From 9e8fcd9acc56785d5dad61221bb7a76c56296bf4 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Tue, 25 Feb 2025 09:28:41 +0100 Subject: [PATCH] ci: update workflows Signed-off-by: Ferdinand Thiessen --- .github/workflows/changelog-generate.yml | 6 +- .github/workflows/cypress.yml | 160 ++++++++++++++---- .../workflows/dependabot-approve-merge.yml | 2 +- .github/workflows/documentation.yml | 7 +- .github/workflows/l10n.yml | 14 +- .github/workflows/node-test.yml | 4 +- .github/workflows/node.yml | 2 +- .github/workflows/npm-publish.yml | 4 +- .github/workflows/reuse.yml | 3 + 9 files changed, 154 insertions(+), 48 deletions(-) diff --git a/.github/workflows/changelog-generate.yml b/.github/workflows/changelog-generate.yml index 6deb76b5..23d15dfa 100644 --- a/.github/workflows/changelog-generate.yml +++ b/.github/workflows/changelog-generate.yml @@ -13,8 +13,10 @@ jobs: runs-on: ubuntu-latest if: github.actor != 'dependabot[bot]' steps: - - name: Check-out - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Get last released tag id: last_version diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index a14cb86a..42957965 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -8,70 +8,162 @@ name: Cypress -on: - pull_request: - push: - branches: - - main - - master - - stable* +on: pull_request + +concurrency: + group: cypress-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +env: + # Adjust APP_NAME if your repository name is different + APP_NAME: ${{ github.event.repository.name }} + + # This represents the server branch to checkout. + # Usually it's the base branch of the PR, but for pushes it's the branch itself. + # e.g. 'main', 'stable27' or 'feature/my-feature' + # n.b. server will use head_ref, as we want to test the PR branch. + BRANCH: ${{ github.base_ref || github.ref_name }} + + +permissions: + contents: read jobs: - cypress: + init: runs-on: ubuntu-latest + outputs: + nodeVersion: ${{ steps.versions.outputs.nodeVersion }} + npmVersion: ${{ steps.versions.outputs.npmVersion }} - strategy: - fail-fast: false - matrix: - # run multiple copies of the current job in parallel - containers: [1] + env: + PUPPETEER_SKIP_DOWNLOAD: true - name: runner ${{ matrix.containers }} steps: + - name: Disabled on forks + if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} + run: | + echo 'Can not run cypress on forks' + exit 1 + - name: Checkout app - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: Check composer.json + id: check_composer + uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 + with: + files: "composer.json" + + - name: Install composer dependencies + if: steps.check_composer.outputs.files_exists == 'true' + run: composer install --no-dev - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v2.1 + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: fallbackNode: "^20" - fallbackNpm: "^9" + fallbackNpm: "^10" - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: - cache: 'npm' node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' + + - name: Install node dependencies & build app + run: | + npm ci + TESTING=true npm run build --if-present + + - name: Save context + uses: buildjet/cache/save@v4 + with: + key: cypress-context-${{ github.run_id }} + path: ./ + + cypress: + runs-on: ubuntu-latest + needs: init + + strategy: + fail-fast: false + matrix: + # Run multiple copies of the current job in parallel + # Please increase the number or runners as your tests suite grows + containers: ['component'] + + name: runner ${{ matrix.containers }} + + steps: + - name: Restore context + uses: buildjet/cache/restore@v4 + with: + fail-on-cache-miss: true + key: cypress-context-${{ github.run_id }} + path: ./ - - name: Build and run Cypress - uses: cypress-io/github-action@18a6541367f4580a515371905f499a27a44e8dbe # v6.7.12 + - name: Set up node ${{ needs.init.outputs.nodeVersion }} + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: - build: npm run build - component: true - # cypress io - record: true - parallel: true + node-version: ${{ needs.init.outputs.nodeVersion }} + + - name: Set up npm ${{ needs.init.outputs.npmVersion }} + run: npm i -g 'npm@${{ needs.init.outputs.npmVersion }}' + + - name: Run ${{ startsWith(matrix.containers, 'component') && 'component' || 'E2E' }} cypress tests + uses: cypress-io/github-action@57b70560982e6a11d23d4b8bec7f8a487cdbb71b # v6.7.8 + with: + record: ${{ secrets.CYPRESS_RECORD_KEY && true }} + parallel: ${{ secrets.CYPRESS_RECORD_KEY && true }} + # cypress run type + component: ${{ startsWith(matrix.containers, 'component') }} + group: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_GROUP }} # cypress env - ci-build-id: ${{ github.sha }}-${{ github.run_number }} - tag: ${{ github.event_name }} + ci-build-id: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_BUILD_ID }} + tag: ${{ secrets.CYPRESS_RECORD_KEY && github.event_name }} env: + # Needs to be prefixed with CYPRESS_ + CYPRESS_BRANCH: ${{ env.BRANCH }} # https://github.com/cypress-io/github-action/issues/124 - COMMIT_INFO_MESSAGE: ${{ github.event.pull_request.title }} + COMMIT_INFO_MESSAGE: ${{ github.event.pull_request.title }} + # Needed for some specific code workarounds + TESTING: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} - npm_package_name: nextcloud-upload - npm_package_version: cypress + CYPRESS_BUILD_ID: ${{ github.sha }}-${{ github.run_number }} + CYPRESS_GROUP: Run ${{ startsWith(matrix.containers, 'component') && 'component' || 'E2E' }} + + - name: Upload snapshots + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + if: always() + with: + name: snapshots_${{ matrix.containers }} + path: cypress/snapshots + + - name: Extract NC logs + if: failure() && matrix.containers != 'component' + run: docker logs nextcloud-cypress-tests-${{ env.APP_NAME }} > nextcloud.log + + - name: Upload NC logs + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + if: failure() && matrix.containers != 'component' + with: + name: nc_logs_${{ matrix.containers }} + path: nextcloud.log summary: runs-on: ubuntu-latest - needs: cypress + needs: [init, cypress] + if: always() name: cypress-summary + steps: - name: Summary status - run: if ${{ needs.cypress.result != 'success' && needs.cypress.result != 'skipped' }}; then exit 1; fi + run: if ${{ needs.init.result != 'success' || ( needs.cypress.result != 'success' && needs.cypress.result != 'skipped' ) }}; then exit 1; fi diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index 11f780d7..a3f4aad9 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -24,7 +24,7 @@ concurrency: jobs: auto-approve-merge: - if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]' + if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]' runs-on: ubuntu-latest permissions: # for hmarr/auto-approve-action to approve PRs diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index fbe89d84..acb10ff6 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -13,6 +13,9 @@ on: release: types: [published] +permissions: + contents: read + jobs: build-and-deploy: runs-on: ubuntu-latest @@ -24,7 +27,7 @@ jobs: if: github.event.release uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 with: - require: admin + require: write - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -39,7 +42,7 @@ jobs: fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/l10n.yml b/.github/workflows/l10n.yml index 6fb433f1..8a1eac21 100644 --- a/.github/workflows/l10n.yml +++ b/.github/workflows/l10n.yml @@ -3,23 +3,29 @@ name: L10n on: pull_request +permissions: + contents: read + jobs: l10n-extract-check: runs-on: ubuntu-latest name: Pot check steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Read package.json node and npm engines version uses: skjnldsv/read-package-engines-version-actions@v3 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^20' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v4.2.0 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node-test.yml b/.github/workflows/node-test.yml index 0e05b527..d5bd0d47 100644 --- a/.github/workflows/node-test.yml +++ b/.github/workflows/node-test.yml @@ -72,7 +72,7 @@ jobs: fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -93,7 +93,7 @@ jobs: run: npm run test:coverage --if-present - name: Collect coverage - uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 with: files: ./coverage/lcov.info diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index acaf4e4c..02dd208f 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -65,7 +65,7 @@ jobs: fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml index bfb5968f..bb2bf455 100644 --- a/.github/workflows/npm-publish.yml +++ b/.github/workflows/npm-publish.yml @@ -27,7 +27,7 @@ jobs: - name: Check actor permission level uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 with: - require: admin + require: write - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -42,7 +42,7 @@ jobs: fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index b6828556..0d8e1962 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -11,6 +11,9 @@ name: REUSE Compliance Check on: [pull_request] +permissions: + contents: read + jobs: reuse-compliance-check: runs-on: ubuntu-latest