Issue/otr 1872 #2266
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint and Build | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop, 'release/**'] | |
| env: | |
| SECRETS_REPOSITORY: ${{ vars.SECRETS_REPOSITORY }} # Secrets repository for configuration files | |
| TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} | |
| TURBO_TEAM: ${{ vars.TURBO_TEAM }} | |
| jobs: | |
| lint-and-build: | |
| runs-on: ubuntu-latest-4-cores | |
| timeout-minutes: 15 | |
| strategy: | |
| matrix: | |
| node-version: | |
| - "22" | |
| steps: | |
| - name: Install SSH Client | |
| uses: webfactory/ssh-agent@836c84ec59a0e7bc0eabc79988384eb567561ee2 # v0.7.0 | |
| with: | |
| ssh-private-key: ${{ secrets.DEPLOY_OTTEHR_KEY }} | |
| - name: Checkout the main repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Cache turbo build setup | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: .turbo | |
| key: ${{ runner.os }}-turbo-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-turbo- | |
| - name: Set up Node.js environment | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: TruffleHog -- Check for secrets committed to the repository | |
| uses: trufflesecurity/trufflehog@af3e68261fa87568031f65161577cc2ebe1ca669 # v3.83.7 | |
| with: | |
| extra_args: --only-verified | |
| - name: Check out secrets repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| repository: ${{ env.SECRETS_REPOSITORY }} | |
| ssh-key: ${{ secrets.DEPLOY_OTTEHR_KEY }} | |
| path: "secrets" | |
| - name: Setup secrets | |
| run: | | |
| mkdir -p packages/zambdas/.env | |
| cp secrets/zambdas/* packages/zambdas/.env | |
| mkdir -p apps/ehr/env apps/intake/env | |
| cp secrets/ehr/app/.env.local apps/ehr/env/ | |
| cp secrets/ehr/app/tests.*.json apps/ehr/env/ | |
| cp secrets/intake/app/.env.local apps/intake/env/ | |
| cp secrets/intake/app/tests.*.json apps/intake/env/ | |
| - name: Cache node modules | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| id: npm-cache | |
| with: | |
| path: | | |
| node_modules | |
| packages/*/node_modules | |
| apps/*/node_modules | |
| deploy/node_modules | |
| key: ${{ runner.os }}-npm-cache-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-npm-cache- | |
| - name: Install dependencies | |
| if: steps.npm-cache.outputs.cache-hit != 'true' | |
| run: npm ci | |
| - name: Check for skip build and lint | |
| if: contains(github.event.pull_request.body, '/skip-build-and-lint') | |
| run: echo "Build and lint skipped via /skip-build-and-lint command" | |
| - name: Build | |
| if: ${{ !contains(github.event.pull_request.body, '/skip-build-and-lint') }} | |
| run: npm run build | |
| env: | |
| NODE_OPTIONS: "--max-old-space-size=8192" | |
| - name: TruffleHog -- Check for secrets in bundles of publicly available code | |
| run: | | |
| docker run --rm -v .:/tmp -w /tmp \ | |
| ghcr.io/trufflesecurity/trufflehog:3.82.13 \ | |
| filesystem ./packages/test-utils/dist \ | |
| ./packages/utils/dist \ | |
| ./packages/ui-components/dist \ | |
| ./apps/intake/build/assets \ | |
| ./apps/ehr/build/assets \ | |
| --github-actions \ | |
| --only-verified \ | |
| --fail | |
| - name: Set GitHub Commit Status | |
| uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 | |
| if: always() | |
| with: | |
| script: | | |
| const success = '${{ job.status }}' === 'success'; | |
| await github.rest.repos.createCommitStatus({ | |
| ...context.repo, | |
| sha: context.sha, | |
| state: success ? 'success' : 'failure', | |
| context: 'CI / Tests', | |
| description: success ? 'Tests successful' : 'Tests failed' | |
| }); |