feat: Implement OIDC sign-in #39680
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request checks | |
on: | |
pull_request: | |
# we can't do that, because status are required | |
# see https://stackoverflow.com/questions/66751567/return-passing-status-on-github-workflow-when-using-paths-ignore | |
# paths-ignore: | |
# - "**.md" | |
# - ".github/CODEOWNERS" | |
# - ".github/PULL_REQUEST_TEMPLATE.md" | |
# - ".editorconfig" | |
push: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
# those are just until we de-activate their mandatory | |
gulp: | |
name: Gulp | |
runs-on: ubuntu-latest | |
steps: | |
- name: just finish | |
run: exit 0 | |
dev: | |
name: Dev | |
runs-on: ubuntu-latest | |
steps: | |
- name: just finish | |
run: exit 0 | |
lint: | |
name: 🕵️♀️ NPM lint | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '12.x' | |
- name: gulp build | |
run: make front_build | |
- name: lint | |
run: make front_lint | |
# this will build the docker image and upload as an artifact for following jobs | |
build_backend: | |
name: 🏗 Build backend dev image for tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# needs depth to run git log below | |
fetch-depth: 50 | |
- uses: actions/cache@v4 | |
id: cache | |
with: | |
path: ./build-cache | |
key: taxonomies-${{ hashFiles('taxonomies/**') }} | |
restore-keys: taxonomies- | |
- name: build | |
run: make build container=backend | |
- name: push backend image as artifact | |
uses: ishworkh/container-image-artifact-upload@v2.0.0 | |
with: | |
image: "openfoodfacts-server/backend:dev" | |
- name: Fetch origin/main | |
# we need origin/main to have comparison linting work | |
run: | | |
git remote set-branches --add origin main | |
git fetch --no-tags --prune --progress --no-recurse-submodules --depth=5 origin main | |
- name: Restore taxonomies dates | |
# here we first restore dates from git for taxonomies to avoid build them all | |
# see https://stackoverflow.com/a/60984318/2886726 | |
run: | | |
git ls-files taxonomies/ | xargs -I{} git log -1 --date=format:%Y%m%d%H%M.%S --format='touch -t %ad "{}"' "{}" | bash | |
- name: Rebuild taxonomies | |
run: make DOCKER_LOCAL_DATA="$(pwd)" build_taxonomies GITHUB_TOKEN="${{ secrets.TAXONOMY_CACHE_GITHUB_TOKEN }}" | |
check_perl: | |
name: 🐪 Check Perl | |
needs: build_backend | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- name: Fetch origin/main | |
# we need origin/main to have comparison linting work | |
run: | | |
git remote set-branches --add origin main | |
git fetch --no-tags --prune --progress --no-recurse-submodules --depth=5 origin main | |
- name: Restore taxonomies dates | |
# here we first restore dates from git for taxonomies to avoid build them all | |
# see https://stackoverflow.com/a/60984318/2886726 | |
run: | | |
git ls-files taxonomies/ | xargs -I{} git log -1 --date=format:%Y%m%d%H%M.%S --format='touch -t %ad "{}"' "{}" | bash | |
- uses: actions/cache/restore@v4 | |
id: cache | |
with: | |
path: ./build-cache | |
key: taxonomies-${{ hashFiles('taxonomies/**') }} | |
restore-keys: taxonomies- | |
- name: Download backend image from artifacts | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "openfoodfacts-server/backend:dev" | |
- name: build taxonomies (should use cache) | |
run: make DOCKER_LOCAL_DATA="$(pwd)" build_taxonomies GITHUB_TOKEN="${{ secrets.TAXONOMY_CACHE_GITHUB_TOKEN }}" | |
- name: check taxonomies | |
run: make check_taxonomies | |
- name: check perltidy | |
run: make check_perltidy | |
- name: check perlcritic | |
run: make check_critic | |
- name: check perl | |
run: make check_perl | |
tests: | |
name: 🐪 Perl unit tests | |
needs: build_backend | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- uses: actions/cache/restore@v4 | |
id: cache | |
with: | |
path: ./build-cache | |
key: taxonomies-${{ hashFiles('taxonomies/**') }} | |
restore-keys: taxonomies- | |
- name: Fetch origin/main | |
# we need origin/main to have comparison linting work | |
run: | | |
git remote set-branches --add origin main | |
git fetch --no-tags --prune --progress --no-recurse-submodules --depth=5 origin main | |
- name: Restore taxonomies dates | |
# here we first restore dates from git for taxonomies to avoid build them all | |
# see https://stackoverflow.com/a/60984318/2886726 | |
run: | | |
git ls-files taxonomies/ | xargs -I{} git log -1 --date=format:%Y%m%d%H%M.%S --format='touch -t %ad "{}"' "{}" | bash | |
- name: Download backend image from artifacts | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "openfoodfacts-server/backend:dev" | |
- name: tests | |
run: | | |
make codecov_prepare | |
make COVER_OPTS='-e HARNESS_PERL_SWITCHES="-MDevel::Cover=+ignore,tests/"' DOCKER_LOCAL_DATA="$(pwd)" tests GITHUB_TOKEN="${{ secrets.TAXONOMY_CACHE_GITHUB_TOKEN }}" | |
- name: generate coverage results | |
# even if tests failed | |
if: always() | |
run: | | |
make coverage_txt | |
make codecov | |
- uses: codecov/codecov-action@v5 | |
if: always() | |
with: | |
files: cover_db/codecov.json | |
tests_dev: | |
name: 🧪 Test make dev | |
needs: build_backend # only to avoid building taxonomies | |
if: github.event_name == 'pull_request' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- uses: actions/cache/restore@v4 | |
id: cache | |
with: | |
path: ./build-cache | |
key: taxonomies-${{ hashFiles('taxonomies/**') }} | |
restore-keys: taxonomies- | |
- name: Download backend image from artifacts | |
uses: ishworkh/container-image-artifact-download@v2.0.0 | |
with: | |
image: "openfoodfacts-server/backend:dev" | |
- name: set right UID and GID in .envrc | |
run: | | |
rm -f .envrc | |
echo "export USER_UID=$(id -u)" >> .envrc | |
echo "export USER_GID=$(id -g)" >> .envrc | |
- name: Test make dev | |
run: | | |
make DOCKER_LOCAL_DATA="$(pwd)" SKIP_SAMPLE_IMAGES=1 dev | |
make status | |
- name: Test all is running | |
run: make livecheck || ( tail -n 300 logs/apache2/*error*log; docker compose logs; false ) | |
- name: test clean | |
run: make hdown |