build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 #761
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and deploy (docs) | |
on: | |
workflow_call: | |
inputs: | |
environment: | |
description: "Deployment environment. Must be one of preview, dev, staging, or prod" | |
required: true | |
default: preview | |
type: string | |
secrets: | |
AZURE_CREDENTIALS_DOCS: | |
required: true | |
AZURE_KEY_VAULT_DOCS: | |
required: true | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: "Environment to deploy to" | |
required: true | |
default: "preview" | |
type: choice | |
options: | |
- preview | |
- dev | |
- staging | |
- prod | |
hugo_theme_override: | |
description: "Override hugo theme (leave blank to use latest version)" | |
required: false | |
default: "" | |
type: string | |
pull_request: | |
branches: | |
- "*" | |
push: | |
branches: | |
- "main" | |
env: | |
FRONT_DOOR_USERNAME: ${{ secrets.FRONT_DOOR_USERNAME }} | |
FRONT_DOOR_PASSWORD: ${{ secrets.FRONT_DOOR_PASSWORD }} | |
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }} | |
jobs: | |
prod-check-branch: | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Output variables | |
run: | | |
echo "Environment: ${{ inputs.environment }}" | |
echo "Branch: ${{ github.ref }}" | |
- name: Checks to see that main branch is selected if deploying to prod | |
if: ${{ inputs.environment == 'prod' && github.ref != 'refs/heads/main' }} | |
run: | | |
echo "Deployment to 'prod' can only be done from the 'main' branch." | |
exit 1 | |
call-docs-build-push: | |
needs: prod-check-branch | |
uses: nginxinc/docs-actions/.github/workflows/docs-build-push.yml@9c59fab05a8131f4d691ba6ea2b6a119f3ef832a # v1.0.7 | |
with: | |
production_url_path: "" | |
preview_url_path: "${{ vars.PREVIEW_URL_PATH }}" | |
docs_source_path: "public" | |
docs_build_path: "./" | |
doc_type: "hugo" | |
environment: ${{inputs.environment}} | |
force_hugo_theme_version: ${{inputs.hugo_theme_override}} | |
auto_deploy_branch: "main" | |
auto_deploy_env: "prod" | |
secrets: | |
AZURE_CREDENTIALS: ${{secrets.AZURE_CREDENTIALS_DOCS}} | |
AZURE_KEY_VAULT: ${{secrets.AZURE_KEY_VAULT_DOCS}} | |
lighthouseci: | |
if: github.event.pull_request | |
needs: call-docs-build-push | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.workflow_run.head_branch }} | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Installing packages | |
run: npm install | |
- name: Generating lighthouse reports for PR and main... | |
run: | | |
node lighthouse-script.js | |
- name: Compare the artifacts for negative differences in performance | |
continue-on-error: true | |
run: | | |
FIELDS=("performance" "accessibility") | |
for FIELD in "${FIELDS[@]}"; do | |
PR_VALUE=$(cat lighthouse-reports/pr-report.json | jq -r ".categories.$FIELD.score") | |
MAIN_VALUE=$(cat lighthouse-reports/main-report.json | jq -r ".categories.$FIELD.score") | |
echo "$FIELD: PR - $PR_VALUE | Main - $MAIN_VALUE" | |
if [ $FIELD = "performance" ]; then | |
LOWER_BOUND=$(echo "$MAIN_VALUE - 0.05" | bc) | |
UPPER_BOUND=$(echo "$MAIN_VALUE + 0.05" | bc) | |
if (( $(echo "$PR_VALUE < $LOWER_BOUND" | bc -l) || $(echo "$PR_VALUE > $UPPER_BOUND" | bc -l) )); then | |
echo "Error: $FIELD score in PR ($PR_VALUE) is less than in MAIN ($MAIN_VALUE)" | |
exit 1 | |
fi | |
else | |
if (( $(echo "$PR_VALUE < $MAIN_VALUE" | bc -l) )); then | |
echo "Error: $FIELD score in PR ($PR_VALUE) is less than in MAIN ($MAIN_VALUE)" | |
exit 1 | |
fi | |
fi | |
done | |
- uses: actions/upload-artifact@v4 | |
if: ${{ !cancelled() }} | |
with: | |
name: lighthouse-reports | |
path: lighthouse-reports/ | |
retention-days: 30 |