.github/workflows/javascript.yml

name: Test and build container

on:
  push:
    branches: [master]
    tags: [v*]
  pull_request: # we can use docker image in PR for testing
    branches: [master]

env:
  REGISTRY: ghcr.io

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  check-format:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 20.11
          cache: npm
      - name: Install dependencies
        run: npm ci
      - name: Code format check
        run: npm run format:check

  test:
    runs-on: ubuntu-latest
    steps:
      - name: Set up SSH deploy keys for ChartIQ & fonts
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: |
            ${{ secrets.SSH_DEPLOY_KEY_CHARTIQ }}
            ${{ secrets.SSH_DEPLOY_KEY_FONTS }}
      - uses: actions/checkout@v4
        with:
          submodules: 'recursive'
      - uses: actions/setup-node@v4
        with:
          node-version: 20.11
          cache: npm
      - name: Install dependencies
        run: npm ci
      - name: Setup submodules
        run: bash scripts/build-deps.sh
      - name: Install Playwright
        run: npx playwright install chromium --with-deps
      # use separate build step to avoid playwright timeout issue
      - name: Build SvelteKit vite app
        run: npm run build
      # skip build in test step
      - name: Run Tests
        run: npm run test --skip-build

  build:
    runs-on: ubuntu-latest
    # 2023-02 disable because tests are too flaky and do not pass on CI at all
    # needs: test
    # Skip build on master push
    if: github.event_name != 'push' || github.ref != 'refs/heads/master'
    steps:
      - name: Set up SSH deploy keys for ChartIQ & fonts
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: |
            ${{ secrets.SSH_DEPLOY_KEY_CHARTIQ }}
            ${{ secrets.SSH_DEPLOY_KEY_FONTS }}
      - uses: actions/checkout@v4
        with:
          submodules: 'recursive'
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Read metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ github.repository }}
      - name: Log in to Github Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          ssh: |
            default=${{ env.SSH_AUTH_SOCK }}
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          # experimental: https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#cache-backend-api
          cache-from: type=gha
          cache-to: type=gha,mode=max

  upload-sourcemaps:
    runs-on: ubuntu-latest
    needs: build
    if: startsWith(github.ref, 'refs/tags/v')
    steps:
      - name: Read metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ github.repository }}
          flavor: latest=false
      - name: Log in to Github Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Upload sourcemaps
        id: upload-sourcemaps
        continue-on-error: true
        env:
          SENTRY_ORG: ${{ vars.SENTRY_ORG }}
          SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
          SENTRY_URL: ${{ vars.SENTRY_URL }}
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_RELEASE: ${{ vars.SENTRY_PROJECT }}@${{ steps.meta.outputs.version }}
        run: |
          docker run --rm -e SENTRY_ORG -e SENTRY_PROJECT -e SENTRY_URL -e SENTRY_AUTH_TOKEN \
            ${{ steps.meta.outputs.tags }} \
            npx sentry-cli sourcemaps upload -r $SENTRY_RELEASE build/client build/server/chunks
      # GH action should still succeed even if sourcemaps upload failed
      - name: Echo failure message
        run: echo "Sourcemap upload failed"
        if: steps.upload-sourcemaps.outcome == 'failure'