Add granular permissions to the realm tree #2494

Summary
Jobs
- build
- test
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Build & test

	on:
	pull_request:
	paths:
	- "backend/**"
	- "frontend/**"
	- "docs/docs/setup/config.toml"
	- "util/dev-config/*"
	- ".deployment/templates/config.toml"
	- "util/dummy-login/dist/index.js"
	- ".github/workflows/ci.yml"
	- ".github/workflows/deploy.yml"
	push:
	branches:
	- "*"
	tags-ignore:
	- "*"


	env:
	CARGO_TERM_COLOR: always
	RUSTFLAGS: --deny warnings

	jobs:
	main:
	runs-on: ubuntu-20.04
	services:
	postgres:
	image: postgres:12
	env:
	POSTGRES_USER: tobira
	POSTGRES_PASSWORD: tobira
	POSTGRES_DB: tobira
	ports:
	- 5432:5432
	options: '--name tobira_pg'

	steps:
	- uses: actions/checkout@v3

	# Figure out build mode
	- name: Determine build mode
	run: \|
	target_dir="target"
	if (( "$(date +%w)" % 2 == 0 )); then
	sudo apt install -y musl-dev musl-tools
	rustup target add x86_64-unknown-linux-musl
	echo "ci_cargo_target=--target=x86_64-unknown-linux-musl" >> $GITHUB_ENV
	echo "rust_cache_key=musl" >> $GITHUB_ENV
	target_dir="${target_dir}/x86_64-unknown-linux-musl"
	else
	echo "ci_cargo_target=" >> $GITHUB_ENV
	echo "rust_cache_key=gnu" >> $GITHUB_ENV
	fi

	if [[ "$GITHUB_REPOSITORY" == "elan-ev/tobira" ]] && [ "$GITHUB_REF" == "refs/heads/master" ]; then
	echo "ci_cargo_flags=--profile=release-ci" >> $GITHUB_ENV
	echo "ci_targetdir=${target_dir}/release-ci" >> $GITHUB_ENV
	echo "ci_webpack_flags=production" >> $GITHUB_ENV
	echo "rust_cache_key2=release" >> $GITHUB_ENV
	else
	echo "ci_cargo_flags=--features=embed-in-debug" >> $GITHUB_ENV
	echo "ci_targetdir=${target_dir}/debug" >> $GITHUB_ENV
	echo "ci_webpack_flags=development" >> $GITHUB_ENV
	echo "rust_cache_key2=dev" >> $GITHUB_ENV
	fi

	- name: Restore backend cache
	uses: Swatinem/rust-cache@v2
	with:
	key: '${{ env.rust_cache_key }}-${{ env.rust_cache_key2 }}'
	workspaces: backend

	# Frontend cache: only the NPM folder is cached, not the node_modules, as
	# recommended here: https://github.com/actions/cache/blob/main/examples.md#node---npm
	- name: Restore NPM cache
	uses: actions/cache@v3
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ hashFiles('frontend/package-lock.json') }}


	# The actual building and testing!
	- name: Installing frontend dependencies (npm ci)
	working-directory: frontend
	run: npm ci
	- name: Generate GraphQL query types
	working-directory: frontend
	run: npx relay-compiler
	- name: Lint frontend
	working-directory: frontend
	run: npx eslint --max-warnings 0 .
	- name: Build frontend
	working-directory: frontend
	run: npx webpack --mode=${{ env.ci_webpack_flags }}
	- name: Typecheck frontend
	working-directory: frontend
	run: npx tsc

	- name: Build backend
	working-directory: backend
	run: cargo build ${{ env.ci_cargo_flags }} ${{ env.ci_cargo_target }}
	- name: Test backend
	working-directory: backend
	run: cargo test ${{ env.ci_cargo_flags }} ${{ env.ci_cargo_target }}

	- name: Move Tobira binary
	run: mv backend/${{ env.ci_targetdir }}/tobira tobira
	- name: Compress Tobira binary
	run: objcopy --compress-debug-sections tobira
	- name: Make sure `schema.graphql` is up to date
	run: ./tobira export-api-schema \| diff -u --color=always - frontend/src/schema.graphql
	- name: Make sure `docs/docs/setup/config.toml` is up to date
	run: ./tobira write-config \| diff -u --color=always - docs/docs/setup/config.toml


	# Test DB migrations
	- name: Download latest DB dump
	run: curl --silent --output db-dump.xz -L https://github.com/elan-ev/tobira/raw/db-dumps/db-dump-latest.xz
	- name: Decompress DB dump
	run: xz -d db-dump.xz
	# We need to use the same version as the DB, so we use 'docker exec'
	- name: Restore DB dump
	run: \|
	docker exec -i tobira_pg pg_restore \
	--dbname postgresql://tobira:tobira@localhost/postgres \
	--clean \
	--create \
	--if-exists \
	< db-dump \|\| true
	- name: Run migrations
	run: ./tobira db migrate --config util/dev-config/config.toml

	# UI tests
	- name: Start docker containers
	working-directory: util/containers
	run: \|
	docker-compose -f docker-compose.yml up -d \
	tobira-auth-proxy \
	tobira-login-handler \
	tobira-meilisearch

	- name: Rebuild search index
	run: ./tobira search-index update --config util/dev-config/config.toml

	- name: Install Playwright browsers
	working-directory: frontend
	run: npx playwright install --with-deps
	- name: Start Tobira for playwright tests
	uses: JarvusInnovations/background-action@v1
	with:
	run: ./tobira serve --config util/dev-config/config.toml &
	wait-on: http://localhost:3090
	- name: Run playwright tests
	working-directory: frontend
	run: npx playwright test
	- name: Upload test results
	# A test might need a retry to succeed or run longer than expected.
	# In these cases the results should also be saved, since they might
	# indicate what went wrong. Hence `always()` instead of on `failure()`.
	if: always()
	uses: actions/upload-artifact@v3
	with:
	name: playwright-report
	path: frontend/playwright-report/
	retention-days: 7

	# Prepare the ID (used in the subdomain) for deployment. This has to be done
	# here because in the `deploy` workflow, we don't have access to the correct
	# `GITHUB_REF` anymore.
	- name: Write deploy ID to file
	run: ./.deployment/deploy-id.sh "$GITHUB_REF" > deploy-id

	# Archive files to be used in the `deploy` workflow
	- name: Archive deployment files as artifact
	uses: actions/upload-artifact@v3
	with:
	name: test-deployment-files
	path: \|
	tobira
	util/dev-config/logo-large.svg
	util/dev-config/logo-small.svg
	util/dev-config/logo-large-dark.svg
	util/dev-config/favicon.svg
	deploy-id
	.deployment/templates/config.toml
	util/dummy-login/dist/index.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add granular permissions to the realm tree #2494

Workflow file

Add granular permissions to the realm tree #2494

Jobs

Run details

Workflow file for this run