nodejs.condo.ci.yml

name: Condo CI

on:
  push:
    branches:
      - main

  # NOTE: change pull_request_target to pull_request if you want to change the CI in your branch
  pull_request_target:
    types:
      - opened
      - reopened
      - synchronize
    branches:
      - main
  workflow_dispatch:

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

env:
  DOCKER_IMAGE: condo/condo-image:${{ github.event.pull_request.head.sha || github.sha }}
  DOCKER_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:${{ github.event.pull_request.head.sha || github.sha }}
  CONDO_TEST_SHARD_TOTAL: 20
  PG_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/doma/utils/postgres:16.8
  REDIS_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/doma/utils/redis:6.2
  REF: ${{ github.event.pull_request.head.sha || github.ref }}
  REDIS_RUN_COMMAND: docker run -p="127.0.0.1:6379:6379" -d ${{ secrets.DOCKER_REGISTRY }}/doma/utils/redis:6.2 --databases 64

jobs:
  authorize:
    name: Authorize PR
    runs-on: ubuntu-22.04
    environment:
      ${{ github.event_name == 'pull_request_target' &&
      github.event.pull_request.head.repo.full_name != github.repository &&
      'external' || 'internal' }}
    outputs:
      ref: ${{ env.REF }}
    steps:
      - run: echo "PR is authorized to run CI jobs"

  build-image:
    name: Build Docker Image
    needs: authorize
    runs-on: build-runners
    outputs:
      DOCKER_IMAGE: ${{ env.DOCKER_IMAGE }}
    steps:
      - name: Prepare runner
        run: |
          sudo apt update && sudo apt install -y git
      - name: Set registry variables
        run: |
          ref="$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9]/-/g')"
          echo "DOCKER_CACHE_FROM=type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:${ref}" >> $GITHUB_ENV
          echo "DOCKER_CACHE_TO=type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:${ref},mode=max,image-manifest=true" >> $GITHUB_ENV
      - name: Login to cloud registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
          password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
          ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
          ref: ${{ env.REF }}
      - name: Prune repo to filter out yarn.lock and package.json
        run: |
          bash bin/prune.sh
      - name: Setup context for Docker BuildX
        id: buildx-context
        run: |
          docker context create builders
      - name: Setup Docker BuildX
        id: buildx
        uses: docker/setup-buildx-action@v3
        with:
          endpoint: builders
          driver-opts: |
            env.BUILDKIT_STEP_LOG_MAX_SIZE=10485760
            image=${{ secrets.DOCKER_REGISTRY }}/doma/utils/buildkit:buildx-stable-2
      - name: Build repo image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: Dockerfile
          push: true
          tags: ${{ env.DOCKER_IMAGE_FULL }}
          build-args: |
            REGISTRY=${{ secrets.DOCKER_REGISTRY }}/doma/utils
            TURBO_TEAM=condo-ci
            TURBO_REMOTE_ONLY=true
            TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
            TURBO_API=${{ secrets.TURBO_API }}
          provenance: false
          cache-from: ${{ env.DOCKER_CACHE_FROM }}
          cache-to: ${{ env.DOCKER_CACHE_TO }}
      - name: Collect docker logs on failure
        if: failure()
        uses: jwalton/gh-docker-logs@v1
        with:
          dest: './docker-logs'
      - name: Upload log artifact
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: logs
          path: |
            *.log
            ./docker-logs
          retention-days: 2

  # SRC: https://how.wtf/run-workflow-step-or-job-based-on-file-changes-github-actions.html
  detect-changes:
    name: Define job list based on changed files
    needs: authorize
    runs-on: ubuntu-22.04
    permissions:
      # See actions/checkout@v4 recommended permissions https://github.com/actions/checkout?tab=readme-ov-file#recommended-permissions
      contents: read
      # See dorny/paths-filter@v3 required permissions https://github.com/dorny/paths-filter?tab=readme-ov-file#conditional-execution
      pull-requests: read
    outputs:
      address-service: ${{ steps.detect-changes.outputs.address-service }}
      dev-portal-api: ${{ steps.detect-changes.outputs.dev-portal-api }}
      eps: ${{ steps.detect-changes.outputs.eps }}
      meter-importer: ${{ steps.detect-changes.outputs.meter-importer }}
      external-api: ${{ steps.detect-changes.outputs.external-api }}
      miniapp-utils: ${{ steps.detect-changes.outputs.miniapp-utils }}
      migrator: ${{ steps.detect-changes.outputs.migrator }}
      open-condo: ${{ steps.detect-changes.outputs.open-condo }}
      rb: ${{ steps.detect-changes.outputs.rb }}
      registry-importer: ${{ steps.detect-changes.outputs.registry-importer }}
      webhooks: ${{ steps.detect-changes.outputs.webhooks }}
      pos-integration: ${{ steps.detect-changes.outputs.pos-integration }}
      accruals-gateway: ${{ steps.detect-changes.outputs.accruals-gateway }}
      resident-app: ${{ steps.detect-changes.outputs.resident-app }}
    steps:
      - name: Checkout code with submodules
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
          ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
          ref: ${{ env.REF }}
          # See https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
          # Quote from link: Yes it is (workflow is vulnerable), because a workflow triggered on pull_request_target still has the read/write repository token in memory that is potentially available to any running program. If the workflow uses actions/checkout and does not pass the optional parameter persist-credentials as false, it makes it even worse. The default for the parameter is true. It means that in any subsequent steps any running code can simply read the stored repository token from the disk. If you don’t need a repository write access or secrets, just stick to the pull_request trigger.
          persist-credentials: false
      - name: Scan changed files
        uses: dorny/paths-filter@v3
        id: detect-changes
        with:
          filters: |
            accruals-gateway:
              - 'apps/accruals-gateway/**'
              - 'apps/condo/domains/acquiring/**'
            address-service:
              - 'apps/address-service/**'
              - 'packages/**'
            dev-portal-api:
              - 'apps/dev-portal-api/**'
              - 'apps/condo/domains/miniapp/**'
              - 'apps/condo/domains/user/**'
              - 'packages/**'
            eps:
              - 'apps/eps'
              - 'apps/condo/domains/acquiring/**'
              - 'apps/condo/domains/billing/**'
              - 'packages/**'
            meter-importer:
              - 'apps/meter-importer/**'
              - 'packages/**'
            external-api:
              - 'apps/external-api/**'
              - 'apps/condo/domains/organization/schema/**'
              - 'apps/condo/domains/ticket/schema/**'
              - 'apps/condo/domains/billing/schema/**'
              - 'apps/condo/domains/acquiring/schema/**'
            migrator:
              - 'packages/migrator/**'
            miniapp-utils:
              - 'packages/miniapp-utils/**'
            open-condo:
              - 'packages/**'
              - '**/*.md'
              - '*'
              - '!.helm/**'
            pos-integration:
              - 'apps/pos-integration/**'
              - 'packages/**'
              - 'apps/condo/domains/acquiring/**'
              - 'apps/condo/domains/billing/**'
              - 'apps/condo/domains/organization/**'
              - 'apps/condo/domains/miniapp/**'
            rb:
              - 'apps/rb'
              - 'apps/condo/domains/acquiring/**'
              - 'apps/condo/domains/billing/**'
              - 'apps/condo/domains/organization/**'
              - 'apps/condo/domains/user/**'
              - 'packages/**'
            registry-importer:
              - 'apps/registry-importer/**'
              - 'apps/condo/domains/acquiring/**'
              - 'apps/condo/domains/billing/**'
              - 'apps/condo/domains/organization/**'
              - 'apps/condo/domains/user/**'
              - 'apps/rb'
              - 'packages/**'
            resident-app:
              - 'apps/resident-app'
              - 'packages/**'
            webhooks:
              - 'packages/webhooks/**'

  lint:
    name: Lint source code
    needs: authorize
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        node-version: [ 24.x ]
    steps:
      - name: Checkout code with submodules
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
          ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
          ref: ${{ env.REF }}
      - name: Prepare Node environment
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'yarn'
      - name: Install root dependencies
        run: |
          yarn workspaces focus root
      - name: Check JS code-style rules
        run: |
          yarn lint:code --quiet
      - name: Check styling rules
        run: |
          yarn lint:styles
      - name: Check translations rules
        run: |
          yarn lint:translations
      - name: Check common file patterns
        run: |
          bash ./bin/lint-common-patterns.sh
        # TODO(DOMA-7754): Figure out how to extract schema without starting KS-app (30sec for start per app is slow) and lint all apps

  dependencies:
    name: Check dependencies integrity
    needs: authorize
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        node-version: [ 24.x ]
    steps:
      - name: Checkout code with submodules
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
          ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
          ref: ${{ env.REF }}
      - name: Prepare Node environment
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'yarn'
      - name: Install packages
        run: |
          npm i -g turbo
          yarn install --immutable
      - name: Check missing & redundant dependencies
        run: |
          yarn lint:deps

  security:
    name: Semgrep vulnerabilities check
    needs: authorize
    runs-on: ubuntu-22.04
    container:
      image: returntocorp/semgrep
    # Skip any PR created by dependabot to avoid permission issues
    if: (github.actor != 'dependabot[bot]')
    steps:
      # Fetch project source with GitHub Actions Checkout.
      - name: Checkout code with submodules
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
          ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
          ref: ${{ env.REF }}
      - run: ./bin/run-semgrep.sh -a

  open-condo-build:
    name: Build open-source part
    needs:
      - authorize
      - detect-changes
    if: ${{ needs.detect-changes.outputs.open-condo == 'true' }}
    strategy:
      matrix:
#        TODO: Fix windows "too many files open" runner issue
#        os: [ ubuntu-22.04, windows-latest ]
        os: [ ubuntu-22.04 ]
        node-version: [ 24.x ]
        python-version: [ 3.14 ]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout code without submodules
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: 'false'
          ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
          ref: ${{ env.REF }}
      - name: Setup native Postgres (Windows Runner only)
        if: matrix.os == 'windows-latest'
        uses: ikalnytskyi/action-setup-postgres@v7
        with:
          postgres-version: 16
      - name: Setup native Redis (Windows Runner only)
        if: matrix.os == 'windows-latest'
        run: |
          choco install redis --version 6.2.17 -y
          redis-server --daemonize yes
      - name: Setup databases (Linux Runners)
        if: matrix.os != 'windows-latest'
        run: |
          docker compose up -d postgresdb redis
      - name: Prepare Python environment
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
      - name: Prepare Node environment
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'yarn'
      - name: Install packages
        run: |
          pip install Django psycopg2-binary
          npm i -g turbo
          yarn --no-immutable
      - name: Build condo dependencies
        run: |
          yarn workspace @app/condo build:deps
      - name: Prepare local condo environment
        run: |
          node bin/prepare.js -f condo
      - name: Build condo itself
        run: |
          yarn workspace @app/condo build
      - name: Start condo app
        run: |
          yarn workspace @app/condo start & node bin/wait-apps-apis.js -f condo


  run-address-service-tests:
    name: Address-Service Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - build-image
      - detect-changes
    if: ${{ needs.detect-changes.outputs.address-service == 'true' }}
    steps:
      - name: Login to cloud registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
          password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
      - name: Setup PG db
        run: |
          docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: main
      - name: Setup Redis db
        run: |
          ${{ env.REDIS_RUN_COMMAND }}
      - name: Run condo container with daemon
        run: |
          docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
      - name: Prepare apps
        run: |
          docker exec condo-container node bin/prepare.js -f address-service condo
      - name: Check migrations state
        run: |
          docker exec condo-container yarn workspace @app/address-service makemigrations --check
      - name: Run apps and tests
        run: |
          docker exec \
          -e PROMETHEUS_RW_SERVER_URL=$PROMETHEUS_RW_SERVER_URL \
          -e PROMETHEUS_USER=$PROMETHEUS_USER \
          -e PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD \
          -e GH_REF_NAME=$GH_REF_NAME \
          condo-container sh -c "(\
          yarn workspace @app/address-service start & \
          node bin/wait-apps-apis.js -f address-service) && \
          yarn workspace @app/address-service test"
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  generate-condo-test-shards:
    name: Generate Condo test shards
    needs: authorize
    runs-on: ubuntu-22.04
    outputs:
      ids: ${{ steps.generate.outputs.ids }}
      total: ${{ steps.generate.outputs.total }}
    steps:
      - name: Generate shard indexes
        id: generate
        env:
          SHARD_TOTAL: ${{ env.CONDO_TEST_SHARD_TOTAL }}
        run: |
          echo "ids=$(jq -c -n --argjson total "$SHARD_TOTAL" '[range(1; $total + 1)]')" >> "$GITHUB_OUTPUT"
          echo "total=$SHARD_TOTAL" >> "$GITHUB_OUTPUT"

  run-condo-tests:
    name: Condo Tests
    needs:
      - authorize
      - build-image
      - generate-condo-test-shards
    strategy:
      # TODO: remove this back
      fail-fast: false
      matrix:
        shard_index: ${{ fromJSON(needs.generate-condo-test-shards.outputs.ids) }}
    uses: ./.github/workflows/_nodejs.condo.core.tests.yml
    with:
      shard_index: ${{ matrix.shard_index }}
      shard_total: ${{ fromJSON(needs.generate-condo-test-shards.outputs.total) }}
      runs-on: test-runners
      image_name: ${{ needs.build-image.outputs.DOCKER_IMAGE }}
    secrets: inherit

  run-dev-portal-api-tests:
    name: Dev Portal API Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - build-image
      - detect-changes
    if: ${{ needs.detect-changes.outputs.dev-portal-api == 'true' }}
    steps:
      - name: Login to cloud registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
          password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
      - name: Setup PG db
        run: |
          docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: main
      - name: Setup Redis db
        run: |
          ${{ env.REDIS_RUN_COMMAND }}
      - name: Run condo container with daemon
        run: |
          mkdir test_logs
          chmod -R a+rw ./test_logs
          docker run -v ./test_logs:/app/test_logs --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
      - name: Prepare apps
        run: |
          docker exec condo-container node bin/prepare.js -f condo dev-portal-api
      - name: Check migrations state
        run: |
          docker exec condo-container yarn workspace @app/dev-portal-api makemigrations --check
      - name: Run apps and tests
        run: |
          docker exec condo-container sh -c "yarn workspace @app/condo start" 2>&1 > ./test_logs/dev_portal_api.condo.dev.log &
          docker exec condo-container sh -c "yarn workspace @app/dev-portal-api start" 2>&1 > ./test_logs/dev_portal_api.dev-portal-api.dev.log &
          docker exec condo-container sh -c "node bin/wait-apps-apis.js -f condo dev-portal-api"
          docker exec \
          -e PROMETHEUS_RW_SERVER_URL=$PROMETHEUS_RW_SERVER_URL \
          -e PROMETHEUS_USER=$PROMETHEUS_USER \
          -e PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD \
          -e GH_REF_NAME=$GH_REF_NAME \
          condo-container sh -c "yarn workspace @app/dev-portal-api test" 2>&1 > ./test_logs/dev_portal_api.tests.log
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}
      - name: Collect docker logs on failure
        if: failure()
        uses: jwalton/gh-docker-logs@v1
        with:
          dest: './docker-logs'
      - name: Upload log artifact
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: dev-portal-api
          path: |
            ./test_logs/*
            *.log
            ./docker-logs
          retention-days: 2

  run-eps-tests:
    name: EPS Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - build-image
      - detect-changes
    if: ${{ needs.detect-changes.outputs.eps == 'true' }}
    steps:
      - name: Login to cloud registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
          password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
      - name: Setup PG db
        run: |
          docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: main
      - name: Setup Redis db
        run: |
          ${{ env.REDIS_RUN_COMMAND }}
      - name: Run condo container with daemon
        run: |
          docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
      - name: Prepare apps
        run: |
          docker exec condo-container node bin/prepare.js -f condo eps
      - name: Check migrations state
        run: |
          docker exec condo-container yarn workspace @app/eps makemigrations --check
      - name: Run apps and tests
        run: |
          docker exec \
          -e PROMETHEUS_RW_SERVER_URL=$PROMETHEUS_RW_SERVER_URL \
          -e PROMETHEUS_USER=$PROMETHEUS_USER \
          -e PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD \
          -e GH_REF_NAME=$GH_REF_NAME \
          condo-container sh -c "(\
          yarn workspace @app/condo start & \
          yarn workspace @app/eps start & \
          node bin/wait-apps-apis.js -f condo eps) && \
          yarn workspace @app/eps test"
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  run-meter-importer-tests:
    name: Meter-importer Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - build-image
      - detect-changes
    if: ${{ needs.detect-changes.outputs.meter-importer == 'true' }}
    steps:
      - name: Login to cloud registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
          password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
      - name: Setup PG db
        run: |
          docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: main
      - name: Setup Redis db
        run: |
          ${{ env.REDIS_RUN_COMMAND }}
      - name: Run condo container with daemon
        run: |
          docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
      - name: Prepare apps
        run: |
          docker exec condo-container node bin/prepare.js -f condo meter-importer
      - name: Check migrations state
        run: |
          docker exec condo-container yarn workspace @app/meter-importer makemigrations --check
      - name: Run apps and tests
        run: |
          docker exec \
          -e PROMETHEUS_RW_SERVER_URL=$PROMETHEUS_RW_SERVER_URL \
          -e PROMETHEUS_USER=$PROMETHEUS_USER \
          -e PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD \
          -e GH_REF_NAME=$GH_REF_NAME \
          condo-container sh -c "(\
          yarn workspace @app/condo start & \
          yarn workspace @app/meter-importer start & \
          node bin/wait-apps-apis.js -f condo meter-importer) && \
          yarn workspace @app/meter-importer test"
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  run-pos-integration-tests:
    name: Pos-integration Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - build-image
      - detect-changes
    if: ${{ needs.detect-changes.outputs.pos-integration == 'true' }}
    steps:
      - name: Login to cloud registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
          password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
      - name: Setup PG db
        run: |
          docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: main
      - name: Setup Redis db
        run: |
          ${{ env.REDIS_RUN_COMMAND }}
      - name: Run condo container with daemon
        run: |
          docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
      - name: Prepare apps
        run: |
          docker exec condo-container node bin/prepare.js -f condo pos-integration
      - name: Check migrations state
        run: |
          docker exec condo-container yarn workspace @app/pos-integration makemigrations --check
      - name: Run apps and tests
        run: |
          docker exec \
          -e PROMETHEUS_RW_SERVER_URL=$PROMETHEUS_RW_SERVER_URL \
          -e PROMETHEUS_USER=$PROMETHEUS_USER \
          -e PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD \
          -e GH_REF_NAME=$GH_REF_NAME \
          condo-container sh -c "(\
          yarn workspace @app/condo start & \
          yarn workspace @app/pos-integration start & \
          node bin/wait-apps-apis.js -f condo pos-integration) && \
          yarn workspace @app/pos-integration test"
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  run-accruals-gateway-tests:
    name: Accruals-gateway Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - build-image
      - detect-changes
    if: ${{ needs.detect-changes.outputs.accruals-gateway == 'true' }}
    steps:
      - name: Login to cloud registry
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
          password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
      - name: Setup PG db
        run: |
          docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: main
      - name: Setup Redis db
        run: |
          ${{ env.REDIS_RUN_COMMAND }}
      - name: Run condo container with daemon
        run: |
          docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
      - name: Prepare apps
        run: |
          docker exec condo-container node bin/prepare.js -f condo accruals-gateway
      - name: Check migrations state
        run: |
          docker exec condo-container yarn workspace @app/accruals-gateway makemigrations --check
      - name: Run apps and tests
        run: |
          docker exec \
          -e PROMETHEUS_RW_SERVER_URL=$PROMETHEUS_RW_SERVER_URL \
          -e PROMETHEUS_USER=$PROMETHEUS_USER \
          -e PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD \
          -e GH_REF_NAME=$GH_REF_NAME \
          condo-container sh -c "(\
          yarn workspace @app/condo start & \
          yarn workspace @app/accruals-gateway start & \
          node bin/wait-apps-apis.js -f condo accruals-gateway) && \
          yarn workspace @app/accruals-gateway test"
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  run-external-api-tests:
    name: External API Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - build-image
      - detect-changes
    if: ${{ needs.detect-changes.outputs.external-api == 'true' }}
    steps:
      - name: Login to cloud registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
          password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
      - name: Setup PG db
        run: |
          docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: main
      - name: Setup Redis db
        run: |
          ${{ env.REDIS_RUN_COMMAND }}
      - name: Run condo container with daemon
        run: |
          docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
      - name: Prepare apps
        run: |
          docker exec condo-container node bin/prepare.js -f condo external-api
      - name: Run apps and tests
        run: |
          docker exec condo-container sh -c "yarn workspace @app/condo start" &
          docker exec condo-container sh -c "node bin/wait-apps-apis.js -f condo"
          docker exec condo-container sh -c "yarn workspace @app/external-api start" &
          docker exec \
          -e PROMETHEUS_RW_SERVER_URL=$PROMETHEUS_RW_SERVER_URL \
          -e PROMETHEUS_USER=$PROMETHEUS_USER \
          -e PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD \
          -e GH_REF_NAME=$GH_REF_NAME \
          condo-container sh -c "yarn workspace @app/external-api test"
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  run-migrator-tests:
    name: Migrator Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - detect-changes
    if: ${{ needs.detect-changes.outputs.migrator == 'true' }}
    steps:
      - name: Checkout code with submodules
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
          ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
          ref: ${{ env.REF }}
      - name: Install packages
        run: |
          npm i -g turbo
          yarn install --immutable
      - name: Run @open-condo/migrator tests
        run: yarn workspace @open-condo/migrator test
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  run-miniapp-utils-tests:
    name: Miniapp Utils Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - detect-changes
    if: ${{ needs.detect-changes.outputs.miniapp-utils == 'true' }}
    steps:
      - name: Checkout code with submodules
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
          ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
          ref: ${{ env.REF }}
      - name: Install packages
        run: |
          npm i -g turbo
          yarn install --immutable
      - name: Run @open-condo/miniapp-utils tests
        run: yarn workspace @open-condo/miniapp-utils test
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  run-rb-tests:
    name: RB Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - build-image
      - detect-changes
    if: ${{ needs.detect-changes.outputs.rb == 'true' }}
    steps:
      - name: Login to cloud registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
          password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
      - name: Setup PG db
        run: |
          docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: main
      - name: Setup Redis db
        run: |
          ${{ env.REDIS_RUN_COMMAND }}
      - name: Run condo container with daemon
        run: |
          docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
      - name: Prepare apps
        run: |
          docker exec condo-container node bin/prepare.js -f condo rb
      - name: Check migrations state
        run: |
          docker exec condo-container yarn workspace @app/rb makemigrations --check
      - name: Run apps and tests
        run: |
          docker exec \
          -e PROMETHEUS_RW_SERVER_URL=$PROMETHEUS_RW_SERVER_URL \
          -e PROMETHEUS_USER=$PROMETHEUS_USER \
          -e PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD \
          -e GH_REF_NAME=$GH_REF_NAME \
          condo-container sh -c "(\
          yarn workspace @app/condo start & \
          yarn workspace @app/rb start & \
          node bin/wait-apps-apis.js -f condo rb) && \
          yarn workspace @app/rb test"
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  run-registry-tests:
    name: Registry-importer Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - build-image
      - detect-changes
    if: ${{ needs.detect-changes.outputs.registry-importer == 'true' }}
    steps:
      - name: Login to cloud registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY }}
          username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
          password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
      - name: Setup PG db
        run: |
          docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: main
      - name: Setup Redis db
        run: |
          ${{ env.REDIS_RUN_COMMAND }}
      - name: Run condo container with daemon
        run: |
          docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
      - name: Prepare apps
        run: |
          docker exec condo-container node bin/prepare.js -f condo registry-importer rb
      - name: Check migrations state
        run: |
          docker exec condo-container yarn workspace @app/registry-importer makemigrations --check
      - name: Run apps and tests
        run: |
          docker exec \
          -e PROMETHEUS_RW_SERVER_URL=$PROMETHEUS_RW_SERVER_URL \
          -e PROMETHEUS_USER=$PROMETHEUS_USER \
          -e PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD \
          -e GH_REF_NAME=$GH_REF_NAME \
          condo-container sh -c "(\
          yarn workspace @app/condo start & \
          yarn workspace @app/rb start & \
          yarn workspace @app/registry-importer start & \
          node bin/wait-apps-apis.js -f condo registry-importer rb) && \
          yarn workspace @app/registry-importer test"
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  run-resident-app-tests:
    name: Resident App Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - detect-changes
    if: ${{ needs.detect-changes.outputs.resident-app == 'true' }}
    steps:
      - name: Checkout code with submodules
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
          ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
          ref: ${{ env.REF }}
      - name: Install packages
        run: |
          npm i -g turbo
          yarn install --immutable
      - name: Run @app/resident-app tests
        run: yarn workspace @app/resident-app test
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}

  run-webhooks-tests:
    name: Webhooks Tests
    runs-on: ubuntu-22.04
    needs:
      - authorize
      - detect-changes
    if: ${{ needs.detect-changes.outputs.webhooks == 'true' }}
    steps:
      - name: Checkout code with submodules
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
          ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
          ref: ${{ env.REF }}
      - name: Install packages
        run: |
          npm i -g turbo
          yarn install --immutable
      - name: Test webhooks utils
        run: yarn workspace @open-condo/webhooks test
        env:
          PROMETHEUS_RW_SERVER_URL: ${{ secrets.K6_PROMETHEUS_RW_SERVER_URL }}
          PROMETHEUS_USER: ${{ secrets.K6_PROMETHEUS_USER }}
          PROMETHEUS_PASSWORD: ${{ secrets.K6_PROMETHEUS_PASSWORD }}
          GH_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref_name }}