replace Patreon current_user
v1 API with identity
v2 API
#116
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
jobs: | |
# Stage 1: codacy, devskim, install | |
codacy: | |
name: Codacy | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Analyze | |
uses: codacy/codacy-analysis-cli-action@master | |
with: | |
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
format: sarif | |
gh-code-scanning-compat: true | |
max-allowed-issues: 2147483647 | |
output: sarif/codacy.sarif | |
verbose: true | |
## rejecting SARIF, as there are more runs than allowed (22 > 20) | |
# - name: Upload SARIF | |
# if: always() | |
# uses: github/codeql-action/upload-sarif@main | |
# with: | |
# sarif_file: sarif/codacy.sarif | |
# wait-for-processing: true | |
devskim: | |
name: DevSkim | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
- 8126:8126 | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Scan | |
uses: microsoft/DevSkim-Action@v1 | |
- name: Upload SARIF | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: devskim-results.sarif | |
wait-for-processing: true | |
install: | |
name: Install | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
# Stage 2: prepack | |
prepack: | |
name: Prepack | |
needs: install | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Prepack | |
run: yarn run --require dd-trace/init prepack | |
env: | |
CLARITY_TAG: lm4m88gmix | |
CLOUD_PLATFORM: GitHub | |
CLOUD_PROVIDER: GitHub Pages | |
CLOUDWATCH_RUM_APPLICATION_ID: 8495b9c9-f57e-4395-9ca6-6c01862c107b | |
CLOUDWATCH_RUM_GUEST_ROLE_ARN: arn:aws:iam::787801101157:role/RUM-Monitor-us-west-2-787801101157-0860829251171-Unauth | |
CLOUDWATCH_RUM_IDENTITY_POOL_ID: us-west-2:f6379e5a-a304-4608-bf6d-b66f00a5d3fb | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_APPLICATION_ID: e29eb164-e193-4380-b512-ebd70bbfaeb6 | |
DD_CLIENT_TOKEN: pubf0c07bd5003d0c4a65a9f129d9e83a3d | |
DD_ENV: prod | |
DD_PROFILING_ENABLED: true | |
DD_SERVICE: quisi.do | |
DD_VERSION: ${{ github.sha }} | |
DEPLOYMENT_ENVIRONMENT: live | |
GITHUB_REPOSITORY: ${{ github.repository }} | |
GITHUB_SHA: ${{ github.sha }} | |
GOOGLE_ANALYTICS_TRACKING_ID: G-ZTQ6K5CVQS | |
IMAGEKIT_KEY: ${{ secrets.IMAGEKIT_KEY }} | |
PATREON_OAUTH_CLIENT_ID: J_6jrNJZNibHylSF83UVl9I4OHZYf67RAsU0s7_LnH1N5BKF-vgOyweF3KQLOKm1 | |
PATREON_OAUTH_REDIRECT_URI: https://a.quisi.do/patreon/ | |
SENTRY_ENVIRONMENT: production | |
WHOAMI: https://api.quisi.do/whoami | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: prepack | |
path: | | |
packages/*/.next/ | |
packages/*/dist/ | |
packages/*/out/ | |
# Stage 3: lighthouse, prepublish, prepublish-applications | |
lighthouse: | |
name: Lighthouse | |
needs: prepack | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Audit | |
run: yarn packages/next run lighthouse:report:production | |
- name: Validate | |
run: yarn packages/next run postlighthouse | |
- name: Upload report | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: lighthouse | |
path: | | |
packages/*/lighthouse.report.* | |
packages/*/lighthouse-*.devtoolslog.json | |
packages/*/lighthouse-*.trace.json | |
prepublish: | |
name: Prepublish | |
needs: prepack | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Prepublish | |
run: yarn run --require dd-trace/ci/init prepublish | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_CIVISIBILITY_AGENTLESS_ENABLED: true | |
DD_ENV: ci | |
DD_SERVICE: quisi.do | |
# Run prepublish on applications, because prepublish won't be triggered for | |
# applications by the publish step. | |
prepublish-applications: | |
name: Prepublish applications | |
needs: prepack | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Prepublish quisi.do | |
run: yarn packages/next run prepublish | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: prepublish-applications | |
path: packages/*/jest/ | |
# Stage 4: github-pages, npm, sentry-release | |
datadog-sourcemaps: | |
name: Datadog sourcemaps | |
needs: [lighthouse, prepublish-applications] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Upload Datadog sourcemaps | |
run: yarn packages/next run datadog:sourcemaps | |
env: | |
DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
RELEASE_VERSION: ${{ github.sha }} | |
github-pages: | |
name: GitHub Pages | |
needs: [lighthouse, prepublish-applications] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Deploy | |
uses: JamesIves/github-pages-deploy-action@v4 | |
with: | |
branch: gh-pages | |
clean: true | |
folder: packages/next/out/ | |
single-commit: true | |
npm: | |
name: NPM | |
needs: [prepack, prepublish] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Publish | |
env: | |
NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} | |
run: > | |
yarn config set npmAuthToken $NPM_AUTH_TOKEN; | |
yarn run publish; | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: npm | |
path: packages/*/jest/ | |
sentry-release: | |
name: Sentry release | |
needs: [lighthouse, prepublish-applications] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Sentry release | |
uses: getsentry/action-release@v1 | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_LOG_LEVEL: info | |
SENTRY_ORG: quisido | |
SENTRY_PROJECT: quisi-do | |
with: | |
environment: production | |
sourcemaps: build | |
version: ${{ github.sha }} | |
# Stage 5: cloudflare-purge, github-packages, wrangler-deploy-* | |
cloudflare-purge: | |
name: Cloudflare purge | |
needs: github-pages | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Purge Cloudflare files | |
env: | |
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_PURGE_API_TOKEN }} | |
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }} | |
run: > | |
curl \ | |
--data '{ | |
"files": [ | |
"https://quisi.do", | |
"https://quisi.do/index.html" | |
] | |
}' \ | |
--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ | |
--header "Content-Type:application/json" \ | |
--request POST \ | |
"https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/purge_cache" | |
github-packages: | |
name: GitHub Packages | |
needs: npm | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
permissions: | |
contents: read | |
packages: write | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
registry-url: 'https://npm.pkg.github.com' | |
scope: '@${{ github.repository_owner }}' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Publish | |
env: | |
NPM_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: > | |
yarn config set npmAuthToken $NPM_AUTH_TOKEN; | |
yarn config set \ | |
npmScopes.${{ github.repository_owner }}.npmPublishRegistry \ | |
'https://npm.pkg.github.com'; | |
yarn run publish; | |
wrangler-deploy-authn: | |
name: Wrangler deploy Authentication | |
needs: [lighthouse, npm, prepublish-applications] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: prepack | |
path: packages/ | |
- name: Deploy | |
run: yarn packages/authn run production:deploy | |
env: | |
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_EDIT_WORKERS_API_TOKEN }} | |
wrangler-deploy-cloudflare-analytics: | |
name: Wrangler deploy Cloudflare Analytics | |
needs: [lighthouse, npm, prepublish-applications] | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
check-latest: true | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Deploy | |
run: yarn packages/cloudflare-analytics run deploy | |
env: | |
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_EDIT_WORKERS_API_TOKEN }} | |
# Stage 6: neuralegion | |
neuralegion: | |
name: NeuraLegion | |
needs: cloudflare-purge | |
runs-on: ubuntu-latest | |
env: | |
DD_ENV: ci | |
services: | |
datadog-agent: | |
image: datadog/agent:latest | |
env: | |
DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
DD_HOSTNAME: none | |
DD_INSIDE_CI: true | |
ports: | |
- 8126:8126 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Scan | |
continue-on-error: true | |
# id: scan | |
uses: NeuraLegion/run-scan@release | |
with: | |
api_token: ${{ secrets.NEURALEGION_TOKEN }} | |
name: GitHub SHA - ${{ github.sha }} | |
crawler_urls: | | |
["https://quisi.do/"] | |
discovery_types: | | |
["crawler"] | |
# - name: Wait for breakpoint | |
# continue-on-error: true | |
# uses: NeuraLegion/wait-for@release | |
# with: | |
# api_token: ${{ secrets.NEURALEGION_TOKEN }} | |
# code_scanning_alerts: true | |
# github_token: ${{ secrets.GITHUB_TOKEN }} | |
# scan: ${{ steps.scan.outputs.id }} | |
# timeout: 600 | |
# wait_for: any | |
on: | |
push: | |
branches: [main] | |
workflow_dispatch: |