keii.dev / nodejs.org
The Node.js® Website
fork atom
nodejs.org / .github / workflows / lighthouse.yml
at main 5.7 kB view raw
1# Security Notes 2# This workflow uses `pull_request_target`, so will run against all PRs automatically (without approval), be careful with allowing any user-provided code to be run here 3# Only selected Actions are allowed within this repository. Please refer to (https://github.com/nodejs/nodejs.org/settings/actions) 4# for the full list of available actions. If you want to add a new one, please reach out a maintainer with Admin permissions. 5# REVIEWERS, please always double-check security practices before merging a PR that contains Workflow changes!! 6# AUTHORS, please only use actions with explicit SHA references, and avoid using `@master` or `@main` references or `@version` tags. 7# MERGE QUEUE NOTE: This Workflow does not run on `merge_group` trigger, as this Workflow is not required for Merge Queue's 8 9name: Lighthouse 10 11on: 12 pull_request_target: 13 branches: 14 - main 15 types: 16 - labeled 17 18defaults: 19 run: 20 # This ensures that the working directory is the root of the repository 21 working-directory: ./ 22 23permissions: 24 contents: read 25 actions: read 26 # This permission is required by `thollander/actions-comment-pull-request` 27 pull-requests: write 28 29jobs: 30 lighthouse-ci: 31 # We want to skip our lighthouse analysis on Dependabot PRs 32 if: | 33 startsWith(github.event.pull_request.head.ref, 'dependabot/') == false && 34 github.event.label.name == 'github_actions:pull-request' 35 36 name: Lighthouse Report 37 runs-on: ubuntu-latest 38 39 steps: 40 - name: Harden Runner 41 uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 42 with: 43 egress-policy: audit 44 45 - name: Git Checkout 46 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 47 with: 48 # Since we checkout the HEAD of the current Branch, if the Pull Request comes from a Fork 49 # we want to clone the fork's repository instead of the base repository 50 # this allows us to have the correct history tree of the perspective of the Pull Request's branch 51 # If the Workflow is running on `merge_group` or `push` events it fallsback to the base repository 52 repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} 53 # We checkout the branch itself instead of a specific SHA (Commit) as we want to ensure that this Workflow 54 # is always running with the latest `ref` (changes) of the Pull Request's branch 55 # If the Workflow is running on `merge_group` or `push` events it fallsback to `github.ref` which will often be `main` 56 # or the merge_group `ref` 57 ref: ${{ github.event.pull_request.head.ref || github.ref }} 58 59 - name: Add Comment to PR 60 # Signal that a lighthouse run is about to start 61 uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 62 with: 63 message: | 64 Running Lighthouse audit... 65 # Used later to edit the existing comment 66 comment_tag: 'lighthouse_audit' 67 68 - name: Capture Vercel Preview 69 uses: patrickedqvist/wait-for-vercel-preview@dca4940010f36d2d44caa487087a09b57939b24a # v1.3.1 70 id: vercel_preview_url 71 with: 72 token: ${{ secrets.GITHUB_TOKEN }} 73 # timeout after 5 minutes 74 max_timeout: 300 75 # check every 10 seconds 76 check_interval: 10 77 78 - name: Audit Preview URL with Lighthouse 79 # Conduct the lighthouse audit 80 id: lighthouse_audit 81 uses: treosh/lighthouse-ci-action@1b0e7c33270fbba31a18a0fbb1de7cc5256b6d39 # v11.4.0 82 with: 83 # Defines the settings and assertions to audit 84 configPath: './.lighthouserc.json' 85 # These URLS capture critical pages / site functionality. 86 urls: | 87 ${{ steps.vercel_preview_url.outputs.url }}/en 88 ${{ steps.vercel_preview_url.outputs.url }}/en/about 89 ${{ steps.vercel_preview_url.outputs.url }}/en/about/previous-releases 90 ${{ steps.vercel_preview_url.outputs.url }}/en/download 91 ${{ steps.vercel_preview_url.outputs.url }}/en/blog 92 uploadArtifacts: true # save results as a action artifacts 93 temporaryPublicStorage: true # upload lighthouse report to the temporary storage 94 95 - name: Format Lighthouse Score 96 # Transform the audit results into a single, friendlier output 97 id: format_lighthouse_score 98 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 99 env: 100 # using env as input to our script 101 # see https://github.com/actions/github-script#use-env-as-input 102 LIGHTHOUSE_RESULT: ${{ steps.lighthouse_audit.outputs.manifest }} 103 LIGHTHOUSE_LINKS: ${{ steps.lighthouse_audit.outputs.links }} 104 VERCEL_PREVIEW_URL: ${{ steps.vercel_preview_url.outputs.url }} 105 with: 106 # Run as a separate file so we do not have to inline all of our formatting logic. 107 # See https://github.com/actions/github-script#run-a-separate-file for more info. 108 script: | 109 const { formatLighthouseResults } = await import('${{github.workspace}}/scripts/lighthouse/index.mjs') 110 await formatLighthouseResults({core}) 111 112 - name: Add Comment to PR 113 # Replace the previous message with our formatted lighthouse results 114 uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 115 with: 116 # Reference the previously created comment 117 comment_tag: 'lighthouse_audit' 118 message: | 119 ${{ steps.format_lighthouse_score.outputs.comment }}