fiches-travail-data/.github/workflows/release.yml at eebea7ce983d7b37d65d74bdd646bbf437de2edb · SocialGouv/fiches-travail-data · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: Release
on:
  schedule:
    - cron: "00 21 * * *"
  repository_dispatch:
    types: manual_release
  workflow_dispatch:

permissions:
  id-token: write    # Requis pour OIDC / npm trusted publishing
  contents: write

jobs:
  release:
    name: Release
    runs-on: ubuntu-latest
    steps:
      - name: Get GitHub App Token
        id: token
        uses: SocialGouv/token-bureau@main
        with:
          token-bureau-url: https://token-bureau.fabrique.social.gouv.fr
          audience: socialgouv

      - name: Set up Node.js
        uses: actions/setup-node@v6
        with:
          node-version: 24.x
          registry-url: https://registry.npmjs.org

      - name: Update npm (required for npm trusted publishing)
        run: npm install -g npm@latest

      - name: Get yarn cache directory path
        id: init
        shell: bash
        run: |
          echo "yarn_cache=$(yarn cache dir)" >> "$GITHUB_OUTPUT"
          echo "Node $(node --version)"
          echo "Yarn $(yarn --version)"
          echo "Npm $(npm --version)"

      - uses: actions/checkout@v4

      - name: Cache Yarn packages
        id: yarn_cache_packages
        uses: actions/cache@v4
        with:
          path: ${{ steps.init.outputs.yarn_cache }}
          key: ${{ runner.os }}-yarn_cache-${{ hashFiles('**/yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-yarn_cache-

      - name: Installing
        run: yarn --frozen-lockfile --link-duplicates --prefer-offline

      - name: Build
        run: yarn build

      - name: Start
        env:
          TOKEN_MT: ${{ secrets.TOKEN_MT }}
          DATAFILLER_URL: ${{ secrets.DATAFILLER_URL }}
        run: yarn start

      - name: Check Refs
        run: yarn checkRefs

      - name: Check for 403 errors
        id: check_403
        run: |
          if [ -f "./forbidden-urls.json" ]; then
            echo "has_403=true" >> "$GITHUB_OUTPUT"
            FORBIDDEN_CONTENT=$(cat ./forbidden-urls.json)
            FORBIDDEN_CONTENT="${FORBIDDEN_CONTENT//'%'/'%25'}"
            FORBIDDEN_CONTENT="${FORBIDDEN_CONTENT//$'\n'/'%0A'}"
            FORBIDDEN_CONTENT="${FORBIDDEN_CONTENT//$'\r'/'%0D'}"
            echo "forbidden_urls=$FORBIDDEN_CONTENT" >> "$GITHUB_OUTPUT"
          else
            echo "has_403=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Get metadata
        id: metadata
        shell: bash
        run: |
          echo "data_status=$(git status -s ./data)" >> "$GITHUB_OUTPUT"
          echo "now=$(date +"%Y%m%d_%H%M")" >> "$GITHUB_OUTPUT"

      - name: Print metadata
        run: |
          echo "Data status ${{ steps.metadata.outputs.now }}"
          echo "${{ steps.metadata.outputs.data_status }}"

      - name: Check JSON
        run: |
          for filename in ./data/*\.json; do
            node "$filename" > /dev/null || {
              echo "Error: Invalid JSON in $filename"
              exit 1
            }
          done

      - uses: EndBug/add-and-commit@v7
        if: ${{ steps.metadata.outputs.data_status }}
        env:
          HUSKY_SKIP_HOOKS: "true"
          GITHUB_TOKEN: ${{ steps.token.outputs.token }}
        with:
          author_name: ${{ secrets.SOCIALGROOVYBOT_NAME }}
          author_email: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
          message: "feat(data): ${{ steps.metadata.outputs.now }} update"
          add: "data"

      - name: Semantic Release
        uses: cycjimmy/semantic-release-action@ba330626c4750c19d8299de843f05c7aa5574f62
        with:
          semantic_version: 25.0.1
          extra_plugins: |
            @semantic-release/changelog@6.0.3
            @semantic-release/exec@7.1.0
            @semantic-release/git@10.0.1
        env:
          GIT_AUTHOR_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
          GIT_AUTHOR_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
          GIT_COMMITTER_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
          GIT_COMMITTER_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
          GITHUB_TOKEN: ${{ steps.token.outputs.token }}
      - uses: mattermost/action-mattermost-notify@master
        if: steps.check_403.outputs.has_403 == 'true'
        with:
          MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_WEBHOOK_URL }}
          TEXT: |
            ⚠️ **Avertissement** : Certaines pages ont retourné une erreur 403 (Forbidden) lors du scraping et ont été ignorées.

            ```json
            ${{ steps.check_403.outputs.forbidden_urls }}
            ```

            Le processus de mise à jour a continué normalement.
            [Les logs complets sont disponibles ici](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})

      - uses: mattermost/action-mattermost-notify@master
        if: failure()
        with:
          MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_WEBHOOK_URL }}
          TEXT: |
            ❌ La mise à jour du dépôt fiches-travail-data a échoué.
            [Les logs sont disponibles ici](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})