[AAE-32905] - Maybe i was too optimistic

Author: VitoAlbano

.github/CODEOWNERS

@@ -10,9 +10,9 @@
 # precedence. When someone opens a pull request that only
 # modifies JS files, only @js-owner and not the global
 # owner(s) will be requested for a review.
-/e2e/   @eromano @cristinaj
+/e2e/   @eromano
 
  # The `docs/*` pattern will match files like
 # `docs/getting-started.md` but not further nested files like
 # `docs/build-app/troubleshooting.md`.
-/docs/  @m-hulbert  @eromano
+/docs/  @eromano

.github/workflows/pull-request-save.yml

@@ -0,0 +1,289 @@
+name: "pull-request-save"
+
+on:
+  workflow_call:
+    inputs:
+      dry-run-flag:
+        description: 'enable dry-run on artifact push'
+        required: false
+        type: boolean
+        default: true
+      devel:
+        description: 'devel'
+        required: false
+        type: boolean
+        default: false
+      cron-run:
+        description: 'disables jobs which should not run when cron runs e2es'
+        required: false
+        type: boolean
+        default: false
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches:
+      - develop
+      - master
+      - develop-patch*
+      - master-patch*
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  BASE_REF: ${{ github.base_ref }}
+  HEAD_REF: ${{ github.head_ref }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  GITHUB_BRANCH: ${{ github.ref_name }}
+  GH_BUILD_DIR: ${{ github.workspace }}
+  GH_COMMIT: ${{ github.sha }}
+  BUILD_ID: ${{ github.run_id }}
+  GH_RUN_NUMBER: ${{ github.run_attempt }}
+  GH_BUILD_NUMBER: ${{ github.run_id }}
+  JOB_ID: ${{ github.run_id }}
+  LOG_LEVEL: "ERROR"
+  S3_BUILD_BUCKET_SHORT_NAME: ${{ secrets.S3_BUILD_BUCKET_SHORT_NAME }}
+  NODE_OPTIONS: "--max-old-space-size=5120"
+  DOCKER_REPOSITORY_DOMAIN: ${{ secrets.DOCKER_REPOSITORY_DOMAIN }}
+  DOCKER_REPOSITORY_USER: ${{ secrets.DOCKER_REPOSITORY_USER }}
+  DOCKER_REPOSITORY_PASSWORD: ${{ secrets.DOCKER_REPOSITORY_PASSWORD }}
+  DOCKER_REPOSITORY_STORYBOOK: "${{ secrets.DOCKER_REPOSITORY_DOMAIN }}/alfresco/storybook"
+  REPO_OWNER: "Alfresco"
+  REPO_NAME: "alfresco-ng2-components"
+  STORYBOOK_DIR: "./dist/storybook/stories"
+  BUILT_LIBS_DIR: "./dist/libs"
+  NODE_MODULES_DIR: "./node_modules"
+  REDIRECT_URI: /
+
+jobs:
+  pre-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Ensure SHA pinned actions
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@25ed13d0628a1601b4b44048e63cc4328ed03633 # v3.0.22
+
+      - name: Check package-lock.json version
+        run: |
+          if [[ $(jq '.lockfileVersion == 3' package-lock.json) == "true" ]] ; then
+            echo "package-lock.json has a correct version"
+          else
+            echo "package-lock must be version 3"
+            exit 1
+          fi
+
+  check-if-pr-is-approved:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+         fetch-depth: 0
+
+      - name: Get branch name
+        uses: Alfresco/alfresco-build-tools/.github/actions/get-branch-name@c1236aee36bb9b35c5972819fcf8a4d07572e6cd # v8.16.0
+
+      - name: Save commit message
+        uses: Alfresco/alfresco-build-tools/.github/actions/get-commit-message@c1236aee36bb9b35c5972819fcf8a4d07572e6cd # v8.16.0
+
+      - name: ci:force flag parser
+        shell: bash
+        run: |
+          if [ "${{ github.event_name }}" == "schedule" ] || [ "${{ github.actor }}" == "dependabot[bot]" ]; then
+            echo -e "\033[32mci:force check can be skipped\033[0m"
+            skip_check="true"
+          elif [[ "$COMMIT_MESSAGE" == *"[ci:force]"* ]]; then
+              echo -e "\033[32m[ci:force] flag detected. No need for approval.\033[0m"
+              skip_check="true"
+          fi
+
+      - name: Get PR number
+        if: ${{ github.event_name != 'schedule' && github.event_name != 'workflow_dispatch' }}
+        uses: kamatama41/get-pr-number-action@0bcaab5752c0b699149e74667c8ce2f764cbb7fa # v0.9.1
+        id: action
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: show pr number
+        shell: bash
+        run: |
+          echo "PR: ${{ steps.action.outputs.number }}"
+
+      - name: check if pr is approved
+        env:
+          DEVEL_FLAG: ${{ inputs.devel }}
+          GH_TOKEN: ${{ github.token }}
+          skip_check: "false"
+        run: |
+          if [ "${{ github.event_name }}" == "schedule" ] || [ "${{ github.actor }}" == "dependabot[bot]" ]; then
+            echo -e "\033[32mci:force check can be skipped\033[0m"
+            skip_check="true"
+          elif [[ "$COMMIT_MESSAGE" == *"[ci:force]"* ]]; then
+            echo -e "\033[32m[ci:force] flag detected. No need for approval.\033[0m"
+            skip_check="true"
+          fi
+
+          if [ "${{ github.actor }}" == "dependabot[bot]" ] || [ "${{ github.actor }}" == "alfresco-build" ]; then
+            echo -e "\033[32mCommit by ${{ github.actor }}. No need for approval.\033[0m"
+            skip_check="true"
+          fi
+          if [ "${{ github.event_name }}" == "schedule" ] || [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+            echo -e "\033[32mSchedule event\033[0m"
+            skip_check="true"
+          fi
+
+          if [[ "$DEVEL_FLAG" == "true" ]]; then
+            echo -e "\033[32mDevel flag\033[0m"
+            skip_check="true"
+          fi
+
+          if [ "$skip_check" == "false" ]; then
+            echo "Checking PR approval"
+            prNumber=${{ steps.action.outputs.number }}
+            echo "PR: $prNumber"
+            checkApproval=$(gh api /repos/$GITHUB_REPOSITORY/pulls/$prNumber/reviews | jq '.[] | select(.state == "APPROVED") | .user.login')
+            if [[ $checkApproval ]]; then
+              echo -e "\033[32mPR approved\033[0m"
+            else
+              echo -e "\033[31mPR NOT approved\033[0m"
+              exit 1
+            fi
+          fi
+
+  setup:
+    # long timeout required when cache has to be recreated
+    timeout-minutes: 30
+    name: "Setup"
+    runs-on: ubuntu-latest
+    needs: [check-if-pr-is-approved, pre-checks]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0 # Fetch all history for all tags and branches
+      - uses: ./.github/actions/setup
+      - name: install
+        run: |
+          npm ci
+          npx nx run js-api:bundle
+          npx nx run cli:bundle
+      - uses: ./.github/actions/upload-node-modules-and-artifacts
+
+  generate-affected-matrix:
+    name: "Generate affected matrix"
+    runs-on: ubuntu-latest
+    needs: []
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+      - name: Install dependencies
+        run: npm ci
+      - name: Generate affected projects matrix
+        id: set-matrix
+        run: |
+          BASE_REF="${{ github.event.pull_request.base.ref }}"
+          echo "Base ref is $BASE_REF"
+          AFFECTED=$(npx nx show projects --affected --target=test --base=origin/$BASE_REF --select=projects --plain --exclude=cli,stories,eslint-angular)
+          echo "Affected projects: $AFFECTED"
+          MATRIX_JSON=$(echo $AFFECTED | xargs -n1 | jq -R -s -c 'split("\n")[:-1] | map({ "project": . })')
+          MATRIX_JSON=$(echo "$MATRIX_JSON" | tr -d '\n' | sed 's/"$//')
+          echo "Matrix JSON: $MATRIX_JSON"
+          echo "matrix=$MATRIX_JSON" >> $GITHUB_OUTPUT
+
+  trigger-unit-tests:
+    name: "Unit Tests"
+    runs-on: ubuntu-latest
+    needs: [generate-affected-matrix]
+    steps:
+      - name: Call unit tests workflow
+        uses: ./.github/workflows/unit-test-workflow.yml@main
+        with:
+          matrix: ${{ needs.generate-affected-matrix.outputs.matrix }}
+
+  lint:
+    # long timeout required when cache has to be recreated
+    timeout-minutes: 30
+    name: "Lint"
+    runs-on: ubuntu-latest
+    needs: [setup]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0 # Fetch all history for all tags and branches
+      - uses: ./.github/actions/setup
+      - run: npx nx affected --target=lint $NX_CALCULATION_FLAGS
+
+  build-libs:
+    # long timeout required when cache has to be recreated
+    timeout-minutes: 30
+    name: "Build libs"
+    runs-on: ubuntu-latest
+    needs: [setup]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0 # Fetch all history for all tags and branches
+      - uses: ./.github/actions/setup
+      - uses: ./.github/actions/download-node-modules-and-artifacts
+      - run: NX_REJECT_UNKNOWN_LOCAL_CACHE=0 npx nx affected:build $NX_CALCULATION_FLAGS --prod
+      - run: NX_REJECT_UNKNOWN_LOCAL_CACHE=0 npx nx affected --target=build-storybook $NX_CALCULATION_FLAGS --configuration=ci
+      - uses: ./.github/actions/upload-node-modules-and-artifacts
+
+  PR-forbidden-labels:
+    if: ${{ inputs.cron-run == '' || inputs.cron-run == 'false' }}
+    runs-on: ubuntu-latest
+    steps:
+      - id: checkoutRepo
+        name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 1
+      - name: PR contains forbidden labels
+        id: pr-forbidden
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const issueHasLabels = require('./scripts/github/update/check-issue-has-label.js');
+            const checkLabels = ['next version ➡️', 'do not merge🙅🏻‍♂️'];
+
+            const hasLabel = await issueHasLabels({github, context, checkLabels})
+
+            if(hasLabel) {
+              core.setFailed('The PR contains a forbidden label! You are not allowed to merge until the label is there.');
+            }
+      - name: Check value after
+        run: |
+          echo "result ${{ toJson(steps.pr-forbidden.*.result) }}" && echo "result ${{ steps.pr-forbidden.*.result }}"
+          echo "result ${{ contains(toJson(steps.pr-forbidden.*.result), 'failure') }}"
+
+  finalize:
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    name: Final Results
+    needs: [check-if-pr-is-approved, pre-checks, setup, trigger-unit-tests, lint, build-libs]
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: identify-slack-group
+        id: groups
+        if: ${{ github.event_name == 'schedule' }}
+        uses: ./.github/actions/slack-group-area
+        with:
+          affected: ${{ steps.e2e-result.outputs.result }}
+      - name: workflow failure
+        run: exit 1
+        if: ${{ contains(needs.*.result, 'failure') }}
+      - name: workflow canceled
+        run: exit 1
+        if: ${{ contains(needs.*.result, 'cancelled') }}
+      - name: workflow success
+        run: exit 0
+        if: ${{ contains(needs.*.result, 'success') }}