Initial draft of GHA

FyreByrd · FyreByrd · commit d8617b2c9b14 · 2026-02-27T15:30:52.000-06:00
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,59 +1,40 @@
-name: BuildEngine CI
+name: BuildEngine v2 Test and Deploy
 
 on:
   push:
-    branches: [master, develop, github-builds]
-  pull_request:
   workflow_dispatch:
     inputs:
-      logLevel:
-        description: "Log Level"
-        required: true
-        default: "warning"
       tags:
         description: "Tags"
-  schedule:
-    - cron: "0 0 * * 0" # weekly
 
 env:
-  BUILD_TAG: "build-engine-api:${{ github.run_number }}"
+  BUILD_ENGINE_BUILD_TAG: "build-engine-api:${{ github.run_number }}"
+  OTEL_BUILD_TAG: "scriptoria-otel:${{ github.run_number }}"
   BUILD_NUMBER: ${{ github.run_number }}
 
 jobs:
-  build:
+  check:
+    uses: "./.github/workflows/setup.yml"
+    secrets:
+      AUTH0_SECRET: ${{ secrets.AUTH0_SECRET }}
+  deploy-to-ecr:
     runs-on: ubuntu-latest
-
+    needs: check
+    if: ${{ success() && (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') }}
     steps:
-      - uses: actions/checkout@v3
-
-      - name: Get environment info
-        run: |
-          echo Docker version
-          docker --version
-          echo
-          echo Env
-          env
-
-      - name: Setup local.env
-        run: |
-          echo "COMPOSER_AUTH={\"github-oauth\":{\"github.com\":\""${{ secrets.GITHUB_TOKEN }}\""}}" > local.env
+      - name: Checkout
+        uses: actions/checkout@v5
 
-      - name: Install dependencies
-        run: |
-          echo "Installing ecs-deploy script..."
-          mkdir -p $HOME/.local/bin
-          curl -o $HOME/.local/bin/ecs-deploy https://raw.githubusercontent.com/silinternational/ecs-deploy/master/ecs-deploy
-          chmod +x $HOME/.local/bin/ecs-deploy
-
-      - name: Tests
-        run: |
-          make test
+      - name: Setup node
+        uses: actions/setup-node@v5
+        with:
+          node-version: 24
 
-      - name: Build docker image
+      - name: Build docker images
         uses: docker/build-push-action@v4
         with:
           push: false
-          tags: ${{ env.BUILD_TAG }}
+          tags: ${{ env.BUILD_ENGINE_BUILD_TAG }}
           context: .
           load: true
 
@@ -75,7 +56,7 @@ jobs:
 
       - name: Push to GHCR
         run: |
-          docker tag ${{ env.BUILD_TAG }} ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}
+          docker tag ${{ env.BUILD_ENGINE_BUILD_TAG }} ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}
           docker push ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}
 
       - name: Configure AWS credentials (SIL)
@@ -94,8 +75,8 @@ jobs:
 
       - name: Push to AWS ECR (SIL)
         run: |
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
+          docker tag ${{ env.BUILD_ENGINE_BUILD_TAG }} "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
+          docker tag ${{ env.BUILD_ENGINE_BUILD_TAG }} "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
           docker push "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
           docker push "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
 
@@ -129,8 +110,8 @@ jobs:
         if: false # Temporarily disabled - remove this line to re-enable
         # if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-prd' }}  # Restore this when re-enabling
         run: |
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
+          docker tag ${{ env.BUILD_ENGINE_BUILD_TAG }} "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
+          docker tag ${{ env.BUILD_ENGINE_BUILD_TAG }} "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
           docker push "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
           docker push "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
 
@@ -162,8 +143,8 @@ jobs:
       - name: Push to AWS ECR (LU)
         if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-stg' }}
         run: |
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
-          docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
+          docker tag ${{ env.BUILD_ENGINE_BUILD_TAG }} "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
+          docker tag ${{ env.BUILD_ENGINE_BUILD_TAG }} "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
           docker push "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
           docker push "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
 
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -0,0 +1,11 @@
+name: Test and Lint
+
+on:
+  pull_request:
+    branches:
+      - master
+      - develop
+
+jobs:
+  checks:
+    uses: ./.github/workflows/setup.yml
diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml
@@ -0,0 +1,143 @@
+on:
+  workflow_call:
+    secrets:
+      AUTH0_SECRET:
+        required: false
+
+env:
+  APP_ENV: ci
+
+jobs:
+  # Install dependencies once and cache for other jobs
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      BACKUP_AUTH0_SECRET: ${{ steps.set-vars.outputs.BACKUP_AUTH0_SECRET }}
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
+        with:
+          node-version: 24
+          cache: 'npm'
+          cache-dependency-path: package-lock.json
+
+      - name: Get environment info
+        id: set-vars
+        run: |
+          echo Node version
+          node --version
+          npm --version
+          echo
+          echo Docker version
+          docker --version
+          echo
+          echo Environment variables
+          env
+          BACKUP_AUTH0_SECRET=$(hexdump -vn32 -e'8/4 "%08x" 1 "\n"' /dev/urandom)
+          echo "BACKUP_AUTH0_SECRET=${BACKUP_AUTH0_SECRET}" >> $GITHUB_OUTPUT
+
+      - name: Restore node_modules cache
+        id: restore-cache
+        uses: actions/cache@v4
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-node-modules-${{ hashFiles('package-lock.json', 'src/lib/prisma/schema.prisma') }}
+
+      - name: Install dependencies
+        if: steps.restore-cache.outputs.cache-hit != 'true'
+        run: |
+          echo "Installing dependencies..."
+          npm ci
+
+      - name: Cache node_modules
+        if: steps.restore-cache.outputs.cache-hit != 'true'
+        uses: actions/cache@v4
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-node-modules-${{ hashFiles('package-lock.json', 'src/lib/prisma/schema.prisma') }}
+
+  # Type checking and linting
+  typecheck-lint:
+    runs-on: ubuntu-latest
+    needs: setup
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
+        with:
+          node-version: 24
+
+      - name: Restore node_modules cache
+        uses: actions/cache@v4
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-node-modules-${{ hashFiles('package-lock.json', 'src/lib/prisma/schema.prisma') }}
+
+      - name: Run svelte-check
+        run: |
+          echo "Running svelte-check..."
+          npm run check
+
+      - name: Run lint
+        run: |
+          echo "Running lint..."
+          npm run lint
+
+  # Build and run a smoke test
+  build-and-test:
+    runs-on: ubuntu-latest
+    needs: setup
+    env:
+      CI: true
+      AUTH0_SECRET: ${{ secrets.AUTH0_SECRET || needs.setup.outputs.BACKUP_AUTH0_SECRET }}
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
+        with:
+          node-version: 24
+
+      - name: Restore node_modules cache
+        uses: actions/cache@v4
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-node-modules-${{ hashFiles('package-lock.json', 'src/lib/prisma/schema.prisma') }}
+
+      - name: Build, Install Playwright dependencies, and seed database
+        run: |
+          echo "Building .env file..."
+          echo "AUTH0_SECRET=" >> .env
+          echo "Building the docker project..."
+          mkdir -p command-output
+          (./run ci build > command-output/build-output.txt 2>&1) &
+          echo "Beginning pull of images"
+          ./run ci pull valkey > /dev/null &
+          echo "Starting database..."
+          ./run ci up -d db
+          sleep 1
+          echo "Resetting the database..."
+          npx prisma migrate reset -f --skip-seed --skip-generate
+          echo "Waiting for build and Playwright installation to finish..."
+          wait
+          if [ -f command-output/build-exit-code.txt ]; then
+            BUILD_EXIT_CODE=$(cat command-output/build-exit-code.txt)
+            echo "Build failed with exit code $BUILD_EXIT_CODE"
+            cat command-output/build-output.txt
+            exit $BUILD_EXIT_CODE
+          fi
+          echo "Build and Playwright installation completed."
+        env:
+          DATABASE_URL: 'postgresql://db-user:1234@localhost:5432/dev-buildengine?schema=public'
+
+      - name: Start docker-compose services
+        run: |
+          echo "Starting docker-compose services..."
+          ./run ci up -d
+
+      - name: Run tests
+        run: |
+          # Is the port open
+          sleep 1
+          nc -zv localhost 8443 || {
+            echo "Port 8443 is not open"
+            ./run ci logs build-engine
+            exit 1
+          }
