[ImgBot] Optimize images #24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Portal CI | |
| on: | |
| pull_request: | |
| branches: [main] | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| push: | |
| branches: [main] | |
| merge_group: | |
| branches: [main] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| env: | |
| # Align with root package.json packageManager + mise.toml | |
| NODE_VERSION: "24" | |
| PNPM_VERSION: "10.28.2" | |
| jobs: | |
| changes: | |
| name: File Detection | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| outputs: | |
| typescript: ${{ steps.ts_changes.outputs.any_changed }} | |
| config: ${{ steps.config_changes.outputs.any_changed }} | |
| tests: ${{ steps.test_changes.outputs.any_changed }} | |
| any: ${{ steps.ts_changes.outputs.any_changed == 'true' || steps.config_changes.outputs.any_changed == 'true' || steps.test_changes.outputs.any_changed == 'true' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check TypeScript | |
| uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47 | |
| id: ts_changes | |
| with: | |
| files: | | |
| apps/portal/src/**/*.{ts,tsx} | |
| apps/portal/packages/*/src/**/*.{ts,tsx} | |
| **/tsconfig.json | |
| package.json | |
| pnpm-lock.yaml | |
| apps/portal/package.json | |
| apps/portal/packages/**/package.json | |
| - name: Check Config | |
| uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47 | |
| id: config_changes | |
| with: | |
| files: | | |
| apps/portal/next.config.ts | |
| **/.oxlintrc.json | |
| **/.oxfmtrc.jsonc | |
| apps/portal/vitest.config.ts | |
| turbo.json | |
| apps/portal/turbo.json | |
| .github/workflows/portal-ci.yml | |
| - name: Check Tests | |
| uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47 | |
| id: test_changes | |
| with: | |
| files: | | |
| apps/portal/tests/**/* | |
| apps/portal/vitest.config.ts | |
| apps/portal/vitest.setup.ts | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: needs.changes.outputs.any || github.event_name == 'workflow_dispatch' | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Setup Node and pnpm | |
| uses: ./.github/actions/setup-node-pnpm | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| pnpm-version: ${{ env.PNPM_VERSION }} | |
| - name: Run lint | |
| run: pnpm check | |
| type-check: | |
| name: Type Check | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: needs.changes.outputs.typescript || needs.changes.outputs.config || github.event_name == 'workflow_dispatch' | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Setup Node and pnpm | |
| uses: ./.github/actions/setup-node-pnpm | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| pnpm-version: ${{ env.PNPM_VERSION }} | |
| - name: Cache Turborepo | |
| uses: rharkor/caching-for-turbo@0abc2381e688c4d2832f0665a68a01c6e82f0d6c # v2.3.11 | |
| - name: Generate Next.js types | |
| run: pnpm --filter @atl/portal typegen | |
| - name: Run type check | |
| run: pnpm exec turbo run type-check --filter=@atl/portal | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: needs.changes.outputs.any || github.event_name == 'workflow_dispatch' | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: read | |
| env: | |
| DATABASE_URL: postgresql://localhost:5432/__build_placeholder__ | |
| BETTER_AUTH_SECRET: __ci_build_placeholder_do_not_use_in_production__ | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Setup Node and pnpm | |
| uses: ./.github/actions/setup-node-pnpm | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| pnpm-version: ${{ env.PNPM_VERSION }} | |
| - name: Cache Turborepo | |
| uses: rharkor/caching-for-turbo@0abc2381e688c4d2832f0665a68a01c6e82f0d6c # v2.3.11 | |
| - name: Cache Next.js build | |
| uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 | |
| with: | |
| path: | | |
| apps/portal/.next/cache | |
| key: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nextjs- | |
| - name: Build | |
| run: pnpm exec turbo run build --filter=@atl/portal | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: needs.changes.outputs.any || needs.changes.outputs.tests || github.event_name == 'workflow_dispatch' | |
| timeout-minutes: 20 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Setup Node and pnpm | |
| uses: ./.github/actions/setup-node-pnpm | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| pnpm-version: ${{ env.PNPM_VERSION }} | |
| - name: Cache Turborepo | |
| uses: rharkor/caching-for-turbo@0abc2381e688c4d2832f0665a68a01c6e82f0d6c # v2.3.11 | |
| - name: Run tests | |
| run: pnpm exec turbo run test:coverage --filter=@atl/portal | |
| - name: Upload coverage reports | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 | |
| if: always() | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./apps/portal/coverage/lcov.info | |
| fail_ci_if_error: false | |
| comment: true | |
| verbose: true | |
| knip: | |
| name: Dead Code (Knip) | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: needs.changes.outputs.typescript || needs.changes.outputs.config || github.event_name == 'workflow_dispatch' | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Setup Node and pnpm | |
| uses: ./.github/actions/setup-node-pnpm | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| pnpm-version: ${{ env.PNPM_VERSION }} | |
| - name: Run Knip | |
| run: pnpm knip --reporter compact | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| needs: [lint, type-check, build, test] | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, 'skip ci') | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Node and pnpm | |
| uses: ./.github/actions/setup-node-pnpm | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| pnpm-version: ${{ env.PNPM_VERSION }} | |
| - name: Release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
| SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| run: pnpm --filter @atl/portal run release |