Add PR Preview support

.github/workflows/on_push_pr_preview.yml.yml

@@ -0,0 +1,25 @@
+name: '1 [on_push] Deploy PR version to Firebase for'
+
+on:
+  push:
+    branches:
+      - ops/prs-preview
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  deploy_on_firebase:
+    name: Deploy PR version to Firebase
+    uses: ./.github/workflows/on_workflow_pr_preview.yml
+    with:
+      ENV: 'testing'
+      PUSH_RELEASE_TO_SENTRY: false
+      CHANNEL: 'preview'
+      EXPIRES: '2d'
+      REF: 'refs/heads/ops/prs-preview'
+      CACHE_BUCKET_NAME: 'passculture-metier-ehp'
+    secrets:
+      GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
+      GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}

.github/workflows/on_workflow_pr_preview.yml

@@ -0,0 +1,107 @@
+name: '2 [on_workflow/PR] Deploy PR version for validation'
+
+on:
+  workflow_call:
+    inputs:
+      ENV:
+        type: string
+        required: true
+      PUSH_RELEASE_TO_SENTRY:
+        description: 'If true, creates a release in Sentry and uploads sourcemaps'
+        type: boolean
+        default: false
+      CHANNEL:
+        type: string
+        required: true
+      EXPIRES:
+        type: string
+        default: '2d'
+      REF:
+        type: string
+        required: true
+      CACHE_BUCKET_NAME:
+        type: string
+        required: true
+    secrets:
+      GCP_EHP_SERVICE_ACCOUNT:
+        required: true
+      GCP_EHP_WORKLOAD_IDENTITY_PROVIDER:
+        required: true
+
+defaults:
+  run:
+    working-directory: '.'
+
+jobs:
+  deploy_on_firebase:
+    runs-on: ubuntu-22.04
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    steps:
+      - uses: actions/checkout@v4.2.1
+        with:
+          ref: ${{ inputs.REF }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+      - name: 'OpenID Connect Authentication'
+        if: ${{ !github.event.act }}
+        id: 'openid-auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
+      - name: 'Get Secret'
+        if: ${{ !github.event.act }}
+        id: 'secrets'
+        uses: 'google-github-actions/get-secretmanager-secrets@v2'
+        with:
+          secrets: |-
+            FIREBASE_TOKEN:passculture-metier-ehp/pc_native_${{ inputs.ENV }}_firebase_json
+        # ENTRY_TOKEN:passculture-metier-ehp/passculture-app-native-sentry-token
+      - name: 'Cache the node_modules'
+        if: ${{ !github.event.act }}
+        id: 'yarn-modules-cache'
+        uses: pass-culture-github-actions/cache@v1.0.0
+        with:
+          compression-method: 'gzip'
+          bucket: ${{ inputs.CACHE_BUCKET_NAME }}
+          path: |
+            **/node_modules
+          key: v1-yarn-pro-dependency-cache-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            v1-yarn-pro-dependency-cache-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
+      - run: yarn install --immutable
+      - run: yarn build:${{ inputs.ENV }}
+        env:
+          # By default NodeJS processes are limited to 512MB of memory
+          # This is not enough for the build process when compiling sourcemaps
+          # Increases the limit so that the build doesnt fail
+          NODE_OPTIONS: --max_old_space_size=4096
+      - if: inputs.ENV != 'testing'
+        run: |
+          cat package.json | grep -E '"version": "[0-9]+.[0-9]+.[0-9]+"' | grep -Eo '[0-9]+.[0-9]+.[0-9]+' > build/version.txt
+      - name: 'Create Sentry release'
+        if: ${{ (inputs.PUSH_RELEASE_TO_SENTRY) && (!github.event.act) }}
+        uses: getsentry/action-release@v1
+        env:
+          SENTRY_AUTH_TOKEN: ${{ steps.secrets.outputs.SENTRY_TOKEN }}
+          SENTRY_ORG: sentry
+          SENTRY_PROJECT: pro
+          SENTRY_URL: https://sentry.passculture.team/
+        with:
+          sourcemaps: ./build
+          working_directory: .
+          version: ${{ inputs.CHANNEL }}
+          url_prefix: '~'
+      - uses: FirebaseExtended/action-hosting-deploy@v0
+        id: firebase-deploy
+        with:
+          repoToken: '${{ secrets.GITHUB_TOKEN }}'
+          firebaseServiceAccount: ${{ steps.secrets.outputs.FIREBASE_TOKEN }}
+          expires: ${{ inputs.EXPIRES }}
+          projectId: pc-native-${{ inputs.ENV }}
+          entryPoint: .
+          channelId: ${{ inputs.CHANNEL }}
+      - name: 'Firebase Deployment URL'
+        run: |
+          echo "::notice:: Firebase deployment is available at : ${{ steps.firebase-deploy.outputs.details_url }}"

ACT.md

@@ -0,0 +1,17 @@
+# ACT
+
+## Requirements
+
+- act
+- github cli
+- podman
+
+### Podman configuration
+
+```shell
+podman machine init --cpus 4 --memory 8192 --now gha-act
+```
+
+## Local testing
+
+act -W .github/workflows/pr.yml -P ubuntu-22.04=catthehacker/ubuntu:full-22.04 -s GITHUB_TOKEN="$(gh auth token)" --eventpath act/event.json --env-file .env.testing

act/event.json

@@ -0,0 +1,9 @@
+{
+    "act":true,
+    "inputs":{
+       "ENV":"testing",
+       "PUSH_RELEASE_TO_SENTRY":"false",
+       "CHANNEL":"pr-testing-foo",
+       "REF":"master"
+    }
+}

firebase.json

@@ -2,8 +2,8 @@
   "functions": {
     "source": "server"
   },
-  "hosting":
-  [{
+  "hosting": [
+    {
       "target": "testing",
       "public": "build",
       "ignore": [
@@ -27,5 +27,6 @@
           "function": "serverTesting"
         }
       ]
-  }]
     }
+  ]
+}