forked from alexed1/LightningFlowComponents
-
Notifications
You must be signed in to change notification settings - Fork 0
196 lines (169 loc) · 9.42 KB
/
scanAndTest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
# Unique name for this workflow
name: Validate PR on master branch
# The workflow will run whenever an event happens on a pull request or on manual activation
on:
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
type: choice
options:
- info
- warning
- debug
tags:
description: 'Test scenario tags'
required: false
type: boolean
environment:
description: 'Environment to run tests against'
type: environment
required: true
pull_request:
# The events are that a PR is opened, or when a commit is pushed
# to a branch that has an existing pull request
types: [opened, synchronize]
# The branches filter allows to specify that this workflow should only
# run if the branch name is "develop". This way we prevent this workflow
# from running when PRs are opened on other branches
branches: [ master ]
# We only care about changes to the force-app directory, which is the
# root directory of the sfdx project. This prevents the job from running
# when changing non-salesforce files (like this yml file).
paths:
- 'force-app/**'
# Jobs to be executed when the above conditions are met
jobs:
# This is the name of the job. You can give it whatever name you want
validate-deployment-on-develop-org:
# As mentioned in the blog post, this job runs inside a VM. Here we
# can specify which OS this VM should run on.
# In this case, we are going to run our commands on the latest version
# of ubuntu
runs-on: ubuntu-latest
if: ${{ github.actor != 'dependabot[bot]' }}
steps:
# Now we install nodejs in the VM, and specify version 14
- uses: actions/setup-node@v3
with:
node-version: '14'
# The idea is that the VM can access your remote repository
# because your repository is an sfdx project.
# This is a default action that allows us to enter the root
# directory of the repository
# Make sure to specify fetch-depth:0. This allows us to
# access previous commits that have been pushed to the repository.
# We'll need this later when we try to figure out which metadata has
# changed between commits, so that we can only deploy that metadata
# to the destination org
- name: 'Checkout source code'
uses: actions/checkout@v3
with:
fetch-depth: 0
# Now, we need a way to let the developer specify which tests to run, which
# could be all tests or just the tests relevant to their deployment.
# To do this, we can ask the developer to name their test classes in the
# body of the PR, using the following syntax
# Apex::[CommunitiesLoginControllerTest,MyProfilePageControllerTest]::Apex
# or Apex::[all]::Apex to run all tests
# This special delimeter can be added to the PR template so that your
# team doesn't have to remember the syntax.
# Once a developer has specified a list of classes to run, we need to be able
# to extract this information from the PR, and pass it on the the VM.
- name: 'Read PR Body'
env:
# The pull request body is available through the github context object
# we put the body of the pull request in an env variable (only available to this step)
PR_BODY: ${{github.event.pull_request.body}}
# Here we print the content of the environment variable and
# pipe to a a text file.
# Then we call the local script parsePR.js, which will create
# a new file called testsToRun.txt. This file will have the list
# of tests to run separated by a comma
# Finally, we add the list of tests to the $GITHUB_ENV variable
# as this allows us to reference the list in a subsequent step. If you
# were using a normal env variable, its value would not be available outside this step.
run: |
echo $PR_BODY > ./pr_body.txt
node ./parsePR.js
TESTS=$(cat testsToRun.txt)
echo "APEX_TESTS=$TESTS" >> $GITHUB_ENV
# Now Install Salesforce CLI
- name: 'Install Salesforce CLI'
run: |
wget https://developer.salesforce.com/media/salesforce-cli/sfdx/channels/stable/sfdx-linux-x64.tar.xz
mkdir ~/sfdx
tar xJf sfdx-linux-x64.tar.xz -C ~/sfdx --strip-components 1
echo "$HOME/sfdx/bin" >> $GITHUB_PATH
~/sfdx/bin/sfdx version
# Then we install the SFDX-Git-Delta plugin - https://github.com/scolladon/sfdx-git-delta
# This is an awesome plugin that allows us to extract a package.xml with the metadata
# that has changed between commits. I highly recommend going over the github readme
# for more information on how this works.
- name: 'Installing sfdx git delta'
run: |
echo y | sfdx plugins:install sfdx-git-delta
sfdx plugins
# Install java as it is required for the next step
- name: 'Installing java'
run: |
sudo apt-get update
sudo apt install default-jdk
# Install SFDX scanner
- name: 'Installing SFDX scanner'
run: sfdx plugins:install @salesforce/sfdx-scanner
# Prior to setting up this workflow, you have to create a Github Secret
# that contains the sfdx url of the integration/qa org.
# The steps to generate the url are here
# https://developer.salesforce.com/docs/atlas.en-us.sfdx_cli_reference.meta/sfdx_cli_reference/cli_reference_auth_sfdxurl.htm
# This URL can then be used with the sfdx auth:sfdxurl:store to authenticate
# the sfdx project in the repositry, against the org from which the URL
# was generated from. This works just like that, there's no need to create
# connected apps or any else.
# The URL is stored in the Github Secret named SFDX_INTEGRATION_URL
# so here we store the URL into a text file
- name: 'Populate auth file with SFDX_URL secret of integration org'
shell: bash
run: |
echo ${{ secrets.SFDX_INTEGRATION_URL}} > ./SFDX_INTEGRATION_URL.txt
# Authenticate to org using the URL stored in the text file
- name: 'Authenticate to Integration Org'
run: sfdx auth:sfdxurl:store -f ./SFDX_INTEGRATION_URL.txt -s -a integration
# We use SFDX Git Delta to create a directory with only the metadata that has changed.
# this allows us to deploy only those changes, as opposed to deploying the entire branch.
# This helps reducing deployment times
- name: 'Create delta packages for new, modified or deleted metadata'
run: |
mkdir changed-sources
sfdx sgd:source:delta --to "HEAD" --from "HEAD^" --output changed-sources/ --generate-delta --source force-app/
# Now we can use the sfdx scanner to scan the code in the delta directory
# The output of the scan is stored in a file called apexScanResults.sarif
# The .sarif file can later be uploaded to github, so that we can see the
# results of the scan directly from the PR.
- name: 'Scan code'
run: |
cd changed-sources
sfdx scanner:run --format sarif --target './**/*.cls' --category "Design,Best Practices,Performance" --outfile 'apexScanResults.sarif'
cd ..
# Now we upload the .sarif file as explained in the previous step
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: changed-sources/apexScanResults.sarif
# We do a check-only deploy and we only run the tests specified in the PR
# If the env variable does not equal 'all', we know that there is a list of
# tests that can be run
- name: 'Check-only deploy delta changes - run specified tests'
if: ${{ env.APEX_TESTS != 'all' }}
run: |
echo ${{env.APEX_TESTS}}
sfdx force:source:deploy -p "changed-sources/force-app" --checkonly --testlevel RunSpecifiedTests --runtests ${{env.APEX_TESTS}} --json
# If the env variable equals all, we run all tests
- name: 'Check-only deploy delta changes - run all tests'
if: ${{ env.APEX_TESTS == 'all' }}
run: |
sfdx force:source:deploy -p "changed-sources/force-app" --checkonly --testlevel RunLocalTests --json
- name: 'Deploy destructive changes (if any)'
run: sfdx force:mdapi:deploy -d "changed-sources/destructiveChanges" --checkonly --ignorewarnings