build: enforce hermetic, reproducible local↔CI parity #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: [opened, edited, synchronize] | |
| branches: [main] | |
| jobs: | |
| format: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Build hermetic image | |
| run: docker build -f Dockerfile.repro -t lingo-repro:20.12.2 . | |
| - name: Prepare pnpm store path | |
| run: echo "REPRO_PNPM_STORE=${{ runner.temp }}/pnpm-store" >> $GITHUB_ENV | |
| - name: Cache pnpm store | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.REPRO_PNPM_STORE }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Install deps (container) | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh pnpm install --frozen-lockfile | |
| - name: Check formatting (container) | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh pnpm prettier . --check | |
| typecheck: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Build hermetic image | |
| run: docker build -f Dockerfile.repro -t lingo-repro:20.12.2 . | |
| - name: Prepare pnpm store path | |
| run: echo "REPRO_PNPM_STORE=${{ runner.temp }}/pnpm-store" >> $GITHUB_ENV | |
| - name: Cache pnpm store | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.REPRO_PNPM_STORE }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Install deps (container) | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh pnpm install --frozen-lockfile | |
| - name: Typecheck (container) | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh pnpm turbo typecheck | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Build hermetic image | |
| run: docker build -f Dockerfile.repro -t lingo-repro:20.12.2 . | |
| - name: Prepare pnpm store path | |
| run: echo "REPRO_PNPM_STORE=${{ runner.temp }}/pnpm-store" >> $GITHUB_ENV | |
| - name: Cache pnpm store | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.REPRO_PNPM_STORE }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Install deps (container) | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh pnpm install --frozen-lockfile | |
| - name: Build (container) | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh pnpm turbo build --force | |
| test: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Build hermetic image | |
| run: docker build -f Dockerfile.repro -t lingo-repro:20.12.2 . | |
| - name: Prepare pnpm store path | |
| run: echo "REPRO_PNPM_STORE=${{ runner.temp }}/pnpm-store" >> $GITHUB_ENV | |
| - name: Cache pnpm store | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.REPRO_PNPM_STORE }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Install deps (container) | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh pnpm install --frozen-lockfile | |
| - name: Test (container) | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh pnpm turbo test | |
| changeset: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Build hermetic image | |
| run: docker build -f Dockerfile.repro -t lingo-repro:20.12.2 . | |
| - name: Prepare pnpm store path | |
| run: echo "REPRO_PNPM_STORE=${{ runner.temp }}/pnpm-store" >> $GITHUB_ENV | |
| - name: Cache pnpm store | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ env.REPRO_PNPM_STORE }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Mark repo as safe for git inside container | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh git config --global --add safe.directory /workspace | |
| - name: Install deps (container) | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh pnpm install --frozen-lockfile | |
| - name: Require changeset to be present in PR (container) | |
| if: github.event.pull_request.user.login != 'dependabot[bot]' | |
| run: REPRO_PNPM_STORE="${{ env.REPRO_PNPM_STORE }}" bash scripts/repro/exec.sh pnpm changeset status --since origin/main |