meet/.github/workflows/meet.yml

name: meet Workflow

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - "*"

jobs:
  lint-git:
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request' # Makes sense only for pull requests
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: show
        run: git log
      - name: Enforce absence of print statements in code
        run: |
          ! git diff origin/${{ github.event.pull_request.base.ref }}..HEAD -- . ':(exclude)**/meet.yml' | grep "print("
      - name: Check absence of fixup commits
        run: |
          ! git log | grep 'fixup!'
      - name: Install gitlint
        run: pip install --user requests gitlint
      - name: Lint commit messages added to main
        run: ~/.local/bin/gitlint --commits origin/${{ github.event.pull_request.base.ref }}..HEAD

  build-mails:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: src/mail
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "18"

      - name: Restore the mail templates
        uses: actions/cache@v4
        id: mail-templates
        with:
          path: "src/backend/core/templates/mail"
          key: mail-templates-${{ hashFiles('src/mail/mjml') }}

      - name: Install yarn
        if: steps.mail-templates.outputs.cache-hit != 'true'
        run: npm install -g yarn

      - name: Install node dependencies
        if: steps.mail-templates.outputs.cache-hit != 'true'
        run: yarn install --frozen-lockfile

      - name: Build mails
        if: steps.mail-templates.outputs.cache-hit != 'true'
        run: yarn build

      - name: Cache mail templates
        if: steps.mail-templates.outputs.cache-hit != 'true'
        uses: actions/cache@v4
        with:
          path: "src/backend/core/templates/mail"
          key: mail-templates-${{ hashFiles('src/mail/mjml') }}

  lint-back:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: src/backend
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - name: Install development dependencies
        run: pip install --user .[dev]
      - name: Check code formatting with ruff
        run: ~/.local/bin/ruff format . --diff
      - name: Lint code with ruff
        run: ~/.local/bin/ruff check .
      - name: Lint code with pylint
        run: ~/.local/bin/pylint meet demo core

  test-back:
    runs-on: ubuntu-latest
    needs: build-mails

    defaults:
      run:
        working-directory: src/backend

    services:
      postgres:
        image: postgres:16
        env:
          POSTGRES_DB: meet
          POSTGRES_USER: dinum
          POSTGRES_PASSWORD: pass
        ports:
          - 5432:5432
        # needed because the postgres container does not provide a healthcheck
        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
      redis:
        image: redis:5
        ports:
          - 6379:6379
        # Set health checks to wait until redis has started
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    env:
      DJANGO_CONFIGURATION: Test
      DJANGO_SETTINGS_MODULE: meet.settings
      DJANGO_SECRET_KEY: ThisIsAnExampleKeyForTestPurposeOnly
      OIDC_OP_JWKS_ENDPOINT: /endpoint-for-test-purpose-only
      DB_HOST: localhost
      DB_NAME: meet
      DB_USER: dinum
      DB_PASSWORD: pass
      DB_PORT: 5432
      REDIS_URL: redis://localhost:6379/1
      STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
      LIVEKIT_API_SECRET: secret
      LIVEKIT_API_KEY: devkey
      AWS_S3_ENDPOINT_URL: http://localhost:9000
      AWS_S3_ACCESS_KEY_ID: meet
      AWS_S3_SECRET_ACCESS_KEY: password

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Create writable /data
        run: |
          sudo mkdir -p /data/media && \
          sudo mkdir -p /data/static

      - name: Restore the mail templates
        uses: actions/cache@v4
        id: mail-templates
        with:
          path: "src/backend/core/templates/mail"
          key: mail-templates-${{ hashFiles('src/mail/mjml') }}

      - name: Start MinIO
        run: |
          docker pull minio/minio
          docker run -d --name minio \
            -p 9000:9000 \
            -e "MINIO_ACCESS_KEY=meet" \
            -e "MINIO_SECRET_KEY=password" \
            -v /data/media:/data \
            minio/minio server --console-address :9001 /data

      # Tool to wait for a service to be ready
      - name: Install Dockerize
        run: |
          curl -sSL https://github.com/jwilder/dockerize/releases/download/v0.8.0/dockerize-linux-amd64-v0.8.0.tar.gz | sudo tar -C /usr/local/bin -xzv

      - name: Wait for MinIO to be ready
        run: |
          dockerize -wait tcp://localhost:9000 -timeout 10s

      - name: Configure MinIO
        run: |
          MINIO=$(docker ps | grep minio/minio | sed -E 's/.*\s+([a-zA-Z0-9_-]+)$/\1/')
          docker exec ${MINIO} sh -c \
            "mc alias set meet http://localhost:9000 meet password && \
            mc alias ls && \
            mc mb meet/meet-media-storage"

      - name: Install Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"

      - name: Install development dependencies
        run: pip install --user .[dev]

      - name: Install gettext (required to compile messages)
        run: |
          sudo apt-get update
          sudo apt-get install -y gettext

      - name: Generate a MO file from strings extracted from the project
        run: python manage.py compilemessages

      - name: Run tests
        run: ~/.local/bin/pytest -n 2

  lint-front:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install dependencies
        run: cd src/frontend/ && npm ci

      - name: Check linting
        run: cd src/frontend/ && npm run lint

      - name: Check format
        run: cd src/frontend/ && npm run check

  lint-sdk:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: src/sdk/library
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install dependencies
        run: npm ci

      - name: Check linting
        run: npm run lint

      - name: Check format
        run: npm run check

  build-sdk:
    runs-on: ubuntu-latest
    needs: lint-sdk
    defaults:
      run:
        working-directory: src/sdk/library
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install dependencies
        run: npm ci

      - name: Build SDK
        run: npm run build

  i18n-crowdin:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/create-github-app-token@v1
        id: app-token
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.PRIVATE_KEY }}
          owner: ${{ github.repository_owner }}
          repositories: "infrastructure,secrets"
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          submodules: recursive
          token: ${{ steps.app-token.outputs.token }}
      - name: Load sops secrets
        uses: rouja/actions-sops@main
        with:
          secret-file: secrets/numerique-gouv/meet/secrets.enc.env
          age-key: ${{ secrets.SOPS_PRIVATE }}

      - name: Install gettext (required to make messages)
        run: |
          sudo apt-get update
          sudo apt-get install -y gettext

      - name: Install Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"

      - name: Install development dependencies
        working-directory: src/backend
        run: pip install --user .[dev]

      - name: Generate the translation base file
        run: ~/.local/bin/django-admin makemessages --keep-pot --all

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "18.x"
          cache: "npm"
          cache-dependency-path: src/frontend/package-lock.json

      - name: Install dependencies
        run: cd src/frontend/ && npm ci

      - name: Extract the frontend translation
        run: make frontend-i18n-extract

      - name: Upload files to Crowdin
        uses: crowdin/github-action@v2
        with:
          config: crowdin/config.yml
          upload_sources: true
          upload_translations: true
          download_translations: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
          CROWDIN_BASE_PATH: ${{ github.workspace }}
          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}