Merge pull request #1974 from dedis/revert-1970-work-be1-arnauds5-del… #8889
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PoP CI | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
merge_group: | |
jobs: | |
fe1-web: | |
name: Fe1-Web | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macOS-latest, windows-latest] | |
node-version: [18.x] | |
include: | |
# Additionally also run it on node v16 | |
# but just on ubuntu to not have too many runs | |
- os: ubuntu-latest | |
node-version: 16.x | |
defaults: | |
run: | |
working-directory: ./fe1-web | |
steps: | |
- name: Setup repo | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of Sonar analysis | |
- name: Setup node ${{ matrix.node-version }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Setup node npm cache | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-npm | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Setup node modules cache | |
# MacOS is excluded since caching node modules made it slower than it was without caching | |
if: ${{ runner.os != 'macOS'}} | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-modules | |
with: | |
path: ./fe1-web/node_modules | |
key: ${{ runner.os }}-nodemodules-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: ${{ runner.os }}-nodemodules- | |
- name: Setup expo | |
run: npm install -g @expo/cli | |
- name: Setup npm dependencies | |
run: npm install | |
- name: Check npm security issues | |
run: npm audit fix | |
continue-on-error: true | |
- name: Run lint | |
if: ${{ matrix.os == 'ubuntu-latest' && matrix.node-version == '18.x' }} # execute even if previous steps failed | |
run: npm run eslint | |
- name: Validate dependencies | |
if: ${{ always() }} # execute even if previous steps failed | |
run: npm run depcruise | |
- name: Run tsdoc | |
if: ${{ always() }} # execute even if previous steps failed | |
run: npm run docs | |
- name: Run test | |
if: ${{ always() }} # execute even if previous steps failed | |
run: npm run test -- --runInBand --ci | |
- name: Run SonarCloud analysis | |
if: ${{ matrix.os == 'ubuntu-latest' && matrix.node-version == '18.x' && !startsWith(github.head_ref, 'dependabot/') }} # execute even if previous steps failed | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
run: | | |
npm install -g sonarqube-scanner | |
sonar-scanner -Dsonar.login=${{ secrets.SONAR_TOKEN_FE1 }} | |
- name: Verify expo project health | |
if: ${{ always() }} # execute even if previous steps failed | |
run: | | |
expo doctor | |
continue-on-error: true | |
- name: Build expo web project | |
if: ${{ matrix.node-version != '16.x' }} | |
run: | | |
npm run build-web | |
- name: Build expo web project (legacy, without NODE_OPTIONS=--openssl-legacy-provider) | |
if: ${{ matrix.node-version == '16.x' }} | |
run: | | |
npx expo export:web | |
be1-go: | |
name: Be1-Go | |
strategy: | |
matrix: | |
platform: [ubuntu-latest, windows-latest] | |
runs-on: ${{matrix.platform}} | |
defaults: | |
run: | |
working-directory: ./be1-go | |
steps: | |
- name: Use go >= 1.21 | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ">=1.21" | |
- name: Setup repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of Sonar analysis | |
- uses: actions/cache@v2 | |
with: | |
# In order: | |
# * Module download cache | |
# * Build cache (Linux) | |
# * Build cache (Mac) | |
# * Build cache (Windows) | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
~/Library/Caches/go-build | |
%LocalAppData%\go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Format | |
if: ${{ matrix.platform == 'ubuntu-latest' }} | |
run: | | |
make check-fmt | |
if [ "$(gofmt -s -l ./ | wc -l)" -gt 0 ]; then exit 1; fi | |
- name: Run check target | |
if: ${{ matrix.platform == 'ubuntu-latest' }} | |
run: | | |
make check | |
- name: Run test target | |
if: ${{ matrix.platform == 'windows-latest' }} | |
run: | | |
make test | |
- name: Build | |
if: ${{ always() }} # execute even if previous steps failed | |
run: | | |
make build | |
- name: Run SonarCloud analysis | |
if: ${{ matrix.platform == 'ubuntu-latest' && !startsWith(github.head_ref, 'dependabot/') }} # execute even if previous steps failed | |
uses: SonarSource/sonarcloud-github-action@master | |
with: | |
projectBaseDir: be1-go | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BE1 }} | |
fe2-android: | |
name: Fe2-Android | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./fe2-android | |
# This CI pipeline is greatly inspired by the sample given by https://github.com/ReactiveCircus/android-emulator-runner | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
submodules: recursive | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of Sonar analysis | |
- name: Setup JDK | |
uses: actions/setup-java@v3 | |
with: | |
distribution: "temurin" | |
java-version: "17" | |
- name: Cache Gradle | |
uses: actions/cache@v2 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: gradle-${{ runner.os }}-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
- name: Grant execute permission for gradlew | |
run: | | |
chmod +x ./gradlew | |
- name: Assemble | |
shell: bash | |
run: | | |
# To run the CI with debug informations, add --info | |
./gradlew assemble lint --parallel --build-cache | |
- name: Run tests | |
shell: bash | |
run: | | |
# To run the CI with debug informations, add --info | |
./gradlew check --parallel --build-cache | |
- name: Generate Coverage Report | |
shell: bash | |
run: | | |
# To run the CI with debug informations, add --info | |
./gradlew jacocoTestReport --parallel --build-cache | |
- name: Generate Sarif Lint Report | |
shell: bash | |
run: | | |
# To run the CI with debug informations, add --info | |
./gradlew lintDebug --parallel --build-cache | |
- name: Upload lint sarif | |
uses: github/codeql-action/upload-sarif@v2 | |
if: always() | |
with: | |
sarif_file: fe2-android/app/build/reports/lint-results-debug.sarif | |
category: lint | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v2 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Run SonarCloud analysis | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') }} # execute even if previous steps failed | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_FE2 }} | |
run: | | |
# To run the CI with debug informations, add --info | |
./gradlew sonarqube --parallel --build-cache | |
be2-scala: | |
name: Be2-Scala | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./be2-scala | |
steps: | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
distribution: "temurin" | |
java-version: "17" | |
- name: Setup repo | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of Sonar analysis | |
- name: Check formatting | |
run: sbt scalafmtCheckAll | |
- name: Run unit tests | |
run: | | |
cd ./src/security/ && ./generateKeys.sh -test && cd ../.. # Generate test keys | |
sbt -Dscala.config="src/main/scala/ch/epfl/pop/config" -Dscala.security="src/security" -Dtest clean coverage test | |
rm -rf ./src/security/test/ # Remove test keys | |
- name: Report coverage | |
run: sbt coverageReport | |
- name: Run SonarCloud analysis | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') }} # execute even if previous steps failed | |
env: | |
SONAR_HOST_URL: https://sonarcloud.io | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BE2 }} | |
run: sbt sonarScan | |
popcha-example-client: | |
name: popcha-example-web-client | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: demo/popcha-client/web | |
steps: | |
- name: Setup repo | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of Sonar analysis | |
- name: Setup python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.9' | |
- name: Setup pip dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install ruff tox | |
pip install -r requirements.txt | |
- name: Lint with ruff | |
run: | | |
# stop the build if there are Python syntax errors or undefined names | |
ruff check --output-format=github --select=E9,F63,F7,F82 --target-version=py39 . | |
# default set of ruff rules with GitHub Annotations | |
ruff check --output-format=github --target-version=py39 . | |
- name: Run tests | |
run: | | |
tox -e py | |
- name: Run SonarCloud Analysis | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') }} # execute even if previous steps failed | |
uses: SonarSource/sonarcloud-github-action@master | |
with: | |
projectBaseDir: demo/popcha-client/web | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_POPCHA_WEB_CLIENT }} | |
protocol: | |
name: protocol examples test | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./protocol/test | |
steps: | |
- name: Setup repo | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of Sonar analysis | |
- name: Setup node 12.x | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 12.x | |
- name: Setup node cache | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-modules | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Setup npm dependencies | |
run: | | |
npm install | |
- name: Check npm security issues | |
run: | | |
npm audit fix | |
- name: Run test | |
run: | | |
npm run test |