lint-and-test.yml

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
#
# OpenCRVS is also distributed under the terms of the Civil Registration
# & Healthcare Disclaimer located at http://opencrvs.org/license.
#
# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.

name: Lint, run unit tests and security scans

on: [pull_request]

jobs:
  setup:
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-22.04
    outputs:
      matrix: ${{ steps.set-matrix.outputs.matrix }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - uses: mskelton/changelog-reminder-action@v3
        # forked repos cannot access secrets.GITHUB_TOKEN which causes this step
        # to fail
        continue-on-error: true
        with:
          message: >
            Oops! Looks like you forgot to update the changelog.
            When updating CHANGELOG.md, please consider the following:
              - Changelog is read by country implementors who might not always be familiar with all technical details of OpenCRVS. Keep language high-level, user friendly and avoid technical references to internals.
              - Answer "What's new?", "Why was the change made?" and "Why should I care?" for each change.
              - If it's a breaking change, include a migration guide answering "What do I need to do to upgrade?".

      - name: Get list of packages
        id: set-matrix
        run: |
          PACKAGES=$(ls -d packages/* | jq -R -s -c 'split("\n")[:-1]')
          echo "Found packages: $PACKAGES"
          echo "matrix=${PACKAGES}" >> $GITHUB_OUTPUT

  test:
    needs: setup
    runs-on: ubuntu-22.04
    strategy:
      fail-fast: false
      matrix:
        package: ${{fromJson(needs.setup.outputs.matrix)}}

    steps:
      - name: Checking out git repo
        uses: actions/checkout@v4

      - name: Check package.json and scripts
        id: check-scripts
        run: |
          if [ ! -f "${{ matrix.package }}/package.json" ]; then
            echo "No package.json found for ${{ matrix.package }}. Stopping pipeline."
            echo "skip=true" >> $GITHUB_OUTPUT
          else
            echo "skip=false" >> $GITHUB_OUTPUT

            if ! grep -q "\"test\":" "${{ matrix.package }}/package.json"; then
              echo "Test not found in ${{ matrix.package }}"
              echo "skip-test=true" >> $GITHUB_OUTPUT
            else
              echo "skip=false" >> $GITHUB_OUTPUT
            fi

            if ! grep -q "\"lint\":" "${{ matrix.package }}/package.json"; then
              echo "Lint scripts not found in ${{ matrix.package }}. Stopping pipeline."
              echo "skip-lint=true" >> $GITHUB_OUTPUT
            else
              echo "skip-lint=false" >> $GITHUB_OUTPUT
            fi
          fi

      - name: Use Node.js from .nvmrc
        if: steps.check-scripts.outputs.skip != 'true'
        uses: actions/setup-node@v4
        with:
          node-version-file: .nvmrc

      - name: Remove other package directories
        if: steps.check-scripts.outputs.skip != 'true'
        run: |
          for dir in packages/*; do
            if [ "$dir" != "${{ matrix.package }}" ] && [ "$dir" != "packages/commons" ] && [ "$dir" != "packages/components" ]; then
              if [ "${{ matrix.package }}" == "packages/client" ] && [ "$dir" == "packages/gateway" ] ; then
                echo "Skipping $dir"
              else
                echo "Removing $dir"
                rm -rf "$dir"
              fi
            fi
          done

      - name: Cache Node.js dependencies
        uses: actions/cache@v4
        with:
          path: |
            **/node_modules
            ~/.cache/yarn/v6
          key: node-${{ hashFiles('**/yarn.lock', format('{0}/{1}',matrix.package,'package.json')) }}
          restore-keys: |
            ${{ runner.os }}-node-

      - name: Verify every file has a license header
        if: steps.check-scripts.outputs.skip != 'true'
        run: npx license-check-and-add check -f license-config.json

      - name: Runs dependency installation
        if: steps.check-scripts.outputs.skip != 'true'
        run: CI="" yarn install --frozen-lockfile

      # TODO: Move out of the matrix to be built once and shared
      - name: Build common package
        if: steps.check-scripts.outputs.skip != 'true'
        run: cd packages/commons && yarn build

      - name: Build components client and login
        if: steps.check-scripts.outputs.skip != 'true'
        run: |
          if [[ "${{ matrix.package }}" == "packages/client" || "${{ matrix.package }}" == "packages/login" ]]; then
            cd packages/components && yarn build
          fi

      # TODO: should run parallel to unit tests as can take as much as unit tests
      - name: Run linting
        if: steps.check-scripts.outputs.skip != 'true' && steps.check-scripts.outputs.skip-lint != 'true'
        run: cd ${{ matrix.package }} && yarn lint

      - name: Run Unit Test
        if: steps.check-scripts.outputs.skip != 'true' && steps.check-scripts.outputs.skip-test != 'true'
        run: cd ${{ matrix.package }} && yarn test

  lint-knip:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout base branch
        uses: actions/checkout@v2
        with:
          ref: ${{ github.base_ref }}
      - uses: actions/setup-node@v4
      - name: Install dependencies
        run: yarn install --ignore-scripts
      - name: Create reporter
        run: |
          cat << 'EOF' > knip-reporter.js
          const reporter = function (options) {
            const totalIssues = Object.values(options.issues).reduce(
              (acc, issueRecords) =>
                acc + Object.values(issueRecords).reduce(
                  (acc2, issuesInFile) => acc2 + Object.keys(issuesInFile).length,
                  0
                ),
              0
            );
            console.log(JSON.stringify({ totalIssues }));
          };
          export default reporter;
          EOF
      - name: Run knip on base branch
        id: knip_base
        run: |
          OUTPUT=$(npx knip --no-exit-code --exports --reporter=./knip-reporter.js)
          JSON=$(echo "$OUTPUT" | grep -o '{.*}')
          total_issues=$(echo "$JSON" | jq '.totalIssues')
          echo "Total Issues: $total_issues"
          echo "maxIssues=${total_issues}" >> $GITHUB_OUTPUT
          echo "Max issues = $maxIssues"

      - name: Checkout the PR branch
        uses: actions/checkout@v2
        with:
          ref: ${{ github.head_ref }}
      - uses: actions/setup-node@v4
      - name: Install dependencies
        run: yarn install --ignore-scripts
      - name: Create reporter
        run: |
          cat << 'EOF' > knip-reporter.js
          const reporter = function (options) {
            const totalIssues = Object.values(options.issues).reduce(
              (acc, issueRecords) =>
                acc + Object.values(issueRecords).reduce(
                  (acc2, issuesInFile) => acc2 + Object.keys(issuesInFile).length,
                  0
                ),
              0
            );
            console.log(JSON.stringify({ totalIssues }));
          };
          export default reporter;
          EOF
      - name: Run knip on PR branch
        run: |
          npx knip --max-issues=${{ steps.knip_base.outputs.maxIssues }} --exports --reporter=./knip-reporter.js