larryh/corso
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
corso/.github/workflows/ci.yml
dependabot[bot] 31971bf356
⬆️ Bump actions/github-script from 5 to 6 (#1652) 
Bumps [actions/github-script](https://github.com/actions/github-script) from 5 to 6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update default runtime to node16 by <a href="https://github.com/thboop"><code>@​thboop</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/235">actions/github-script#235</a></li>
<li>Update <code>node-fetch</code> by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/237">actions/github-script#237</a></li>
<li>Update <code>@actions/core</code> to 1.6.0 by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/238">actions/github-script#238</a></li>
</ul>
<h3>Breaking Changes</h3>
<p>With the update to Node 16 in <a href="https://github-redirect.dependabot.com/actions/github-script/issues/235">#235</a>, all scripts will now be run with Node 16 rather than Node 12.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/thboop"><code>@​thboop</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/235">actions/github-script#235</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v5...v6.0.0">https://github.com/actions/github-script/compare/v5...v6.0.0</a></p>
<h2>v5.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@​actions/core</code> to 1.9.1 by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/281">actions/github-script#281</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v5.1.0...v5.1.1">https://github.com/actions/github-script/compare/v5.1.0...v5.1.1</a></p>
<h2>v5.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to latest versions for dev dependencies by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/204">actions/github-script#204</a></li>
<li>update plugin dependencies by <a href="https://github.com/PeterNitscheMI"><code>@​PeterNitscheMI</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/216">actions/github-script#216</a></li>
<li>Update licenses and use <code>jonabc/setup-licensed</code> in workflow by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/228">actions/github-script#228</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/johan-lindqvist"><code>@​johan-lindqvist</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/201">actions/github-script#201</a></li>
<li><a href="https://github.com/ansgarm"><code>@​ansgarm</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/215">actions/github-script#215</a></li>
<li><a href="https://github.com/PeterNitscheMI"><code>@​PeterNitscheMI</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/216">actions/github-script#216</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v5.0.0...v5.1.0">https://github.com/actions/github-script/compare/v5.0.0...v5.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d556feaca3"><code>d556fea</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/github-script/issues/300">#300</a> from actions/joshmgross/v6.3.3</li>
<li><a href="01fde8b524"><code>01fde8b</code></a> Update version to 6.3.3</li>
<li><a href="633e9fd3a1"><code>633e9fd</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/github-script/issues/279">#279</a> from nineinchnick/update-glob</li>
<li><a href="ee124b1288"><code>ee124b1</code></a> Update dist</li>
<li><a href="ca24d5fb29"><code>ca24d5f</code></a> Update <code>@actions/glob</code> license version</li>
<li><a href="c09747ec1a"><code>c09747e</code></a> Merge branch 'main' into update-glob</li>
<li><a href="100527700e"><code>1005277</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/github-script/issues/299">#299</a> from actions/joshmgross/v6.3.2</li>
<li><a href="085a7754e8"><code>085a775</code></a> Bump version to 6.3.2</li>
<li><a href="6871f0ffce"><code>6871f0f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/github-script/issues/295">#295</a> from rentziass/rentziass/update-actions-core</li>
<li><a href="7ed718295b"><code>7ed7182</code></a> Update <code>@​actions/core</code> to 1.10.0</li>
<li>Additional commits viewable in <a href="https://github.com/actions/github-script/compare/v5...v6">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
2022-12-02 15:05:57 +00:00

499 lines
18 KiB
YAML
Raw Blame History

name: Build/Release Corso
on:
workflow_dispatch:
pull_request:
push:
branches: [main]
tags: ["v*.*.*"]
repository_dispatch:
types: [ok-to-test-command]
permissions:
# required to retrieve AWS credentials
id-token: write
contents: write
packages: write
pull-requests: read
# cancel currently running jobs if a new version of the branch is pushed
concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# ----------------------------------------------------------------------------------------------------
# --- Prechecks and Checkouts ------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------
Precheck:
uses: alcionai/corso/.github/workflows/_filechange_checker.yml@main
Checkout:
needs: [Precheck]
environment: Testing
runs-on: ubuntu-latest
defaults:
run:
working-directory: src
steps:
- uses: actions/checkout@v3
# single setup and sum cache handling here.
# the results will cascade onto both testing and linting.
- name: Setup Golang with cache
uses: ./.github/actions/go-setup-cache
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main' || needs.precheck.outputs.websitefileschanged == 'true'
with:
go-version-file: src/go.mod
SetEnv:
environment: Testing
runs-on: ubuntu-latest
outputs:
environment: ${{ steps.environment.outputs.environment }}
version: ${{ steps.version.outputs.version }}
website-bucket: ${{ steps.website-bucket.output.website-bucket }}
website-cfid: ${{ steps.website-cfid.output.website-cfid }}
steps:
- uses: actions/checkout@v3
- name: Figure out environment
id: environment
run: |
if ${{ startsWith(github.ref, 'refs/tags/') }}; then
echo "set-output name=environment::Production"
echo "::set-output name=environment::Production"
else
echo "set-output name=environment::Testing"
echo "::set-output name=environment::Testing"
fi
- name: Get version string
id: version
run: |
if ${{ startsWith(github.ref, 'refs/tags/') }}; then
echo "set-output name=version::$(git describe --exact-match --tags $(git rev-parse HEAD))"
echo "::set-output name=version::$(git describe --exact-match --tags $(git rev-parse HEAD))"
else
echo "set-output name=version::$(echo unreleased-$(git rev-parse --short HEAD))"
echo "::set-output name=version::$(echo unreleased-$(git rev-parse --short HEAD))"
fi
- name: Get bucket name for website
id: website-bucket
run: |
if ${{ startsWith(github.ref, 'refs/tags/') }}; then
echo "set-output name=website-bucket::corsobackup.io"
echo "::set-output name=website-bucket::corsobackup.io"
else
echo "set-output name=website-bucket::test-corso-docs"
echo "::set-output name=website-bucket::test-corso-docs"
fi
- name: Get cfid for website
id: website-cfid
run: |
if ${{ startsWith(github.ref, 'refs/tags/') }}; then
echo "set-output name=website-cfid::E1W9NGI9YTVZ1A"
echo "::set-output name=website-cfid::E1W9NGI9YTVZ1A"
else
echo "set-output name=website-cfid::ESFTEIYTIP7Y3"
echo "::set-output name=website-cfid::ESFTEIYTIP7Y3"
fi
# ----------------------------------------------------------------------------------------------------
# --- Website Linting -----------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------
Website-Linting:
needs: [Precheck, Checkout, SetEnv]
environment: Testing
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main' || needs.precheck.outputs.websitefileschanged == 'true' # websitefileschanged also includes srcfileschanged
steps:
- uses: actions/checkout@v3
- name: Setup Golang with cache
uses: magnetikonline/action-golang-cache@v3
with:
go-version-file: src/go.mod
- name: Generate CLI Docs
working-directory: ./src
run: |
go run ./cmd/mdgen/mdgen.go generate
# migrate generated md files into /website/docs/cli
- name: Move CLI .md to Docs
run: |
mkdir -p ./website/docs/cli
mv ./src/cmd/mdgen/cli_markdown/* ./website/docs/cli/
rm -R ./src/cmd/mdgen/cli_markdown/
- name: Install dependencies for website lint
run: |
wget https://github.com/errata-ai/vale/releases/download/v2.20.2/vale_2.20.2_Linux_64-bit.tar.gz # NOTE: update in Dockerfile when updating
mkdir bin && tar -xvzf vale_2.20.2_Linux_64-bit.tar.gz -C bin
echo "$PWD/bin" >> $GITHUB_PATH
npm i -g markdownlint-cli@0.32.2 # NOTE: update in Dockerfile when updating
- name: Run website lint
run: |
cd website && make -o genclidocs localcheck
- name: Build website
env:
CORSO_VERSION: ${{ needs.SetEnv.outputs.version }}
run: |
cd website &&
npm ci &&
npm run build
- uses: actions/upload-artifact@master
name: Upload website as artifacts
with:
name: website
path: website/build
# ----------------------------------------------------------------------------------------------------
# --- Integration and Unit Testing -------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------
Test-Suite-Trusted:
needs: [Precheck, Checkout]
environment: Testing
runs-on: ubuntu-latest
if: (startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main') || (needs.precheck.outputs.srcfileschanged == 'true' && github.event.pull_request.head.repo.full_name == github.repository)
defaults:
run:
working-directory: src
steps:
- uses: actions/checkout@v3
- name: Setup Golang with cache
uses: magnetikonline/action-golang-cache@v3
with:
go-version-file: src/go.mod
- run: mkdir testlog
# Install gotestfmt
- name: Set up gotestfmt
run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest
# AWS creds
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: integration-testing
aws-region: us-east-1
# run the tests
- name: Integration Tests
env:
AZURE_CLIENT_ID: ${{ secrets.CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
AZURE_TENANT_ID: ${{ secrets.TENANT_ID }}
CORSO_CI_TESTS: true
CORSO_M365_TEST_USER_ID: ${{ secrets.CORSO_M365_TEST_USER_ID }}
CORSO_SECONDARY_M365_TEST_USER_ID: ${{ secrets.CORSO_SECONDARY_M365_TEST_USER_ID }}
CORSO_PASSPHRASE: ${{ secrets.INTEGRATION_TEST_CORSO_PASSPHRASE }}
run: |
set -euo pipefail
go test \
-tags testing \
-json \
-v \
-failfast \
./... 2>&1 | tee ./testlog/gotest.log | gotestfmt -hide successful-tests
# Upload the original go test log as an artifact for later review.
- name: Upload test log
if: failure()
uses: actions/upload-artifact@v3
with:
name: test-log
path: src/testlog/gotest.log
if-no-files-found: error
retention-days: 14
Test-Suite-Fork:
needs: [Precheck]
environment: Testing
if: (!startsWith(github.ref , 'refs/tags/') && github.ref != 'refs/heads/main') && (needs.precheck.outputs.srcfileschanged == 'true' && github.event.pull_request.head.repo.full_name != github.repository)
runs-on: ubuntu-latest
defaults:
run:
working-directory: src
steps:
- name: Fail check
if: github.event_name != 'repository_dispatch'
run: |
echo "Workflow requires approval from a maintainer to run. It will be automatically rerun on approval."
exit 1
# add comment to PR with link to workflow run
- uses: marocchino/sticky-pull-request-comment@v2
with:
message: |
https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
# Check out merge commit
- name: Fork based /ok-to-test checkout
uses: actions/checkout@v2
with:
ref: "refs/pull/${{ github.event.client_payload.pull_request.number }}/merge"
- name: Setup Golang with cache
uses: magnetikonline/action-golang-cache@v3
with:
go-version-file: src/go.mod
- run: mkdir testlog
# Install gotestfmt
- name: Set up gotestfmt
run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest
# AWS creds
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: integration-testing
aws-region: us-east-1
# run the tests
- name: Integration Tests
env:
AZURE_CLIENT_ID: ${{ secrets.CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
AZURE_TENANT_ID: ${{ secrets.TENANT_ID }}
CORSO_CI_TESTS: true
CORSO_M365_TEST_USER_ID: ${{ secrets.CORSO_M365_TEST_USER_ID }}
CORSO_PASSPHRASE: ${{ secrets.INTEGRATION_TEST_CORSO_PASSPHRASE }}
run: |
set -euo pipefail
go test \
-json \
-v \
./... 2>&1 | tee ./testlog/gotest.log | gotestfmt -hide successful-tests
# Upload the original go test log as an artifact for later review.
- name: Upload test log
if: failure()
uses: actions/upload-artifact@v3
with:
name: test-log
path: src/testlog/gotest.log
if-no-files-found: error
retention-days: 14
# Update check run called "Test-Suite-Fork"
- uses: actions/github-script@v6
id: update-check-run
if: ${{ always() }}
env:
number: ${{ github.event.client_payload.pull_request.number }}
job: ${{ github.job }}
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
conclusion: ${{ job.status }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { data: pull } = await github.rest.pulls.get({
...context.repo,
pull_number: process.env.number
});
const ref = pull.head.sha;
const { data: checks } = await github.rest.checks.listForRef({
...context.repo,
ref
});
const check = checks.check_runs.filter(c => c.name === process.env.job);
const { data: result } = await github.rest.checks.update({
...context.repo,
check_run_id: check[0].id,
status: 'completed',
conclusion: process.env.conclusion
});
return result;
# ----------------------------------------------------------------------------------------------------
# --- Source Code Linting ----------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------
Linting:
needs: [Precheck, Checkout]
environment: Testing
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main' || needs.precheck.outputs.srcfileschanged == 'true'
defaults:
run:
working-directory: src
steps:
- uses: actions/checkout@v3
- name: Setup Golang with cache
uses: magnetikonline/action-golang-cache@v3
with:
go-version-file: src/go.mod
- name: Go Lint
uses: golangci/golangci-lint-action@v3
with:
# Keep pinned to a verson as sometimes updates will add new lint
# failures in unchanged code.
version: v1.50.1
working-directory: src
skip-pkg-cache: true
skip-build-cache: true
# check licenses
- name: Get go-licenses
run: go install github.com/google/go-licenses@latest
- name: Run go-licenses
run: go-licenses check github.com/alcionai/corso/src --ignore github.com/alcionai/corso/src
- name: Run staticcheck
uses: dominikh/staticcheck-action@v1.2.0
# ----------------------------------------------------------------------------------------------------
# --- Publish steps ----------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------
Publish-Binary:
needs: [Test-Suite-Trusted, Linting, Website-Linting, SetEnv]
environment: ${{ needs.SetEnv.outputs.environment }}
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main'
defaults:
run:
working-directory: src
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # needed to pull changelog
- name: Setup Golang with cache
uses: magnetikonline/action-golang-cache@v3
with:
go-version-file: src/go.mod
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v3
with:
version: latest
args: release --rm-dist --timeout 500m
workdir: src
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RUDDERSTACK_CORSO_WRITE_KEY: ${{ secrets.RUDDERSTACK_CORSO_WRITE_KEY }}
RUDDERSTACK_CORSO_DATA_PLANE_URL: ${{ secrets.RUDDERSTACK_CORSO_DATA_PLANE_URL }}
CORSO_VERSION: ${{ needs.SetEnv.outputs.version }}
- name: Upload assets
uses: actions/upload-artifact@v3
with:
name: corso
path: src/dist/*
Publish-Website:
needs: [Test-Suite-Trusted, Linting, Website-Linting, SetEnv]
environment: ${{ needs.SetEnv.outputs.environment }}
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main'
defaults:
run:
working-directory: website
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@master
name: Download website from build step
with:
name: website
path: website/build
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: integration-testing
aws-region: us-east-1
- name: Add rotbots.txt
if: github.ref == 'refs/heads/main'
run: |
printf 'User-agent: *\nDisallow: /' > build/robots.txt
- name: Push website
run: |
aws s3 sync build "s3://${{ needs.SetEnv.outputs.website-bucket }}" --delete
- name: Invalidate cloudfront
run: |
aws cloudfront create-invalidation --distribution-id ${{ needs.SetEnv.outputs.website-cfid }} --paths "/*"
Publish-Image:
needs: [Test-Suite-Trusted, Linting, Website-Linting, SetEnv]
environment: ${{ needs.SetEnv.outputs.environment }}
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main'
defaults:
run:
working-directory: build
env:
imageName: ghcr.io/alcionai/corso
PLATFORMS: linux/amd64,linux/arm64
steps:
- uses: actions/checkout@v3
# Setup buildx
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
# retrieve credentials for ghcr.io
- name: Login to Github Packages
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.imageName }}
tags: |
type=ref,event=tag
type=sha,format=short,prefix=
type=raw,value=nightly
# deploy the image
- name: Build image and push to GitHub Container Registry
uses: docker/build-push-action@v3
with:
context: .
file: ./build/Dockerfile
platforms: ${{ env.PLATFORMS }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
CORSO_BUILD_LDFLAGS=-X 'github.com/alcionai/corso/src/internal/events.RudderStackWriteKey=${{ secrets.RUDDERSTACK_CORSO_WRITE_KEY }}' -X 'github.com/alcionai/corso/src/internal/events.RudderStackDataPlaneURL=${{ secrets.RUDDERSTACK_CORSO_DATA_PLANE_URL }}' -X 'github.com/alcionai/corso/src/cli.version=${{ needs.SetEnv.outputs.version }}'
# use the github cache
cache-from: type=gha
cache-to: type=gha,mode=max
Reference in New Issue View Git Blame Copy Permalink