diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 596d43ee2a..ffeb1ca20e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -10,9 +10,9 @@ # precedence. When someone opens a pull request that only # modifies JS files, only @js-owner and not the global # owner(s) will be requested for a review. -/e2e/ @eromano @cristinaj +/e2e/ @eromano # The `docs/*` pattern will match files like # `docs/getting-started.md` but not further nested files like # `docs/build-app/troubleshooting.md`. -/docs/ @m-hulbert @eromano +/docs/ @eromano diff --git a/.github/workflows/pull-request-save.yml b/.github/workflows/pull-request-save.yml new file mode 100644 index 0000000000..134f3a613d --- /dev/null +++ b/.github/workflows/pull-request-save.yml @@ -0,0 +1,289 @@ +name: "pull-request-save" + +on: + workflow_call: + inputs: + dry-run-flag: + description: 'enable dry-run on artifact push' + required: false + type: boolean + default: true + devel: + description: 'devel' + required: false + type: boolean + default: false + cron-run: + description: 'disables jobs which should not run when cron runs e2es' + required: false + type: boolean + default: false + pull_request: + types: [opened, synchronize, reopened] + branches: + - develop + - master + - develop-patch* + - master-patch* + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + BASE_REF: ${{ github.base_ref }} + HEAD_REF: ${{ github.head_ref }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_BRANCH: ${{ github.ref_name }} + GH_BUILD_DIR: ${{ github.workspace }} + GH_COMMIT: ${{ github.sha }} + BUILD_ID: ${{ github.run_id }} + GH_RUN_NUMBER: ${{ github.run_attempt }} + GH_BUILD_NUMBER: ${{ github.run_id }} + JOB_ID: ${{ github.run_id }} + LOG_LEVEL: "ERROR" + S3_BUILD_BUCKET_SHORT_NAME: ${{ secrets.S3_BUILD_BUCKET_SHORT_NAME }} + NODE_OPTIONS: "--max-old-space-size=5120" + DOCKER_REPOSITORY_DOMAIN: ${{ secrets.DOCKER_REPOSITORY_DOMAIN }} + DOCKER_REPOSITORY_USER: ${{ secrets.DOCKER_REPOSITORY_USER }} + DOCKER_REPOSITORY_PASSWORD: ${{ secrets.DOCKER_REPOSITORY_PASSWORD }} + DOCKER_REPOSITORY_STORYBOOK: "${{ secrets.DOCKER_REPOSITORY_DOMAIN }}/alfresco/storybook" + REPO_OWNER: "Alfresco" + REPO_NAME: "alfresco-ng2-components" + STORYBOOK_DIR: "./dist/storybook/stories" + BUILT_LIBS_DIR: "./dist/libs" + NODE_MODULES_DIR: "./node_modules" + REDIRECT_URI: / + +jobs: + pre-checks: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Ensure SHA pinned actions + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@25ed13d0628a1601b4b44048e63cc4328ed03633 # v3.0.22 + + - name: Check package-lock.json version + run: | + if [[ $(jq '.lockfileVersion == 3' package-lock.json) == "true" ]] ; then + echo "package-lock.json has a correct version" + else + echo "package-lock must be version 3" + exit 1 + fi + + check-if-pr-is-approved: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 0 + + - name: Get branch name + uses: Alfresco/alfresco-build-tools/.github/actions/get-branch-name@c1236aee36bb9b35c5972819fcf8a4d07572e6cd # v8.16.0 + + - name: Save commit message + uses: Alfresco/alfresco-build-tools/.github/actions/get-commit-message@c1236aee36bb9b35c5972819fcf8a4d07572e6cd # v8.16.0 + + - name: ci:force flag parser + shell: bash + run: | + if [ "${{ github.event_name }}" == "schedule" ] || [ "${{ github.actor }}" == "dependabot[bot]" ]; then + echo -e "\033[32mci:force check can be skipped\033[0m" + skip_check="true" + elif [[ "$COMMIT_MESSAGE" == *"[ci:force]"* ]]; then + echo -e "\033[32m[ci:force] flag detected. No need for approval.\033[0m" + skip_check="true" + fi + + - name: Get PR number + if: ${{ github.event_name != 'schedule' && github.event_name != 'workflow_dispatch' }} + uses: kamatama41/get-pr-number-action@0bcaab5752c0b699149e74667c8ce2f764cbb7fa # v0.9.1 + id: action + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: show pr number + shell: bash + run: | + echo "PR: ${{ steps.action.outputs.number }}" + + - name: check if pr is approved + env: + DEVEL_FLAG: ${{ inputs.devel }} + GH_TOKEN: ${{ github.token }} + skip_check: "false" + run: | + if [ "${{ github.event_name }}" == "schedule" ] || [ "${{ github.actor }}" == "dependabot[bot]" ]; then + echo -e "\033[32mci:force check can be skipped\033[0m" + skip_check="true" + elif [[ "$COMMIT_MESSAGE" == *"[ci:force]"* ]]; then + echo -e "\033[32m[ci:force] flag detected. No need for approval.\033[0m" + skip_check="true" + fi + + if [ "${{ github.actor }}" == "dependabot[bot]" ] || [ "${{ github.actor }}" == "alfresco-build" ]; then + echo -e "\033[32mCommit by ${{ github.actor }}. No need for approval.\033[0m" + skip_check="true" + fi + if [ "${{ github.event_name }}" == "schedule" ] || [ "${{ github.event_name }}" == "workflow_dispatch" ]; then + echo -e "\033[32mSchedule event\033[0m" + skip_check="true" + fi + + if [[ "$DEVEL_FLAG" == "true" ]]; then + echo -e "\033[32mDevel flag\033[0m" + skip_check="true" + fi + + if [ "$skip_check" == "false" ]; then + echo "Checking PR approval" + prNumber=${{ steps.action.outputs.number }} + echo "PR: $prNumber" + checkApproval=$(gh api /repos/$GITHUB_REPOSITORY/pulls/$prNumber/reviews | jq '.[] | select(.state == "APPROVED") | .user.login') + if [[ $checkApproval ]]; then + echo -e "\033[32mPR approved\033[0m" + else + echo -e "\033[31mPR NOT approved\033[0m" + exit 1 + fi + fi + + setup: + # long timeout required when cache has to be recreated + timeout-minutes: 30 + name: "Setup" + runs-on: ubuntu-latest + needs: [check-if-pr-is-approved, pre-checks] + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 0 # Fetch all history for all tags and branches + - uses: ./.github/actions/setup + - name: install + run: | + npm ci + npx nx run js-api:bundle + npx nx run cli:bundle + - uses: ./.github/actions/upload-node-modules-and-artifacts + + generate-affected-matrix: + name: "Generate affected matrix" + runs-on: ubuntu-latest + needs: [] + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + with: + fetch-depth: 0 + - name: Install dependencies + run: npm ci + - name: Generate affected projects matrix + id: set-matrix + run: | + BASE_REF="${{ github.event.pull_request.base.ref }}" + echo "Base ref is $BASE_REF" + AFFECTED=$(npx nx show projects --affected --target=test --base=origin/$BASE_REF --select=projects --plain --exclude=cli,stories,eslint-angular) + echo "Affected projects: $AFFECTED" + MATRIX_JSON=$(echo $AFFECTED | xargs -n1 | jq -R -s -c 'split("\n")[:-1] | map({ "project": . })') + MATRIX_JSON=$(echo "$MATRIX_JSON" | tr -d '\n' | sed 's/"$//') + echo "Matrix JSON: $MATRIX_JSON" + echo "matrix=$MATRIX_JSON" >> $GITHUB_OUTPUT + + trigger-unit-tests: + name: "Unit Tests" + runs-on: ubuntu-latest + needs: [generate-affected-matrix] + steps: + - name: Call unit tests workflow + uses: ./.github/workflows/unit-test-workflow.yml@main + with: + matrix: ${{ needs.generate-affected-matrix.outputs.matrix }} + + lint: + # long timeout required when cache has to be recreated + timeout-minutes: 30 + name: "Lint" + runs-on: ubuntu-latest + needs: [setup] + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 0 # Fetch all history for all tags and branches + - uses: ./.github/actions/setup + - run: npx nx affected --target=lint $NX_CALCULATION_FLAGS + + build-libs: + # long timeout required when cache has to be recreated + timeout-minutes: 30 + name: "Build libs" + runs-on: ubuntu-latest + needs: [setup] + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 0 # Fetch all history for all tags and branches + - uses: ./.github/actions/setup + - uses: ./.github/actions/download-node-modules-and-artifacts + - run: NX_REJECT_UNKNOWN_LOCAL_CACHE=0 npx nx affected:build $NX_CALCULATION_FLAGS --prod + - run: NX_REJECT_UNKNOWN_LOCAL_CACHE=0 npx nx affected --target=build-storybook $NX_CALCULATION_FLAGS --configuration=ci + - uses: ./.github/actions/upload-node-modules-and-artifacts + + PR-forbidden-labels: + if: ${{ inputs.cron-run == '' || inputs.cron-run == 'false' }} + runs-on: ubuntu-latest + steps: + - id: checkoutRepo + name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 1 + - name: PR contains forbidden labels + id: pr-forbidden + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + const issueHasLabels = require('./scripts/github/update/check-issue-has-label.js'); + const checkLabels = ['next version ➡️', 'do not merge🙅🏻‍♂️']; + + const hasLabel = await issueHasLabels({github, context, checkLabels}) + + if(hasLabel) { + core.setFailed('The PR contains a forbidden label! You are not allowed to merge until the label is there.'); + } + - name: Check value after + run: | + echo "result ${{ toJson(steps.pr-forbidden.*.result) }}" && echo "result ${{ steps.pr-forbidden.*.result }}" + echo "result ${{ contains(toJson(steps.pr-forbidden.*.result), 'failure') }}" + + finalize: + if: ${{ always() }} + runs-on: ubuntu-latest + name: Final Results + needs: [check-if-pr-is-approved, pre-checks, setup, trigger-unit-tests, lint, build-libs] + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: identify-slack-group + id: groups + if: ${{ github.event_name == 'schedule' }} + uses: ./.github/actions/slack-group-area + with: + affected: ${{ steps.e2e-result.outputs.result }} + - name: workflow failure + run: exit 1 + if: ${{ contains(needs.*.result, 'failure') }} + - name: workflow canceled + run: exit 1 + if: ${{ contains(needs.*.result, 'cancelled') }} + - name: workflow success + run: exit 0 + if: ${{ contains(needs.*.result, 'success') }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index a9a5b5e3ed..8ac8be66e1 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -211,91 +211,7 @@ jobs: trigger-unit-tests: name: "Unit Tests" - runs-on: ubuntu-latest needs: [generate-affected-matrix] - steps: - - name: Call unit tests workflow - uses: ./.github/workflows/running-unit-test.yml@main - with: - matrix: ${{ needs.generate-affected-matrix.outputs.matrix }} - - lint: - # long timeout required when cache has to be recreated - timeout-minutes: 30 - name: "Lint" - runs-on: ubuntu-latest - needs: [setup] - steps: - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 0 # Fetch all history for all tags and branches - - uses: ./.github/actions/setup - - run: npx nx affected --target=lint $NX_CALCULATION_FLAGS - - build-libs: - # long timeout required when cache has to be recreated - timeout-minutes: 30 - name: "Build libs" - runs-on: ubuntu-latest - needs: [setup] - steps: - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 0 # Fetch all history for all tags and branches - - uses: ./.github/actions/setup - - uses: ./.github/actions/download-node-modules-and-artifacts - - run: NX_REJECT_UNKNOWN_LOCAL_CACHE=0 npx nx affected:build $NX_CALCULATION_FLAGS --prod - - run: NX_REJECT_UNKNOWN_LOCAL_CACHE=0 npx nx affected --target=build-storybook $NX_CALCULATION_FLAGS --configuration=ci - - uses: ./.github/actions/upload-node-modules-and-artifacts - - PR-forbidden-labels: - if: ${{ inputs.cron-run == '' || inputs.cron-run == 'false' }} - runs-on: ubuntu-latest - steps: - - id: checkoutRepo - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 1 - - name: PR contains forbidden labels - id: pr-forbidden - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - const issueHasLabels = require('./scripts/github/update/check-issue-has-label.js'); - const checkLabels = ['next version ➡️', 'do not merge🙅🏻‍♂️']; - - const hasLabel = await issueHasLabels({github, context, checkLabels}) - - if(hasLabel) { - core.setFailed('The PR contains a forbidden label! You are not allowed to merge until the label is there.'); - } - - name: Check value after - run: | - echo "result ${{ toJson(steps.pr-forbidden.*.result) }}" && echo "result ${{ steps.pr-forbidden.*.result }}" - echo "result ${{ contains(toJson(steps.pr-forbidden.*.result), 'failure') }}" - - finalize: - if: ${{ always() }} - runs-on: ubuntu-latest - name: Final Results - needs: [check-if-pr-is-approved, pre-checks, setup, trigger-unit-tests, lint, build-libs] - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: identify-slack-group - id: groups - if: ${{ github.event_name == 'schedule' }} - uses: ./.github/actions/slack-group-area - with: - affected: ${{ steps.e2e-result.outputs.result }} - - name: workflow failure - run: exit 1 - if: ${{ contains(needs.*.result, 'failure') }} - - name: workflow canceled - run: exit 1 - if: ${{ contains(needs.*.result, 'cancelled') }} - - name: workflow success - run: exit 0 - if: ${{ contains(needs.*.result, 'success') }} + uses: ./.github/workflows/unit-test-workflow.yml + with: + matrix: ${{ needs.generate-affected-matrix.outputs.matrix }} diff --git a/.github/workflows/running-unit-test.yml b/.github/workflows/running-unit-test.yml deleted file mode 100644 index 3eca26ab19..0000000000 --- a/.github/workflows/running-unit-test.yml +++ /dev/null @@ -1,27 +0,0 @@ -on: - workflow_call: - inputs: - matrix: - description: 'JSON Matrix of projects' - required: true - type: string - -jobs: - unit-tests: - runs-on: ubuntu-latest - strategy: - matrix: - include: ${{ fromJson(inputs.matrix) }} - max-parallel: 4 - steps: - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - with: - fetch-depth: 0 - - name: Setup environment - uses: ./.github/actions/setup - - name: Run unit tests for ${{ matrix.project }} - env: - NODE_OPTIONS: "--max-old-space-size=5120" - run: | - xvfb-run --auto-servernum npx nx run ${{ matrix.project }}:test