fix: update CA certificates with ISRG Root X2 #180
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CI/CD" | |
| on: [push] | |
| env: | |
| CI: "true" | |
| SIMPLECOV: "true" | |
| RSPEC_FORMAT: "documentation" | |
| RUBY_VERSION: 3.0.6 | |
| RAILS_ENV: test | |
| NODE_VERSION: 16.9.1 | |
| RUBYOPT: '-W:no-deprecated' | |
| # Set locales available for i18n tasks | |
| ENFORCED_LOCALES: "en,fr" | |
| AVAILABLE_LOCALES: "en,fr" | |
| jobs: | |
| todo: | |
| name: TODO | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: "TODO to Issue" | |
| uses: "alstr/todo-to-issue-action@v4" | |
| lint: | |
| name: Lint code | |
| runs-on: ubuntu-latest | |
| if: "!startsWith(github.head_ref, 'chore/l10n')" | |
| timeout-minutes: 60 | |
| steps: | |
| - uses: rokroskar/workflow-run-cleanup-action@v0.3.0 | |
| if: "github.ref != 'refs/heads/develop'" | |
| env: | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| - uses: OpenSourcePolitics/lint-action@master | |
| with: | |
| ruby_version: ${{ env.RUBY_VERSION }} | |
| node_version: ${{ env.NODE_VERSION }} | |
| tests: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| slice: [ "0-2", "1-2" ] | |
| name: Tests | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:11 | |
| ports: ["5432:5432"] | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| env: | |
| DATABASE_USERNAME: postgres | |
| DATABASE_PASSWORD: postgres | |
| DATABASE_HOST: localhost | |
| steps: | |
| - uses: rokroskar/workflow-run-cleanup-action@v0.2.2 | |
| if: "github.ref != 'refs/heads/master' || github.ref != 'refs/heads/develop'" | |
| env: | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: ${{ env.RUBY_VERSION }} | |
| bundler-cache: true | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Install dependencies | |
| run: yarn install --prefer-offline --frozen-lockfile | |
| - name: Create db | |
| run: | | |
| bundle exec rails parallel:create parallel:migrate | |
| - name: Register cache hash | |
| id: cache-hash | |
| run: | | |
| echo "::set-output name=hash::$(bundle exec rake test:assets_hash)" | |
| - uses: OpenSourcePolitics/cache-precompile-action@master | |
| with: | |
| key: asset-cache-${{ runner.os }}-${{ steps.cache-hash.outputs.hash }} | |
| - run: mkdir -p ./spec/tmp/screenshots | |
| name: Create the screenshots folder | |
| - uses: nanasess/setup-chromedriver@v2 | |
| - run: bundle exec rake "test:run[exclude, spec/system/**/*_spec.rb, ${{ matrix.slice }}]" | |
| name: RSpec | |
| - run: ./.github/upload_coverage.sh decidim-app $GITHUB_EVENT_PATH | |
| name: Upload coverage | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: screenshots | |
| path: ./spec/tmp/screenshots | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: assets-manifest-${{ matrix.slice }} | |
| path: ./tmp/assets_manifest.json | |
| system_tests: | |
| strategy: | |
| matrix: | |
| slice: [ "0-4", "1-4", "2-4", "3-4" ] | |
| name: System tests | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:11 | |
| ports: ["5432:5432"] | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| env: | |
| DATABASE_USERNAME: postgres | |
| DATABASE_PASSWORD: postgres | |
| DATABASE_HOST: localhost | |
| steps: | |
| - uses: rokroskar/workflow-run-cleanup-action@v0.2.2 | |
| if: "github.ref != 'refs/heads/master' || github.ref != 'refs/heads/develop'" | |
| env: | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: ${{ env.RUBY_VERSION }} | |
| bundler-cache: true | |
| - run: | | |
| sudo apt update | |
| sudo apt install libu2f-udev imagemagick | |
| name: install libu2f-udev & imagemagick | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Install dependencies | |
| run: yarn install --prefer-offline --frozen-lockfile | |
| - name: Create db | |
| run: | | |
| bundle exec rails parallel:create parallel:migrate | |
| - name: Register cache hash | |
| id: cache-hash | |
| run: | | |
| echo "::set-output name=hash::$(bundle exec rake test:assets_hash)" | |
| - uses: OpenSourcePolitics/cache-precompile-action@master | |
| with: | |
| key: asset-cache-${{ runner.os }}-${{ steps.cache-hash.outputs.hash }} | |
| - run: mkdir -p ./spec/tmp/screenshots | |
| name: Create the screenshots folder | |
| - uses: nanasess/setup-chromedriver@v2 | |
| - run: bundle exec rake "test:run[include, spec/system/**/*_spec.rb, ${{ matrix.slice }}]" | |
| name: RSpec | |
| - run: ./.github/upload_coverage.sh decidim-app $GITHUB_EVENT_PATH | |
| name: Upload coverage | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: screenshots | |
| path: ./spec/tmp/screenshots | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: assets-manifest-${{ matrix.slice }} | |
| path: ./tmp/assets_manifest.json | |
| test_build: | |
| name: Test build docker image | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:11 | |
| ports: [ "5432:5432" ] | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| env: | |
| DATABASE_USERNAME: postgres | |
| DATABASE_PASSWORD: postgres | |
| DATABASE_HOST: host.docker.internal | |
| steps: | |
| - uses: OpenSourcePolitics/build-and-test-images-action@master | |
| with: | |
| registry: ${{ vars.REGISTRY_ENDPOINT }} | |
| namespace: ${{ vars.REGISTRY_NAMESPACE }} | |
| image_name: ${{ vars.IMAGE_NAME }} | |
| tag: ${{ github.ref }} | |
| password: ${{ secrets.TOKEN }} | |
| database_username: ${{ env.DATABASE_USERNAME }} | |
| database_password: ${{ env.DATABASE_PASSWORD }} | |
| database_host: ${{ env.DATABASE_HOST }} | |
| build_and_push_image_dev: | |
| name: Build and push image to Registry | |
| if: "github.ref == 'refs/heads/develop'" | |
| needs: [lint, tests, system_tests, test_build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: OpenSourcePolitics/build-and-push-images-action@master | |
| with: | |
| registry: ${{ vars.REGISTRY_ENDPOINT }} | |
| namespace: ${{ vars.REGISTRY_NAMESPACE }} | |
| password: ${{ secrets.TOKEN }} | |
| image_name: ${{ vars.IMAGE_NAME }} | |
| tag: "develop" | |
| generate_release: | |
| name: Generate release | |
| needs: [lint, tests, system_tests, test_build] | |
| if: "github.ref == 'refs/heads/master'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: mathieudutour/github-tag-action@v6.1 | |
| name: Bump version and push tag | |
| id: tag_version | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: ncipollo/release-action@v1 | |
| name: Create a GitHub release | |
| with: | |
| generateReleaseNotes: true | |
| tag: ${{ steps.tag_version.outputs.new_tag }} | |
| name: Release ${{ steps.tag_version.outputs.new_tag }} | |
| body: ${{ steps.tag_version.outputs.changelog }} | |
| - uses: OpenSourcePolitics/build-and-push-images-action@master | |
| with: | |
| registry: ${{ vars.REGISTRY_ENDPOINT }} | |
| namespace: ${{ vars.REGISTRY_NAMESPACE }} | |
| password: ${{ secrets.TOKEN }} | |
| image_name: ${{ vars.IMAGE_NAME }} | |
| tag: ${{ steps.tag_version.outputs.new_tag }} |