feat(clerk-js,elements,types,localization): Make legal consent stable #9910
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| run_integration_tests: | |
| description: 'Run integration tests' | |
| type: boolean | |
| default: false | |
| merge_group: | |
| pull_request: | |
| branches: | |
| - main | |
| - release/v4 | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| formatting-linting: | |
| name: Formatting, linting & changeset checks | |
| runs-on: ${{ vars.RUNNER_LARGE || 'ubuntu-latest-l' }} | |
| timeout-minutes: ${{ vars.TIMEOUT_MINUTES_NORMAL && fromJSON(vars.TIMEOUT_MINUTES_NORMAL) || 10 }} | |
| env: | |
| TURBO_SUMMARIZE: false | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| show-progress: false | |
| - name: Setup | |
| id: config | |
| uses: ./.github/actions/init | |
| with: | |
| turbo-signature: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} | |
| turbo-summarize: ${{ env.TURBO_SUMMARIZE }} | |
| turbo-team: ${{ vars.TURBO_TEAM }} | |
| turbo-token: ${{ secrets.TURBO_TOKEN }} | |
| - name: Require Changeset | |
| if: ${{ !(github.event_name == 'merge_group') }} | |
| run: if [[ "${{ github.event.pull_request.user.login }}" = "clerk-cookie" || "${{ github.event.pull_request.user.login }}" = "renovate[bot]" ]]; then echo 'Skipping' && exit 0; else npx changeset status --since=origin/main; fi | |
| - name: Lint GitHub Actions Workflows | |
| run: npx eslint .github | |
| shell: bash | |
| - name: Check Formatting | |
| run: npm run format:check | |
| - name: Build Packages | |
| run: npx turbo build $TURBO_ARGS --only | |
| - name: Check size using bundlewatch | |
| run: npx turbo bundlewatch $TURBO_ARGS --only | |
| env: | |
| BUNDLEWATCH_GITHUB_TOKEN: ${{ secrets.BUNDLEWATCH_GITHUB_TOKEN }} | |
| CI_REPO_OWNER: ${{ vars.REPO_OWNER }} | |
| CI_REPO_NAME: ${{ vars.REPO_NAME }} | |
| CI_COMMIT_SHA: ${{ github.event.pull_request.head.sha }} | |
| CI_BRANCH: ${{ github.ref }} | |
| CI_BRANCH_BASE: refs/heads/main | |
| - name: Lint packages using publint | |
| run: npx turbo lint:publint $TURBO_ARGS --only | |
| - name: Lint types using attw | |
| run: npx turbo lint:attw $TURBO_ARGS --only | |
| - name: Run lint | |
| run: npx turbo lint $TURBO_ARGS --only -- --quiet | |
| - name: Upload Turbo Summary | |
| uses: actions/upload-artifact@v3 | |
| if: ${{ env.TURBO_SUMMARIZE == 'true' }} | |
| continue-on-error: true | |
| with: | |
| name: turbo-summary-report-lint-${{ github.run_id }}-${{ github.run_attempt }} | |
| path: .turbo/runs | |
| retention-days: 5 | |
| unit-tests: | |
| name: Unit Tests | |
| needs: formatting-linting | |
| runs-on: ${{ vars.RUNNER_LARGE || 'ubuntu-latest-l' }} | |
| timeout-minutes: ${{ vars.TIMEOUT_MINUTES_NORMAL && fromJSON(vars.TIMEOUT_MINUTES_NORMAL) || 10 }} | |
| env: | |
| TURBO_SUMMARIZE: false | |
| strategy: | |
| matrix: | |
| node-version: [18,22] | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| show-progress: false | |
| - name: Setup | |
| id: config | |
| uses: ./.github/actions/init | |
| with: | |
| # Ensures that all builds are cached appropriately with a consistent run name `Unit Tests (18)`. | |
| node-version: ${{ matrix.node-version }} | |
| turbo-signature: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} | |
| turbo-summarize: ${{ env.TURBO_SUMMARIZE }} | |
| turbo-team: ${{ vars.TURBO_TEAM }} | |
| turbo-token: ${{ secrets.TURBO_TOKEN }} | |
| - name: Run tests | |
| run: | | |
| if [ "${{ matrix.node-version }}" == "18" ]; then | |
| echo "Running tests on Node 18 only for packages with LTS support." | |
| npx turbo test $TURBO_ARGS --filter="@clerk/astro" --filter="@clerk/backend" --filter="@clerk/express" --filter="@clerk/nextjs" --filter="@clerk/clerk-react" --filter="@clerk/clerk-sdk-node" --filter="@clerk/shared" --filter="@clerk/remix" --filter="@clerk/tanstack-start" --filter="@clerk/elements" | |
| else | |
| echo "Running tests for all packages on Node 20." | |
| npx turbo test $TURBO_ARGS | |
| fi | |
| env: | |
| NODE_VERSION: ${{ matrix.node-version }} | |
| - name: Upload Turbo Summary | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ env.TURBO_SUMMARIZE == 'true' }} | |
| continue-on-error: true | |
| with: | |
| name: turbo-summary-report-unit-${{ github.run_id }}-${{ github.run_attempt }}-node-${{ matrix.node-version }} | |
| path: .turbo/runs | |
| retention-days: 5 | |
| integration-tests: | |
| name: Integration Tests | |
| needs: formatting-linting | |
| runs-on: ${{ vars.RUNNER_LARGE || 'ubuntu-latest-l' }} | |
| timeout-minutes: ${{ vars.TIMEOUT_MINUTES_LONG && fromJSON(vars.TIMEOUT_MINUTES_LONG) || 15 }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test-name: [ 'generic', 'express', 'quickstart', 'ap-flows', 'elements', 'sessions', 'astro', 'expo-web', 'tanstack-start', 'tanstack-router' ] | |
| test-project: ['chrome'] | |
| include: | |
| - test-name: 'nextjs' | |
| test-project: 'chrome' | |
| next-version: '13' | |
| - test-name: 'nextjs' | |
| test-project: 'chrome' | |
| next-version: '14' | |
| - test-name: 'nextjs' | |
| test-project: 'chrome' | |
| next-version: '15' | |
| steps: | |
| # Skip integration tests from fork PRs to prevent secret exfiltration | |
| - name: Get User Permission | |
| id: checkAccess | |
| uses: actions-cool/check-user-permission@v2 | |
| with: | |
| require: write | |
| username: ${{ github.triggering_actor }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check User Permission | |
| if: steps.checkAccess.outputs.require-result == 'false' | |
| run: | | |
| echo "${{ github.triggering_actor }} does not have permissions on this repo." | |
| echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" | |
| echo "Job originally triggered by ${{ github.actor }}" | |
| exit 1 | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| show-progress: false | |
| # We must first verify the user permissions before checking out PR code | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Setup | |
| id: config | |
| uses: ./.github/actions/init | |
| with: | |
| turbo-signature: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} | |
| turbo-team: ${{ vars.TURBO_TEAM }} | |
| turbo-token: ${{ secrets.TURBO_TOKEN }} | |
| playwright-enabled: true | |
| - name: Task Status | |
| id: task-status | |
| env: | |
| E2E_APP_CLERK_JS_DIR: ${{runner.temp}} | |
| E2E_CLERK_VERSION: 'latest' | |
| E2E_NEXTJS_VERSION: ${{ matrix.next-version }} | |
| E2E_PROJECT: ${{ matrix.test-project }} | |
| INTEGRATION_INSTANCE_KEYS: ${{ secrets.INTEGRATION_INSTANCE_KEYS }} | |
| run: | | |
| AFFECTED=0 | |
| (npx turbo-ignore --task=test:integration:${{ matrix.test-name }} --fallback=${{ github.base_ref || 'refs/heads/main' }}) || AFFECTED=1 | |
| echo "affected=${AFFECTED}" | |
| echo "affected=${AFFECTED}" >> $GITHUB_OUTPUT | |
| - name: Verdaccio | |
| if: ${{ steps.task-status.outputs.affected == '1' }} | |
| uses: ./.github/actions/verdaccio | |
| with: | |
| publish-cmd: | | |
| if [ "$(npm config get registry)" = "https://registry.npmjs.org/" ]; then echo 'Error: Using default registry' && exit 1; else npx turbo build $TURBO_ARGS --only && npx changeset publish --no-git-tag; fi | |
| - name: Install @clerk/backend in /integration | |
| if: ${{ steps.task-status.outputs.affected == '1' }} | |
| working-directory: ./integration | |
| run: npm init -y && npm install @clerk/backend | |
| - name: Install @clerk/clerk-js in os temp | |
| if: ${{ steps.task-status.outputs.affected == '1' }} | |
| working-directory: ${{runner.temp}} | |
| run: mkdir clerk-js && cd clerk-js && npm init -y && npm install @clerk/clerk-js | |
| - name: Copy components @clerk/astro | |
| if: ${{ matrix.test-name == 'astro' }} | |
| run: cd packages/astro && npm run copy:components | |
| - name: Write all ENV certificates to files in integration/certs | |
| if: ${{ steps.task-status.outputs.affected == '1' }} | |
| uses: actions/github-script@v7 | |
| env: | |
| INTEGRATION_CERTS: '${{secrets.INTEGRATION_CERTS}}' | |
| INTEGRATION_ROOT_CA: '${{secrets.INTEGRATION_ROOT_CA}}' | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| const path = require('path'); | |
| const rootCa = process.env.INTEGRATION_ROOT_CA; | |
| console.log('rootCa', rootCa); | |
| fs.writeFileSync(path.join(process.env.GITHUB_WORKSPACE, 'integration/certs', 'rootCA.pem'), rootCa); | |
| const certs = JSON.parse(process.env.INTEGRATION_CERTS); | |
| for (const [name, cert] of Object.entries(certs)) { | |
| fs.writeFileSync(path.join(process.env.GITHUB_WORKSPACE, 'integration/certs', name), cert); | |
| } | |
| - name: LS certs | |
| if: ${{ steps.task-status.outputs.affected == '1' }} | |
| working-directory: ./integration/certs | |
| run: ls -la && pwd | |
| - name: Run Integration Tests | |
| if: ${{ steps.task-status.outputs.affected == '1' }} | |
| id: integration-tests | |
| run: sudo --preserve-env npx turbo test:integration:${{ matrix.test-name }} $TURBO_ARGS | |
| env: | |
| E2E_APP_CLERK_JS_DIR: ${{runner.temp}} | |
| E2E_CLERK_VERSION: 'latest' | |
| E2E_NEXTJS_VERSION: ${{ matrix.next-version }} | |
| E2E_PROJECT: ${{ matrix.test-project }} | |
| E2E_CLERK_ENCRYPTION_KEY: ${{ matrix.clerk-encryption-key }} | |
| INTEGRATION_INSTANCE_KEYS: ${{ secrets.INTEGRATION_INSTANCE_KEYS }} | |
| MAILSAC_API_KEY: ${{ secrets.MAILSAC_API_KEY }} | |
| NODE_EXTRA_CA_CERTS: ${{ github.workspace }}/integration/certs/rootCA.pem | |
| - name: Upload test-results | |
| if: ${{ cancelled() || failure() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: playwright-traces-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.test-name }} | |
| path: integration/test-results | |
| retention-days: 1 |