From 65efcb5c667dd29a0896814702d0f27babf2133f Mon Sep 17 00:00:00 2001 From: el-virt Date: Mon, 30 Jun 2025 11:09:26 -0600 Subject: [PATCH] chore(ci): Fix workflows, release-please config --- .../release-please-config.main.json | 1 + ...elease-please-config.release_branches.json | 1 + .github/workflows/build-and-test.yaml | 250 +----------------- .github/workflows/deliver.yaml | 122 +-------- .github/workflows/release.yaml | 37 --- 5 files changed, 15 insertions(+), 396 deletions(-) diff --git a/.github/release-please/release-please-config.main.json b/.github/release-please/release-please-config.main.json index 53209ebd5..21fc51314 100644 --- a/.github/release-please/release-please-config.main.json +++ b/.github/release-please/release-please-config.main.json @@ -5,6 +5,7 @@ "group-pull-request-title-pattern": "chore(${branch}): release ${version}", "packages": { ".": { + "component": "sdk", "release-type": "simple", "extra-files": [ { diff --git a/.github/release-please/release-please-config.release_branches.json b/.github/release-please/release-please-config.release_branches.json index 0668dde4b..f1f3ce937 100644 --- a/.github/release-please/release-please-config.release_branches.json +++ b/.github/release-please/release-please-config.release_branches.json @@ -5,6 +5,7 @@ "group-pull-request-title-pattern": "chore(${branch}): release ${version}", "packages": { ".": { + "component": "sdk", "release-type": "simple", "extra-files": [ { diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml index 50d02900b..86436d897 100644 --- a/.github/workflows/build-and-test.yaml +++ b/.github/workflows/build-and-test.yaml @@ -1,251 +1,19 @@ name: "Build and Test Client" -env: - do_sonarscan: >- - ${{ (github.event_name == 'push' || - github.event.pull_request.head.repo.full_name == github.repository) && - github.actor != 'dependabot[bot]' }} - on: pull_request: push: branches: - main - "release/**" -jobs: - ccc: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./lib - timeout-minutes: 5 - steps: - - name: Conventional Commits Check - if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name) - id: conventional-commits - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - # Types include: - # - fix: fixes - # - feat: features and enhancements - # - chore: non-feature or enhancement (i.e. docs, ci, linting, automated, etc) - types: | - fix - feat - chore - revert - # Scopes include: - # - sdk: changes to @opentdf/sdk (was lib) - # - cli: changes to @opentdf/ctl - # - ci: anything related to ci - # - tests: test only changes - # - docs: anything related solely to documentation - scopes: | - ci - cli - docs - sdk - tests - - lib: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./lib - timeout-minutes: 5 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - with: - fetch-depth: ${{ !fromJSON(env.do_sonarscan) && 1 || 0 }} - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 - with: - node-version: '22' - cache: 'npm' - cache-dependency-path: './lib/package-lock.json' - - run: npm ci - - run: npm test - - uses: fingerprintjs/action-coverage-report-md@72dfb7de7581612640a8e599e918b2eda98f9bba #v2.0.1 - id: coverage-md - with: - srcBasePath: './' - textReportPath: './lib/coverage/coverage.txt' - - run: echo "${MARKDOWN_REPORT}" >>$GITHUB_STEP_SUMMARY - env: - MARKDOWN_REPORT: '${{ steps.coverage-md.outputs.markdownReport }}' - - run: npm audit --omit dev && npm audit --audit-level high --omit dev - - run: npm run license-check - - run: npm run lint - - run: npm pack - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 - with: - name: opentdf-sdk-lib - path: ./lib/opentdf-sdk-*.tgz - - name: SonarCloud Scan - if: fromJSON(env.do_sonarscan) - uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf #v5.2.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - cli: - needs: - - lib - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./cli - timeout-minutes: 5 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 - with: - node-version: '22' - cache: 'npm' - cache-dependency-path: './cli/package-lock.json' - - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 - with: - name: opentdf-sdk-lib - path: lib/ - - run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz - - run: npm test - - run: npm audit --omit dev && npm audit --audit-level high --omit dev - - run: npm run license-check - - run: npm run lint - - run: npm pack - - name: Setup Bats and bats libs - uses: bats-core/bats-action@3.0.1 - - run: bats bin/opentdf.bats - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 - with: - name: opentdf-ctl - path: ./cli/opentdf-ctl-*.tgz - - web-app: - needs: - - lib - runs-on: ubuntu-22.04 # NOTE: Playwright not yet supported on 24.04 - defaults: - run: - working-directory: ./web-app - timeout-minutes: 5 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 - with: - node-version: '22' - cache: 'npm' - cache-dependency-path: './web-app/package-lock.json' - - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 - with: - name: opentdf-sdk-lib - path: lib/ - - run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz - - run: npm install - - run: npm audit --omit dev && npm audit --audit-level high --omit dev - - run: npm run license-check - - run: npm run lint - - run: npx playwright install - - run: npm test - - run: npm pack - scripts: - runs-on: ubuntu-latest - defaults: - run: - working-directory: .github/workflows - timeout-minutes: 5 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - name: πŸ¦‡πŸ¦‡πŸ¦‡πŸ¦‡πŸ¦‡πŸ¦‡ - run: docker run --rm -v "$PWD:/mnt" --workdir "/mnt" bats/bats:1.11.0 *.bats - - name: πŸ¦ͺ βœ” 🧼🧼🧼 - run: >- - docker run --rm -v "$PWD:/mnt" --workdir "/mnt" "koalaman/shellcheck:v0.10.0" - --color=always *.sh +# Default empty permissions for all jobs +# fix later, need to add permissions for every job in reusable_build-and-test.yaml +# then add corresponding permissions to the build-and-test job below +#permissions: {} - platform-roundtrip: - needs: - - cli - - lib - - web-app - runs-on: ubuntu-22.04 # NOTE: Playwright not yet supported on 24.04 - defaults: - run: - working-directory: .github/workflows/roundtrip - timeout-minutes: 45 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 - with: - node-version: '22' - cache: 'npm' - cache-dependency-path: './web-app/package-lock.json' - - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 - with: - name: opentdf-sdk-lib - path: lib/ - - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 - with: - name: opentdf-ctl - path: cli/ - - name: Git clone backend - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - with: - path: .github/workflows/roundtrip/platform - repository: opentdf/platform - - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b #v5.4.0 - with: - go-version-file: .github/workflows/roundtrip/platform/service/go.mod - check-latest: false - cache-dependency-path: | - .github/workflows/roundtrip/platform/lib/fixtures/go.sum - .github/workflows/roundtrip/platform/lib/ocrypto/go.sum - .github/workflows/roundtrip/platform/protocol/go/go.sum - .github/workflows/roundtrip/platform/sdk/go.sum - .github/workflows/roundtrip/platform/service/go.sum - - run: find ./ -name go.mod - - name: go configure backend - run: |- - go work init - for x in platform/{protocol/go,lib/{fixtures,ocrypto},sdk,service}; do - go work use "$x" - done - - run: docker compose up -d --wait --wait-timeout 240 - - env: - PLAYWRIGHT_TESTS_TO_RUN: roundtrip - run: |- - ./wait-and-test.sh platform - - platform-xtest: - needs: - - cli - - lib - uses: opentdf/tests/.github/workflows/xtest.yml@main - with: - focus-sdk: js - js-ref: ${{ github.ref }} latest lts - platform-ref: main lts - - ci: - needs: - - lib - - cli - - web-app - - scripts - - platform-xtest - runs-on: ubuntu-22.04 - if: ${{ !cancelled() }} - steps: - - - name: "All jobs succeeded" - id: success - if: ${{ contains(needs.*.result, 'success') }} - run: | - : - - - name: "One or more jobs failed" - if: ${{ contains(needs.*.result, 'failure') }} - run: | - exit 1 +jobs: + build-and-test: + uses: opentdf/web-sdk/.github/workflows/reusable_build-and-test.yaml@main + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/deliver.yaml b/.github/workflows/deliver.yaml index 6e351e2f2..d1638f976 100644 --- a/.github/workflows/deliver.yaml +++ b/.github/workflows/deliver.yaml @@ -13,125 +13,11 @@ on: permissions: {} jobs: - deliver-ghp: + deliver: permissions: contents: read packages: write pages: write - runs-on: ubuntu-latest - - steps: - - name: "Checkout repo" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: "Setup node" - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 - with: - node-version: "22" - registry-url: https://npm.pkg.github.com - - - name: "Check version number is same between tag, library, and/or release" - id: check-version - env: - REF: ${{ github.ref }} - run: | - if [[ "$REF" = refs/heads/release/* ]]; then - scripts/check-version-is.sh "${GITHUB_REF##*release/}" - elif [[ "$REF" = refs/tags/sdk/v* ]]; then - scripts/check-version-is.sh "${GITHUB_REF_NAME#sdk/v}" - else - scripts/check-version-is.sh - fi - - - name: "Output build metadata" - id: guess-build-metadata - run: | - FULL_VERSION=$(.github/workflows/gh-semver.sh) - DIST_TAG=$(.github/workflows/guess-dist-tag.sh) - - echo "FULL_VERSION=$FULL_VERSION" >> "$GITHUB_OUTPUT" - echo "DIST_TAG=$DIST_TAG" >> "$GITHUB_OUTPUT" - - - name: "Run: make doc" - run: | - make doc - - - name: "Echo info" - env: - DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} - FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} - run: | - echo "::notice file=lib/package.json::Will be published to \ - [GitHub Packages](https://github.com/opentdf/web-sdk/pkgs/npm/client) \ - as $DIST_TAG \ - with version=[$FULL_VERSION]" - - - name: "Deliver to GitHub Packages" - env: - DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} - FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - bash scripts/deliver-to-npm-registry.sh "$FULL_VERSION" "$DIST_TAG" - - - name: "Echo info to Run Summary" - run: | - { - echo "- [Client Library](https://github.com/opentdf/web-sdk/pkgs/npm/client)" - echo "- [Command Line Tool](https://github.com/opentdf/web-sdk/pkgs/npm/cli)" - } >>"$GITHUB_STEP_SUMMARY" - - - name: "Publish documentation to gh-pages" - uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # v4.7.3 - with: - branch: gh-pages - folder: lib/dist/docs - - deliver-npmjs: - permissions: - contents: read - runs-on: ubuntu-latest - steps: - - name: "Checkout repo" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: "Setup node" - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 - with: - node-version: "22" - registry-url: "https://registry.npmjs.org" - - - name: "Run: make all" - run: | - make all - - - name: "Output build metadata" - id: guess-build-metadata - run: | - FULL_VERSION=$(.github/workflows/gh-semver.sh) - DIST_TAG=$(.github/workflows/guess-dist-tag.sh) - - echo "FULL_VERSION=$FULL_VERSION" >> "$GITHUB_OUTPUT" - echo "DIST_TAG=$DIST_TAG" >> "$GITHUB_OUTPUT" - - - name: "Deliver to npmjs" - env: - DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} - FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - bash scripts/deliver-to-npm-registry.sh "$FULL_VERSION" "$DIST_TAG" - - - name: "Echo info to Run Summary" - env: - FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} - run: | - { - echo "- [Client Library](https://www.npmjs.com/package/@opentdf/sdk/v/$FULL_VERSION)" - echo "- [Command Line Tool](https://www.npmjs.com/package/@opentdf/ctl/v/$FULL_VERSION)" - echo "- [unpkg](https://unpkg.com/browse/@opentdf/sdk@$FULL_VERSION)" - } >>"$GITHUB_STEP_SUMMARY" + uses: opentdf/web-sdk/.github/workflows/reusable_deliver.yaml@main + secrets: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8d9516c14..5b716494e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -17,40 +17,3 @@ jobs: secrets: APP_ID: ${{ secrets.APP_ID }} AUTOMATION_KEY: ${{ secrets.AUTOMATION_KEY }} - - update-dependencies: - if: ${{ needs.release-please.outputs.prs_created == 'true' }} - needs: release-please - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - steps: - - name: "Generate a token" - id: generate-token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 - with: - app-id: ${{ secrets.APP_ID }} - private-key: ${{ secrets.AUTOMATION_KEY }} - - - name: "Checkout repo" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: true - ref: ${{ fromJSON(needs.release-please.outputs.prs)[0].headBranchName }} - - - name: "Update dependencies" - run: | - git config --global user.name "opentdf-automation[bot]" - git config --global user.email "149537512+opentdf-automation[bot]@users.noreply.github.com" - make all - git add . - git commit -m "Update dependencies" - git push - - - name: "Sign 'Update dependencies' commit" - env: - GH_TOKEN: ${{ steps.generate-token.outputs.token }} - PULL_NUMBERS: ${{ fromJSON(needs.release-please.outputs.prs)[0].number }} - GITHUB_REPOSITORY: ${{ github.repository }} - uses: opentdf/platform/.github/actions/sign-backport-action-commits@main