Skip to content
Continuous Integration

feat(shared): add admin role fine grained permissions #685

Sign in to view logs

feat(shared): add admin role fine grained permissions

feat(shared): add admin role fine grained permissions #685

Workflow file for this run

.github/workflows/workflow-continuous-integration.yml at 4474b5f
name: Continuous Integration
on:
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
branches:
- "**"
workflow_dispatch:
env:
NODE_VERSION: 22.14.0
REGISTRY: ghcr.io
NAMESPACE: "${{ github.repository }}"
BUILD_AMD64: true
BUILD_ARM64: false
USE_QEMU: false
jobs:
path-filter:
runs-on: ubuntu-latest
if: ${{ !github.event.pull_request.draft }}
outputs:
apps: ${{ steps.filter.outputs.apps }}
packages: ${{ steps.filter.outputs.packages }}
e2e: ${{ steps.filter.outputs.e2e }}
ci: ${{ steps.filter.outputs.ci }}
steps:
- name: Checks-out repository
uses: actions/checkout@v4
- name: Check updated files paths
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
apps:
- 'apps/**'
packages:
- 'packages/**'
- 'plugins/**'
ci:
- '.github/workflows/**'
e2e:
- 'playwright/**'
- 'apps/client/cypress/**'
expose-vars:
runs-on: ubuntu-latest
if: ${{ !github.event.pull_request.draft }}
outputs:
NODE_VERSION: ${{ env.NODE_VERSION }}
REGISTRY: ${{ env.REGISTRY }}
NAMESPACE: ${{ env.NAMESPACE }}
BUILD_AMD64: ${{ env.BUILD_AMD64 }}
BUILD_ARM64: ${{ env.BUILD_ARM64 }}
USE_QEMU: ${{ env.USE_QEMU }}
steps:
- name: Exposing env vars
run: echo "Exposing env vars"
npm-check:
uses: ./.github/workflows/job-npm.yml
if: ${{ github.base_ref == 'main' && needs.path-filter.outputs.packages == 'true' }}
needs:
- path-filter
- expose-vars
with:
NODE_VERSION: ${{ needs.expose-vars.outputs.NODE_VERSION }}
PUBLISH_APPS: false
PUBLISH_PACKAGES: false
PUBLISH_PLUGINS: false
CHECK_CHANGES: true
secrets:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
lint:
uses: ./.github/workflows/job-lint.yml
needs:
- expose-vars
with:
NODE_VERSION: ${{ needs.expose-vars.outputs.NODE_VERSION }}
unit-tests:
uses: ./.github/workflows/job-tests-unit.yml
if: ${{ needs.path-filter.outputs.apps == 'true' || needs.path-filter.outputs.packages == 'true' || needs.path-filter.outputs.ci == 'true' }}
needs:
- path-filter
- expose-vars
with:
NODE_VERSION: ${{ needs.expose-vars.outputs.NODE_VERSION }}
secrets:
SONAR_HOST_URL: "${{ secrets.SONAR_HOST_URL }}"
SONAR_TOKEN: "${{ secrets.SONAR_TOKEN }}"
SONAR_PROJECT_KEY: "${{ secrets.SONAR_PROJECT_KEY }}"
component-tests:
uses: ./.github/workflows/job-tests-component.yml
if: ${{ needs.path-filter.outputs.apps == 'true' || needs.path-filter.outputs.packages == 'true' || needs.path-filter.outputs.ci == 'true' }}
needs:
- path-filter
- expose-vars
with:
NODE_VERSION: ${{ needs.expose-vars.outputs.NODE_VERSION }}
BROWSERS: "${{ github.base_ref == 'main' && 'chrome,firefox' || 'firefox' }}"
build:
uses: ./.github/workflows/job-build.yml
needs:
- expose-vars
with:
REGISTRY: ${{ needs.expose-vars.outputs.REGISTRY }}
NAMESPACE: ${{ needs.expose-vars.outputs.NAMESPACE }}
TAG: pr-${{ github.event.pull_request.number || github.event.number }}
BUILD_AMD64: ${{ needs.expose-vars.outputs.BUILD_AMD64 == 'true' }}
BUILD_ARM64: ${{ needs.expose-vars.outputs.BUILD_ARM64 == 'true' }}
USE_QEMU: ${{ needs.expose-vars.outputs.USE_QEMU == 'true' }}
PR_NUMBER: ${{ github.event.pull_request.number || github.event.number }}
secrets:
ARGOCD_TOKEN: ${{ secrets.ARGOCD_TOKEN }}
build-label:
uses: ./.github/workflows/job-label.yml
needs:
- expose-vars
- build
with:
CONF_PATH: ./.github/labeler/build.yml
playwright-tests:
uses: ./.github/workflows/job-playwright.yml
if: ${{ needs.path-filter.outputs.apps == 'true' || needs.path-filter.outputs.packages == 'true' || needs.path-filter.outputs.ci == 'true' || needs.path-filter.outputs.e2e == 'true' }}
needs:
- path-filter
- expose-vars
- build
with:
NODE_VERSION: ${{ needs.expose-vars.outputs.NODE_VERSION }}
TAG: pr-${{ github.event.pull_request.number || github.event.number }}
cypress-tests:
uses: ./.github/workflows/job-tests-e2e.yml
if: ${{ needs.path-filter.outputs.apps == 'true' || needs.path-filter.outputs.packages == 'true' || needs.path-filter.outputs.ci == 'true' || needs.path-filter.outputs.e2e == 'true' }}
needs:
- playwright-tests
- path-filter
- expose-vars
- build
with:
NODE_VERSION: ${{ needs.expose-vars.outputs.NODE_VERSION }}
TAG: pr-${{ github.event.pull_request.number || github.event.number }}
BROWSERS: "${{ github.base_ref == 'main' && 'chrome,firefox' || 'firefox' }}"
scan-vuln:
uses: ./.github/workflows/job-scan.yml
needs:
- expose-vars
- build
with:
REGISTRY: ${{ needs.expose-vars.outputs.REGISTRY }}
NAMESPACE: ${{ needs.expose-vars.outputs.NAMESPACE }}
TAG: pr-${{ github.event.pull_request.number || github.event.number }}
# Workaround for required status check in protection branches (see. https://github.com/orgs/community/discussions/13690)
all-jobs-passed:
name: Check jobs status
runs-on: ubuntu-latest
if: ${{ always() }}
needs:
- path-filter
- expose-vars
- lint
- unit-tests
- component-tests
- build
- cypress-tests
- playwright-tests
- scan-vuln
steps:
- name: Check status of all required jobs
run: |-
NEEDS_CONTEXT='${{ toJson(needs) }}'
JOB_IDS=$(echo "$NEEDS_CONTEXT" | jq -r 'keys[]')
for JOB_ID in $JOB_IDS; do
RESULT=$(echo "$NEEDS_CONTEXT" | jq -r ".[\"$JOB_ID\"].result")
echo "$JOB_ID job result: $RESULT"
if [[ $RESULT != "success" && $RESULT != "skipped" ]]; then
echo "***"
echo "Error: The $JOB_ID job did not pass."
exit 1
fi
done
echo "All jobs passed or were skipped."