diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml new file mode 100644 index 0000000..2d3d187 --- /dev/null +++ b/.github/workflows/conformance.yml @@ -0,0 +1,11 @@ +# Run the conformance matrix on the CLI's own PRs (harness + verify command changes). +name: conformance + +on: + pull_request: + +jobs: + verify: + uses: ./.github/workflows/verify-conformance.yml + with: + cli-ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/released-smoke.yml b/.github/workflows/released-smoke.yml new file mode 100644 index 0000000..fd76656 --- /dev/null +++ b/.github/workflows/released-smoke.yml @@ -0,0 +1,13 @@ +# Daily smoke against the published @seamless-auth/* packages (no --local). +name: released-smoke + +on: + schedule: + - cron: '0 7 * * *' + workflow_dispatch: + +jobs: + smoke: + uses: ./.github/workflows/verify-conformance.yml + with: + local: false diff --git a/.github/workflows/verify-conformance.yml b/.github/workflows/verify-conformance.yml new file mode 100644 index 0000000..29da174 --- /dev/null +++ b/.github/workflows/verify-conformance.yml @@ -0,0 +1,119 @@ +# Reusable cross-repo conformance run. Checks out the whole ecosystem as siblings, +# then runs `seamless verify` (the api/adapter/react matrix) against it. Callers in +# each repo pass their own PR ref so a change in one repo is tested against the +# others at their default branch. +name: verify-conformance + +on: + workflow_call: + inputs: + local: + description: Build the SDKs from source (true) or use published packages (false). + type: boolean + default: true + cli-ref: + type: string + default: '' + api-ref: + type: string + default: '' + server-ref: + type: string + default: '' + react-ref: + type: string + default: '' + starter-ref: + type: string + default: '' + +jobs: + verify: + runs-on: ubuntu-latest + timeout-minutes: 30 + env: + HUSKY: '0' + steps: + - name: Checkout seamless-cli + uses: actions/checkout@v4 + with: + repository: fells-code/seamless-cli + ref: ${{ inputs.cli-ref }} + path: seamless-cli + + - name: Checkout seamless-auth-api + uses: actions/checkout@v4 + with: + repository: fells-code/seamless-auth-api + ref: ${{ inputs.api-ref }} + path: seamless-auth-api + + - name: Checkout seamless-auth-server + uses: actions/checkout@v4 + with: + repository: fells-code/seamless-auth-server + # The server's integration branch is `dev` (where fixes land and the beta + # publishes from); its `main` lags. Default to `dev` when no ref is passed. + ref: ${{ inputs.server-ref || 'dev' }} + path: seamless-auth-server + + - name: Checkout seamless-auth-react + uses: actions/checkout@v4 + with: + repository: fells-code/seamless-auth-react + ref: ${{ inputs.react-ref }} + path: seamless-auth-react + + - name: Checkout seamless-auth-starter-react + uses: actions/checkout@v4 + with: + repository: fells-code/seamless-auth-starter-react + ref: ${{ inputs.starter-ref }} + path: seamless-auth-starter-react + + - uses: actions/setup-node@v4 + with: + node-version: 20 + + - name: Set up pnpm + uses: pnpm/action-setup@v4 + with: + version: 10 + + - name: Build the CLI + working-directory: seamless-cli + run: npm ci && npm run build + + # --local builds the SDKs from source on the host (server via pnpm, the React + # SDK via npm), so those repos need their dependencies installed first. The + # api / adapter / starter are built inside Docker and don't need host installs. + - name: Install SDK dependencies + if: ${{ inputs.local }} + run: | + (cd seamless-auth-server && pnpm install --frozen-lockfile) + (cd seamless-auth-react && npm ci) + + # Pre-install the harness deps + chromium (with system libs) so the run uses + # them; `seamless verify` would otherwise install the browser without OS deps. + - name: Install harness + browser + working-directory: seamless-cli/verify/harness + run: | + npm install + npx playwright install --with-deps chromium + + - name: Run seamless verify + working-directory: seamless-cli + env: + SEAMLESS_API_DIR: ${{ github.workspace }}/seamless-auth-api + SEAMLESS_SERVER_DIR: ${{ github.workspace }}/seamless-auth-server + SEAMLESS_REACT_SDK_DIR: ${{ github.workspace }}/seamless-auth-react + SEAMLESS_REACT_DIR: ${{ github.workspace }}/seamless-auth-starter-react + run: node dist/index.js verify ${{ inputs.local && '--local' || '' }} + + - name: Upload conformance report + if: always() + uses: actions/upload-artifact@v4 + with: + name: conformance-report + path: seamless-cli/verify/harness/results/ + if-no-files-found: ignore