-
Notifications
You must be signed in to change notification settings - Fork 0
229 lines (183 loc) Β· 8.58 KB
/
pr-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
name: PR Check
on:
pull_request:
branches: [ main ]
permissions:
contents: read
pull-requests: write # Needed to comment on PRs
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- name: Install Dependencies
run: |
npm run install:all
- name: Build Frontend
run: cd frontend && npm run build
- name: Build Backend
run: cd backend && npm run build
- name: Check for sensitive data
run: |
echo "Checking for sensitive data in source files..."
# First show all matches with context
echo "π Scanning files for sensitive patterns..."
find frontend/src backend/src -type f -not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/.github/*" -exec grep -H -n "API_KEY\|SECRET\|PASSWORD\|PRIVATE_KEY" {} \; || true
# Then do the actual check
FOUND_FILES=$(find frontend/src backend/src -type f -not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/.github/*" -exec grep -l "API_KEY\|SECRET\|PASSWORD\|PRIVATE_KEY" {} \;)
if [ ! -z "$FOUND_FILES" ]; then
echo "β οΈ Warning: Possible sensitive data found in these files:"
echo "$FOUND_FILES"
echo "Please review the matches above and ensure no sensitive data is being committed."
exit 1
else
echo "β
No sensitive data patterns found"
fi
- name: Start Backend
run: |
cd backend
npm run dev &
echo "Waiting for backend to start..."
sleep 2
- name: Start Frontend Dev Server
run: |
cd frontend
npm run dev &
echo "Waiting for frontend to start..."
sleep 2
- name: Test Application
run: |
# Test backend health endpoint
BACKEND_HEALTH=$(curl -s http://localhost:3456/health)
if [[ $BACKEND_HEALTH != *"ok"* ]]; then
echo "β Backend health check failed"
exit 1
fi
echo "β
Backend is healthy"
# Test frontend is running
FRONTEND_RESPONSE=$(curl -s http://localhost:5173)
if [[ $FRONTEND_RESPONSE != *"<!DOCTYPE html>"* ]]; then
echo "β Frontend check failed"
exit 1
fi
echo "β
Frontend is running"
# Test Bitcoin price endpoint
PRICE_CHECK=$(curl -s http://localhost:3456/api/price/bitcoin)
if [[ $PRICE_CHECK != *"success"* ]]; then
echo "β Bitcoin price endpoint failed"
exit 1
fi
echo "β
Bitcoin price endpoint is working"
- name: Create Render Preview
env:
RENDER_API_KEY: ${{ secrets.RENDER_API_KEY }}
run: |
# Create a unique name for this PR preview
PR_NAME="pr-${GITHUB_HEAD_REF:-$GITHUB_REF_NAME}-${{ github.event.number }}"
echo "Creating preview for $PR_NAME"
# Get owner ID first
echo "Getting owner ID..."
OWNER_INFO=$(curl -s -H "Authorization: Bearer $RENDER_API_KEY" https://api.render.com/v1/owners)
# Extract the owner ID from the nested structure
OWNER_ID=$(echo "$OWNER_INFO" | jq -r '.[0].owner.id')
if [ -z "$OWNER_ID" ] || [ "$OWNER_ID" = "null" ]; then
echo "β Failed to get owner ID"
exit 1
fi
echo "Using Render team ID: ${OWNER_ID:0:8}..." # Only show first 8 chars
# Deploy backend service
echo "Creating backend service..."
BACKEND_JSON='{"name":"'$PR_NAME'-backend","type":"web_service","runtime":"node","buildCommand":"cd backend && npm install && npm run build","startCommand":"cd backend && npm run start","envVars":[{"key":"PORT","value":"3456"}],"ownerId":"'$OWNER_ID'","serviceDetails":{"plan":"free","pullRequestPreviewsEnabled":true,"region":"oregon","env":"node","rootDir":".","numInstances":1,"healthCheckPath":"/health","buildFilter":{"paths":["backend/**"]}},"autoDeploy":"no"}'
BACKEND_RESPONSE=$(curl -X POST https://api.render.com/v1/services \
-H "Authorization: Bearer $RENDER_API_KEY" \
-H "Content-Type: application/json" \
-d "$BACKEND_JSON")
echo "Backend service creation response:"
echo "$BACKEND_RESPONSE"
BACKEND_ID=$(echo "$BACKEND_RESPONSE" | jq -r '.service.id // empty')
if [ -z "$BACKEND_ID" ]; then
echo "β Failed to create backend service"
exit 1
fi
echo "Waiting for backend service to be ready..."
for i in {1..30}; do
BACKEND_STATUS=$(curl -s -H "Authorization: Bearer $RENDER_API_KEY" \
"https://api.render.com/v1/services/$BACKEND_ID" | jq -r '.service.status // empty')
if [ "$BACKEND_STATUS" = "live" ]; then
break
fi
echo "Backend status: $BACKEND_STATUS"
sleep 10
done
# Get backend URL
BACKEND_INFO=$(curl -s -H "Authorization: Bearer $RENDER_API_KEY" \
"https://api.render.com/v1/services/$BACKEND_ID")
BACKEND_URL=$(echo "$BACKEND_INFO" | jq -r '.service.url // empty')
if [ -z "$BACKEND_URL" ]; then
echo "β Failed to get backend URL"
echo "Backend info: $BACKEND_INFO"
exit 1
fi
echo "Backend URL: $BACKEND_URL"
# Deploy frontend service
echo "Creating frontend service..."
FRONTEND_JSON='{"name":"'$PR_NAME'-frontend","type":"static_site","buildCommand":"cd frontend && npm install && npm run build","publishPath":"frontend/dist","envVars":[{"key":"VITE_BACKEND_URL","value":"'$BACKEND_URL'"}],"ownerId":"'$OWNER_ID'","serviceDetails":{"plan":"free","pullRequestPreviewsEnabled":true,"region":"oregon","buildFilter":{"paths":["frontend/**"]}},"autoDeploy":"no"}'
FRONTEND_RESPONSE=$(curl -X POST https://api.render.com/v1/services \
-H "Authorization: Bearer $RENDER_API_KEY" \
-H "Content-Type: application/json" \
-d "$FRONTEND_JSON")
echo "Frontend service creation response:"
echo "$FRONTEND_RESPONSE"
FRONTEND_ID=$(echo "$FRONTEND_RESPONSE" | jq -r '.service.id // empty')
if [ -z "$FRONTEND_ID" ]; then
echo "β Failed to create frontend service"
exit 1
fi
echo "Waiting for frontend service to be ready..."
for i in {1..30}; do
FRONTEND_STATUS=$(curl -s -H "Authorization: Bearer $RENDER_API_KEY" \
"https://api.render.com/v1/services/$FRONTEND_ID" | jq -r '.service.status // empty')
if [ "$FRONTEND_STATUS" = "live" ]; then
break
fi
echo "Frontend status: $FRONTEND_STATUS"
sleep 10
done
# Get frontend URL
FRONTEND_INFO=$(curl -s -H "Authorization: Bearer $RENDER_API_KEY" \
"https://api.render.com/v1/services/$FRONTEND_ID")
FRONTEND_URL=$(echo "$FRONTEND_INFO" | jq -r '.service.url // empty')
if [ -z "$FRONTEND_URL" ]; then
echo "β Failed to get frontend URL"
echo "Frontend info: $FRONTEND_INFO"
exit 1
fi
echo "Frontend URL: $FRONTEND_URL"
# Save URLs for the PR comment
echo "FRONTEND_URL=$FRONTEND_URL" >> $GITHUB_ENV
echo "BACKEND_URL=$BACKEND_URL" >> $GITHUB_ENV
- name: Comment PR
uses: actions/github-script@v7
with:
script: |
let comment = '## PR Check Results\n\n';
comment += '### Application Tests\n\n';
comment += 'β
Backend started successfully\n';
comment += 'β
Frontend started successfully\n';
comment += 'β
Health checks passed\n\n';
comment += '### Preview Deployment\n\n';
comment += `π Frontend Preview: ${process.env.FRONTEND_URL}\n`;
comment += `π Backend API: ${process.env.BACKEND_URL}\n\n`;
comment += 'β³ Preview environment is being deployed and will be ready in a few minutes.\n\n';
comment += 'β οΈ Please test the preview deployment before merging!';
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: comment
});