Translations update from Weblate #4831
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: app | |
| on: | |
| - merge_group | |
| - push | |
| - pull_request | |
| # Only build for latest push/PR unless it's main or release/ | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith( github.ref, 'refs/heads/release/' ) && !startsWith( github.ref, 'refs/heads/gh-readonly-queue/' ) }} | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint-and-build: | |
| strategy: | |
| matrix: | |
| debian_version: | |
| - bookworm | |
| runs-on: ubuntu-latest | |
| container: debian:${{ matrix.debian_version }} | |
| steps: | |
| - name: Install base dependencies | |
| run: | | |
| apt-get update | |
| apt-get install --yes \ | |
| build-essential \ | |
| git \ | |
| make \ | |
| python3 python3-pip \ | |
| sqlite3 | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Install node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "24.x" | |
| cache: pnpm | |
| cache-dependency-path: app/pnpm-lock.yaml | |
| - name: Install node dependencies | |
| working-directory: app | |
| run: pnpm install | |
| - name: Lint | |
| working-directory: app | |
| run: pnpm lint | |
| - name: Check that database schema is up to date | |
| working-directory: app | |
| run: | | |
| mkdir -p "${HOME}/.config/SecureDrop" | |
| git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| pnpm dbmate:check | |
| - name: Test (unit tests) | |
| working-directory: app | |
| run: pnpm test | |
| - name: Build | |
| working-directory: app | |
| run: pnpm build:linux | |
| translator-screenshots: | |
| strategy: | |
| matrix: | |
| debian_version: | |
| - bookworm | |
| runs-on: ubuntu-latest | |
| container: debian:${{ matrix.debian_version }} | |
| steps: | |
| - name: Install base plus Electron runtime dependencies | |
| run: | | |
| apt-get update && apt-get install --yes git make python3 python3-pip python3-requests build-essential \ | |
| libglib2.0-0 libnspr4 libnss3 libdbus-1-3 libatk1.0-0 libatk-bridge2.0-0 \ | |
| libcups2 libcairo2 libgtk-3-0 libgbm1 libasound2 xvfb sqlite3 | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: "freedomofpress/securedrop" | |
| path: "securedrop-server" | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Install node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "24.x" | |
| cache: pnpm | |
| cache-dependency-path: app/pnpm-lock.yaml | |
| - name: Install node dependencies | |
| working-directory: app | |
| run: pnpm install | |
| - name: Install Rust-specific dependencies for sd-proxy | |
| run: apt-get install --yes build-essential curl libssl-dev pkg-config | |
| - name: Install Rust to build sd-proxy | |
| uses: dtolnay/rust-toolchain@1.90.0 | |
| - name: Generate and insert test data | |
| working-directory: app | |
| run: | | |
| pnpm test-data-generate ../securedrop-server 10 | |
| mkdir -p ~/.config/SecureDrop | |
| pnpm test-data-insert | |
| - name: Generate translator screenshots | |
| working-directory: app | |
| run: xvfb-run --auto-servernum --server-args="-screen 0 1920x1080x24" pnpm translator-screenshots | |
| - name: Save screenshots as an artifact | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: translator-screenshots | |
| path: app/screenshots/ | |
| retention-days: 30 | |
| if-no-files-found: error | |
| - name: Upload screenshots to Weblate and associate with source strings (on main branch only) | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| working-directory: app | |
| run: | | |
| python3 scripts/upload_screenshots.py \ | |
| --project securedrop \ | |
| --component securedrop-app \ | |
| screenshots/ | |
| env: | |
| WEBLATE: ${{ vars.WEBLATE }} | |
| WEBLATE_API_TOKEN: ${{ secrets.WEBLATE_API_TOKEN }} | |
| integration-tests: | |
| strategy: | |
| matrix: | |
| debian_version: | |
| - bookworm | |
| runs-on: ubuntu-latest | |
| container: debian:${{ matrix.debian_version }} | |
| services: | |
| httpbin: | |
| image: kennethreitz/httpbin # zizmor: ignore[unpinned-images] | |
| ports: | |
| - 80:80 | |
| steps: | |
| - name: Install base dependencies | |
| run: | | |
| apt-get update && apt-get install --yes git make python3 python3-pip build-essential | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Install node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "24.x" | |
| cache: pnpm | |
| cache-dependency-path: app/pnpm-lock.yaml | |
| - name: Install node dependencies | |
| working-directory: app | |
| run: pnpm install | |
| - name: Install Rust-specific dependencies for sd-proxy | |
| run: apt-get install --yes build-essential curl libssl-dev pkg-config | |
| - name: Install Rust to build sd-proxy | |
| uses: dtolnay/rust-toolchain@1.90.0 | |
| - name: Run integration tests | |
| working-directory: app | |
| run: NODE_ENV=ci VITE_HTTPBIN_URL=http://httpbin:80 pnpm integration-test | |
| server-tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| repository: "freedomofpress/securedrop" | |
| path: "securedrop-server" | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.11" | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Install node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "24.x" | |
| cache: pnpm | |
| cache-dependency-path: app/pnpm-lock.yaml | |
| - name: Install node dependencies | |
| working-directory: app | |
| run: pnpm install | |
| # n.b. because this runs on Ubuntu runner directly, | |
| # build-essential, curl, libssl-dev and pkg-config are already installed | |
| - name: Install Rust to build sd-proxy | |
| uses: dtolnay/rust-toolchain@1.90.0 | |
| - name: Install ffmpeg for video recording | |
| run: sudo apt-get update && sudo apt-get install -y ffmpeg | |
| - name: Prebuild SecureDrop Docker image | |
| run: | | |
| # Build the Docker image ahead of time so tests don't timeout waiting | |
| cd securedrop-server/securedrop | |
| docker build \ | |
| --build-arg=USER_ID="$(id -u)" \ | |
| --build-arg=USER_NAME="${USER:-root}" \ | |
| --build-arg=OS_VERSION="noble" \ | |
| -t "securedrop-slim-noble-py3" \ | |
| --file "dockerfiles/noble/python3/SlimDockerfile" \ | |
| . | |
| - name: Run tests | |
| run: | | |
| # Build the proxy Rust code before the tests start | |
| cargo build | |
| # Start Xvfb on display :99 | |
| Xvfb :99 -screen 0 1920x1080x24 & | |
| XVFB_PID=$! | |
| export DISPLAY=:99 | |
| sleep 1 # Give Xvfb a moment to start | |
| # Start video recording | |
| ffmpeg -video_size 1920x1080 -framerate 25 -f x11grab -i :99 \ | |
| -codec:v libx264 -preset ultrafast -pix_fmt yuv420p \ | |
| server-test-recording.mp4 & | |
| FFMPEG_PID=$! | |
| sleep 1 # Give ffmpeg a moment to start | |
| # Setup cleanup trap to ensure recording is stopped even if tests fail | |
| cleanup() { | |
| echo "Stopping video recording and Xvfb..." | |
| kill $FFMPEG_PID 2>/dev/null || true | |
| sleep 2 # Give ffmpeg time to finish writing | |
| kill $XVFB_PID 2>/dev/null || true | |
| } | |
| trap cleanup EXIT | |
| # Run tests - each test file will start its own isolated server | |
| cd app | |
| pnpm server-test | |
| env: | |
| SERVER_PATH: ${{ github.workspace }}/securedrop-server | |
| - name: Upload test video | |
| if: always() | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: server-test-recording | |
| path: server-test-recording.mp4 | |
| retention-days: 30 | |
| if-no-files-found: warn |