Skip to content

Update tfsec.yml

Update tfsec.yml #821

Workflow file for this run

name: DeployToNetlifyPRD
on:
workflow_dispatch:
push:
branches:
- master
env:
cache-version: v2
jobs:
create-cache:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18.12.1
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}"
- name: Cache
uses: actions/cache@v3
with:
path: |
~/.cache
${{ steps.yarn-cache-dir-path.outputs.dir }}
node_modules
key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }}
${{ runner.os }}-build-${{ env.cache-version }}-
- name: yarn install
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: yarn install --frozen-lockfile
test:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18.12.1
registry-url: https://npm.pkg.github.com/
scope: '@tubone24'
- uses: denoland/setup-deno@v1
with:
deno-version: 'v1.x'
- name: install noto font
run: |
sudo apt-get update
sudo apt-get install fonts-noto
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}"
- name: Cache
uses: actions/cache/restore@v3
with:
path: |
~/.cache
${{ steps.yarn-cache-dir-path.outputs.dir }}
node_modules
key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }}
${{ runner.os }}-build-${{ env.cache-version }}-
- name: yarn install
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: yarn install --frozen-lockfile
- name: Test
env:
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}}
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}}
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}}
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}}
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}}
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}}
GATSBY_GITHUB_SHA: ${{ github.sha }}
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}}
NETLIFY_ENV: deploy-preview
run: yarn test:cov
- name: Use Coveralls
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
path-to-lcov: ./coverage/lcov.info
flag-name: Unit
- name: Test E2E
env:
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}}
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}}
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}}
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}}
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}}
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}}
GATSBY_GITHUB_SHA: ${{ github.sha }}
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}}
NETLIFY_ENV: deploy-preview
run: yarn test:e2e:ci
# - name: Use Coveralls
# uses: coverallsapp/github-action@master
# with:
# github-token: ${{ secrets.GITHUB_TOKEN }}
# path-to-lcov: ./coverage-e2e/lcov.info
# flag-name: e2e
- name: Test Storybook Snapshot
env:
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}}
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}}
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}}
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}}
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}}
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}}
GATSBY_GITHUB_SHA: ${{ github.sha }}
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}}
NETLIFY_ENV: deploy-preview
run: yarn test:storybook
- uses: actions/upload-artifact@v3
with:
name: main.spec.ts.mp4
path: ./cypress/videos/main.cy.ts.mp4
- name: Upload video for screenshot branch
env:
FILE_PATH: ./cypress/videos/main.cy.ts.mp4
FILE_NAME: main.spec.ts.mp4
HEAD_REF: "master"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: "tubone24/blog"
GITHUB_PULL_REQUEST_NUMBER: ""
BRANCH_NAME: "screenshot"
run: deno run --allow-env --allow-read --allow-net scripts/uploadScreenShot.ts
- name: Upload Test Coverage
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./coverage
destination_dir: cov
keep_files: true
- name: Upload e2e Test Coverage
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./coverage-e2e/lcov-report
destination_dir: e2e-cov
keep_files: true
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18.12.1
registry-url: https://npm.pkg.github.com/
scope: '@tubone24'
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}"
- name: Cache
uses: actions/cache/restore@v3
with:
path: |
~/.cache
${{ steps.yarn-cache-dir-path.outputs.dir }}
node_modules
key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }}
${{ runner.os }}-build-${{ env.cache-version }}-
- name: yarn install
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: yarn install --frozen-lockfile
- name: Type check
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: yarn typecheck
- name: Code Lint Check
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: yarn format
- name: Style Lint Check
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: yarn format-style
- name: Yaml Lint Check
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: yarn format-yml
build:
runs-on: ubuntu-latest
needs: ['test', 'lint']
steps:
- name: Checkout source code
uses: actions/checkout@v3
- uses: chrnorm/deployment-action@v2
name: Create GitHub deployment
id: deployment-prod
with:
token: ${{ secrets.GITHUB_TOKEN }}
environment: production
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18.12.1
registry-url: https://npm.pkg.github.com/
scope: '@tubone24'
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}"
- name: Cache
uses: actions/cache/restore@v3
with:
path: |
~/.cache
${{ steps.yarn-cache-dir-path.outputs.dir }}
node_modules
key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }}
${{ runner.os }}-build-${{ env.cache-version }}-
- name: yarn install
env:
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}}
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}}
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}}
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}}
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}}
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}}
GATSBY_GITHUB_SHA: ${{ github.sha }}
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}}
NETLIFY_ENV: production
PERCY_TOKEN: ${{secrets.PERCY_TOKEN}}
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: yarn install --frozen-lockfile
- name: yarn build
env:
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}}
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}}
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}}
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}}
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}}
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}}
GATSBY_GITHUB_SHA: ${{ github.sha }}
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}}
NETLIFY_ENV: production
PERCY_TOKEN: ${{secrets.PERCY_TOKEN}}
run: yarn build:nocache
- name: Push Bundle Analyze
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./public/webpack-bundle-analyser/
destination_dir: ba
keep_files: true
- name: Remove Bundle Analyze
run: rm ./public/webpack-bundle-analyser/index.html
- name: Deploy to netlify
run: npx netlify-cli deploy --prod --dir=./public --functions=./functions/src
env:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
- uses: chrnorm/deployment-status@v2
if: success()
name: Create GitHub deploy (Success)
with:
token: ${{ secrets.GITHUB_TOKEN }}
environment: production
environment-url: "https://blog.tubone-project24.xyz"
deployment-id: ${{ steps.deployment-prod.outputs.deployment_id }}
state: "success"
- uses: chrnorm/deployment-status@v2
if: failure()
name: Create GitHub deploy (Failure)
with:
token: ${{ secrets.GITHUB_TOKEN }}
environment: production
environment-url: "https://blog.tubone-project24.xyz"
deployment-id: ${{ steps.deployment-prod.outputs.deployment_id }}
state: "failure"
- name: Sentry Release
uses: getsentry/[email protected]
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }}
SENTRY_ORG: tubone-project24
SENTRY_PROJECT: blog
with:
environment: production
version: tubone-boyaki@${{ github.sha }}
sourcemaps: "./public"
storybook:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v3
- uses: chrnorm/deployment-action@v2
name: Create GitHub deployment
id: deployment-prod-storybook
with:
token: ${{ secrets.GITHUB_TOKEN }}
environment: production-storybook
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}"
- name: Cache
uses: actions/cache/restore@v3
with:
path: |
~/.cache
${{ steps.yarn-cache-dir-path.outputs.dir }}
node_modules
key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }}
${{ runner.os }}-build-${{ env.cache-version }}-
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18.12.1
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: yarn build
env:
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}}
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}}
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}}
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}}
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}}
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}}
GATSBY_GITHUB_SHA: ${{ github.sha }}
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}}
NETLIFY_ENV: deploy-preview
run: yarn build
- name: build storybook
run: yarn build-storybook
env:
STORYBOOK_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}}
STORYBOOK_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}}
STORYBOOK_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}}
GATSBY_GITHUB_SHA: ${{ github.sha }}
NETLIFY_ENV: deploy-preview
- name: Deploy to netlify
run: npx netlify-cli deploy --prod --dir=./storybook-static
env:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_STORYBOOK_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_STORYBOOK_SITE_ID }}
- uses: chrnorm/deployment-status@v2
if: success()
name: Create GitHub deploy (Success)
with:
token: ${{ secrets.GITHUB_TOKEN }}
environment: production-storybook
environment-url: "https://blog-storybook.netlify.app"
deployment-id: ${{ steps.deployment-prod-storybook.outputs.deployment_id }}
state: "success"
- uses: chrnorm/deployment-status@v2
if: failure()
name: Create GitHub deploy (Failure)
with:
token: ${{ secrets.GITHUB_TOKEN }}
environment: production-storybook
environment-url: "https://blog-storybook.netlify.app"
deployment-id: ${{ steps.deployment-prod-storybook.outputs.deployment_id }}
state: "failure"
lighthouse:
runs-on: macos-latest
needs: ['build']
steps:
- uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18.12.1
registry-url: https://npm.pkg.github.com/
scope: '@tubone24'
- name: Install lighthouse
run: sudo npm i -g lighthouse
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: make public dir
run: mkdir -p ./public
- name: Run lighthouse
run: |
lighthouse \
--chrome-flags="--headless" \
--output html --output-path /tmp/report.html \
'https://blog.tubone-project24.xyz'
cp /tmp/report.html ./public/report.html
- name: Deploy
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./public
destination_dir: lh
keep_files: true
webscreenshot:
needs:
- build
strategy:
matrix:
os: [ubuntu-latest]
width: [1920, 1200, 768, 400]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: denoland/setup-deno@v1
with:
deno-version: 'v1.x'
- name: install noto font
run: |
sudo apt-get update
sudo apt-get install fonts-noto
- name: Capture Webpage Screenshot
uses: swinton/[email protected]
with:
source: "https://blog.tubone-project24.xyz"
destination: screenshot-${{ matrix.os }}-${{ matrix.width }}.png
width: ${{ matrix.width }}
delay: 10
- uses: actions/download-artifact@v3
with:
name: screenshot-${{ matrix.os }}-${{ matrix.width }}
- name: Upload screenshot to screenshot branch
env:
FILE_PATH: screenshot-${{ matrix.os }}-${{ matrix.width }}.png
FILE_NAME: screenshot-${{ matrix.os }}-${{ matrix.width }}.png
HEAD_REF: "master"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: "tubone24/blog"
GITHUB_PULL_REQUEST_NUMBER: ""
BRANCH_NAME: "screenshot"
run: deno run --allow-env --allow-read --allow-net scripts/uploadScreenShot.ts