From 1e12e8d6f73b24e16888a60e53ec4907b52e23d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fernando=20Fern=C3=A1ndez?= Date: Sun, 11 Aug 2024 11:31:05 +0200 Subject: [PATCH] ci: major refactors (#2423) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Migrate CF Pages to CF Wrangler action (based on https://github.com/jellyfin/jellyfin-web/pull/5894) * Create event-based workflows, all the specific actions are now reusable workflows Signed-off-by: Fernando FernΓ‘ndez --- .github/workflows/TODO | 1 + .../workflows/{codeql.yml => __codeql.yml} | 23 +--- .github/workflows/__deploy.yml | 75 +++++++++++++ .../{job_messages.yml => __job_messages.yml} | 0 .../workflows/{package.yml => __package.yml} | 9 +- ...uality_checks.yml => __quality_checks.yml} | 26 ++--- .github/workflows/automation.yml | 69 ------------ .github/workflows/deploy.yml | 83 -------------- .github/workflows/pull_request.yml | 105 ++++++++++++++++++ .github/workflows/push_release.yml | 64 +++++++++++ .github/workflows/release.yml | 27 ----- .github/workflows/schedule.yml | 17 +++ 12 files changed, 280 insertions(+), 219 deletions(-) create mode 100644 .github/workflows/TODO rename .github/workflows/{codeql.yml => __codeql.yml} (66%) create mode 100644 .github/workflows/__deploy.yml rename .github/workflows/{job_messages.yml => __job_messages.yml} (100%) rename .github/workflows/{package.yml => __package.yml} (98%) rename .github/workflows/{quality_checks.yml => __quality_checks.yml} (83%) delete mode 100644 .github/workflows/automation.yml delete mode 100644 .github/workflows/deploy.yml create mode 100644 .github/workflows/pull_request.yml create mode 100644 .github/workflows/push_release.yml delete mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/schedule.yml diff --git a/.github/workflows/TODO b/.github/workflows/TODO new file mode 100644 index 00000000000..2cf2181658d --- /dev/null +++ b/.github/workflows/TODO @@ -0,0 +1 @@ +* Reusable workflows should be under a `reusable` folder. Track https://github.com/orgs/community/discussions/10773 diff --git a/.github/workflows/codeql.yml b/.github/workflows/__codeql.yml similarity index 66% rename from .github/workflows/codeql.yml rename to .github/workflows/__codeql.yml index e079d24c9c3..298903bc50e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/__codeql.yml @@ -1,29 +1,15 @@ name: GitHub CodeQL πŸ”¬ -concurrency: - group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.ref || github.head_ref || github.run_id }} - cancel-in-progress: true - on: - push: - branches: - - master - pull_request: - paths-ignore: - - '**/*.md' - merge_group: workflow_call: - schedule: - - cron: 0 0 * * MON,FRI - + inputs: + commit: + required: true + type: string jobs: analyze: name: Analyze πŸ”¬ runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write strategy: fail-fast: false @@ -35,6 +21,7 @@ jobs: - name: Checkout repository ⬇️ uses: actions/checkout@v4.1.7 with: + ref: ${{ inputs.commit }} show-progress: false - name: Initialize CodeQL πŸ› οΈ diff --git a/.github/workflows/__deploy.yml b/.github/workflows/__deploy.yml new file mode 100644 index 00000000000..ed8a67bf6bc --- /dev/null +++ b/.github/workflows/__deploy.yml @@ -0,0 +1,75 @@ +name: Deploy πŸ—οΈ + +on: + workflow_call: + inputs: + branch: + required: true + type: string + commit: + required: false + type: string + pr_number: + required: false + type: number + comment: + required: false + type: boolean + artifact_name: + required: false + type: string + default: frontend + +jobs: + cf-pages: + name: CloudFlare Pages πŸ“ƒ + runs-on: ubuntu-latest + environment: ${{ inputs.branch == 'master' && 'production' || 'preview' }} + outputs: + url: ${{ steps.cf.outputs.deployment-url }} + + steps: + - name: Download workflow artifact ⬇️ + uses: actions/download-artifact@v4.1.8 + with: + name: ${{ inputs.artifact_name }} + path: dist + + - name: Publish to Cloudflare Pages πŸ“ƒ + uses: cloudflare/wrangler-action@v3.7.0 + id: cf + with: + apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} + accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} + command: pages deploy dist --project-name=jf-vue --branch=${{ inputs.branch }} + + compose-comment: + name: Compose comment πŸ“ + if: ${{ always() && inputs.comment }} + uses: ./.github/workflows/__job_messages.yml + needs: + - cf-pages + + with: + branch: ${{ inputs.branch }} + commit: ${{ inputs.commit }} + preview_url: ${{ needs.cf-pages.outputs.url }} + build_workflow_run_id: ${{ github.run_id}} + commenting_workflow_run_id: ${{ github.run_id }} + in_progress: false + + comment-status: + name: Create comment status πŸ“Š + if: ${{ always() && inputs.comment && inputs.pr_number }} + runs-on: ubuntu-latest + needs: + - compose-comment + + steps: + - name: Update job summary in PR comment πŸ”ƒ + uses: thollander/actions-comment-pull-request@v2.5.0 + with: + GITHUB_TOKEN: ${{ secrets.JF_BOT_TOKEN }} + message: ${{ needs.compose-comment.outputs.msg }} + pr_number: ${{ inputs.pr_number }} + comment_tag: ${{ needs.compose-comment.outputs.marker }} diff --git a/.github/workflows/job_messages.yml b/.github/workflows/__job_messages.yml similarity index 100% rename from .github/workflows/job_messages.yml rename to .github/workflows/__job_messages.yml diff --git a/.github/workflows/package.yml b/.github/workflows/__package.yml similarity index 98% rename from .github/workflows/package.yml rename to .github/workflows/__package.yml index 02e9ebb54eb..79463e82871 100644 --- a/.github/workflows/package.yml +++ b/.github/workflows/__package.yml @@ -4,7 +4,7 @@ on: workflow_call: inputs: commit: - required: true + required: false type: string tag_name: required: false @@ -28,10 +28,6 @@ env: COMMIT_TAG: unstable DOCKER_BUILD_RECORD_UPLOAD: false -permissions: - id-token: write - attestations: write - defaults: run: shell: bash @@ -60,6 +56,7 @@ jobs: - name: Checkout ⬇️ uses: actions/checkout@v4.1.7 with: + ref: ${{ inputs.commit || github.sha }} show-progress: false - name: Setup node environment βš™οΈ @@ -169,6 +166,7 @@ jobs: - name: Checkout ⬇️ uses: actions/checkout@v4.1.7 with: + ref: ${{ inputs.commit || github.sha }} show-progress: false - name: Configure QEMU βš™οΈ @@ -262,6 +260,7 @@ jobs: - name: Checkout ⬇️ uses: actions/checkout@v4.1.7 with: + ref: ${{ inputs.commit || github.sha }} show-progress: false - name: Configure QEMU βš™οΈ diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/__quality_checks.yml similarity index 83% rename from .github/workflows/quality_checks.yml rename to .github/workflows/__quality_checks.yml index 24b82d047bb..c52c7d534ad 100644 --- a/.github/workflows/quality_checks.yml +++ b/.github/workflows/__quality_checks.yml @@ -1,16 +1,11 @@ name: Quality checks πŸ‘ŒπŸ§ͺ -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - on: - pull_request: - paths-ignore: - - '**/*.md' - merge_group: - schedule: - - cron: 30 7 * * 6 + workflow_call: + inputs: + commit: + required: true + type: string workflow_dispatch: jobs: @@ -21,6 +16,7 @@ jobs: - name: Checkout Repository uses: actions/checkout@v4.1.7 with: + ref: ${{ inputs.commit }} show-progress: false - name: Scan @@ -42,6 +38,7 @@ jobs: - name: Checkout ⬇️ uses: actions/checkout@v4.1.7 with: + ref: ${{ inputs.commit }} show-progress: false - name: Setup node environment βš™οΈ @@ -67,6 +64,7 @@ jobs: - name: Checkout ⬇️ uses: actions/checkout@v4.1.7 with: + ref: ${{ inputs.commit }} show-progress: false - name: Setup node environment βš™οΈ @@ -81,21 +79,15 @@ jobs: - name: Run typecheck πŸ“– run: npm run typecheck - build: - name: Build πŸ—οΈ - uses: ./.github/workflows/package.yml - with: - commit: ${{ github.sha }} - conventional_commits: name: Conventional commits check πŸ’¬ - if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} runs-on: ubuntu-latest steps: - name: Checkout ⬇️ uses: actions/checkout@v4.1.7 with: + ref: ${{ inputs.commit }} show-progress: false - name: Check if all commits comply with the specification diff --git a/.github/workflows/automation.yml b/.github/workflows/automation.yml deleted file mode 100644 index 9348b9bfc58..00000000000 --- a/.github/workflows/automation.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: Automation πŸ€– - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -on: - push: - branches: - - master - paths-ignore: - - "**/*.md" - pull_request_target: - -jobs: - compose-comment: - name: Compose PR comment - if: ${{ always() && !cancelled() && github.event_name == 'pull_request_target' }} - uses: ./.github/workflows/job_messages.yml - with: - commit: ${{ github.event.pull_request.head.sha }} - commenting_workflow_run_id: ${{ github.run_id }} - in_progress: true - - push-comment: - name: Push comment to PR πŸ–₯️ - if: ${{ always() && !cancelled() && github.event_name == 'pull_request_target' && needs.compose-comment.result == 'success' }} - runs-on: ubuntu-latest - needs: - - compose-comment - - steps: - - name: Create comment - uses: thollander/actions-comment-pull-request@v2.5.0 - with: - GITHUB_TOKEN: ${{ secrets.JF_BOT_TOKEN }} - message: ${{ needs.compose-comment.outputs.msg }} - comment_tag: ${{ needs.compose-comment.outputs.marker }} - - project: - name: Project board πŸ“Š - if: ${{ github.event_name == 'pull_request_target' }} - runs-on: ubuntu-latest - - steps: - - uses: alex-page/github-project-automation-plus@v0.9.0 - with: - project: Ongoing development - column: In progress - repo-token: ${{ secrets.JF_BOT_TOKEN }} - - label: - name: Labeling 🏷️ - if: ${{ always() && !cancelled() }} - runs-on: ubuntu-latest - - steps: - - name: Label PR depending on modified files - uses: actions/labeler@v5.0.0 - if: ${{ github.event_name == 'pull_request_target' }} - continue-on-error: true - with: - repo-token: "${{ secrets.JF_BOT_TOKEN }}" - - - name: Check all PRs for merge conflicts β›” - uses: eps1lon/actions-label-merge-conflict@v3.0.2 - with: - dirtyLabel: "merge conflict" - repoToken: ${{ secrets.JF_BOT_TOKEN }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 206949b17c0..00000000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: Deploy πŸ—οΈ - -on: - workflow_run: - workflows: - # Deploy on pull requests - - Quality checks πŸ‘ŒπŸ§ͺ - # Deploy on all releases - - Release 🌍 - types: - - completed - -jobs: - cf-pages: - name: CloudFlare Pages πŸ“ƒ - runs-on: ubuntu-latest - permissions: - contents: read - deployments: write - # We set the environment variable here (and as an output) because, - # given no real runner is dispatched in compose-comment job (it's dispatched in the reusable workflow) in this workflow definition, - # the env. context is not valid. - env: - TARGET_BRANCH: | - ${{ - github.event.workflow_run.head_repository.full_name == github.repository - && github.event.workflow_run.head_branch - || format('{0}/{1}', github.event.workflow_run.head_repository.full_name, github.event.workflow_run.head_branch) - }} - outputs: - url: ${{ steps.cf.outputs.url }} - branch: ${{ env.TARGET_BRANCH }} - - steps: - - name: Download workflow artifact ⬇️ - uses: actions/download-artifact@v4.1.8 - with: - run-id: ${{ github.event.workflow_run.id }} - github-token: ${{ secrets.JF_BOT_TOKEN }} - name: frontend - path: dist - - - name: Publish to Cloudflare Pages πŸ“ƒ - uses: cloudflare/pages-action@v1.5.0 - id: cf - with: - apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} - accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - projectName: jf-vue - directory: dist - branch: ${{ env.TARGET_BRANCH }} - gitHubToken: ${{ secrets.GITHUB_TOKEN }} - - compose-comment: - name: Compose comment πŸ“ - if: ${{ always() }} - uses: ./.github/workflows/job_messages.yml - needs: - - cf-pages - - with: - branch: ${{ needs.cf-pages.outputs.branch }} - commit: ${{ github.event.workflow_run.head_commit.id }} - preview_url: ${{ needs.cf-pages.outputs.url }} - build_workflow_run_id: ${{ github.event.workflow_run.id }} - commenting_workflow_run_id: ${{ github.run_id }} - in_progress: false - - comment-status: - name: Create comment status πŸ“Š - if: ${{ always() && github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.pull_requests[0].number != '' }} - runs-on: ubuntu-latest - needs: - - compose-comment - - steps: - - name: Update job summary in PR comment πŸ”ƒ - uses: thollander/actions-comment-pull-request@v2.5.0 - with: - GITHUB_TOKEN: ${{ secrets.JF_BOT_TOKEN }} - message: ${{ needs.compose-comment.outputs.msg }} - pr_number: ${{ github.event.workflow_run.pull_requests[0].number }} - comment_tag: ${{ needs.compose-comment.outputs.marker }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml new file mode 100644 index 00000000000..f707124b928 --- /dev/null +++ b/.github/workflows/pull_request.yml @@ -0,0 +1,105 @@ +name: Pull Request πŸ“₯ + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.head.sha || github.run_id }} + cancel-in-progress: true + +on: + pull_request_target: + paths-ignore: + - '**/*.md' + merge_group: + +jobs: + compose-comment: + name: Compose PR comment + if: ${{ always() && !cancelled() }} + uses: ./.github/workflows/__job_messages.yml + with: + commit: ${{ github.event.pull_request.head.sha }} + commenting_workflow_run_id: ${{ github.run_id }} + in_progress: true + + push-comment: + name: Push comment to PR πŸ–₯️ + if: ${{ always() && !cancelled() && needs.compose-comment.result == 'success' }} + runs-on: ubuntu-latest + needs: + - compose-comment + + steps: + - name: Create comment + uses: thollander/actions-comment-pull-request@v2.5.0 + with: + GITHUB_TOKEN: ${{ secrets.JF_BOT_TOKEN }} + message: ${{ needs.compose-comment.outputs.msg }} + comment_tag: ${{ needs.compose-comment.outputs.marker }} + + project: + name: Project board πŸ“Š + if: ${{ always() }} + runs-on: ubuntu-latest + + steps: + - uses: alex-page/github-project-automation-plus@v0.9.0 + with: + project: Ongoing development + column: In progress + repo-token: ${{ secrets.JF_BOT_TOKEN }} + + label: + name: Labeling 🏷️ + if: ${{ always() }} + runs-on: ubuntu-latest + + steps: + - name: Label PR depending on modified files + uses: actions/labeler@v5.0.0 + with: + repo-token: ${{ secrets.JF_BOT_TOKEN }} + + build: + name: Build πŸ—οΈ + uses: ./.github/workflows/__package.yml + # Start build after the comment is created + needs: + - push-comment + # Needed for attestation publication + permissions: + id-token: write + attestations: write + with: + commit: ${{ github.event.pull_request.head.sha }} + + quality_checks: + name: Quality checks πŸ‘ŒπŸ§ͺ + uses: ./.github/workflows/__quality_checks.yml + permissions: {} + with: + commit: ${{ github.event.pull_request.head.sha }} + + codeql: + name: CodeQL πŸ—οΈ + uses: ./.github/workflows/__codeql.yml + permissions: + actions: read + contents: read + security-events: write + with: + commit: ${{ github.event.pull_request.head.sha }} + + deploy: + name: Deploy πŸš€ + uses: ./.github/workflows/__deploy.yml + needs: + - build + permissions: + contents: read + deployments: write + secrets: inherit + with: + # If the PR is from the master branch of a fork, append the fork's name to the branch name + branch: ${{ github.event.pull_request.head.repo.full_name != github.repository && github.event.pull_request.head.ref == 'master' && format('{0}/{1}', github.event.pull_request.head.repo.full_name, github.event.pull_request.head.ref) || github.event.pull_request.head.ref }} + comment: true + pr_number: ${{ github.event.pull_request.number }} + commit: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/push_release.yml b/.github/workflows/push_release.yml new file mode 100644 index 00000000000..cd3727897ad --- /dev/null +++ b/.github/workflows/push_release.yml @@ -0,0 +1,64 @@ +name: Push & Release 🌍 + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.ref }} + cancel-in-progress: true + +on: + release: + types: + - released + - prereleased + push: + branches: + - master + paths-ignore: + - '**/*.md' + +jobs: + label: + name: Labeling 🏷️ + if: ${{ always() && !cancelled() }} + runs-on: ubuntu-latest + + steps: + - name: Check all PRs for merge conflicts β›” + uses: eps1lon/actions-label-merge-conflict@v3.0.2 + with: + dirtyLabel: "merge conflict" + repoToken: ${{ secrets.JF_BOT_TOKEN }} + + main: + name: ${{ github.event_name == 'push' && 'Unstable πŸš€βš οΈ' || 'Stable πŸ·οΈβœ…' }} + uses: ./.github/workflows/__package.yml + secrets: inherit + # Needed for attestation publication + permissions: + id-token: write + attestations: write + with: + commit: ${{ github.event_name == 'push' && github.sha }} + is_prerelease: ${{ github.event_name == 'release' && github.event.action == 'prereleased' }} + tag_name: ${{ github.event_name == 'release' && github.event.release.tag_name }} + push: true + + codeql: + name: CodeQL πŸ—οΈ + uses: ./.github/workflows/__codeql.yml + permissions: + actions: read + contents: read + security-events: write + + deploy: + name: Deploy πŸš€ + uses: ./.github/workflows/__deploy.yml + needs: + - main + permissions: + contents: read + deployments: write + secrets: inherit + with: + branch: ${{ github.ref_name }} + comment: false diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 3b5d37e139a..00000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Release 🌍 - -concurrency: - group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.ref }} - cancel-in-progress: true - -on: - release: - types: - - released - - prereleased - push: - branches: - - master - paths-ignore: - - '**/*.md' - -jobs: - main: - name: ${{ github.event_name == 'push' && 'Unstable πŸš€βš οΈ' || 'Stable πŸ·οΈβœ…' }} - uses: ./.github/workflows/package.yml - secrets: inherit - with: - commit: ${{ github.event_name == 'push' && github.sha }} - is_prerelease: ${{ github.event_name == 'release' && github.event.action == 'prereleased' }} - tag_name: ${{ github.event_name == 'release' && github.event.release.tag_name }} - push: true diff --git a/.github/workflows/schedule.yml b/.github/workflows/schedule.yml new file mode 100644 index 00000000000..f98e4ca9bb6 --- /dev/null +++ b/.github/workflows/schedule.yml @@ -0,0 +1,17 @@ +name: Scheduled tasks πŸ•’ + +on: + schedule: + - cron: 30 7 * * 6 + workflow_dispatch: + +jobs: + codeql: + name: CodeQL πŸ—οΈ + uses: ./.github/workflows/__codeql.yml + permissions: + actions: read + contents: read + security-events: write + with: + commit: ${{ github.sha }}