Skip to content
CI

Add realm authentication that supports workers for private realms #9061

Sign in to view logs

Add realm authentication that supports workers for private realms

Add realm authentication that supports workers for private realms #9061

Workflow file for this run

.github/workflows/ci.yaml at c3d2878
name: CI
on:
push:
branches: [main]
pull_request:
workflow_dispatch:
permissions:
checks: write
contents: read
id-token: write
pull-requests: write
jobs:
ai-bot-test:
name: AI bot Tests
runs-on: ubuntu-latest
concurrency:
group: ai-bot-test-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/init
- name: AI Bot test suite
run: pnpm test
working-directory: packages/ai-bot
boxel-motion-test:
name: Boxel Motion Tests
runs-on: ubuntu-latest
concurrency:
group: boxel-motion-test-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/init
- name: Build boxel-motion
run: pnpm build
working-directory: packages/boxel-motion/addon
- name: Run test suite
run: pnpm test
working-directory: packages/boxel-motion/test-app
boxel-ui-test:
name: Boxel UI Tests
runs-on: ubuntu-latest
concurrency:
group: boxel-ui-test-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/init
- name: Build boxel-ui
run: pnpm build
working-directory: packages/boxel-ui/addon
- name: Run test suite
run: pnpm test
working-directory: packages/boxel-ui/test-app
boxel-ui-raw-icon-changes-only:
name: Boxel UI ensure raw icon changes only
runs-on: ubuntu-latest
concurrency:
group: boxel-ui-raw-icon-changes-only-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/init
- name: Rebuild boxel-ui icons
run: pnpm rebuild:icons
working-directory: packages/boxel-ui/addon
- name: Fail if generated icons have been changed without underlying raw icon changing
run: git diff --exit-code
matrix-client-test:
name: Matrix Client Tests
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
shardIndex: [1, 2, 3, 4, 5, 6]
shardTotal: [6]
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/init
- name: Install Playwright Browsers
run: pnpm exec playwright install --with-deps
working-directory: packages/matrix
- name: Build boxel-ui
run: pnpm build
working-directory: packages/boxel-ui/addon
- name: Build boxel-motion
run: pnpm build
working-directory: packages/boxel-motion/addon
- name: Start host to serve assets for fastboot
run: pnpm start &
env:
NODE_OPTIONS: --max_old_space_size=4096
working-directory: packages/host
- name: Wait for ember-cli to be ready
run: pnpm npx wait-for-localhost 4200
working-directory: packages/host
- name: Start realm servers
run: pnpm start:without-matrix &> /tmp/server.log &
working-directory: packages/realm-server
- name: Run Playwright tests
run: pnpm test:group ${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
working-directory: packages/matrix
- name: Upload realm server log
uses: actions/upload-artifact@v4
if: always()
with:
name: realm-server-log-${{ matrix.shardIndex }}
path: /tmp/server.log
retention-days: 30
- name: Upload blob report to GitHub Actions Artifacts
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: blob-report-${{ matrix.shardIndex }}
path: packages/matrix/blob-report
retention-days: 1
- name: Upload Playwright traces
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v4
with:
name: playwright-traces-${{ matrix.shardIndex }}
path: packages/matrix/test-results/**/trace.zip
retention-days: 30
if-no-files-found: ignore
matrix-client-merge-reports-and-publish:
name: Merge Matrix reports and publish
if: always()
needs: matrix-client-test
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
checks: write
statuses: write
outputs:
timestamp: ${{ steps.timestampid.outputs.timestamp }}
steps:
- name: Create a timestamp as a directory to store reports in
id: timestampid
run: echo "timestamp=$(date --utc +%Y%m%d_%H%M%SZ)" >> "$GITHUB_OUTPUT"
- uses: actions/checkout@v4
- uses: ./.github/actions/init
- name: Download blob reports from GitHub Actions Artifacts
uses: actions/download-artifact@v4
with:
path: all-blob-reports
pattern: blob-report-*
merge-multiple: true
- name: Merge blobs into one single report
run: pnpm exec playwright merge-reports --reporter html ./all-blob-reports
- name: Upload HTML report
uses: actions/upload-artifact@v4
with:
name: html-report--attempt-${{ github.run_attempt }}
path: playwright-report
retention-days: 14
- name: Set up env
env:
INPUT_ENVIRONMENT: ${{ inputs.environment }}
run: |
echo "AWS_REGION=us-east-1" >> $GITHUB_ENV
echo "AWS_ROLE_ARN=arn:aws:iam::680542703984:role/boxel-matrix-playwright-reports" >> $GITHUB_ENV
echo "AWS_S3_BUCKET=cardstack-boxel-matrix-playwright-reports-staging" >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: us-east-1
- name: Publish consolidated report to S3
run: aws s3 sync ./playwright-report s3://cardstack-boxel-matrix-playwright-reports-staging/${{ github.head_ref || github.ref_name }}/${{ steps.timestampid.outputs.timestamp }}
- name: Store Playwright report URL
shell: bash
run: echo "PLAYWRIGHT_REPORT_URL=https://boxel-matrix-playwright-reports.stack.cards/${{ github.head_ref || github.ref_name }}/${{ steps.timestampid.outputs.timestamp }}/index.html" >> $GITHUB_ENV
- name: Add status with link to Playwright report
shell: bash
env:
GITHUB_TOKEN: ${{ github.token }}
REPOSITORY: ${{ github.repository }}
HEAD_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
run: |
curl \
-X POST \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
https://github.com/gitapi/repos/$REPOSITORY/statuses/$HEAD_SHA \
-d '{"context":"Matrix Playwright tests report","description":"","target_url":"'"$PLAYWRIGHT_REPORT_URL"'","state":"success"}'
realm-server-test:
name: Realm Server Tests
runs-on: ubuntu-latest
concurrency:
group: realm-server-test-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/init
- name: Build boxel-ui
run: pnpm build
working-directory: packages/boxel-ui/addon
- name: Start host to serve assets for fastboot
run: pnpm start &
env:
NODE_OPTIONS: --max_old_space_size=4096
working-directory: packages/host
- name: Wait for ember-cli to be ready
run: pnpm npx wait-for-localhost 4200
working-directory: packages/realm-server
- name: Start realm servers
run: pnpm start:all &> /tmp/server.log &
working-directory: packages/realm-server
- name: create realm users
run: pnpm register-realm-users
working-directory: packages/matrix
- name: realm server test suite
run: pnpm test:wait-for-servers
working-directory: packages/realm-server
- name: Upload realm server log
uses: actions/upload-artifact@v4
if: always()
with:
name: realm-server-log
path: /tmp/server.log
retention-days: 30
change-check:
name: Check which packages changed
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
outputs:
boxel: ${{ steps.filter.outputs.boxel }}
ai-bot: ${{ steps.filter.outputs.ai-bot }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
boxel:
- '.github/workflows/build-host.yml'
- '.github/workflows/deploy-host.yml'
- '.github/workflows/manual-deploy.yml'
- '.github/workflows/ci.yaml'
- 'packages/ai-bot/**'
- 'packages/base/**'
- 'packages/boxel-ui/**'
- 'packages/host/**'
- 'packages/realm-server/**'
- 'packages/runtime-common/**'
- 'pnpm-lock.yaml'
deploy:
name: Deploy boxel to staging
if: ${{ needs.change-check.outputs.boxel == 'true' }}
needs:
- change-check
- ai-bot-test
- boxel-ui-test
- realm-server-test
uses: ./.github/workflows/manual-deploy.yml
secrets: inherit
with:
environment: "staging"