Skip to content

Bump toptal/davinci-github-actions from 15.4.1 to 16.0.3 #4235

Bump toptal/davinci-github-actions from 15.4.1 to 16.0.3

Bump toptal/davinci-github-actions from 15.4.1 to 16.0.3 #4235

Workflow file for this run

name: CI
on:
workflow_dispatch:
pull_request:
branches:
- master # triggers the flow for every PR to master
- "feature/**" # triggers the flow for a PR to a branch like feature/v9
types:
- synchronize # PR was updated
- opened # PR was open
- reopened # PR was closed and is now open again
- ready_for_review # PR was converted from draft to open
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-docker-image:
if: ${{ github.event.pull_request.head.ref != 'changeset-release/master' }}
name: Build Picasso docker image
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
actions: write
issues: write
pull-requests: write
timeout-minutes: 45
steps:
- name: Checkout
uses: actions/checkout@v4
- name: GSM Secrets
id: secrets_manager
uses: toptal/davinci-github-actions/[email protected]
with:
workload_identity_provider: ${{ secrets.IDENTITY_POOL }}
service_account: ${{ secrets.SA_IDENTITY_POOL }}
secrets_name: |-
DOCKER_BUILDX_ENDPOINT:toptal-ci/DOCKER_BUILDX_ENDPOINT
GCR_ACCOUNT_KEY:toptal-ci/GCR_ACCOUNT_KEY
HAPPO_API_KEY:toptal-ci/PICASSO_HAPPO_API_KEY
HAPPO_API_SECRET:toptal-ci/PICASSO_HAPPO_API_SECRET
NPM_TOKEN:toptal-ci/NPM_TOKEN
TOPTAL_BUILD_BOT_SSH_KEY:toptal-ci/TOPTAL_BUILD_BOT_SSH_KEY
TOPTAL_DEFAULT_REGISTRY:toptal-ci/TOPTAL_DEFAULT_REGISTRY
TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN
TOPTAL_TRIGGERBOT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_TOKEN
TOPTAL_TRIGGERBOT_USERNAME:toptal-ci/TOPTAL_TRIGGERBOT_USERNAME
- name: Parse secrets
id: parse_secrets
uses: toptal/davinci-github-actions/[email protected]
with:
json: ${{ steps.secrets_manager.outputs.secrets }}
- name: Set ENV Variables
run: |-
echo "DOCKER_BUILDX_ENDPOINT=${{ steps.parse_secrets.outputs.DOCKER_BUILDX_ENDPOINT }}" >> $GITHUB_ENV
echo 'GCR_ACCOUNT_KEY<<EOF' >> $GITHUB_ENV
echo '${{ steps.parse_secrets.outputs.GCR_ACCOUNT_KEY }}' >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
echo "GITHUB_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
echo "HAPPO_API_KEY=${{ steps.parse_secrets.outputs.HAPPO_API_KEY }}" >> $GITHUB_ENV
echo "HAPPO_API_SECRET=${{ steps.parse_secrets.outputs.HAPPO_API_SECRET }}" >> $GITHUB_ENV
echo "JENKINS_USER=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}" >> $GITHUB_ENV
echo "JENKINS_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }}" >> $GITHUB_ENV
echo "NPM_TOKEN=${{ steps.parse_secrets.outputs.NPM_TOKEN }}" >> $GITHUB_ENV
echo 'TOPTAL_BUILD_BOT_SSH_KEY<<EOF' >> $GITHUB_ENV
echo '${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_SSH_KEY }}' >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
echo "TOPTAL_DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
- uses: toptal/davinci-github-actions/[email protected]
with:
sha: ${{ github.event.pull_request.head.sha }}
image-name: picasso
environment: temploy
registry-name: ${{ steps.parse_secrets.outputs.TOPTAL_DEFAULT_REGISTRY }}
static-checks:
if: ${{ github.event.pull_request.head.ref != 'changeset-release/master' }}
name: Static checks
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
timeout-minutes: 45
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: GSM Secrets
id: secrets_manager
uses: toptal/davinci-github-actions/[email protected]
with:
workload_identity_provider: ${{ secrets.IDENTITY_POOL }}
service_account: ${{ secrets.SA_IDENTITY_POOL }}
secrets_name: |-
HAPPO_API_KEY:toptal-ci/PICASSO_HAPPO_API_KEY
HAPPO_API_SECRET:toptal-ci/PICASSO_HAPPO_API_SECRET
NPM_TOKEN:toptal-ci/NPM_TOKEN
TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN
TOPTAL_TRIGGERBOT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_TOKEN
TOPTAL_TRIGGERBOT_USERNAME:toptal-ci/TOPTAL_TRIGGERBOT_USERNAME
- name: Parse secrets
id: parse_secrets
uses: toptal/davinci-github-actions/[email protected]
with:
json: ${{ steps.secrets_manager.outputs.secrets }}
- name: Set ENV Variables
run: |-
echo "TOPTAL_DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
echo "NPM_TOKEN=${{ steps.parse_secrets.outputs.NPM_TOKEN }}" >> $GITHUB_ENV
echo "HAPPO_API_KEY=${{ steps.parse_secrets.outputs.HAPPO_API_KEY }}" >> $GITHUB_ENV
echo "HAPPO_API_SECRET=${{ steps.parse_secrets.outputs.HAPPO_API_SECRET }}" >> $GITHUB_ENV
echo "JENKINS_USER=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}" >> $GITHUB_ENV
echo "JENKINS_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }}" >> $GITHUB_ENV
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: 18
- name: Check missing changeset
uses: toptal/davinci-github-actions/[email protected]
with:
github-token: ${{ env.TOPTAL_DEVBOT_TOKEN }}
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable
# packages will be blocked from merging.
- name: Dependency Review
uses: actions/dependency-review-action@v4
- name: Install Dependencies
uses: toptal/davinci-github-actions/[email protected]
- name: Update PR Body
run: node ./.github/actions/update-body.js
env:
token: ${{ env.TOPTAL_DEVBOT_TOKEN }}
- name: Syncpack check
run: yarn syncpack:list
- name: Circularity Check
run: yarn circularity
- name: Lint
run: yarn lint
- name: Type Check
run: yarn typecheck
- name: Jest Tests
run: yarn test:unit:ci
storybook-visual-tests:
if: ${{ github.event.pull_request.head.ref != 'changeset-release/master' }}
name: Storybook Visual Tests
runs-on: ubuntu-latest
permissions: write-all
needs: [static-checks]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: GSM Secrets
id: secrets_manager
uses: toptal/davinci-github-actions/[email protected]
with:
workload_identity_provider: ${{ secrets.IDENTITY_POOL }}
service_account: ${{ secrets.SA_IDENTITY_POOL }}
secrets_name: |-
HAPPO_API_KEY:toptal-ci/PICASSO_HAPPO_API_KEY
HAPPO_API_SECRET:toptal-ci/PICASSO_HAPPO_API_SECRET
NPM_TOKEN:toptal-ci/NPM_TOKEN
TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN
- name: Parse secrets
id: parse_secrets
uses: toptal/davinci-github-actions/[email protected]
with:
json: ${{ steps.secrets_manager.outputs.secrets }}
- name: Set ENV Variables
run: |-
echo "TOPTAL_DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
echo "NPM_TOKEN=${{ steps.parse_secrets.outputs.NPM_TOKEN }}" >> $GITHUB_ENV
echo "HAPPO_API_KEY=${{ steps.parse_secrets.outputs.HAPPO_API_KEY }}" >> $GITHUB_ENV
echo "HAPPO_API_SECRET=${{ steps.parse_secrets.outputs.HAPPO_API_SECRET }}" >> $GITHUB_ENV
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: 18
- name: Install dependencies from cache
uses: toptal/davinci-github-actions/[email protected]
- name: Visual Tests
run: yarn happo:storybook
env:
HAPPO_PROJECT: Picasso/Storybook
HAPPO_API_KEY: ${{ env.HAPPO_API_KEY }}
HAPPO_API_SECRET: ${{ env.HAPPO_API_SECRET }}
integration-tests:
name: Integration Tests
uses: ./.github/workflows/davinci-integration-tests.yml
secrets:
IDENTITY_POOL: ${{ secrets.IDENTITY_POOL }}
SA_IDENTITY_POOL: ${{ secrets.SA_IDENTITY_POOL }}
deploy-docs:
if: ${{ github.event.pull_request.head.ref != 'changeset-release/master' }}
name: Deploy Picasso docs
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
needs: [build-docker-image]
steps:
- name: GSM Secrets
id: secrets_manager
uses: toptal/davinci-github-actions/[email protected]
with:
workload_identity_provider: ${{ secrets.IDENTITY_POOL }}
service_account: ${{ secrets.SA_IDENTITY_POOL }}
secrets_name: |-
HAPPO_API_KEY:toptal-ci/PICASSO_HAPPO_API_KEY
HAPPO_API_SECRET:toptal-ci/PICASSO_HAPPO_API_SECRET
NPM_TOKEN:toptal-ci/NPM_TOKEN
TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN
TOPTAL_TRIGGERBOT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_TOKEN
TOPTAL_TRIGGERBOT_USERNAME:toptal-ci/TOPTAL_TRIGGERBOT_USERNAME
JENKINS_URL:toptal-ci/JENKINS_URL
JENKINS_CLIENT_ID:toptal-ci/JENKINS_CLIENT_ID
JENKINS_SA_CREDENTIALS:toptal-ci/JENKINS_SA_CREDENTIALS
TOPTAL_REPOACCESSBOT_TOKEN:toptal-ci/TOPTAL_REPOACCESSBOT_TOKEN
- name: Parse secrets
id: parse_secrets
uses: toptal/davinci-github-actions/[email protected]
with:
json: ${{ steps.secrets_manager.outputs.secrets }}
- name: Set ENV Variables
run: |-
echo "TOPTAL_DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
echo "NPM_TOKEN=${{ steps.parse_secrets.outputs.NPM_TOKEN }}" >> $GITHUB_ENV
echo "HAPPO_API_KEY=${{ steps.parse_secrets.outputs.HAPPO_API_KEY }}" >> $GITHUB_ENV
echo "HAPPO_API_SECRET=${{ steps.parse_secrets.outputs.HAPPO_API_SECRET }}" >> $GITHUB_ENV
echo "JENKINS_USER=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}" >> $GITHUB_ENV
echo "JENKINS_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }}" >> $GITHUB_ENV
- name: Get toptal/actions
uses: actions/checkout@v4
with:
repository: toptal/actions
token: ${{ steps.parse_secrets.outputs.TOPTAL_REPOACCESSBOT_TOKEN }}
path: ./.github/actions/
- name: Replace toptal/actions/get-job-url@main from trigger-jenkins-job/action.yml
shell: bash
run: |
sed -i 's|toptal/actions/get-job-url@main|./.github/actions/get-job-url|' ./.github/actions/trigger-jenkins-job/action.yml
sed -i 's|toptal/actions/trigger-jenkins-job@main|./.github/actions/trigger-jenkins-job|' ./.github/actions/create-jira-deployment/action.yml
- name: Trigger doc deployment job
uses: ./.github/actions/trigger-jenkins-job/
env:
BRANCH: ${{ github.event.pull_request.head.ref }}
PR_ID: ${{ github.event.pull_request.number }}
with:
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_URL }}
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }}
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_CLIENT_ID }}
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
job_name: picasso-docs
job_params: |
{
"BRANCH": "${{ env.BRANCH }}",
"PR_ID": "${{ env.PR_ID }}"
}
job_timeout: "3600"
- name: Create Jira Deployment
uses: ./.github/actions/create-jira-deployment/
if: ${{ always() }}
with:
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_URL }}
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }}
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_CLIENT_ID }}
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
token: ${{ env.TOPTAL_DEVBOT_TOKEN }}
environment: staging
environment-url: ${{ steps.temploy.outputs.temployURL }}
transient-environment: false
auto-inactive: false