codecov · matt-codecov · Feb 20, 2025 · Feb 13, 2025 · Feb 20, 2025 · Feb 20, 2025
diff --git a/.github/workflows/api-ci.yml b/.github/workflows/api-ci.yml
@@ -0,0 +1,118 @@
+name: API CI
+
+on:
+  push:
+    tags:
+      - prod-*
+    branches:
+      - main
+      - staging
+    paths:
+      - 'apps/codecov-api/**'
+      - 'apps/codecov-api'
+      - 'libs/**'
+  pull_request:
+    paths:
+      - 'apps/codecov-api/**'
+      - 'apps/codecov-api'
+      - 'libs/**'
+  merge_group:
+    paths:
+      - 'apps/codecov-api/**'
+      - 'apps/codecov-api'
+      - 'libs/**'
+
+permissions:
+  contents: "read"
+  id-token: "write"
+  issues: "write"
+  pull-requests: "write"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  api-lint:
+    name: Run Lint (API)
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    with:
+      working_directory: apps/codecov-api
+
+  api-mypy:
+    name: Patch typing (API)
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    with:
+      working_directory: apps/codecov-api
+
+  api-build:
+    name: Build App (API)
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      repo: ${{ vars.CODECOV_API_IMAGE_V2 || 'codecov/self-hosted-api' }}
+      working_directory: apps/codecov-api
+
+  # Runs create-commit, create-report
+  api-codecovstartup:
+    name: Codecov Startup (API)
+    needs: api-build
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      working_directory: apps/codecov-api
+
+  api-test:
+    name: Test (API)
+    needs: [api-build, api-codecovstartup]
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      run_integration: false
+      repo: ${{ vars.CODECOV_API_IMAGE_V2 || 'codecov/self-hosted-api' }}
+      working_directory: apps/codecov-api
+      flag_prefix: api
+
+  api-build-self-hosted:
+    name: Build Self Hosted (API)
+    needs: [api-build, api-test]
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      repo: ${{ vars.CODECOV_API_IMAGE_V2 || 'codecov/self-hosted-api' }}
+      working_directory: apps/codecov-api
+
+  api-staging:
+    name: Push Staging Image (API)
+    needs: [api-build, api-test]
+    if: ${{ github.event_name == 'push' && github.event.ref == 'refs/heads/staging' && github.repository_owner == 'codecov' }}
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      environment: staging
+      repo: ${{ vars.CODECOV_API_IMAGE_V2 || 'codecov/self-hosted-api' }}
+      working_directory: apps/codecov-api
+      sentry_project: api
+
+  api-production:
+    name: Push Production Image (API)
+    needs: [api-build, api-test]
+    if: ${{ github.event_name == 'push' && github.event.ref == 'refs/heads/main' && github.repository_owner == 'codecov' }}
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      environment: production
+      repo: ${{ vars.CODECOV_API_IMAGE_V2 || 'codecov/self-hosted-api' }}
+      working_directory: apps/codecov-api
+      sentry_project: api
+
+  api-self-hosted:
+    name: Push Self Hosted Image (API)
+    needs: [api-build-self-hosted, api-test]
+    secrets: inherit
+    if: ${{ github.event_name == 'push' && github.event.ref == 'refs/heads/main' && github.repository_owner == 'codecov' }}
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    with:
+      push_rolling: true
+      repo: ${{ vars.CODECOV_API_IMAGE_V2 || 'codecov/self-hosted-api' }}
+      working_directory: apps/codecov-api
diff --git a/.github/workflows/cache-cleanup.yml b/.github/workflows/cache-cleanup.yml
@@ -0,0 +1,33 @@
+name: cleanup caches by a branch
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Cleanup
+        run: |
+          gh extension install actions/gh-actions-cache
+
+          REPO=${{ github.repository }}
+          BRANCH="refs/pull/${{ github.event.pull_request.number }}/merge"
+
+          echo "Fetching list of cache key"
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
+
+          ## Setting this to not fail the workflow while deleting cache keys.
+          set +e
+          echo "Deleting caches..."
+          for cacheKey in $cacheKeysForPR
+          do
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
+          done
+          echo "Done"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/enforce-license-compliance.yml b/.github/workflows/enforce-license-compliance.yml
@@ -0,0 +1,14 @@
+name: Enforce License Compliance
+
+on:
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  enforce-license-compliance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Enforce License Compliance'
+        uses: getsentry/action-enforce-license-compliance@57ba820387a1a9315a46115ee276b2968da51f3d # main
+        with:
+          fossa_api_key: ${{ secrets.FOSSA_API_KEY }}
diff --git a/.github/workflows/self-hosted-release-pr.yml b/.github/workflows/self-hosted-release-pr.yml
@@ -0,0 +1,14 @@
+name: Create Self Hosted Release PR
+
+on:
+  workflow_dispatch:
+    inputs:
+      versionName:
+        description: "Name of version  (ie 23.9.5)"
+        required: true
+
+jobs:
+  create-release-pr:
+    name: Create PR for Release ${{ github.event.inputs.versionName }}
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    secrets: inherit
diff --git a/.github/workflows/self-hosted-release.yml b/.github/workflows/self-hosted-release.yml
@@ -0,0 +1,40 @@
+iname: Create Self Hosted Release
+
+on:
+  pull_request:
+    branches:
+      - main
+    types: [closed]
+
+permissions:
+  contents: "read"
+  id-token: "write"
+
+jobs:
+  create-release:
+    name: Tag Release ${{ github.head_ref }} and Push Docker image to Docker Hub
+    if: ${{ github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') && github.repository_owner == 'codecov' }}
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    with:
+      tag_to_prepend: self-hosted-
+    secrets: inherit
+
+  push-worker-image:
+    needs: [create-release]
+    if: ${{ github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') && github.repository_owner == 'codecov' }}
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      push_release: true
+      repo: ${{ vars.CODECOV_WORKER_IMAGE_V2 || 'codecov/self-hosted-worker' }}
+      working_directory: apps/worker
+
+  push-api-image:
+    needs: [create-release]
+    if: ${{ github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') && github.repository_owner == 'codecov' }}
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      push_release: true
+      repo: ${{ vars.CODECOV_API_IMAGE_V2 || 'codecov/self-hosted-api' }}
+      working_directory: apps/codecov-api
diff --git a/.github/workflows/shared-ci.yml b/.github/workflows/shared-ci.yml
@@ -0,0 +1,138 @@
+name: Shared CI
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'libs/shared/**'
+      - 'libs/shared'
+  pull_request:
+    paths:
+      - 'libs/shared/**'
+      - 'libs/shared'
+  merge_group:
+    paths:
+      - 'libs/shared/**'
+      - 'libs/shared'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  # TODO: get mypy running
+  shared-lint:
+    name: Run Lint (Shared)
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    with:
+      working_directory: libs/shared
+
+  shared-codecovstartup:
+    name: Codecov Startup (Shared)
+    uses: codecov/gha-workflows/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      working_directory: libs/shared
+
+  shared-test:
+    name: Test (Shared)
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: libs/shared
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+
+      - name: Build test environment
+        run: |
+          make test_env.build
+
+      - name: Bring containers up
+        run: |
+          make test_env.up
+
+      - name: Run tests
+        run: |
+          make test_env.test
+
+      - uses: actions/upload-artifact@v4
+        if: ${{ !cancelled() }}
+        with:
+          name: coveragefiles
+          path: libs/shared/tests/*.coverage.xml
+
+      - uses: actions/upload-artifact@v4
+        if: ${{ !cancelled() }}
+        with:
+          name: junitfiles
+          path: libs/shared/tests/*junit*.xml
+
+  shared-upload-to-codecov:
+    name: Upload to Codecov (shared)
+    needs: [shared-test]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - codecov_url_secret: CODECOV_URL
+            codecov_token_secret: CODECOV_ORG_TOKEN
+            name: prod
+          - codecov_url_secret: CODECOV_STAGING_URL
+            codecov_token_secret: CODECOV_ORG_TOKEN_STAGING
+            name: staging
+          - codecov_url_secret: CODECOV_QA_URL
+            codecov_token_secret: CODECOV_QA_ORG
+            name: qa
+          - codecov_url_secret: CODECOV_PUBLIC_QA_URL
+            codecov_token_secret: CODECOV_PUBLIC_QA_TOKEN
+            name: public qa
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: 'recursive'
+
+      - name: Download coverage
+        id: download_coverage
+        uses: actions/download-artifact@v4
+        with:
+          name: coveragefiles
+
+      - name: Download test results
+        id: download_test_results
+        uses: actions/download-artifact@v4
+        with:
+          name: junitfiles
+
+      - name: Uploading unit test coverage (${{ matrix.name }})
+        uses: codecov/codecov-action@v5
+        with:
+          files: ${{ steps.download_coverage.outputs.download-path }}/unit.coverage.xml
+          flags: shared-docker-uploader
+          disable_search: true
+          # Strange workaround: API has a `codecov` directory in the repo root
+          # which conflicts with the action's `codecov` binary
+          use_pypi: true
+          token: ${{ secrets[matrix.codecov_token_secret] }}
+          url: ${{ secrets[matrix.codecov_url_secret] }}
+          working-directory: libs/shared
+
+      - name: Uploading unit test results (${{ matrix.name }})
+        uses: codecov/test-results-action@v1
+        with:
+          files: ${{ steps.download_test_results.outputs.download-path }}/unit.junit.xml
+          flags: shared-docker-uploader
+          disable_search: true
+          token: ${{ secrets[matrix.codecov_token_secret] }}
+          url: ${{ secrets[matrix.codecov_url_secret] }}
+          # The coverage action will have installed codecovcli with pip. The
+          # actual binary will be found in $PATH.
+          binary: codecovcli
+          working-directory: libs/shared
+