csplab/.github/workflows/web.yml at 0ec8ac8ac88cd06477554ad35b9c6e774abd073d · betagouv/csplab · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: Web

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
    types: [opened, synchronize, reopened, edited]

permissions:
  contents: read

jobs:
  check-changes:
    runs-on: ubuntu-latest
    outputs:
      relevant: ${{ steps.filter.outputs.relevant }}
    steps:
      - uses: actions/checkout@v6
      - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d
        id: filter
        with:
          filters: |
            relevant:
              - "src/web/**"
              - ".github/workflows/web.yml"
              - ".github/actions/**"

  build-web:
    needs: check-changes
    if: github.event_name == 'push' || needs.check-changes.outputs.relevant == 'true'
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./src/web
    steps:
      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-uv-python
        with:
          service-path: src/web
      - uses: ./.github/actions/setup-pnpm-node
        with:
          lock-file-path: src/web/pnpm-lock.yaml
      - name: Install frontend dependencies
        run: pnpm install --frozen-lockfile
      - name: Build frontend
        run: pnpm run build

  lint-web:
    needs: [check-changes, build-web]
    if: github.event_name == 'push' || needs.check-changes.outputs.relevant == 'true'
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./src/web
    env:
      WEB_SECRET_KEY: the_secret_key
      WEB_DATABASE_URL: psql://web:pass@localhost:5432/web
      DJANGO_SETTINGS_MODULE: config.settings.test
    steps:
      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-uv-python
        with:
          service-path: src/web
      - name: Lint with Ruff
        run: uv run ruff check .
      - name: Lint format with Ruff
        run: uv run ruff format --check .
      - name: Lint with MyPy
        run: uv run mypy .
      - name: Lint web templates with djlint
        run: uv run djlint presentation/templates --check
      - uses: ./.github/actions/setup-pnpm-node
        with:
          lock-file-path: src/web/pnpm-lock.yaml
      - name: Install frontend dependencies
        run: pnpm install --frozen-lockfile
      - name: Lint frontend
        run: pnpm --filter csplab-frontend lint
      - name: TypeScript check
        run: pnpm --filter csplab-frontend build
      - name: Check no migrations are missing
        working-directory: ${{ github.workspace }}
        run: make lint-web-migrations WEB_UV="cd src/web && uv run"
      - name: Lint schema
        working-directory: ${{ github.workspace }}
        run: make lint-schema WEB_UV="cd src/web && uv run"

  test-web:
    needs: [check-changes, build-web]
    if: github.event_name == 'push' || needs.check-changes.outputs.relevant == 'true'
    runs-on: ubuntu-latest
    services:
      postgresql:
        image: pgvector/pgvector:pg16
        env:
          POSTGRES_DB: web
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: pass
          TEST: true
        options: >-
          --health-cmd "pg_isready -h localhost -U postgres"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 10
        ports:
          - 5432:5432
      qdrant:
        image: qdrant/qdrant:latest
        ports:
          - 6333:6333
      redis:
        image: redis
        ports:
          - 6379:6379
    defaults:
      run:
        working-directory: ./src/web
    env:
      WEB_SECRET_KEY: the_secret_key
      WEB_DATABASE_URL: psql://postgres:pass@localhost:5432/web
      WEB_QDRANT_URL: http://localhost:6333
      WEB_VECTOR_DB_TYPE: QDRANT
      DJANGO_SETTINGS_MODULE: config.settings.test
    steps:
      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-uv-python
        with:
          service-path: src/web
      - name: Wait for Qdrant to be ready
        run: |
          echo "Waiting for Qdrant to be ready..."
          for i in {1..30}; do
            if curl -f http://localhost:6333 > /dev/null 2>&1; then
              echo "✅ Qdrant is ready"
              break
            fi
            echo "⏳ Waiting for Qdrant... (attempt $i/30)"
            sleep 2
          done
      - name: Setup Qdrant collections
        run: |
          echo "Creating production collection..."
          uv run python config/setup-qdrant.py
          echo "Creating test collection..."
          uv run python config/setup-qdrant.py --collection-name fonction_publique_test
      - name: Test with pytest
        run: uv run pytest -m "not accessibility and not e2e" .
      - name: Install Playwright browser
        run: uv run playwright install --with-deps chromium
      - name: Test Web suite with coverage
        run: uv run pytest -m "e2e" .

  deploy-web:
    needs: [check-changes, lint-web, test-web]
    if: github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.check-changes.outputs.relevant == 'true'
    runs-on: ubuntu-latest
    environment: production
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - uses: ./.github/actions/scalingo-deploy
        with:
          branch: main-web