riksdagsmonitor/.github/workflows/test-news.yml at main · Hack23/riksdagsmonitor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: Test News

on:
  push:
    branches:
      - main
      - develop
    paths:
      - 'news/**'
      - 'sitemap*.html'
      - 'cypress/e2e/news-page.cy.js'
      - 'cypress/e2e/news-articles.cy.js'
      - 'cypress/e2e/sitemap.cy.js'
      - '.github/workflows/test-news.yml'
  pull_request:
    branches:
      - main
      - develop
    paths:
      - 'news/**'
      - 'sitemap*.html'
      - 'cypress/e2e/news-page.cy.js'
      - 'cypress/e2e/news-articles.cy.js'
      - 'cypress/e2e/sitemap.cy.js'
  workflow_dispatch:

permissions:
  contents: read

jobs:
  build:
    name: Build for News Tests
    runs-on: ubuntu-latest
    timeout-minutes: 10

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3
        with:
          egress-policy: audit

      - name: Checkout code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Setup Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: '26'
          cache: 'npm'
          cache-dependency-path: |
            package-lock.json
            .github/workflows/test-news.yml

      - name: Install dependencies
        run: npm ci

      - name: Build with Vite
        # The static-pages-emit plugin (scripts/vite-plugin-static-
        # pages.js) keeps the ~3 500 news/*.html, sitemap_*.html and
        # political-intelligence_*.html pages out of Rollup's module
        # graph; the build now needs <1 GB heap on the current corpus,
        # well under Node's default ~4 GB.
        run: npm run build

      - name: Upload build artifacts
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: news-build
          path: dist/
          retention-days: 1

  test-news:
    name: News & Sitemap Tests
    runs-on: ubuntu-latest
    needs: build
    timeout-minutes: 5 # Max 5 minutes
    # Use the official Cypress browsers image so Chrome/Firefox/Edge are
    # preinstalled at known versions — eliminates cypress↔chrome version
    # drift. Node 26 is installed inside the container via
    # actions/setup-node because no Cypress image yet ships Node 26.
    # TODO: pin to an immutable @sha256: digest via Renovate.
    container:
      image: cypress/browsers:latest
      options: --user root
    strategy:
      fail-fast: true # Stop immediately on failure
      matrix:
        spec:
          - 'cypress/e2e/news-page.cy.js'
          - 'cypress/e2e/news-articles.cy.js'
          - 'cypress/e2e/sitemap.cy.js'

    steps:
      # NOTE: step-security/harden-runner is host-level and is not
      # compatible with container jobs, so this job runs WITHOUT
      # runtime egress restrictions — accepted trade-off for browser
      # version determinism. The harden-runner build job above still
      # gates the artifacts this job consumes, but does not enforce
      # outbound restrictions for this job at runtime.

      - name: Checkout code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Setup Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: '26'
          cache: 'npm'
          cache-dependency-path: |
            package-lock.json
            .github/workflows/test-news.yml

      - name: Install dependencies
        run: npm ci

      - name: Download build artifacts
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: news-build
          path: dist/

      - name: Run Cypress tests
        uses: cypress-io/github-action@dace029018fcdf86e0df89a31bc3cfa5b32570d8 # v7.3.0
        with:
          start: npm run preview
          wait-on: 'http://localhost:4173'
          wait-on-timeout: 30
          browser: chrome
          spec: ${{ matrix.spec }}
          config: video=false
          quiet: true
          # Skip the action's bundled `npm install` — we already ran
          # `npm ci` above and the container ships browsers preinstalled.
          install: false

      - name: Archive screenshots
        if: failure()
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: news-screenshots-${{ strategy.job-index }}
          path: cypress/screenshots/
          retention-days: 7

  summary:
    name: News Test Summary
    runs-on: ubuntu-latest
    needs: [build, test-news]
    if: always()

    steps:
      - name: Test Summary
        run: |
          echo "## 📰 News Test Results" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "Build: ${{ needs.build.result }}" >> $GITHUB_STEP_SUMMARY
          echo "Tests: ${{ needs.test-news.result }}" >> $GITHUB_STEP_SUMMARY

          if [ "${{ needs.test-news.result }}" == "success" ]; then
            echo "### ✅ All news tests passed!" >> $GITHUB_STEP_SUMMARY
          else
            echo "### ❌ News tests failed" >> $GITHUB_STEP_SUMMARY
          fi