Merge branch 'master' into copilot/add-visual-progress-indicators

Author: imnasnainaec

.github/actions/combine-build/action.yml

@@ -41,7 +41,7 @@ runs:
       shell: bash
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
       with:
         aws-access-key-id: ${{ inputs.aws_access_key_id }}
         aws-secret-access-key: ${{ inputs.aws_secret_access_key }}

.github/workflows/backend.yml

@@ -55,7 +55,7 @@ jobs:
           if-no-files-found: error
           name: coverage
           path: Backend.Tests/coverage.cobertura.xml
-          retention-days: 7
+          retention-days: 5
       - name: Development build
         run: dotnet build BackendFramework.sln
       - name: Release build

.github/workflows/frontend.yml

@@ -78,7 +78,7 @@ jobs:
           if-no-files-found: error
           name: coverage
           path: coverage/cobertura-coverage.xml
-          retention-days: 7
+          retention-days: 5
 
   upload_coverage:
     needs: test_coverage

.github/workflows/installer.yml

@@ -0,0 +1,180 @@
+name: installer
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+    paths:
+      - ".github/workflows/installer.yml"
+      - "installer/**"
+
+concurrency:
+  cancel-in-progress: true
+  group: ${{ github.workflow }}-${{ github.ref_protected && github.run_id || github.event.pull_request.number }}
+
+permissions: # added using https://github.com/step-security/secure-workflows
+  contents: read
+
+jobs:
+  make_installer:
+    runs-on: ubuntu-latest
+    steps:
+      # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
+      # configuring harden-runner and identifying allowed endpoints.
+      - name: Harden Runner
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: block
+          allowed-endpoints: >
+            *-docker.pkg.dev:443
+            *.cloudfront.net:443
+            azure.archive.ubuntu.com:80
+            cdn.dl.k8s.io:443
+            dl.k8s.io:443
+            esm.ubuntu.com:443
+            files.pythonhosted.org:443
+            get.helm.sh:443
+            get.k3s.io:443
+            github.com:443
+            kubernetes.github.io:443
+            packages.microsoft.com:443
+            prod-registry-k8s-io-us-east-1.s3.dualstack.us-east-1.amazonaws.com:443
+            prod-registry-k8s-io-us-east-2.s3.dualstack.us-east-2.amazonaws.com:443
+            prod-registry-k8s-io-us-west-1.s3.dualstack.us-west-1.amazonaws.com:443
+            prod-registry-k8s-io-us-west-2.s3.dualstack.us-west-2.amazonaws.com:443
+            public.ecr.aws:443
+            pypi.org:443
+            registry.k8s.io:443
+            release-assets.githubusercontent.com:443
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y makeself
+        shell: bash
+      - name: Make installer with --net-install
+        run: |
+          cd installer
+          ./make-combine-installer.sh --net-install --debug
+        shell: bash
+      - name: Upload net-installer artifact
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: combine-net-installer
+          path: installer/combine-net-installer.run
+          retention-days: 5
+      - name: Make installer with release version
+        run: |
+          cd installer
+          ./make-combine-installer.sh $(git describe --tags --abbrev=0) --debug
+        shell: bash
+      - name: Show size of installer files
+        run: |
+          cd installer
+          du -sh *
+        shell: bash
+
+  make_readme:
+    runs-on: ubuntu-latest
+    steps:
+      # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
+      # configuring harden-runner and identifying allowed endpoints.
+      - name: Harden Runner
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: block
+          allowed-endpoints: >
+            azure.archive.ubuntu.com:80
+            esm.ubuntu.com:443
+            github.com:443
+            packages.microsoft.com:443
+            s3.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
+            sts.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 2
+      - name: Detect changes to installer README
+        id: changed-readme
+        run: |
+          if git diff --name-only HEAD~1.. | grep -q "^installer/README.md$"; then
+            echo "changed=true" >> $GITHUB_OUTPUT
+          else
+            echo "changed=false" >> $GITHUB_OUTPUT
+          fi
+        shell: bash
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y pandoc weasyprint
+        shell: bash
+      - name: Generate README PDF
+        run: |
+          cd installer
+          pandoc --pdf-engine=weasyprint --metadata title="The Combine Installation Instructions" README.md -o README.pdf
+        shell: bash
+      - name: Configure AWS credentials
+        if: steps.changed-readme.outputs.changed == 'true' && github.event_name == 'push'
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+      - name: Upload README to S3
+        if: steps.changed-readme.outputs.changed == 'true' && github.event_name == 'push'
+        run: |
+          aws s3 cp installer/README.pdf s3://software.thecombine.app/README.pdf --content-type application/pdf
+        shell: bash
+
+  upload_net_installer:
+    needs: make_installer
+    runs-on: ubuntu-latest
+    steps:
+      # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
+      # configuring harden-runner and identifying allowed endpoints.
+      - name: Harden Runner
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: block
+          allowed-endpoints: >
+            azure.archive.ubuntu.com:80
+            esm.ubuntu.com:443
+            github.com:443
+            packages.microsoft.com:443
+            s3.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
+            sts.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 2
+      - name: Detect changes to make-combine-installer.sh
+        id: changed-installer
+        run: |
+          if git diff --name-only HEAD~1.. | grep -q "^installer/make-combine-installer.sh$"; then
+            echo "changed=true" >> $GITHUB_OUTPUT
+          else
+            echo "changed=false" >> $GITHUB_OUTPUT
+          fi
+        shell: bash
+      - name: Download net-installer artifact
+        if: steps.changed-installer.outputs.changed == 'true'&& github.event_name == 'push'
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        with:
+          name: combine-net-installer
+          path: installer/
+      - name: Configure AWS credentials
+        if: steps.changed-installer.outputs.changed == 'true' && github.event_name == 'push'
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+      - name: Upload net-installer to S3
+        if: steps.changed-installer.outputs.changed == 'true' && github.event_name == 'push'
+        run: |
+          aws s3 cp installer/combine-net-installer.run s3://software.thecombine.app/combine-net-installer.run --content-type application/octet-stream
+        shell: bash

.github/workflows/installer_release.yml

@@ -0,0 +1,90 @@
+name: installer_release
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+jobs:
+  make_installer:
+    runs-on: ubuntu-latest
+    steps:
+      # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
+      # configuring harden-runner and identifying allowed endpoints.
+      - name: Harden Runner
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: block
+          allowed-endpoints: >
+            *-docker.pkg.dev:443
+            *.cloudfront.net:443
+            azure.archive.ubuntu.com:80
+            cdn.dl.k8s.io:443
+            dl.k8s.io:443
+            esm.ubuntu.com:443
+            files.pythonhosted.org:443
+            get.helm.sh:443
+            get.k3s.io:443
+            github.com:443
+            kubernetes.github.io:443
+            packages.microsoft.com:443
+            prod-registry-k8s-io-us-east-1.s3.dualstack.us-east-1.amazonaws.com:443
+            prod-registry-k8s-io-us-east-2.s3.dualstack.us-east-2.amazonaws.com:443
+            prod-registry-k8s-io-us-west-1.s3.dualstack.us-west-1.amazonaws.com:443
+            prod-registry-k8s-io-us-west-2.s3.dualstack.us-west-2.amazonaws.com:443
+            public.ecr.aws:443
+            pypi.org:443
+            registry.k8s.io:443
+            release-assets.githubusercontent.com:443
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y makeself
+        shell: bash
+      - name: Make installer with release version
+        run: |
+          cd installer
+          ./make-combine-installer.sh ${{ github.event.release.tag_name }} --debug
+        shell: bash
+      - name: Upload installer artifact
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: combine-installer
+          path: installer/combine-installer.run
+          retention-days: 5
+
+  upload_installer:
+    needs: make_installer
+    runs-on: ubuntu-latest
+    steps:
+      # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
+      # configuring harden-runner and identifying allowed endpoints.
+      - name: Harden Runner
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: block
+          allowed-endpoints: >
+            s3.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
+            sts.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
+      - name: Download installer artifact
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        with:
+          name: combine-installer
+          path: installer/
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+      - name: Upload installer to S3
+        run: |
+          TARGET=s3://software.thecombine.app/combine-installer-${{ github.event.release.tag_name }}.run
+          aws s3 cp installer/combine-installer.run $TARGET --content-type application/octet-stream
+        shell: bash