yarn run up
(#236)
#169
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
jobs: | |
# Stage 1: codacy, devskim, install | |
codacy: | |
name: Codacy | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Analyze | |
uses: codacy/codacy-analysis-cli-action@master | |
with: | |
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
format: sarif | |
gh-code-scanning-compat: true | |
max-allowed-issues: 2147483647 | |
output: sarif/codacy.sarif | |
verbose: true | |
## rejecting SARIF, as there are more runs than allowed (22 > 20) | |
# - name: Upload SARIF | |
# if: always() | |
# uses: github/codeql-action/upload-sarif@main | |
# with: | |
# sarif_file: sarif/codacy.sarif | |
# wait-for-processing: true | |
devskim: | |
name: DevSkim | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
- 8126:8126 | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Scan | |
uses: microsoft/DevSkim-Action@v1 | |
- name: Upload SARIF | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: devskim-results.sarif | |
wait-for-processing: true | |
install: | |
name: Install | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
# Stage 2: prepack | |
prepack: | |
name: Prepack | |
needs: install | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Prepack | |
run: yarn run --require dd-trace/init prepack | |
env: | |
CLARITY_TAG: lm4m88gmix | |
CLOUD_ACCOUNT_ID: quisido | |
CLOUD_PLATFORM: GitHub | |
CLOUD_PROVIDER: GitHub Pages | |
CLOUDWATCH_RUM_APPLICATION_ID: 8495b9c9-f57e-4395-9ca6-6c01862c107b | |
CLOUDWATCH_RUM_GUEST_ROLE_ARN: arn:aws:iam::787801101157:role/RUM-Monitor-us-west-2-787801101157-0860829251171-Unauth | |
CLOUDWATCH_RUM_IDENTITY_POOL_ID: us-west-2:f6379e5a-a304-4608-bf6d-b66f00a5d3fb | |
CSP_ORIGIN: https://csp.quisi.do | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_APPLICATION_ID: e29eb164-e193-4380-b512-ebd70bbfaeb6 | |
DD_CLIENT_TOKEN: pubf0c07bd5003d0c4a65a9f129d9e83a3d | |
DD_ENV: prod | |
DD_PROFILING_ENABLED: true | |
DD_SERVICE: quisi.do | |
DD_VERSION: ${{ github.sha }} | |
DEPLOYMENT_ENVIRONMENT: live | |
GITHUB_REPOSITORY: ${{ github.repository }} | |
GITHUB_SHA: ${{ github.sha }} | |
GOOGLE_ANALYTICS_TRACKING_ID: G-ZTQ6K5CVQS | |
HONEYCOMB_API_KEY: hcaik_01hwsd84kyjjrwjgg4kqbzzvp2 | |
IMAGEKIT_KEY: ${{ secrets.IMAGEKIT_KEY }} | |
PATREON_OAUTH_CLIENT_ID: J_6jrNJZNibHylSF83UVl9I4OHZYf67RAsU0s7_LnH1N5BKF-vgOyweF3KQLOKm1 | |
PATREON_OAUTH_REDIRECT_URI: https://a.quisi.do/patreon/ | |
SENTRY_ENVIRONMENT: production | |
WHOAMI: https://a.quisi.do/whoami/ | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: prepack | |
path: | | |
packages/*/.next/ | |
packages/*/dist/ | |
packages/*/out/ | |
# Stage 3: lighthouse-ci, prepublish, prepublish-applications | |
lighthouse-ci: | |
name: Lighthouse (continuous integration) | |
needs: prepack | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Audit | |
run: yarn packages/next run lighthouse:report | |
- name: Validate | |
run: yarn packages/next run postlighthouse | |
- name: Upload report | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: lighthouse-ci | |
path: | | |
packages/*/lighthouse.report.* | |
packages/*/lighthouse-*.devtoolslog.json | |
packages/*/lighthouse-*.trace.json | |
prepublish: | |
name: Prepublish | |
needs: prepack | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Prepublish | |
run: yarn run --require dd-trace/ci/init prepublish | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_CIVISIBILITY_AGENTLESS_ENABLED: true | |
DD_ENV: ci | |
DD_SERVICE: quisi.do | |
# Run prepublish on applications, because prepublish won't be triggered for | |
# applications by the publish step. | |
prepublish-applications: | |
name: Prepublish applications | |
needs: prepack | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Prepublish quisi.do | |
run: yarn packages/next run prepublish | |
# Stage 4: github-pages, npm, sentry-release | |
datadog-sourcemaps: | |
name: Datadog sourcemaps | |
needs: [lighthouse-ci, prepublish-applications] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Upload Datadog sourcemaps | |
run: yarn packages/next run datadog:sourcemaps | |
env: | |
DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
RELEASE_VERSION: ${{ github.sha }} | |
github-pages: | |
name: GitHub Pages | |
needs: [lighthouse-ci, prepublish-applications] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Deploy | |
uses: JamesIves/github-pages-deploy-action@v4 | |
with: | |
branch: gh-pages | |
clean: true | |
folder: packages/next/out/ | |
single-commit: true | |
npm: | |
name: NPM | |
needs: [prepack, prepublish] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Publish | |
env: | |
NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} | |
run: > | |
yarn config set npmAuthToken $NPM_AUTH_TOKEN; | |
yarn run publish; | |
sentry-release: | |
name: Sentry release | |
needs: [lighthouse-ci, prepublish-applications] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Sentry release | |
uses: getsentry/action-release@v1 | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_LOG_LEVEL: info | |
SENTRY_ORG: quisido | |
SENTRY_PROJECT: quisi-do | |
with: | |
environment: production | |
sourcemaps: packages/next/out | |
version: ${{ github.sha }} | |
# Stage 5: cloudflare-purge, github-packages, wrangler-deploy-* | |
cloudflare-purge: | |
name: Cloudflare purge | |
needs: github-pages | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Purge Cloudflare files | |
env: | |
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_PURGE_API_TOKEN }} | |
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }} | |
run: > | |
curl \ | |
--data '{ | |
"files": [ | |
"https://quisi.do", | |
"https://quisi.do/index.html" | |
] | |
}' \ | |
--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ | |
--header "Content-Type:application/json" \ | |
--request POST \ | |
"https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/purge_cache" | |
github-packages: | |
name: GitHub Packages | |
needs: npm | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
permissions: | |
contents: read | |
packages: write | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
registry-url: 'https://npm.pkg.github.com' | |
scope: '@${{ github.repository_owner }}' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Publish | |
env: | |
NPM_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: > | |
yarn config set npmAuthToken $NPM_AUTH_TOKEN; | |
yarn config set \ | |
npmScopes.${{ github.repository_owner }}.npmPublishRegistry \ | |
'https://npm.pkg.github.com'; | |
yarn run publish; | |
wrangler-deploy-authn: | |
name: Wrangler deploy (Authentication) | |
needs: [lighthouse-ci, npm, prepublish-applications] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Deploy | |
run: yarn packages/authn run production:deploy | |
env: | |
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_EDIT_WORKERS_API_TOKEN }} | |
wrangler-deploy-csp: | |
name: Wrangler deploy (Content Security Policy) | |
needs: [lighthouse-ci, npm, prepublish-applications] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Deploy | |
run: yarn packages/csp run production:deploy | |
env: | |
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_EDIT_WORKERS_API_TOKEN }} | |
# Stage 6: lighthouse-production | |
lighthouse-production: | |
name: Lighthouse (production) | |
needs: cloudflare-purge | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Audit | |
run: yarn packages/next run lighthouse:report:production | |
- name: Validate | |
run: yarn packages/next run postlighthouse | |
- name: Upload report | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: lighthouse-production | |
path: | | |
packages/*/lighthouse.report.* | |
packages/*/lighthouse-*.devtoolslog.json | |
packages/*/lighthouse-*.trace.json | |
on: | |
push: | |
branches: [main] | |
workflow_dispatch: |