Projecte-UrbanTree · 0x1026 · Dec 7, 2024 · Dec 7, 2024 · Dec 7, 2024 · Dec 7, 2024
@@ -1,15 +1,15 @@
-name: 🏗️ Build
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
 
-run-name: 🐳 Building Docker images
+name: 🏗️ Build
 
 on:
   workflow_call:
     inputs:
-      context:
-        required: true
-        type: string
-      image:
-        required: true
+      images:
+        default: '["all"]'
         type: string
       version:
         type: string
@@ -21,20 +21,32 @@ jobs:
   build:
     name: 🐳 Docker
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow#example-adding-configurations
+      matrix:
+        image: ${{ fromJSON(inputs.images) }}
+        exclude:
+          - image: all
+        include:
+          - image: urbantree
+            context: ./app
+          - image: api
+            context: ./api
 
     steps:
       # https://github.com/actions/checkout/tree/11bd71901bbe5b1630ceea73d27597364c9af683
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
 
+      # https://github.com/docker/setup-buildx-action/tree/c47758b77c9736f4b2ef4073d4d51994fabfe349
+      - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349
+
       # https://github.com/sigstore/cosign-installer/tree/dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da
       - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da
         if: inputs.version
         with:
           cosign-release: "v2.2.4"
 
-      # https://github.com/docker/setup-buildx-action/tree/c47758b77c9736f4b2ef4073d4d51994fabfe349
-      - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349
-
       # https://github.com/docker/login-action/tree/7ca345011ac4304463197fac0e56eab1bc7e6af0
       - name: 🪪 Log into registry ${{ env.REGISTRY }}
         uses: docker/login-action@7ca345011ac4304463197fac0e56eab1bc7e6af0
@@ -48,7 +60,7 @@ jobs:
       - uses: docker/metadata-action@b53be03109c4ef6f6cc7aa545b84b17a7fe51c1e
         id: meta
         with:
-          images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ inputs.image }}
+          images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.image }}
           tags: |
             type=ref,event=branch
             type=semver,pattern={{version}},value=${{ inputs.version }}
@@ -77,14 +89,39 @@ jobs:
             }
           skip-extraction: ${{ steps.cache.outputs.cache-hit }}
 
+      # https://github.com/docker/build-push-action/tree/48aba3b46d1b1fec4febb7c5d0c644b249a11355
+      - name: 🏗️ Build test stage
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355
+        id: build-test
+        with:
+          load: true
+          context: ${{ matrix.context }}
+          target: test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+        env:
+          APP_ENV: test
+
+      - name: 🧪 Run tests
+        run: docker run --rm -v "$(pwd)/reports/${{ matrix.image }}:/reports" ${{ steps.build-test.outputs.imageid }}
+
+      # https://github.com/actions/upload-artifact/tree/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
+      - name: 📤 Upload coverage data
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
+        if: ${{ !cancelled() }}
+        with:
+          name: ${{ matrix.image }}-coverage
+          path: reports/${{ matrix.image }}
+          retention-days: 1
+
       # https://github.com/docker/build-push-action/tree/48aba3b46d1b1fec4febb7c5d0c644b249a11355
       - name: 🏗️ Build final stage ${{ inputs.version && 'and push to registry' }}
         uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355
         id: build-and-push
         with:
           build-args: |
             IMAGE_VERSION=${{ inputs.version }}
-          context: ${{ inputs.context }}
+          context: ${{ matrix.context }}
           push: ${{ !!inputs.version }}
           target: final
           tags: ${{ steps.meta.outputs.tags }}
@@ -113,6 +150,6 @@ jobs:
         uses: actions/attest-build-provenance@619dbb2e03e0189af0c55118e7d3c5e129e99726
         if: inputs.version
         with:
-          subject-name: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ inputs.image }}
+          subject-name: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.image }}
           subject-digest: ${{ steps.build-and-push.outputs.digest }}
           push-to-registry: true
@@ -1,3 +1,8 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
 name: 🌳 Continuous Deployment
 
 run-name: 🚀 Deploying the app to production
@@ -15,6 +20,7 @@ jobs:
       pull-requests: read
     outputs:
       version: ${{ steps.release.outputs.tag_name }}
+
     steps:
       # https://github.com/actions/checkout/tree/11bd71901bbe5b1630ceea73d27597364c9af683
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
@@ -27,44 +33,28 @@ jobs:
           bump_version_scheme: patch
           tag_prefix: v
           use_github_release_notes: true
-          release_body: "\n"
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
-  tests:
-    name: 🧪 Tests
-    uses: ./.github/workflows/tests.yml
-
-  report:
-    name: 🗃️ Report
-    needs: [foundation, tests]
-    if: ${{ !cancelled() }}
-    uses: ./.github/workflows/report.yml
-    with:
-      environment: production
-      version: ${{ needs.foundation.outputs.version }}
-    secrets: inherit
-
   build:
     name: 🏗️ Build
-    needs: [foundation, tests]
+    needs: foundation
     uses: ./.github/workflows/build.yml
     permissions:
       contents: read
       packages: write
       attestations: write
       id-token: write
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - image: urbantree
-            context: ./app
-          - image: api
-            context: ./api
     with:
-      context: ${{ matrix.context }}
-      image: ${{ matrix.image }}
+      version: ${{ needs.foundation.outputs.version }}
+
+  report:
+    name: 🗃️ Report
+    needs: [foundation, build]
+    if: ${{ !cancelled() }}
+    uses: ./.github/workflows/report.yml
+    with:
+      environment: production
       version: ${{ needs.foundation.outputs.version }}
     secrets: inherit
 

@@ -8,51 +8,13 @@ name: 🌳 Continous Integration
 run-name: 🌱 Checking integrity of the app
 
 on:
-  pull_request:
-    types: [opened, synchronize, reopened, closed]
   push:
     branches: ["**", "!main"]
 
 jobs:
-  cleanup:
-    name: 🧹 Cleanup cache
-    runs-on: ubuntu-latest
-    if: github.event.action == 'closed'
-    permissions:
-      # `actions:write` permission is required to delete caches
-      #   See also: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#delete-a-github-actions-cache-for-a-repository-using-a-cache-id
-      actions: write
-      contents: read
-
-    steps:
-      # https://github.com/actions/checkout/tree/11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-
-      - name: 🗑️ Delete cache
-        run: |
-          gh extension install actions/gh-actions-cache
-
-          REPO=${{ github.repository }}
-          BRANCH=refs/pull/${{ github.event.pull_request.number }}/merge
-
-          echo "Fetching list of cache key"
-          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH | cut -f 1 )
-
-          ## Setting this to not fail the workflow while deleting cache keys.
-          set +e
-          echo "Deleting caches..."
-          for cacheKey in $cacheKeysForPR
-          do
-              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
-          done
-          echo "Done"
-        env:
-          GH_TOKEN: ${{ github.token }}
-
   foundation:
     name: 🌱 Foundation setup
     runs-on: ubuntu-latest
-    if: github.event.action != 'closed'
     permissions:
       pull-requests: read
     outputs:
@@ -68,26 +30,9 @@ jobs:
         with:
           filters: .github/file-filters.yml
 
-  tests:
-    name: 🧪 Tests
-    needs: foundation
-    uses: ./.github/workflows/tests.yml
-    with:
-      images: ${{ needs.foundation.outputs.images }}
-
-  report:
-    name: 🗃️ Report
-    needs: [tests]
-    if: ${{ !cancelled() && needs.tests.result != 'skipped' }}
-    uses: ./.github/workflows/report.yml
-    with:
-      environment: ${{ needs.tests.outputs.environment }}
-      version: ${{ github.sha }}
-    secrets: inherit
-
   build:
     name: 🏗️ Build
-    needs: [foundation, tests]
+    needs: [foundation]
     uses: ./.github/workflows/build.yml
     permissions:
       contents: read
@@ -96,19 +41,14 @@ jobs:
       # This is used to complete the identity challenge
       # with sigstore/fulcio when running outside of PRs.
       id-token: write
-    strategy:
-      fail-fast: false
-      # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow#example-adding-configurations
-      matrix:
-        image: ${{ fromJSON(needs.foundation.outputs.images) }}
-        exclude:
-          - image: all
-        include:
-          - image: urbantree
-            context: ./app
-          - image: api
-            context: ./api
     with:
-      context: ${{ matrix.context }}
-      image: ${{ matrix.image }}
+      images: ${{ needs.foundation.outputs.images }}
+
+  report:
+    name: 🗃️ Report
+    needs: [build]
+    if: ${{ !cancelled() }}
+    uses: ./.github/workflows/report.yml
+    with:
+      version: ${{ github.sha }}
     secrets: inherit
@@ -0,0 +1,65 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: 🌳 Pull Request
+
+on:
+  pull_request_target:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  # To use this job, you will need to set up a .github/labeler.yml
+  # file with configuration.  For more information, see:
+  # https://github.com/actions/labeler
+  label:
+    name: 🏷️ Label
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request_target'
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      # https://github.com/actions/labeler/tree/8558fd74291d67161a8a78ce36a881fa63b766a9
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9
+        with:
+          sync-labels: true
+
+  cleanup-cache:
+    name: 🧹 Cleanup cache
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request' && github.event.action == 'closed'
+    permissions:
+      # `actions:write` permission is required to delete caches
+      #   See also: https://docs.github.com/en/rest/actions/cache?apiVersion=2022-11-28#delete-a-github-actions-cache-for-a-repository-using-a-cache-id
+      actions: write
+      contents: read
+
+    steps:
+      # https://github.com/actions/checkout/tree/11bd71901bbe5b1630ceea73d27597364c9af683
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: 🗑️ Delete cache
+        run: |
+          gh extension install actions/gh-actions-cache
+
+          REPO=${{ github.repository }}
+          BRANCH=refs/pull/${{ github.event.pull_request.number }}/merge
+
+          echo "Fetching list of cache key"
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH | cut -f 1 )
+
+          ## Setting this to not fail the workflow while deleting cache keys.
+          set +e
+          echo "Deleting caches..."
+          for cacheKey in $cacheKeysForPR
+          do
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
+          done
+          echo "Done"
+        env:
+          GH_TOKEN: ${{ github.token }}