Skip to content
health_checks

Changeset push check #2656

Sign in to view logs

Changeset push check

Changeset push check #2656

Workflow file for this run

.github/workflows/health_checks.yml at 1650e88
name: health_checks
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
jobs:
install:
strategy:
matrix:
# Windows install must happen on the same worker size as subsequent jobs.
# Larger workers use different drive (C: instead of D:) to check out project and NPM installation
# creates file system links that include drive letter.
os: [ubuntu-latest, macos-latest, amplify-backend_windows-latest_8-core]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/install_with_cache
build:
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/build_with_cache
test_with_coverage:
needs:
- build
strategy:
matrix:
os: [ubuntu-latest, macos-latest, amplify-backend_windows-latest_8-core]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: npm run set-script-shell
- run: npm run test:coverage:threshold
do_include_e2e:
runs-on: ubuntu-latest
permissions:
# This is required so that the step can read the labels on the pull request
pull-requests: read
env:
# The gh cli expects the token at this environment variable
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
run_e2e: ${{ steps.check.outputs.run_e2e }}
steps:
# if this workflow is running on a push (ie merge to main), then e2e tests always run
# if this workflow is triggered manually, then e2e tests always run
# if the workflow is running on a pull request, we perform an additional check for the run-e2e label
# this is not a security measure (that is already handled by the pull_request event behavior) but rather a way for PR authors to easily check e2e test results if they wish
# the reason it doesn't run all the time is because it will always fail for external contributor PRs (they don't have access to repo secrets) and we don't want to waste resources running e2e on every PR commit
- name: Check event is push to main or pull request has run-e2e label
id: check
run: |
if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'workflow_dispatch' ]] || gh api /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }} | jq -r '.labels[].name' | grep run-e2e --quiet; then
echo setting run_e2e to true;
echo "run_e2e=true" >> "$GITHUB_OUTPUT";
else
echo setting run_e2e to false;
echo "run_e2e=false" >> "$GITHUB_OUTPUT";
fi
run_e2e_tests:
if: needs.do_include_e2e.outputs.run_e2e == 'true'
strategy:
# will finish running other test matrices even if one fails
fail-fast: false
matrix:
os:
[
amplify-backend_ubuntu-latest_4-core,
macos-latest-xl,
amplify-backend_windows-latest_8-core,
]
runs-on: ${{ matrix.os }}
timeout-minutes: 25
needs:
- do_include_e2e
- build
permissions:
# these permissions are required for the configure-aws-credentials action to get a JWT from GitHub
id-token: write
contents: read
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: cd packages/cli && npm link
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # version 3.0.1
with:
role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }}
aws-region: us-west-2
- name: Run E2E tests
run: npm run e2e
lint:
runs-on: ubuntu-latest
needs:
- build
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: npm run lint
check_dependencies:
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- run: npm run check:dependencies
check_tsconfig_refs:
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- run: npm run check:tsconfig-refs
check_api_extract:
runs-on: ubuntu-latest
needs:
- build
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: npm run check:api
docs_build_and_publish:
runs-on: ubuntu-latest
needs:
- build
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- run: npm run docs
- if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # version 3.9.3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs
publish_branch: docs
check_pr_size:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- run: git fetch origin
- run: npm run diff:check ${{ github.event.pull_request.base.sha }}
check_pr_has_changeset:
if: github.event_name == 'pull_request' && github.event.pull_request.user.login != 'github-actions[bot]'
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
with:
# fetch full history so that changeset can properly compute divergence point
fetch-depth: 0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- run: npx changeset status --since origin/main
check_package_versions:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
needs:
- install
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_install_cache
- run: npm run check:package-versions
update_or_publish_versions:
if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
needs:
- build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- uses: ./.github/actions/setup_node
- uses: ./.github/actions/restore_build_cache
- name: Create release pull request or publish to npm
uses: changesets/action@f13b1baaa620fde937751f5d2c3572b9da32af23 # version 1.4.5
with:
publish: npm run publish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
codeql:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
with:
# Minimal depth 2 so we can checkout the commit before possible merge commit.
fetch-depth: 2
- name: Initialize CodeQL
uses: github/codeql-action/init@e4262713b504983e61c7728f5452be240d9385a7 # version 2.14.3
with:
languages: javascript
queries: +security-and-quality
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@e4262713b504983e61c7728f5452be240d9385a7 # version 2.14.3
with:
category: /language:javascript