Implement local authentication and enhance onboarding process #1393
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test PR | |
| on: pull_request | |
| env: | |
| LANG: C.UTF-8 | |
| jobs: | |
| # Build frontend once and share via artifacts | |
| frontend: | |
| name: Build Frontend | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| cache-dependency-path: | | |
| package-lock.json | |
| web-components/package-lock.json | |
| - name: Build frontend assets | |
| run: | | |
| mkdir -p static/public/assets/css | |
| mkdir -p static/public/assets/web-components/dist/js | |
| mkdir -p static/public/assets/web-components/dist/css | |
| npm ci | |
| npx tailwindcss -i ./static/public/assets/css/tailwind.css -o ./static/public/assets/css/tailwind.min.css --minify | |
| cd web-components | |
| npm ci | |
| NODE_ENV=production npx vite build --mode production --sourcemap false | |
| - name: Upload frontend artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: frontend-assets | |
| path: | | |
| static/public/assets/css/tailwind.min.css | |
| static/public/assets/web-components/dist | |
| retention-days: 1 | |
| build-and-test: | |
| name: Build and Test | |
| needs: frontend | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| container: | |
| image: ghcr.io/monoscope-tech/monoscope-deps:latest | |
| credentials: | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GH_TOKEN }} | |
| env: | |
| CABAL_DIR: /root/.cabal | |
| services: | |
| postgres: | |
| image: timescale/timescaledb-ha:pg16-all | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: monoscope | |
| options: >- | |
| --health-cmd="pg_isready -U postgres" | |
| --health-interval=10s | |
| --health-timeout=5s | |
| --health-retries=5 | |
| # bitnami/minio starts the server on :9000 by default (no custom CMD | |
| # needed), so it works as a plain GitHub Actions service. Replay | |
| # integration tests probe MINIO_ENDPOINT and `pendingWith` if not | |
| # reachable, but in CI we want a hard guarantee — hence the service. | |
| minio: | |
| image: bitnami/minio:latest | |
| env: | |
| MINIO_ROOT_USER: minioadmin | |
| MINIO_ROOT_PASSWORD: minioadmin | |
| MINIO_DEFAULT_BUCKETS: monoscope-test | |
| options: >- | |
| --health-cmd="curl -fsS http://localhost:9000/minio/health/live" | |
| --health-interval=5s | |
| --health-timeout=3s | |
| --health-retries=20 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Cache dist-newstyle | |
| uses: actions/cache@v5 | |
| with: | |
| path: dist-newstyle | |
| key: ${{ runner.os }}-container-cabal-${{ hashFiles('**/*.cabal', '**/cabal.project*') }}-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-container-cabal-${{ hashFiles('**/*.cabal', '**/cabal.project*') }}- | |
| ${{ runner.os }}-container-cabal- | |
| - name: Download frontend artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: frontend-assets | |
| path: static/public/assets | |
| - name: Setup static directories | |
| run: | | |
| mkdir -p static/public/assets/css | |
| mkdir -p static/public/assets/web-components/dist/js | |
| mkdir -p static/public/assets/web-components/dist/css | |
| - name: Build | |
| run: cabal build all -j --ghc-options="-O0 +RTS -A64m -n2m -RTS" | |
| - name: Run doctests | |
| run: cabal test doctests --ghc-options="-O0" --test-show-details=direct | |
| - name: Run unit-tests | |
| run: cabal test unit-tests --ghc-options="-O0" --test-show-details=direct | |
| - name: Run integration-tests | |
| env: | |
| USE_EXTERNAL_DB: true | |
| DB_HOST: postgres | |
| TWILIO_ACCOUNT_SID: ${{ vars.TWILIO_ACCOUNT_SID }} | |
| DISCORD_CLIENT_ID: "1328384474395967631" | |
| LOG_LEVEL: warn | |
| # CLI E2E tests run against the prod demo project by default | |
| # (https://api.monoscope.tech, project 00000000-…). Only the API | |
| # key has no safe default — set MONOSCOPE_API_KEY in repo secrets | |
| # to a read-only key minted on that demo project. Tests gracefully | |
| # mark themselves pending when the secret is absent (e.g. on PRs | |
| # from forks where secrets aren't exposed). | |
| MONOSCOPE_API_KEY: ${{ secrets.MONOSCOPE_DEMO_API_KEY }} | |
| # Service container hostname inside the job's docker network. | |
| MINIO_ENDPOINT: http://minio:9000 | |
| MINIO_ACCESS_KEY: minioadmin | |
| MINIO_SECRET_KEY: minioadmin | |
| MINIO_BUCKET: monoscope-test | |
| run: cabal test integration-tests --ghc-options="-O0" --test-show-details=direct | |
| lint: | |
| name: Lint (hlint) | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: haskell-actions/hlint-setup@v2 | |
| - name: Run hlint and apply refactorings | |
| id: hlint | |
| run: | | |
| hlint src/ --refactor --refactor-options="--inplace" || true | |
| - name: Commit and push refactorings | |
| run: | | |
| git config --global user.name 'github-actions[bot]' | |
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | |
| if [[ -n $(git status -s) ]]; then | |
| git add -A | |
| git commit -m "Apply hlint refactorings" | |
| git push | |
| fi | |
| - uses: haskell-actions/hlint-run@v2 | |
| with: | |
| path: src/ | |
| fail-on: warning | |
| ui-tests: | |
| name: UI Tests | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| cache-dependency-path: web-components/package-lock.json | |
| - name: Run UI tests | |
| run: | | |
| cd web-components | |
| npm ci | |
| npm test |