-
Notifications
You must be signed in to change notification settings - Fork 126
344 lines (284 loc) · 11.3 KB
/
pull-request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
name: Pull Request
on:
pull_request:
types: [ready_for_review, synchronize, reopened, opened]
env:
BOT_NAME: va-vfs-bot
PR_NUMBER: ${{ github.event.number }}
jobs:
fetch-unit-tests-allow-list:
name: Fetch Unit Test Stability Allow List
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Configure AWS credentials
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
- name: Get va-vsp-bot token
uses: ./.github/workflows/inject-secrets
with:
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
- name: Init Dashboard Data Repo
uses: ./.github/workflows/init-data-repo
- name: Set Up BigQuery Creds
uses: ./.github/workflows/configure-bigquery
- name: Fetch Unit Test Stability Allow List
run: yarn get-allow-list
working-directory: qa-standards-dashboard-data
env:
TEST_TYPE: unit_test
- name: Archive Unit Test Stability Allow List
if: ${{ always() }}
uses: ./.github/workflows/upload-artifact
with:
name: unit-test-allow-list
path: qa-standards-dashboard-data/unit_test_allow_list.json
check-cross-app-imports:
name: Check Cross App Imports
needs: [fetch-unit-tests-allow-list]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
with:
fetch-depth: 0
- name: Install dependencies
uses: ./.github/workflows/install
timeout-minutes: 30
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: .cache/yarn
path: |
.cache/yarn
node_modules
- name: Get changed apps
id: get-changed-apps
continue-on-error: true
uses: ./.github/workflows/get-changed-apps
with:
delimiter: ','
output-type: 'entry_name, url'
- name: Download Unit Test Stability Allow List
uses: ./.github/workflows/download-artifact
with:
name: unit-test-allow-list
path: .
- name: Check for cross app imports in allowlist apps
run: yarn check-app-imports --fail-on-cross-app-import
env:
TEST_TYPE: unit_test
- name: Upload cross app import artifact
uses: ./.github/workflows/upload-artifact
with:
name: cross-app-import-report
path: ./tmp/cross-app-imports.json
- name: Check for apps in changed files that are not isolated
run: node script/github-actions/annotate-non-isolated-apps.js
env:
CHANGED_FILES: ${{ steps.get-changed-apps.outputs.changed_files }}
- name: Create isolation annotations file
if: ${{ env.ISOLATION_ANNOTATIONS_JSON != '[]' }}
run: |
echo "$ISOLATION_ANNOTATIONS_JSON" > isolation-annotations.json
cat isolation-annotations.json
- name: Annotate files that belong to apps not isolated
if: ${{ env.ISOLATION_ANNOTATIONS_JSON != '[]' }}
uses: ./.github/workflows/annotations
with:
token: ${{ secrets.GITHUB_TOKEN }}
check_title: 'App Isolation Annotations'
input_json: './isolation-annotations.json'
eslint-disable-check:
name: ESLint Disable Check
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.draft == false }}
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Get Node version
id: get-node-version
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }}
- name: Configure AWS credentials
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
- name: Get bot token from Parameter Store
uses: ./.github/workflows/inject-secrets
with:
ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN
env_variable_name: GITHUB_TOKEN
- name: Install dependencies
uses: ./.github/workflows/install
timeout-minutes: 30
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: .cache/yarn
path: |
.cache/yarn
node_modules
- name: Run PR check script
run: yarn pr-check
env:
CODE_PATTERN: (/* eslint-disable)|(// eslint-disable)
LINE_COMMENT: ESLint disabled here
OVERALL_REVIEW_COMMENT: >
# ESLint is disabled
`vets-website` uses ESLint to help enforce code quality. In most
situations we would like ESLint to remain enabled.
## What you can do
See if the code can be refactored to avoid disabling ESLint, or wait for
a VSP review.
icon-check:
name: Icon Check
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.draft == false }}
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Get Node version
id: get-node-version
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }}
- name: Configure AWS credentials
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
- name: Get bot token from Parameter Store
uses: ./.github/workflows/inject-secrets
with:
ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN
env_variable_name: GITHUB_TOKEN
- name: Install dependencies
uses: ./.github/workflows/install
timeout-minutes: 30
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: .cache/yarn
path: |
.cache/yarn
node_modules
- name: Run PR check script
run: yarn pr-check
env:
CODE_PATTERN: (<i )|(<i$)|(<va-icon)
LINE_COMMENT: icon found
OVERALL_REVIEW_COMMENT: >
# Icon found
Icons can be decorative, but sometimes they are used to convey meaning.
If there are any semantics associated with an icon, those semantics
should also be conveyed to a screen reader.
## What you can do
Review the markup and see if the icon provides information that isn't
represented textually, or wait for a VSP review.
## Note:
Font Awesome is deprecated. Please use va-icon instead. For more information, visit the migration documentation: [Migrate from font awesome to va-icon](https://design.va.gov/about/developers/using-web-components#how-to-migrate-from-font-awesome-to-va-icon)
sentry-check:
name: Sentry Check
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.draft == false }}
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Get Node version
id: get-node-version
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }}
- name: Configure AWS credentials
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
- name: Get bot token from Parameter Store
uses: ./.github/workflows/inject-secrets
with:
ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN
env_variable_name: GITHUB_TOKEN
- name: Install dependencies
uses: ./.github/workflows/install
timeout-minutes: 30
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: .cache/yarn
path: |
.cache/yarn
node_modules
- name: Run PR check script
run: yarn pr-check
env:
CODE_PATTERN: Sentry\.
LINE_COMMENT: Sentry found
OVERALL_REVIEW_COMMENT: >
# Sentry call found
Sentry captures a lot of data, and we want to make sure that we only
keep information that will be useful for troubleshooting issues. This
means that PII should not be recorded.
## What you can do
Review your call to Sentry and see if you can reasonably reduce any
information that is included, or wait for a VSP review.
linting:
name: Linting (Files Changed)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
with:
fetch-depth: 0
- name: Get Node version
id: get-node-version
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }}
- name: Install dependencies
uses: ./.github/workflows/install
timeout-minutes: 30
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: .cache/yarn
path: |
.cache/yarn
node_modules
- name: Get changed files
id: get-files-changed
continue-on-error: true
uses: ./.github/workflows/get-changed-apps
with:
delimiter: ','
output-type: 'entry_name, url'
- name: Filter files
id: get-lint-files
run: node ./script/github-actions/filter-files-changed.js
env:
CHANGED_FILE_PATHS: ${{ steps.get-files-changed.outputs.changed_files }}
- name: Annotate ESLint results for all files if eslint config has been modified
if: contains(steps.get-files-changed.outputs.files, '.eslintrc.js')
run: yarn run eslint --ext .js --ext .jsx --no-error-on-unmatched-pattern --format ./script/github-actions/eslint-annotation-format.js .
- name: Annotate ESLint results for modified files
run: yarn run eslint -c ./.eslintrc.changed.js --ext .js --ext .jsx --no-error-on-unmatched-pattern --format ./script/github-actions/eslint-annotation-format.js ${{ steps.get-lint-files.outputs.JSFILES }}
- name: Run Stylelint
if: ${{ always() && steps.get-lint-files.outputs.SCSSFILES != '' }}
run: yarn run stylelint verbose --output-file stylelint-report.json --formatter json ${{ steps.get-lint-files.outputs.SCSSFILES }}
- name: Annotate Stylelint results
if: ${{ always() }}
run: node ./script/github-actions/stylelint-annotation-format.js