From 8734e7f6403aa7cc11339ded66bcf6817572757a Mon Sep 17 00:00:00 2001 From: Nikola Irinchev Date: Tue, 7 Jan 2025 13:55:02 +0100 Subject: [PATCH] chore: gha workflow updates (#6591) --- .github/workflows/codeql.yml | 82 ++++++++++++------------ .github/workflows/publish-compass.yaml | 12 ++-- .github/workflows/publish-packages.yaml | 84 ++++++++++++------------- .github/workflows/start-beta.yml | 12 ++-- .github/workflows/start-ga.yaml | 11 ++-- .github/workflows/update-electron.yaml | 2 + 6 files changed, 102 insertions(+), 101 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8fd3aef1d37..d5e173d9bf5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,13 +13,13 @@ name: "CodeQL" on: push: - branches: [ "main", '*-releases' ] - tags: [ 'v*' ] + branches: ["main", "*-releases"] + tags: ["v*"] pull_request: # The branches below must be a subset of the branches above - branches: [ "main" ] + branches: ["main"] schedule: - - cron: '30 14 * * 4' + - cron: "30 14 * * 4" workflow_dispatch: inputs: {} @@ -36,53 +36,53 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go', 'javascript', 'python' ] + language: ["go", "javascript", "python"] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] # Use only 'java' to analyze code written in Java, Kotlin or both # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - queries: security-extended - config: | - paths-ignore: - - '**/*.test.js' - - '**/*.spec.js' - - '**/*.test.ts' - - '**/*.spec.ts' - - '**/*.test.tsx' - - '**/*.spec.tsx' - - 'scripts/**' + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + queries: security-extended + config: | + paths-ignore: + - '**/*.test.js' + - '**/*.spec.js' + - '**/*.test.ts' + - '**/*.spec.ts' + - '**/*.test.tsx' + - '**/*.spec.tsx' + - 'scripts/**' - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "/language:${{matrix.language}}" + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/publish-compass.yaml b/.github/workflows/publish-compass.yaml index 9966a4d0124..3ffb517bd01 100644 --- a/.github/workflows/publish-compass.yaml +++ b/.github/workflows/publish-compass.yaml @@ -5,9 +5,9 @@ on: workflow_dispatch: inputs: dryRun: - description: 'Run publish in dry-run mode (WARN: think twice when changing this value, this will override currently published manifest in download center!)' + description: "Run publish in dry-run mode (WARN: think twice when changing this value, this will override currently published manifest in download center!)" required: true - default: 'true' + default: "true" release: types: [published] @@ -17,13 +17,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Node.js Environment - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 20.16.0 - cache: 'npm' + cache: "npm" - name: Install npm@10.2.4 run: | @@ -36,7 +36,7 @@ jobs: - name: Upload updated download center manifest env: - DEBUG: 'hadron*,mongo*,compass*' + DEBUG: "hadron*,mongo*,compass*" DOWNLOAD_CENTER_AWS_ACCESS_KEY_ID: ${{ secrets.DOWNLOAD_CENTER_AWS_ACCESS_KEY_ID }} DOWNLOAD_CENTER_AWS_SECRET_ACCESS_KEY: ${{ secrets.DOWNLOAD_CENTER_AWS_SECRET_ACCESS_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish-packages.yaml b/.github/workflows/publish-packages.yaml index 849fcc2a91a..340def93c2c 100644 --- a/.github/workflows/publish-packages.yaml +++ b/.github/workflows/publish-packages.yaml @@ -18,45 +18,45 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - # don't checkout a detatched HEAD - ref: ${{ github.head_ref }} - - # this is important so git log has the whole history - fetch-depth: '0' - - - name: Setup git - run: | - git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config --local user.name "github-actions[bot]" - - - name: "Use Node.js 14" - uses: actions/setup-node@v3 - with: - node-version: 20.16.0 - - - name: Install npm@10.2.4 - run: npm install -g npm@10.2.4 - - - name: Install Dependencies - run: | - npm run bootstrap-ci - shell: bash - - - name: "Publish what is not already in NPM" - env: - NPM_TOKEN: ${{ secrets.DEVTOOLSBOT_NPM_TOKEN }} - run: | - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc - npm config list - echo "Publishing packages as $(npm whoami)" - git update-index --assume-unchanged .npmrc - npm run publish-packages - - - name: "Publish tags" - run: | - npx lerna list -a --json | \ - jq -r '.[] | .name + "@" + .version' | \ - xargs -i sh -c "git tag -a {} -m {} || true" - git push --follow-tags + - uses: actions/checkout@v4 + with: + # don't checkout a detatched HEAD + ref: ${{ github.head_ref }} + + # this is important so git log has the whole history + fetch-depth: "0" + + - name: Setup git + run: | + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + + - name: "Use Node.js 20" + uses: actions/setup-node@v4 + with: + node-version: 20.16.0 + + - name: Install npm@10.2.4 + run: npm install -g npm@10.2.4 + + - name: Install Dependencies + run: | + npm run bootstrap-ci + shell: bash + + - name: "Publish what is not already in NPM" + env: + NPM_TOKEN: ${{ secrets.DEVTOOLSBOT_NPM_TOKEN }} + run: | + echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc + npm config list + echo "Publishing packages as $(npm whoami)" + git update-index --assume-unchanged .npmrc + npm run publish-packages + + - name: "Publish tags" + run: | + npx lerna list -a --json | \ + jq -r '.[] | .name + "@" + .version' | \ + xargs -i sh -c "git tag -a {} -m {} || true" + git push --follow-tags diff --git a/.github/workflows/start-beta.yml b/.github/workflows/start-beta.yml index 0adb902e56b..5a320a97d97 100644 --- a/.github/workflows/start-beta.yml +++ b/.github/workflows/start-beta.yml @@ -5,21 +5,21 @@ on: inputs: mergeBranch: description: 'mergeBranch (optional, default="main"): the branch to merge from, useful to perform quick fixes outside of main.' - default: 'main' + default: "main" required: false overrideNextGa: - description: 'overrideNextGa (optional): set this param if you want to override the nextGa version that is fetched from jira versions, and use a different one.' + description: "overrideNextGa (optional): set this param if you want to override the nextGa version that is fetched from jira versions, and use a different one." required: false schedule: # Each Monday at 5 AM UTC - - cron: '0 5 * * 1' + - cron: "0 5 * * 1" jobs: startRelease: name: Start new Beta release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup git @@ -27,10 +27,10 @@ jobs: git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version: 20.16.0 - cache: 'npm' + cache: "npm" - name: Install npm@10.2.4 run: | diff --git a/.github/workflows/start-ga.yaml b/.github/workflows/start-ga.yaml index 0fcab556b2f..11e4f0a0c31 100644 --- a/.github/workflows/start-ga.yaml +++ b/.github/workflows/start-ga.yaml @@ -7,11 +7,11 @@ on: workflow_dispatch: inputs: releaseTicket: - description: 'releaseTicket (required): it must have a fixVersion which will be used as release version.' + description: "releaseTicket (required): it must have a fixVersion which will be used as release version." required: true mergeBranch: description: 'mergeBranch (optional, default="beta-releases"): the branch to merge from, useful to perform quick fixes or to skip beta.' - default: 'beta-releases' + default: "beta-releases" required: false jobs: @@ -19,7 +19,7 @@ jobs: name: Start new GA release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup git @@ -27,10 +27,10 @@ jobs: git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version: 20.16.0 - cache: 'npm' + cache: "npm" - name: Install npm@10.2.4 run: | @@ -43,7 +43,6 @@ jobs: - name: Start Release env: - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} GH_TOKEN: ${{ github.token }} run: | node scripts/release.js ga \ diff --git a/.github/workflows/update-electron.yaml b/.github/workflows/update-electron.yaml index a127ddd0b20..286a0f7bead 100644 --- a/.github/workflows/update-electron.yaml +++ b/.github/workflows/update-electron.yaml @@ -22,6 +22,7 @@ jobs: with: # don't checkout a detatched HEAD ref: ${{ github.head_ref }} + token: ${{ steps.app-token.outputs.token }} - uses: actions/setup-node@v4 with: @@ -48,3 +49,4 @@ jobs: labels: no-title-validation body: | - Update electron + author: "${{ steps.app-token.outputs.app-slug }}[bot]"