Skip to content

test airlock build #1206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
shreyakhajanchi wants to merge 6 commits into
base: master
Choose a base branch
from
Draft

test airlock build #1206

shreyakhajanchi wants to merge 6 commits into from
+115 −0

Conversation

@shreyakhajanchi
Copy link
Contributor

@shreyakhajanchi shreyakhajanchi commented Sep 10, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 10, 2025
View reviewed changes
@codecov
Copy link

codecov bot commented Sep 10, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 46.47%. Comparing base (aa26fe2) to head (8b1e84c).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1206      +/-   ##
==========================================
+ Coverage   46.25%   46.47%   +0.21%     
==========================================
  Files         234      234              
  Lines       26768    26891     +123     
  Branches      581      581              
==========================================
+ Hits        12381    12497     +116     
- Misses      13638    13644       +6     
- Partials      749      750       +1
Components Coverage Δ
backend-apis 44.45% <ø> (ø)
backend-library 50.33% <ø> (+0.31%) ⬆️
cli 24.52% <ø> (ø)
frontend 37.04% <ø> (ø)
see 4 files with indirect coverage changes
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@pull-request-size pull-request-size bot added size/L and removed size/M labels Sep 15, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 15, 2025
View reviewed changes
.github/workflows/trusted-registry-build.yml
Comment on lines +13 to +115
runs-on: self-hosted

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '18'

# --- 1. BACKUP package-lock.json ---
- name: Backup package-lock.json
id: backup_lockfile
working-directory: ${{ github.workspace }}/ui
run: |
if [ -f package-lock.json ]; then
# Create the backup file in the same directory
cp package-lock.json package-lock.json.bak
echo "Backed up package-lock.json to package-lock.json.bak"
else
echo "package-lock.json not found. Skipping backup."
fi

# --- 2. ARTIFACT REGISTRY AUTHENTICATION & .npmrc SETUP ---
- name: Configure .npmrc with Gcloud Token
id: configure_npmrc
working-directory: ${{ github.workspace }}/ui
run: |
#!/usr/bin/env bash
set -e

# Get the access token. This requires the runner to be authenticated.
REPO_TOKEN="$(gcloud auth print-access-token)"

# Create the .npmrc file in the 'ui' directory.
cat > .npmrc <<EOL
registry=https://us-npm.pkg.dev/artifact-foundry-prod/npm-3p-trusted/
//us-npm.pkg.dev/artifact-foundry-prod/npm-3p-trusted/:always-auth=true
//us-npm.pkg.dev/artifact-foundry-prod/npm-3p-trusted/:_authToken=${REPO_TOKEN}
EOL

echo "Successfully created .npmrc in ui/"

# --- 3. INSTALL AND BUILD ---
- name: Install Dependencies and Build UI
id: build_ui
continue-on-error: true
working-directory: ${{ github.workspace }}/ui
run: |
set -e

# CRITICAL: Delete the existing package-lock.json so npm generates a new one
# using the authenticated registry, but does not use the old integrity hashes.
if [ -f package-lock.json ]; then
rm package-lock.json
fi

# Ensure a clean install
rm -rf node_modules

npm install
npm run build

# NOTE: If the install or build fails, the cleanup step runs next due to 'continue-on-error: true'

# --- 4. CLEANUP AND RESTORE ---
- name: Cleanup .npmrc, node_modules, and Restore package-lock.json
if: always() # Ensure this runs even if the install/build step failed
working-directory: ${{ github.workspace }}/ui
run: |
# 4a. Remove the generated .npmrc file
if [ -f .npmrc ]; then
rm .npmrc
echo "Removed temporary .npmrc"
fi

# 4b. Remove the dynamically generated package-lock.json (from the install)
if [ -f package-lock.json ]; then
rm package-lock.json
echo "Removed newly generated package-lock.json"
fi

# 4c. Restore the original package-lock.json
if [ -f package-lock.json.bak ]; then
mv package-lock.json.bak package-lock.json
echo "Restored original package-lock.json"
else
echo "No backup file found to restore."
fi

# 4d. Remove node_modules
if [ -d node_modules ]; then
rm -rf node_modules
echo "Removed node_modules directory"
fi

# --- 5. FAIL WORKFLOW (If Build Failed) ---
- name: Fail workflow if build failed
if: steps.build_ui.outcome != 'success'
run: |
echo "Build with trusted registry failed. Failing the workflow."
exit 1 No newline at end of file

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shreyakhajanchi