mirror of
https://github.com/PrivateCaptcha/PrivateCaptcha.git
synced 2026-02-20 05:29:07 -06:00
201 lines
5.3 KiB
YAML
201 lines
5.3 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- '**'
|
|
paths-ignore:
|
|
- 'docs/**'
|
|
- '**.md'
|
|
- '**/.*.yml'
|
|
- '.vscode/**'
|
|
- '.devcontainer/**'
|
|
- 'docker-compose.yml'
|
|
- 'Dockerfile'
|
|
tags-ignore:
|
|
- '*'
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
branches:
|
|
- main
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
tests:
|
|
runs-on: ubuntu-latest
|
|
|
|
# Service containers to run with `build`
|
|
services:
|
|
# Label used to access the service container
|
|
postgres:
|
|
# Docker Hub image
|
|
image: postgres
|
|
# Provide the password for postgres
|
|
env:
|
|
POSTGRES_DB: privatecaptcha
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
# Set health checks to wait until postgres has started
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
ports:
|
|
# Maps tcp port 5432 on service container to the host
|
|
- 5432:5432
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
###############
|
|
## Build web ##
|
|
###############
|
|
- name: Use Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '22.x'
|
|
|
|
- name: Install portal NPM dependencies
|
|
run: npm ci
|
|
working-directory: ./web
|
|
|
|
- name: Install widget NPM dependencies
|
|
run: npm ci
|
|
working-directory: ./widget
|
|
|
|
- name: Build web
|
|
env:
|
|
STAGE: prod
|
|
run: make build-js
|
|
|
|
- name: Build widget script
|
|
env:
|
|
STAGE: prod
|
|
run: make build-widget-script
|
|
|
|
- name: Copy static js
|
|
run: make copy-static-js
|
|
|
|
##############
|
|
## Build Go ##
|
|
##############
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.25.3'
|
|
|
|
- name: Build all targets
|
|
run: make build
|
|
|
|
- name: Unit Tests
|
|
run: make test-unit-cover
|
|
|
|
- name: Cache unit coverage report
|
|
uses: actions/cache/save@v4
|
|
with:
|
|
path: coverage_unit.cov
|
|
key: unit-coverage-${{ github.run_id }}
|
|
|
|
- name: Build tests
|
|
run: make build-tests-ee
|
|
|
|
- name: Init Postgres
|
|
run: psql -f pkg/db/migrations/init/postgres.sql "postgres://postgres:postgres@localhost:5432/privatecaptcha?options=--search_path%3Dpublic"
|
|
|
|
- name: Run ClickHouse
|
|
run: ./docker/run-clickhouse.sh
|
|
|
|
- name: Migrate Databases Up
|
|
env:
|
|
PC_POSTGRES: postgres://postgres:postgres@localhost:5432/privatecaptcha?search_path=public
|
|
PC_CLICKHOUSE_HOST: localhost
|
|
PC_CLICKHOUSE_DB: privatecaptcha
|
|
PC_CLICKHOUSE_USER: default
|
|
PC_DOMAIN: privatecaptcha.local
|
|
PC_VERBOSE: 1
|
|
run: ./bin/server -mode migrate -migrate-hash $GITHUB_SHA
|
|
|
|
- name: Set up sqlc
|
|
uses: sqlc-dev/setup-sqlc@v4
|
|
with:
|
|
sqlc-version: '1.27.0'
|
|
|
|
- name: Vet Postgres queries
|
|
env:
|
|
PC_POSTGRES: postgres://captchasrv:QMS0fJmTHS8Gzq@localhost:5432/privatecaptcha?search_path=backend
|
|
run: |
|
|
make vet-sqlc
|
|
|
|
- name: Integration Tests
|
|
env:
|
|
PC_POSTGRES: postgres://captchasrv:QMS0fJmTHS8Gzq@localhost:5432/privatecaptcha?search_path=backend
|
|
PC_CLICKHOUSE_HOST: localhost
|
|
PC_CLICKHOUSE_DB: privatecaptcha
|
|
PC_CLICKHOUSE_USER: captchasrv
|
|
PC_CLICKHOUSE_PASSWORD: uwnhNn4YW01
|
|
PC_USER_FINGERPRINT_KEY: ea3ad6863f0ba598c01bb561eda18c24fa72b75629baed833fb92a7fde29a5dd3ce1cbd466e5c0a2762034b43127bb11a4dd86f1c8ea3c24ea70da21f5b2201c
|
|
PC_RATE_LIMIT_HEADER: X-REAL-IP
|
|
run: ./docker/run-tests.sh
|
|
|
|
- name: Cache integration coverage report
|
|
uses: actions/cache/save@v4
|
|
if: success() # Only cache if tests succeeded and file is presumably complete
|
|
with:
|
|
path: coverage_reports
|
|
key: integration-coverage-${{ github.run_id }}
|
|
|
|
- name: Migrate Databases Down
|
|
env:
|
|
PC_POSTGRES: postgres://postgres:postgres@localhost:5432/privatecaptcha?search_path=public
|
|
PC_CLICKHOUSE_HOST: localhost
|
|
PC_CLICKHOUSE_DB: privatecaptcha
|
|
PC_CLICKHOUSE_USER: default
|
|
PC_DOMAIN: privatecaptcha.local
|
|
PC_VERBOSE: 1
|
|
run: ./bin/server -mode rollback -migrate-hash $GITHUB_SHA
|
|
|
|
- name: Generate checksum
|
|
run: |
|
|
sha256sum bin/server > bin/server.sha256sum
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: privatecaptcha
|
|
path: |
|
|
bin/server
|
|
bin/server.sha256sum
|
|
retention-days: 7
|
|
|
|
sonarqube:
|
|
name: SonarQube Scan
|
|
runs-on: ubuntu-latest
|
|
needs: tests
|
|
if: success()
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Restore unit coverage report
|
|
uses: actions/cache/restore@v4
|
|
with:
|
|
path: coverage_unit.cov
|
|
key: unit-coverage-${{ github.run_id }}
|
|
fail-on-cache-miss: true
|
|
|
|
- name: Restore integration coverage report
|
|
uses: actions/cache/restore@v4
|
|
with:
|
|
path: coverage_reports
|
|
key: integration-coverage-${{ github.run_id }}
|
|
fail-on-cache-miss: true
|
|
|
|
- name: SonarQube Scan
|
|
uses: SonarSource/sonarqube-scan-action@v6
|
|
env:
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|