Show an environment badge in the header outside production #273
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: [ main ] | |
| permissions: {} | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| env: | |
| RUBY_VERSION: ruby-4.0.0 | |
| RUBOCOP_CACHE_ROOT: tmp/rubocop | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0 | |
| with: | |
| ruby-version: ${{ env.RUBY_VERSION }} | |
| bundler-cache: true | |
| - name: Prepare RuboCop cache | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| env: | |
| DEPENDENCIES_HASH: ${{ hashFiles('**/.rubocop.yml', '**/.rubocop_todo.yml', 'Gemfile.lock') }} | |
| with: | |
| path: ${{ env.RUBOCOP_CACHE_ROOT }} | |
| key: rubocop-${{ runner.os }}-${{ env.RUBY_VERSION }}-${{ env.DEPENDENCIES_HASH }}-${{ github.ref_name == github.event.repository.default_branch && github.run_id || 'default' }} | |
| restore-keys: | | |
| rubocop-${{ runner.os }}-${{ env.RUBY_VERSION }}-${{ env.DEPENDENCIES_HASH }}- | |
| - name: Lint code for consistent style | |
| run: bin/rubocop -f github | |
| lint-actions: | |
| name: GitHub Actions audit | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run actionlint | |
| uses: rhysd/actionlint@393031adb9afb225ee52ae2ccd7a5af5525e03e8 # v1.7.11 | |
| - name: Run zizmor | |
| uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 | |
| with: | |
| advanced-security: false | |
| security: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0 | |
| with: | |
| ruby-version: ruby-4.0.0 | |
| bundler-cache: true | |
| - name: Run Brakeman security scan | |
| run: bin/brakeman --quiet --no-pager --exit-on-warn --exit-on-error | |
| test: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0 | |
| with: | |
| ruby-version: ruby-4.0.0 | |
| bundler-cache: true | |
| - name: Install Playwright | |
| run: npm install && npx playwright install --with-deps chromium | |
| - name: Run tests | |
| env: | |
| RAILS_ENV: test | |
| run: bin/rails test | |
| - name: Keep screenshots from failed system tests | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| if: failure() | |
| with: | |
| name: screenshots | |
| path: ${{ github.workspace }}/tmp/screenshots | |
| if-no-files-found: ignore |