From dfba39266a7d1c0dc8a2a7f286b7bdf5d7198c09 Mon Sep 17 00:00:00 2001 From: Tilman Vatteroth Date: Fri, 21 Oct 2022 18:57:29 +0200 Subject: [PATCH] fix(ci): run workflows in target repository context Signed-off-by: Tilman Vatteroth --- .github/workflows/build.yml | 10 ++++-- .github/workflows/deploy-main.yml | 28 +++++++++++++---- .github/workflows/deploy-pr.yml | 51 +++++++++++++++++++++++-------- .github/workflows/e2e.yml | 24 +++++++++++---- .github/workflows/lint.yml | 13 +++++--- .github/workflows/reuse.yml | 4 +-- netlify/deploy-main.sh | 23 -------------- netlify/deploy-pr.sh | 23 -------------- netlify/netlify-cli.sh | 10 ------ netlify/patch-files.sh | 18 ----------- renovate.json | 13 +++++++- 11 files changed, 109 insertions(+), 108 deletions(-) delete mode 100755 netlify/deploy-main.sh delete mode 100755 netlify/deploy-pr.sh delete mode 100755 netlify/netlify-cli.sh delete mode 100644 netlify/patch-files.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 193134b49..b207b9a28 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,9 +6,9 @@ name: test, build on: push: - branches: [main] + branches: [ main ] pull_request: - branches: [main] + branches: [ main ] jobs: build: @@ -20,9 +20,11 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v3 + - name: Get yarn cache directory path id: yarn-cache-dir-path run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT + - name: Cache yarn cache uses: actions/cache@v3 id: yarn-cache @@ -31,13 +33,17 @@ jobs: key: ${{ runner.os }}-${{ matrix.node }}-yarn-${{ hashFiles('**/yarn.lock') }} restore-keys: | ${{ runner.os }}-yarn-${{ matrix.node }} + - name: Set up NodeJS uses: actions/setup-node@v3 with: node-version: ${{ matrix.node }} + - name: Install dependencies run: yarn install --immutable + - name: Test Project run: yarn test:ci + - name: Build project run: yarn build:mock diff --git a/.github/workflows/deploy-main.yml b/.github/workflows/deploy-main.yml index ebd09725d..d782d0173 100644 --- a/.github/workflows/deploy-main.yml +++ b/.github/workflows/deploy-main.yml @@ -8,6 +8,10 @@ on: push: branches: [ main ] +env: + NETLIFY_VERSION: 12.0.11 + NODE_VERSION: 18 + jobs: deploy: runs-on: ubuntu-latest @@ -25,17 +29,26 @@ jobs: id: yarn-cache with: path: ${{ steps.yarn-cache-dir-path.outputs.dir }} - key: ${{ runner.os }}-18-yarn-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-${{ env.NODE_VERSION }}-yarn-${{ hashFiles('**/yarn.lock') }} restore-keys: | - ${{ runner.os }}-yarn-18 + ${{ runner.os }}-yarn-${{ env.NODE_VERSION }} - name: Set up NodeJS uses: actions/setup-node@v3 with: - node-version: 18 + node-version: ${{ env.NODE_VERSION }} - - name: Patch files - run: bash netlify/patch-files.sh "https://hedgedoc.dev/" + - name: Patch intro.md to include netlify banner. + run: cp netlify/intro.md public/public/intro.md + + - name: Patch motd.md to include privacy policy. + run: cp netlify/motd.md public/public/motd.md + + - name: Patch version.json to include git hash + run: jq ".version = \"0.0.0+${GITHUB_SHA:0:8}\"" src/version.json > src/_version.json && mv src/_version.json src/version.json + + - name: Patch base URL + run: echo "HD_EDITOR_BASE_URL=\"https://hedgedoc.dev/\"" >> .env.production - name: Install dependencies run: yarn install --immutable @@ -46,7 +59,10 @@ jobs: - name: Remove Next.js cache to avoid it being deployed run: rm -r .next/cache + - name: Install netlify CLI + run: "npm install -g netlify-cli@${{ env.NETLIFY_VERSION }}" + - name: Run netlify CLI deployment env: NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} - run: bash netlify/deploy-main.sh "${{ github.event.head_commit.id }}" "${{ github.event.head_commit.message }}" + run: "netlify deploy --build --prod --message \"${{ github.event.head_commit.id }}: ${{ github.event.head_commit.message }}\"" diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml index aad853764..3b863aaf9 100644 --- a/.github/workflows/deploy-pr.yml +++ b/.github/workflows/deploy-pr.yml @@ -5,13 +5,30 @@ name: deploy on: - pull_request: + pull_request_target: + branches: [ main ] + types: + - labeled + - opened + - synchronize + - reopened + - ready_for_review + +permissions: + contents: read + deployments: write + +env: + NETLIFY_VERSION: 12.0.11 + NODE_VERSION: 18 jobs: deploy: - if: github.event.pull_request.draft == false + if: github.event.pull_request.draft == false || contains( github.event.pull_request.labels.*.name, 'FORCE DEPLOY'). runs-on: ubuntu-latest name: Deploys to netlify + env: + DEPLOY_URL: "https://${{ github.event.number }}--hedgedoc-ui-test.netlify.app/" steps: - name: Checkout repository uses: actions/checkout@v3 @@ -25,17 +42,26 @@ jobs: id: yarn-cache with: path: ${{ steps.yarn-cache-dir-path.outputs.dir }} - key: ${{ runner.os }}-18-yarn-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-${{ env.NODE_VERSION }}-yarn-${{ hashFiles('**/yarn.lock') }} restore-keys: | - ${{ runner.os }}-yarn-18 + ${{ runner.os }}-yarn-${{ env.NODE_VERSION }} - name: Set up NodeJS uses: actions/setup-node@v3 with: - node-version: 18 + node-version: ${{ env.NODE_VERSION }} - - name: Patch files - run: bash netlify/patch-files.sh "https://${{ github.event.number }}--hedgedoc-ui-test.netlify.app/" + - name: Patch intro.md to include netlify banner. + run: cp netlify/intro.md public/public/intro.md + + - name: Patch motd.md to include privacy policy. + run: cp netlify/motd.md public/public/motd.md + + - name: Patch version.json to include git hash + run: jq ".version = \"0.0.0+${GITHUB_SHA:0:8}\"" src/version.json > src/_version.json && mv src/_version.json src/version.json + + - name: Patch base URL + run: echo "HD_EDITOR_BASE_URL=\"${{ env.DEPLOY_URL }}\"" >> .env.production - name: Install dependencies run: yarn install --immutable @@ -56,11 +82,13 @@ jobs: override: true ref: ${{ github.head_ref }} - - name: Run netlify CLI deployment + - name: Install netlify CLI + run: "npm install -g netlify-cli@${{ env.NETLIFY_VERSION }}" + + - name: Run netlify CLI env: NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} - run: bash netlify/deploy-pr.sh "${{ github.event.number }}" "${{ github.event.pull_request.title }}" - id: netlify-result + run: "netlify deploy --build --context deploy-preview --alias \"${{ github.event.number }}\" --json --message \"PR #${{ github.event.number }}\"" - name: Mark GitHub deployment as finished if: always() @@ -68,9 +96,8 @@ jobs: with: step: finish token: ${{ secrets.GITHUB_TOKEN }} - env_url: ${{ steps.netlify-result.outputs.url }} + env_url: ${{ env.DEPLOY_URL }} env: ${{ steps.github-deployment.outputs.env }} - logs: ${{ steps.netlify-result.outputs.logs }} status: ${{ job.status }} deployment_id: ${{ steps.github-deployment.outputs.deployment_id }} override: true diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index a117455a8..86f177c83 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -7,9 +7,15 @@ name: e2e on: push: branches: [ main ] - pull_request: + pull_request_target: branches: [ main ] +permissions: + contents: read + +env: + NODE_VERSION: 18 + jobs: build-frontend: runs-on: ubuntu-latest @@ -36,15 +42,15 @@ jobs: if: steps.build-cache.outputs.cache-hit != 'true' with: path: ${{ steps.yarn-cache-dir-path.outputs.dir }} - key: ${{ runner.os }}-18-yarn-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-${{ env.NODE_VERSION }}-yarn-${{ hashFiles('**/yarn.lock') }} restore-keys: | - ${{ runner.os }}-yarn-18 + ${{ runner.os }}-yarn-${{ env.NODE_VERSION }} - name: Set up NodeJS if: steps.build-cache.outputs.cache-hit != 'true' uses: actions/setup-node@v3 with: - node-version: 18 + node-version: ${{ env.NODE_VERSION }} - name: Install dependencies if: steps.build-cache.outputs.cache-hit != 'true' @@ -93,9 +99,15 @@ jobs: id: yarn-cache with: path: ${{ steps.yarn-cache-dir-path.outputs.dir }} - key: ${{ runner.os }}-16-yarn-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-${{ env.NODE_VERSION }}-yarn-${{ hashFiles('**/yarn.lock') }} restore-keys: | - ${{ runner.os }}-yarn-16 + ${{ runner.os }}-yarn-${{ env.NODE_VERSION }} + + - name: Set up NodeJS + if: steps.build-cache.outputs.cache-hit != 'true' + uses: actions/setup-node@v3 + with: + node-version: ${{ env.NODE_VERSION }} - name: Install dependencies run: yarn install --immutable diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 77d242e71..7621269bc 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -6,9 +6,12 @@ name: lint on: push: - branches: [main] + branches: [ main ] pull_request: - branches: [main] + branches: [ main ] + +env: + NODE_VERSION: 18 jobs: lint: @@ -27,14 +30,14 @@ jobs: id: yarn-cache with: path: ${{ steps.yarn-cache-dir-path.outputs.dir }} - key: ${{ runner.os }}-18-yarn-${{ hashFiles('**/yarn.lock') }} + key: ${{ runner.os }}-${{ env.NODE_VERSION }}-yarn-${{ hashFiles('**/yarn.lock') }} restore-keys: | - ${{ runner.os }}-yarn-18 + ${{ runner.os }}-yarn-${{ env.NODE_VERSION }} - name: Set up NodeJS uses: actions/setup-node@v3 with: - node-version: 18 + node-version: ${{ env.NODE_VERSION }} - name: Install dependencies run: yarn install --immutable diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 2416274d1..6f867299c 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -6,9 +6,9 @@ name: REUSE Compliance Check on: push: - branches: [main] + branches: [ main ] pull_request: - branches: [main] + branches: [ main ] jobs: reuse: diff --git a/netlify/deploy-main.sh b/netlify/deploy-main.sh deleted file mode 100755 index dd3eef71c..000000000 --- a/netlify/deploy-main.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# -# SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file) -# -# SPDX-License-Identifier: AGPL-3.0-only -# - -json=$($(dirname "$0")/netlify-cli.sh deploy --build --prod --json --message "${1:0:8}: $2") - -if [ $? -ne 0 ]; then - echo "Error while executing netlify! Will try again without json..." - $(dirname "$0")/netlify-cli.sh deploy --build --prod --message "${1:0:8}: $2" - exit 1 -fi - -echo "${json}" - -url=$(echo "${json}" | jq -r .deploy_url) -logs=$(echo "${json}" | jq -r .logs) - -echo "::set-output name=url::${url}" -echo "::set-output name=logs::${logs}" diff --git a/netlify/deploy-pr.sh b/netlify/deploy-pr.sh deleted file mode 100755 index cfc1fc47b..000000000 --- a/netlify/deploy-pr.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# -# SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file) -# -# SPDX-License-Identifier: AGPL-3.0-only -# - -json=$($(dirname "$0")/netlify-cli.sh deploy --build --context deploy-preview --alias "$1" --json --message "[#$1] $2") - -if [ $? -ne 0 ]; then - echo "Error while executing netlify! Will try again without json..." - $(dirname "$0")/netlify-cli.sh deploy --build --context deploy-preview --alias "$1" --message "[#$1] $2" - exit 1 -fi - -echo "${json}" - -url=$(echo "${json}" | jq -r .deploy_url) -logs=$(echo "${json}" | jq -r .logs) - -echo "::set-output name=url::${url}" -echo "::set-output name=logs::${logs}" diff --git a/netlify/netlify-cli.sh b/netlify/netlify-cli.sh deleted file mode 100755 index 91c7a11fb..000000000 --- a/netlify/netlify-cli.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -# -# SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file) -# -# SPDX-License-Identifier: AGPL-3.0-only -# - -NETLIFY_VERSION=12.0.11 -exec npx --yes netlify-cli@${NETLIFY_VERSION} $@ diff --git a/netlify/patch-files.sh b/netlify/patch-files.sh deleted file mode 100644 index 080873231..000000000 --- a/netlify/patch-files.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# -# SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file) -# -# SPDX-License-Identifier: AGPL-3.0-only -# - -set -e - -echo 'Patch intro.md to include netlify banner.' -cp netlify/intro.md public/public/intro.md -echo 'Patch motd.md to include privacy policy.' -cp netlify/motd.md public/public/motd.md -echo 'Patch version.json to include git hash' -jq ".version = \"0.0.0+${GITHUB_SHA:0:8}\"" src/version.json > src/_version.json -mv src/_version.json src/version.json -echo "Patch base URL" -echo HD_EDITOR_BASE_URL="${1}" >> .env.production diff --git a/renovate.json b/renovate.json index b6bbe1d72..425b26b70 100644 --- a/renovate.json +++ b/renovate.json @@ -93,13 +93,24 @@ "regexManagers": [ { "fileMatch": [ - "netlify-cli.sh$" + ".github/workflows/deploy-main.yml$", + ".github/workflows/deploy-pr.yml$" ], "matchStrings": [ "NETLIFY_VERSION=(?.*?)\\n" ], "datasourceTemplate" : "npm", "depNameTemplate" : "netlify-cli" + }, + { + "fileMatch": [ + ".github/workflows/deploy-main.yml$", + ".github/workflows/deploy-pr.yml$" + ], + "matchStrings": [ + "NODE_VERSION=(?.*?)\\n" + ], + "datasourceTemplate" : "node" } ] }