QA #71
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: QA | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "v*" | |
| pull_request: | |
| types: | |
| [ | |
| opened, | |
| synchronize, | |
| reopened, | |
| ready_for_review, | |
| converted_to_draft, | |
| closed, | |
| ] | |
| pull_request_review: | |
| types: [submitted, dismissed] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ github.event_name }}-${{ github.event.action || 'default' }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| jobs: | |
| qa: | |
| name: QA | |
| runs-on: namespace-profile-network-bootstrapper | |
| timeout-minutes: 30 | |
| if: | | |
| github.event_name == 'push' || | |
| (github.event_name == 'pull_request' && github.event.action != 'closed') || | |
| github.event_name == 'pull_request_review' | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| security-events: write | |
| actions: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: namespacelabs/nscloud-checkout-action@953fed31a6113cc2347ca69c9d823743c65bc84b # v7 | |
| with: | |
| fetch-depth: ${{ github.event_name == 'push' && 2 || 0 }} | |
| - name: Setup 1Password | |
| uses: 1password/load-secrets-action/configure@13f58eec611f8e5db52ec16247f58c508398f3e6 # v3 | |
| with: | |
| service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| - name: Load all secrets | |
| id: secrets | |
| uses: 1password/load-secrets-action@13f58eec611f8e5db52ec16247f58c508398f3e6 # v3 | |
| with: | |
| export-env: true | |
| env: | |
| SLACK_BOT_TOKEN: op://platform/slack-bot/SLACK_BOT_TOKEN | |
| SLACK_CHANNEL_ID: op://platform/slack-bot/SLACK_CHANNEL_ID | |
| HARBOR_USER: op://platform/harbor/username | |
| HARBOR_PASS: op://platform/harbor/password | |
| # Label QA as running and notify Slack (only for non-draft PRs) | |
| - name: Label QA as running | |
| if: | | |
| github.event_name == 'pull_request' && | |
| github.event.pull_request.draft == false | |
| uses: settlemint/asset-tokenization-kit/.github/actions/build-status-labeler@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| workflow_status: "running" | |
| # Initial Slack notification - creates or updates message | |
| - name: Send Slack notification for QA starting | |
| if: | | |
| github.event_name == 'pull_request' && | |
| github.event.pull_request.draft == false | |
| uses: settlemint/asset-tokenization-kit/.github/actions/slack-pr-notifier@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| pr_title: ${{ github.event.pull_request.title }} | |
| pr_url: ${{ github.event.pull_request.html_url }} | |
| pr_author: ${{ github.event.pull_request.user.login }} | |
| pr_author_type: ${{ github.event.pull_request.user.type }} | |
| pr_author_avatar: ${{ github.event.pull_request.user.avatar_url }} | |
| slack_bot_token: ${{ env.SLACK_BOT_TOKEN }} | |
| slack_channel_id: ${{ env.SLACK_CHANNEL_ID }} | |
| # Setup dependencies for QA (skip for draft PRs) | |
| - name: Setup dependencies | |
| uses: settlemint/asset-tokenization-kit/.github/actions/setup-dependencies@main | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| npm_token: ${{ env.NPM_TOKEN }} | |
| disable_node: "true" | |
| - name: Login to GitHub Container Registry | |
| if: | | |
| github.event_name == 'push' || | |
| (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run linting | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| run: bun check | |
| - name: Run tests | |
| id: qa-tests | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| run: bun test --coverage | |
| - name: Run type checking | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| run: bun typecheck | |
| - name: Set version | |
| id: version | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| run: bun run tools/version.ts | |
| - name: Run docs | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| run: bun run docs:helm | |
| - name: Docker meta | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| id: meta | |
| uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5 | |
| with: | |
| images: | | |
| ghcr.io/settlemint/network-bootstrapper | |
| tags: | | |
| type=schedule | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| type=raw,value=${{ steps.version.outputs.version }} | |
| - name: Build and push | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: mode=max | |
| sbom: true | |
| - name: Set up Python | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: "3.13.7" | |
| check-latest: true | |
| - name: Set up Helm | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 | |
| - name: Set up chart-testing | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 | |
| - name: Determine chart changes | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| id: ct-changed | |
| env: | |
| CT_CONFIG: .github/ct.yaml | |
| run: | | |
| changed=$(ct list-changed --config "$CT_CONFIG") | |
| if [[ -n "$changed" ]]; then | |
| printf "changed=true\n" >> "$GITHUB_OUTPUT" | |
| echo "$changed" | |
| else | |
| printf "changed=false\n" >> "$GITHUB_OUTPUT" | |
| echo "No chart changes detected" | |
| fi | |
| - name: Run chart-testing (lint) | |
| if: (github.event_name == 'pull_request' || github.event_name == 'push') && steps.ct-changed.outputs.changed == 'true' | |
| env: | |
| CT_CONFIG: .github/ct.yaml | |
| run: ct lint --config "$CT_CONFIG" --validate-yaml=false | |
| - name: Create kind cluster | |
| if: (github.event_name == 'pull_request' || github.event_name == 'push') && steps.ct-changed.outputs.changed == 'true' | |
| uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 | |
| - name: Run chart-testing (install) | |
| if: (github.event_name == 'pull_request' || github.event_name == 'push') && steps.ct-changed.outputs.changed == 'true' | |
| env: | |
| CT_CONFIG: .github/ct.yaml | |
| run: ct install --config "$CT_CONFIG" --skip-clean-up | |
| # Label QA results (PR only) | |
| - name: Label QA build status | |
| if: | | |
| always() && | |
| github.event_name == 'pull_request' && | |
| steps.qa-tests.conclusion != 'skipped' | |
| uses: settlemint/asset-tokenization-kit/.github/actions/build-status-labeler@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| workflow_status: ${{ steps.qa-tests.outcome == 'success' && 'success' || 'failure' }} | |
| # Skip redundant notification - handled by consolidated step at the end | |
| # Label PR based on title/branch (PR only) | |
| - name: Label PR based on convention | |
| id: label-pr | |
| if: | | |
| github.event_name == 'pull_request' && | |
| (github.event.action == 'opened' || github.event.action == 'synchronize') | |
| uses: settlemint/asset-tokenization-kit/.github/actions/pr-labeler@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| pr_title: ${{ github.event.pull_request.title }} | |
| pr_body: ${{ github.event.pull_request.body || '' }} | |
| # Skip redundant notification - handled by consolidated step at the end | |
| # Run secret scanning (PR only) | |
| - name: Run secret scanning | |
| id: secret-scan | |
| if: github.event_name == 'pull_request' | |
| uses: settlemint/asset-tokenization-kit/.github/actions/secret-scanner@main | |
| continue-on-error: true | |
| # Label secret scanning results (PR only) | |
| - name: Label secret scanning status | |
| if: | | |
| always() && | |
| github.event_name == 'pull_request' && | |
| steps.secret-scan.conclusion != 'skipped' | |
| uses: settlemint/asset-tokenization-kit/.github/actions/build-status-labeler@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| workflow_status: | |
| ${{ steps.secret-scan.outcome == 'success' && 'success' || 'failure' | |
| }} | |
| - name: Login to Harbor | |
| if: | | |
| github.event_name == 'push' || | |
| (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3 | |
| with: | |
| registry: harbor.settlemint.com | |
| username: ${{ env.HARBOR_USER }} | |
| password: ${{ env.HARBOR_PASS }} | |
| - name: Package chart | |
| if: | | |
| github.event_name == 'push' || | |
| (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| run: bun run package:pack | |
| - name: Push chart to Harbor | |
| if: | | |
| github.event_name == 'push' || | |
| (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| run: bun run package:push:harbor | |
| # Check PR review status (PR and PR review events only) | |
| - name: Check PR review status | |
| id: pr-review-check | |
| if: | | |
| always() && | |
| (github.event_name == 'pull_request' || github.event_name == 'pull_request_review') | |
| uses: settlemint/asset-tokenization-kit/.github/actions/pr-review-check@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| pr_author: ${{ github.event.pull_request.user.login }} | |
| event_name: ${{ github.event_name }} | |
| qa_result: ${{ steps.qa-tests.outcome }} | |
| secret_scanning_result: ${{ steps.secret-scan.outcome }} | |
| # Apply final PR status label (PR and PR review events only) | |
| - name: Label PR final status | |
| id: label-final-status | |
| if: | | |
| always() && | |
| (github.event_name == 'pull_request' || github.event_name == 'pull_request_review') | |
| uses: settlemint/asset-tokenization-kit/.github/actions/pr-status-labeler@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| is_draft: ${{ github.event.pull_request.draft }} | |
| has_approval: ${{ steps.pr-review-check.outputs.has_approval == 'true' }} | |
| qa_status: ${{ steps.pr-review-check.outputs.qa_status }} | |
| # Consolidated Slack notification - updates existing message or creates one if needed | |
| - name: Update Slack notification with final status | |
| if: | | |
| always() && | |
| steps.label-final-status.conclusion == 'success' && | |
| (github.event_name == 'pull_request' || github.event_name == 'pull_request_review') && | |
| github.event.pull_request.draft == false | |
| uses: settlemint/asset-tokenization-kit/.github/actions/slack-pr-notifier@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| pr_title: ${{ github.event.pull_request.title }} | |
| pr_url: ${{ github.event.pull_request.html_url }} | |
| pr_author: ${{ github.event.pull_request.user.login }} | |
| pr_author_type: ${{ github.event.pull_request.user.type }} | |
| pr_author_avatar: ${{ github.event.pull_request.user.avatar_url }} | |
| slack_bot_token: ${{ env.SLACK_BOT_TOKEN }} | |
| slack_channel_id: ${{ env.SLACK_CHANNEL_ID }} | |
| # Manage auto-merge (PR and PR review events only) | |
| - name: Manage auto-merge | |
| if: | | |
| always() && | |
| (github.event_name == 'pull_request' || github.event_name == 'pull_request_review') | |
| uses: settlemint/asset-tokenization-kit/.github/actions/auto-merge@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| pr_author: ${{ github.event.pull_request.user.login }} | |
| pr_author_type: ${{ github.event.pull_request.user.type }} | |
| has_approval: ${{ steps.pr-review-check.outputs.has_approval == 'true' }} | |
| qa_status: ${{ steps.pr-review-check.outputs.qa_status }} | |
| is_draft: ${{ github.event.pull_request.draft }} | |
| merge_method: "squash" | |
| # Handle merged PR notifications | |
| merged: | |
| name: Handle Merged PR | |
| if: | | |
| github.event_name == 'pull_request' && | |
| github.event.action == 'closed' && | |
| github.event.pull_request.merged == true | |
| runs-on: namespace-profile-btp-signer | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| env: | |
| SLACK_BOT_TOKEN: "" | |
| SLACK_CHANNEL_ID: "" | |
| steps: | |
| - name: Checkout repository | |
| uses: namespacelabs/nscloud-checkout-action@953fed31a6113cc2347ca69c9d823743c65bc84b # v7 | |
| with: | |
| fetch-depth: ${{ github.event_name == 'push' && 2 || 0 }} | |
| - name: Setup 1Password | |
| uses: 1password/load-secrets-action/configure@13f58eec611f8e5db52ec16247f58c508398f3e6 # v3 | |
| with: | |
| service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| - name: Load Slack secrets | |
| uses: 1password/load-secrets-action@13f58eec611f8e5db52ec16247f58c508398f3e6 # v3 | |
| with: | |
| export-env: true | |
| env: | |
| SLACK_BOT_TOKEN: op://platform/slack-bot/SLACK_BOT_TOKEN | |
| SLACK_CHANNEL_ID: op://platform/slack-bot/SLACK_CHANNEL_ID | |
| - name: Label PR as merged | |
| uses: settlemint/asset-tokenization-kit/.github/actions/pr-status-labeler@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| is_draft: false | |
| is_merged: true | |
| - name: Update Slack notification for merged PR | |
| uses: settlemint/asset-tokenization-kit/.github/actions/slack-pr-notifier@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| pr_title: ${{ github.event.pull_request.title }} | |
| pr_url: ${{ github.event.pull_request.html_url }} | |
| pr_author: ${{ github.event.pull_request.user.login }} | |
| pr_author_type: ${{ github.event.pull_request.user.type }} | |
| pr_author_avatar: ${{ github.event.pull_request.user.avatar_url }} | |
| slack_bot_token: ${{ env.SLACK_BOT_TOKEN }} | |
| slack_channel_id: ${{ env.SLACK_CHANNEL_ID }} | |
| wait_time: "15000" | |
| # Handle abandoned (closed but not merged) PR notifications | |
| abandoned: | |
| name: Handle Abandoned PR | |
| if: | | |
| github.event_name == 'pull_request' && | |
| github.event.action == 'closed' && | |
| github.event.pull_request.merged == false | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| env: | |
| SLACK_BOT_TOKEN: "" | |
| SLACK_CHANNEL_ID: "" | |
| steps: | |
| - name: Checkout repository | |
| uses: namespacelabs/nscloud-checkout-action@953fed31a6113cc2347ca69c9d823743c65bc84b # v7 | |
| with: | |
| fetch-depth: ${{ github.event_name == 'push' && 2 || 0 }} | |
| - name: Setup 1Password | |
| uses: 1password/load-secrets-action/configure@13f58eec611f8e5db52ec16247f58c508398f3e6 # v3 | |
| with: | |
| service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| - name: Load Slack secrets | |
| uses: 1password/load-secrets-action@13f58eec611f8e5db52ec16247f58c508398f3e6 # v3 | |
| with: | |
| export-env: true | |
| env: | |
| SLACK_BOT_TOKEN: op://platform/slack-bot/SLACK_BOT_TOKEN | |
| SLACK_CHANNEL_ID: op://platform/slack-bot/SLACK_CHANNEL_ID | |
| - name: Label PR as abandoned | |
| uses: settlemint/asset-tokenization-kit/.github/actions/pr-status-labeler@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| is_draft: false | |
| is_abandoned: true | |
| - name: Update Slack notification for abandoned PR | |
| uses: settlemint/asset-tokenization-kit/.github/actions/slack-pr-notifier@main | |
| with: | |
| pr_number: ${{ github.event.pull_request.number }} | |
| pr_title: ${{ github.event.pull_request.title }} | |
| pr_url: ${{ github.event.pull_request.html_url }} | |
| pr_author: ${{ github.event.pull_request.user.login }} | |
| pr_author_type: ${{ github.event.pull_request.user.type }} | |
| pr_author_avatar: ${{ github.event.pull_request.user.avatar_url }} | |
| slack_bot_token: ${{ env.SLACK_BOT_TOKEN }} | |
| slack_channel_id: ${{ env.SLACK_CHANNEL_ID }} | |
| is_abandoned: true | |
| wait_time: "15000" |