From d8d9b3402dc48af589dd62eada917f1bce7f6770 Mon Sep 17 00:00:00 2001 From: Marcel Menk Date: Wed, 15 Oct 2025 17:37:29 +0200 Subject: [PATCH] refactor: github ci workflow with reusable setup action --- .github/workflows/_setup.yml | 56 ------- .../workflows/actions/setup-env/action.yml | 51 +++++++ .github/workflows/ci.yml | 138 ------------------ .github/workflows/pull-request-checks.yml | 83 +++++++++++ 4 files changed, 134 insertions(+), 194 deletions(-) delete mode 100644 .github/workflows/_setup.yml create mode 100644 .github/workflows/actions/setup-env/action.yml delete mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/pull-request-checks.yml diff --git a/.github/workflows/_setup.yml b/.github/workflows/_setup.yml deleted file mode 100644 index 7f41cc1..0000000 --- a/.github/workflows/_setup.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: Setup - -on: - workflow_call: {} - -jobs: - setup: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node from .nvmrc - uses: actions/setup-node@v4 - with: - node-version-file: .nvmrc - - - name: Enable corepack - run: corepack enable || true - - - name: Detect package manager - id: pm - shell: bash - run: | - if [ -f pnpm-lock.yaml ]; then echo "pm=pnpm" >> $GITHUB_OUTPUT; exit 0; fi - if [ -f yarn.lock ]; then echo "pm=yarn" >> $GITHUB_OUTPUT; exit 0; fi - if [ -f package-lock.json ]; then echo "pm=npm" >> $GITHUB_OUTPUT; exit 0; fi - echo "pm=pnpm" >> $GITHUB_OUTPUT - - - name: Install dependencies - shell: bash - run: | - PM="${{ steps.pm.outputs.pm }}" - if [ "$PM" = "pnpm" ]; then pnpm install --frozen-lockfile; fi - if [ "$PM" = "yarn" ]; then yarn install --frozen-lockfile; fi - if [ "$PM" = "npm" ]; then npm ci; fi - - - name: Restore Cypress cache - uses: actions/cache@v4 - with: - path: | - ~/.cache/Cypress - node_modules/.cache/Cypress - key: ${{ runner.os }}-cypress-${{ hashFiles('**/pnpm-lock.yaml', '**/yarn.lock', '**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-cypress- - - - name: Cypress binary install - shell: bash - env: - CYPRESS_CACHE_FOLDER: ~/.cache/Cypress - run: | - PM="${{ steps.pm.outputs.pm }}" - if [ "$PM" = "pnpm" ]; then pnpm exec cypress install || true; fi - if [ "$PM" = "yarn" ]; then yarn run -s cypress install || yarn dlx cypress install || true; fi - if [ "$PM" = "npm" ]; then npx --yes cypress install || true; fi diff --git a/.github/workflows/actions/setup-env/action.yml b/.github/workflows/actions/setup-env/action.yml new file mode 100644 index 0000000..246617c --- /dev/null +++ b/.github/workflows/actions/setup-env/action.yml @@ -0,0 +1,51 @@ +name: Setup Environment +description: Setup environment variables for the GitHub Actions workflow. + +runs: + using: 'composite' + steps: + - name: Setup Node from .nvmrc + uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + + - name: Enable corepack + shell: bash + run: corepack enable || true + + - name: Detect package manager + id: pm + shell: bash + run: | + if [ -f pnpm-lock.yaml ]; then echo "pm=pnpm" >> $GITHUB_OUTPUT; exit 0; fi + if [ -f yarn.lock ]; then echo "pm=yarn" >> $GITHUB_OUTPUT; exit 0; fi + if [ -f package-lock.json ]; then echo "pm=npm" >> $GITHUB_OUTPUT; exit 0; fi + echo "pm=pnpm" >> $GITHUB_OUTPUT + + - name: Install dependencies + shell: bash + run: | + PM="${{ steps.pm.outputs.pm }}" + if [ "$PM" = "pnpm" ]; then pnpm install --frozen-lockfile; fi + if [ "$PM" = "yarn" ]; then yarn install --frozen-lockfile; fi + if [ "$PM" = "npm" ]; then npm ci; fi + + - name: Restore Cypress cache + uses: actions/cache@v4 + with: + path: | + ~/.cache/Cypress + node_modules/.cache/Cypress + key: ${{ runner.os }}-cypress-${{ hashFiles('**/pnpm-lock.yaml', '**/yarn.lock', '**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-cypress- + + - name: Cypress binary install + shell: bash + env: + CYPRESS_CACHE_FOLDER: ~/.cache/Cypress + run: | + PM="${{ steps.pm.outputs.pm }}" + if [ "$PM" = "pnpm" ]; then pnpm exec cypress install || true; fi + if [ "$PM" = "yarn" ]; then yarn run -s cypress install || yarn dlx cypress install || true; fi + if [ "$PM" = "npm" ]; then npx --yes cypress install || true; fi diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 81723a7..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,138 +0,0 @@ -name: CI - -on: - push: - branches: ["**"] - pull_request: - branches: ["**"] - -permissions: - contents: read - -jobs: - setup: - uses: ./.github/workflows/_setup.yml - - ci: - needs: setup - runs-on: ubuntu-latest - env: - NX_BASE: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || 'origin/main' }} - NX_HEAD: ${{ github.sha }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node from .nvmrc - uses: actions/setup-node@v4 - with: - node-version-file: .nvmrc - - - name: Enable corepack - run: corepack enable || true - - - name: Detect package manager - id: pm - shell: bash - run: | - if [ -f pnpm-lock.yaml ]; then echo "pm=pnpm" >> $GITHUB_OUTPUT; exit 0; fi - if [ -f yarn.lock ]; then echo "pm=yarn" >> $GITHUB_OUTPUT; exit 0; fi - if [ -f package-lock.json ]; then echo "pm=npm" >> $GITHUB_OUTPUT; exit 0; fi - echo "pm=npm" >> $GITHUB_OUTPUT - - - name: Install dependencies - shell: bash - run: | - PM="${{ steps.pm.outputs.pm }}" - if [ "$PM" = "pnpm" ]; then pnpm install --frozen-lockfile; fi - if [ "$PM" = "yarn" ]; then yarn install --frozen-lockfile; fi - if [ "$PM" = "npm" ]; then npm ci; fi - - - name: Cache Nx - uses: actions/cache@v4 - with: - path: ~/.cache/nx - key: ${{ runner.os }}-nx-${{ hashFiles('**/nx.json', '**/project.json', '**/workspace.json', '**/package.json') }} - restore-keys: | - ${{ runner.os }}-nx- - - - name: PR Template Validation - if: github.event_name == 'pull_request' - shell: bash - run: | - echo "Validating PR template compliance..." - - # Check if PR description contains required sections - PR_BODY="${{ github.event.pull_request.body }}" - - if [[ -z "$PR_BODY" ]]; then - echo "❌ PR description is empty" - exit 1 - fi - - # Check for required sections - if ! echo "$PR_BODY" | grep -q "## Current Behavior"; then - echo "❌ Missing 'Current Behavior' section" - exit 1 - fi - - if ! echo "$PR_BODY" | grep -q "## Expected Behavior"; then - echo "❌ Missing 'Expected Behavior' section" - exit 1 - fi - - if ! echo "$PR_BODY" | grep -q "## Related Issue"; then - echo "❌ Missing 'Related Issue' section" - exit 1 - fi - - echo "✅ PR template validation passed" - - - name: Commitlint - Lint Commits - if: github.event_name == 'pull_request' - shell: bash - run: | - npx commitlint --from=origin/${{ github.base_ref }} --to=HEAD --config ./.commitlintrc.json - - - name: Nx Format - Check - run: npx nx format:check - - - name: Nx Affected - Lint - run: npx nx affected --target=lint --parallel=3 --base=$NX_BASE --head=$NX_HEAD || echo "No affected projects for lint" - - - name: Nx Affected - Test - run: npx nx affected --target=test --parallel=3 --base=$NX_BASE --head=$NX_HEAD || echo "No affected projects for test" - - - name: Nx Affected - Build - run: npx nx affected --target=build --parallel=3 --base=$NX_BASE --head=$NX_HEAD || echo "No affected projects for build" - - - name: Security - Dependency audit - shell: bash - run: | - PM="${{ steps.pm.outputs.pm }}" - if [ "$PM" = "pnpm" ]; then pnpm audit --audit-level=high || true; fi - if [ "$PM" = "yarn" ]; then yarn audit --level high || true; fi - if [ "$PM" = "npm" ]; then npm audit --audit-level=high || true; fi - - - name: CI Summary - if: always() - shell: bash - run: | - echo "## 🚀 CI Pipeline Summary" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "### ✅ Completed Steps:" >> $GITHUB_STEP_SUMMARY - echo "- Code formatting validation" >> $GITHUB_STEP_SUMMARY - echo "- Linting validation" >> $GITHUB_STEP_SUMMARY - echo "- Test execution" >> $GITHUB_STEP_SUMMARY - echo "- Build validation" >> $GITHUB_STEP_SUMMARY - echo "- Security dependency audit" >> $GITHUB_STEP_SUMMARY - if [ "${{ github.event_name }}" = "pull_request" ]; then - echo "- PR template validation" >> $GITHUB_STEP_SUMMARY - fi - echo "" >> $GITHUB_STEP_SUMMARY - echo "### 📊 Quality Gates:" >> $GITHUB_STEP_SUMMARY - echo "- All affected projects validated" >> $GITHUB_STEP_SUMMARY - echo "- Security vulnerabilities checked" >> $GITHUB_STEP_SUMMARY - echo "- Code quality standards enforced" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Pipeline Status:** ${{ job.status }}" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/pull-request-checks.yml b/.github/workflows/pull-request-checks.yml new file mode 100644 index 0000000..b7d0b90 --- /dev/null +++ b/.github/workflows/pull-request-checks.yml @@ -0,0 +1,83 @@ +name: Pull Request Checks + +on: + pull_request: {} + +permissions: + contents: read + actions: read + packages: read + +jobs: + lint_commit: + name: Commit Lint + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set Nx SHA + uses: nrwl/nx-set-shas@v4 + + - name: Setup environment + uses: ./.github/actions/setup-env + + - name: Commitlint - Lint Commits + if: github.event_name == 'pull_request' + shell: bash + run: | + npx commitlint --from=origin/${{ github.base_ref }} --to=HEAD --config ./.commitlintrc.json + + check: + name: Format Check + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set Nx SHA + uses: nrwl/nx-set-shas@v4 + + - name: Setup environment + uses: ./.github/actions/setup-env + + - name: Nx Format - Check + run: npx nx format:check + + - name: Nx Lint - Check + run: npx nx affected --target=lint --parallel=3 || echo "No affected projects for lint" + + test: + name: Test + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set Nx SHA + uses: nrwl/nx-set-shas@v4 + + - name: Setup environment + uses: ./.github/actions/setup-env + + - name: Run unit tests + run: npx nx affected --target=test --parallel=3 || echo "No affected projects for test" + + - name: Run end-to-end tests + run: npx nx affected --target=e2e --parallel=3 || echo "No affected projects for e2e" + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set Nx SHA + uses: nrwl/nx-set-shas@v4 + + - name: Setup environment + uses: ./.github/actions/setup-env + + - name: Run build + run: npx nx affected --target=build --parallel=3 || echo "No affected projects for build"