ci(audits): bake action source #457

Workflow file for this run

	name: Audits

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main

	jobs:
	javascript:
	name: JavaScript
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	workspace:
	- apollo-server
	- express-graphql
	- graph-client
	- graphql-helix
	- graphql-yoga
	- mercurius
	env:
	PORT: 4000
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- name: Set up node
	uses: actions/setup-node@v4
	with:
	node-version-file: .nvmrc
	cache: yarn
	- name: Install
	run: yarn install --immutable
	- name: Start
	run: yarn workspace ${{ matrix.workspace }} start &
	- name: Sleep
	run: sleep 3
	- name: Audit
	run: yarn tsx scripts/audit-implementation.ts implementations/${{ matrix.workspace }}
	- name: Summary
	run: cat implementations/${{ matrix.workspace }}/README.md >> $GITHUB_STEP_SUMMARY
	- name: Upload audit report
	uses: actions/upload-artifact@v4
	with:
	name: audit-report-${{ matrix.workspace }}
	# > If multiple paths are provided as input, the least common ancestor of all the search paths will be used as the root directory of the artifact.
	# https://github.com/actions/upload-artifact#upload-using-multiple-paths-and-exclusions
	#
	# Because of this, we include the root README.md to maintain the paths during artifact downloads
	path: \|
	README.md
	implementations/${{ matrix.workspace }}/README.md
	implementations/${{ matrix.workspace }}/report.json

	docker:
	name: Docker
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	workspace:
	- deno
	- hotchocolate
	- lighthouse
	- postgraphile
	# TODO: speed up build process
	# - pioneer
	env:
	PORT: 4000
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- name: Set up docker buildx
	uses: docker/setup-buildx-action@v2
	- name: Set up node
	uses: actions/setup-node@v4
	with:
	node-version-file: .nvmrc
	cache: yarn
	- name: Install
	run: yarn install --immutable
	- name: Bake
	uses: docker/bake-action@v6
	with:
	workdir: implementations/${{ matrix.workspace }}
	source: .
	load: true # load image into docker, otherwise `docker compose up` will rebuild
	set: \|
	*.cache-from=type=gha
	*.cache-to=type=gha,mode=max
	- name: Start
	run: yarn workspace ${{ matrix.workspace }} start --detach --wait
	- name: Audit
	run: yarn tsx scripts/audit-implementation.ts implementations/${{ matrix.workspace }}
	- name: Summary
	run: cat implementations/${{ matrix.workspace }}/README.md >> $GITHUB_STEP_SUMMARY
	- name: Upload audit report
	uses: actions/upload-artifact@v4
	with:
	name: audit-report-${{ matrix.workspace }}
	# > If multiple paths are provided as input, the least common ancestor of all the search paths will be used as the root directory of the artifact.
	# https://github.com/actions/upload-artifact#upload-using-multiple-paths-and-exclusions
	#
	# Because of this, we include the root README.md to maintain the paths during artifact downloads
	path: \|
	README.md
	implementations/${{ matrix.workspace }}/README.md
	implementations/${{ matrix.workspace }}/report.json

	url:
	name: URL
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	workspace:
	- name: thegraph
	url: https://api.thegraph.com/subgraphs/name/sushiswap/exchange/graphql
	env:
	URL: ${{ matrix.workspace.url }}
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- name: Set up node
	uses: actions/setup-node@v4
	with:
	node-version-file: .nvmrc
	cache: yarn
	- name: Install
	run: yarn install --immutable
	- name: Audit
	run: yarn tsx scripts/audit-implementation.ts implementations/${{ matrix.workspace.name }}
	- name: Summary
	run: cat implementations/${{ matrix.workspace.name }}/README.md >> $GITHUB_STEP_SUMMARY
	- name: Upload audit report
	uses: actions/upload-artifact@v4
	with:
	name: audit-report-${{ matrix.workspace.name }}
	# > If multiple paths are provided as input, the least common ancestor of all the search paths will be used as the root directory of the artifact.
	# https://github.com/actions/upload-artifact#upload-using-multiple-paths-and-exclusions
	#
	# Because of this, we include the root README.md to maintain the paths during artifact downloads
	path: \|
	README.md
	implementations/${{ matrix.workspace.name }}/README.md
	implementations/${{ matrix.workspace.name }}/report.json

	report:
	permissions:
	contents: write
	pull-requests: write
	name: Report
	runs-on: ubuntu-latest
	needs: [javascript, docker, url]
	if: always()
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	with:
	token: ${{secrets.BOT_GITHUB_TOKEN}}
	- name: Download audit reports
	uses: actions/download-artifact@v4
	with:
	pattern: audit-report-*
	merge-multiple: true
	- name: Render servers table
	run: node scripts/render-servers-table.mjs
	- name: Diff
	run: git diff --pretty
	- name: Commit
	if: github.ref != 'refs/heads/main'
	uses: stefanzweifel/git-auto-commit-action@v5
	with:
	commit_message: 'docs(implementations): audit report'
	commit_user_name: theguild-bot
	commit_user_email: [email protected]
	commit_author: theguild-bot <[email protected]> # dont use the actor as an author
	- name: Create PR
	if: github.ref == 'refs/heads/main'
	uses: peter-evans/create-pull-request@v7
	with:
	token: ${{secrets.BOT_GITHUB_TOKEN}}
	branch: audit-report
	title: Audit Report
	body: New audit report available
	commit-message: 'docs(implementations): audit report'
	committer: theguild-bot <[email protected]>
	author: theguild-bot <[email protected]> # dont use the actor as an author

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(audits): bake action source #457

Workflow file

ci(audits): bake action source #457

Jobs

Run details

Workflow file for this run