 2 3; do
163            output=$(pnpm audit --audit-level=high --prod 2>&1) && { echo "$output"; exit 0; }
164            if echo "$output" | grep -q "ERR_PNPM_AUDIT_BAD_RESPONSE\|ECONNREFUSED\|ETIMEDOUT\|EAI_AGAIN"; then
165              echo "::warning::Audit registry unavailable (attempt $attempt/3), retrying in 15s..."
166              sleep 15
167            else
168              echo "$output"
169              exit 1
170            fi
171          done
172          echo "::warning::Audit registry unavailable after 3 attempts, skipping"