Release Notes Update: 0.6.17 #8676
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| jobs: | |
| install: | |
| name: Install Dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Lookup node_modules cache | |
| id: node-modules-cache | |
| uses: actions/[email protected] | |
| with: | |
| path: node_modules | |
| key: node-modules-cache-${{ hashFiles('package-lock.json', '.npmrc') }} | |
| lookup-only: true | |
| save-always: true | |
| - name: Install dependencies | |
| if: steps.node-modules-cache.outputs.cache-hit != 'true' | |
| run: npm ci --no-audit --no-fund | |
| audit: | |
| name: Security Audit | |
| needs: install | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Restore node_modules cache | |
| id: node-modules-cache | |
| uses: actions/cache/[email protected] | |
| with: | |
| path: node_modules | |
| key: node-modules-cache-${{ hashFiles('package-lock.json', '.npmrc') }} | |
| fail-on-cache-miss: true | |
| - name: Run npm audit | |
| run: npm audit --audit-level=critical | |
| lint: | |
| name: Lint | |
| needs: install | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Restore node_modules cache | |
| id: node-modules-cache | |
| uses: actions/cache/[email protected] | |
| with: | |
| path: node_modules | |
| key: node-modules-cache-${{ hashFiles('package-lock.json', '.npmrc') }} | |
| fail-on-cache-miss: true | |
| - name: Restore NX cache | |
| uses: actions/[email protected] | |
| with: | |
| path: .nx/cache | |
| key: nx-lint-${{ github.sha }} | |
| restore-keys: nx-lint- | |
| - name: Lint | |
| if: steps.nx-lint-cache.outputs.cache-hit != 'true' | |
| env: | |
| NX_REJECT_UNKNOWN_LOCAL_CACHE: 0 | |
| run: | | |
| npx nx run-many --target=lint --quiet | |
| - name: Truncate NX cache | |
| run: ./tools/truncate-nx-cache.sh | |
| check-licenses: | |
| name: Check Licenses | |
| needs: install | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout for Dependabot PR | |
| if: ${{ startsWith(github.head_ref || '', 'dependabot/') }} | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ github.head_ref }} | |
| - name: Checkout for others | |
| if: ${{ !startsWith(github.head_ref || '', 'dependabot/') }} | |
| uses: actions/[email protected] | |
| - name: Restore node_modules cache | |
| id: node-modules-cache | |
| uses: actions/cache/[email protected] | |
| with: | |
| path: node_modules | |
| key: node-modules-cache-${{ hashFiles('package-lock.json', '.npmrc') }} | |
| fail-on-cache-miss: true | |
| - name: Check licenses | |
| run: | | |
| npm run license-check | |
| if ! git diff --exit-code THIRD_PARTY_LICENSES.txt; then | |
| echo "Please update THIRD_PARTY_LICENSES.txt by running 'npm run license-check'" >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi | |
| - name: Commit changes for dependabot | |
| if: failure() && startsWith(github.head_ref, 'dependabot/') | |
| uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 | |
| with: | |
| commit_message: Update THIRD_PARTY_LICENSES.txt | |
| test: | |
| strategy: | |
| matrix: | |
| test-suits: | |
| - name: UI | |
| include: ui-*,*-ui | |
| - name: Blocks Shard 1 | |
| include: blocks-a*,blocks-c*,blocks-d*, | |
| - name: Blocks Shard 2 | |
| include: blocks-f*,blocks-g*,blocks-m*, | |
| - name: Blocks Shard 3 | |
| include: blocks-* | |
| exclude: blocks-a*,blocks-c*,blocks-d*,blocks-f*,blocks-g*,blocks-m*, | |
| - name: Server API Unit Tests | |
| key: server-api-unit | |
| target: test-unit | |
| include: server-api | |
| - name: Server API Integration Tests | |
| key: server-api-integration | |
| include: server-api | |
| - name: Engine and Libraries | |
| key: others | |
| exclude: ui-*,*-ui,blocks-*,server-api | |
| name: Test ${{ matrix.test-suits.name }} | |
| needs: install | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Restore node_modules cache | |
| id: node-modules-cache | |
| uses: actions/cache/[email protected] | |
| with: | |
| path: node_modules | |
| key: node-modules-cache-${{ hashFiles('package-lock.json', '.npmrc') }} | |
| fail-on-cache-miss: true | |
| - name: Restore NX cache | |
| uses: actions/[email protected] | |
| with: | |
| path: .nx/cache | |
| key: nx-test-${{ matrix.test-suits.key || matrix.test-suits.name }}-${{ github.sha }} | |
| restore-keys: nx-test-${{ matrix.test-suits.key || matrix.test-suits.name }}- | |
| save-always: true | |
| - name: Test | |
| if: steps.nx-test-cache.outputs.cache-hit != 'true' | |
| continue-on-error: false | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 | |
| with: | |
| timeout_minutes: 10 | |
| max_attempts: 3 | |
| retry_on: error | |
| command: npx nx run-many --target ${{ matrix.test-suits.target || 'test' }} --projects "${{ matrix.test-suits.include }}" --exclude "${{ matrix.test-suits.exclude }}" --quiet | |
| env: | |
| NX_REJECT_UNKNOWN_LOCAL_CACHE: 0 | |
| - name: Truncate NX cache | |
| run: ./tools/truncate-nx-cache.sh | |
| build: | |
| name: Build Project | |
| needs: install | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Restore node_modules cache | |
| id: node-modules-cache | |
| uses: actions/cache/[email protected] | |
| with: | |
| path: node_modules | |
| key: node-modules-cache-${{ hashFiles('package-lock.json', '.npmrc') }} | |
| fail-on-cache-miss: true | |
| - name: Restore NX cache | |
| uses: actions/[email protected] | |
| with: | |
| path: .nx/cache | |
| key: nx-build-${{ github.sha }} | |
| restore-keys: nx-build- | |
| - name: Build project | |
| env: | |
| NX_REJECT_UNKNOWN_LOCAL_CACHE: 0 | |
| run: | | |
| npm run prepare | |
| npx nx run-many --target=build | |
| ./tools/truncate-nx-cache.sh | |
| - name: Save build cache | |
| uses: actions/cache/[email protected] | |
| with: | |
| path: dist | |
| key: dist-${{ github.sha }} | |
| build-images: | |
| strategy: | |
| matrix: | |
| target: | |
| - name: App | |
| file: Dockerfile | |
| repository: openops-app | |
| - name: Engine | |
| file: engine.Dockerfile | |
| repository: openops-engine | |
| platform: [amd64, arm64] | |
| name: Build ${{ matrix.target.name }} Image for ${{ matrix.platform }} | |
| needs: build | |
| runs-on: ${{ matrix.platform == 'amd64' && 'ubuntu-latest' || 'ubuntu-arm64' }} | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Restore build cache | |
| uses: actions/cache/[email protected] | |
| with: | |
| path: dist | |
| key: dist-${{ github.sha }} | |
| fail-on-cache-miss: true | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| - name: Configure AWS credentials | |
| if: vars.ECR_REGION | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-access-key-id: ${{ secrets.ECR_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.ECR_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ vars.ECR_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| if: vars.ECR_REGION | |
| uses: aws-actions/[email protected] | |
| - name: Format image tag parts | |
| env: | |
| BRANCH: ${{ github.head_ref || github.ref_name }} | |
| SHA: ${{ github.event.pull_request.head.sha || github.sha }} | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| run: | | |
| echo SANITIZED_BRANCH=${BRANCH//[\/.:_]/-} >> "$GITHUB_ENV" | |
| echo REPOSITORY_URI=${REGISTRY}/openops/${{ matrix.target.repository }} >> "$GITHUB_ENV" | |
| echo SHORT_SHA=${SHA::8} >> "$GITHUB_ENV" | |
| - name: Build image | |
| if: vars.ECR_REGION | |
| uses: docker/[email protected] | |
| with: | |
| context: . | |
| file: ./${{ matrix.target.file }} | |
| build-args: VERSION=${{ env.SHORT_SHA }} | |
| platforms: linux/${{ matrix.platform }} | |
| provenance: false | |
| push: true | |
| tags: | | |
| ${{ env.REPOSITORY_URI }}:${{ env.SHORT_SHA }}-${{ matrix.platform }} | |
| ${{ env.REPOSITORY_URI }}:${{ env.SANITIZED_BRANCH }}-${{ env.SHORT_SHA }}-${{ matrix.platform }} | |
| ${{ env.REPOSITORY_URI }}:${{ env.SANITIZED_BRANCH }}-${{ matrix.platform }} | |
| cache-from: | | |
| type=registry,ref=${{ env.REPOSITORY_URI }}:${{ env.SANITIZED_BRANCH }}-${{ matrix.platform }}-cache | |
| type=registry,ref=${{ env.REPOSITORY_URI }}:main-${{ matrix.platform }}-cache | |
| cache-to: mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ env.REPOSITORY_URI }}:${{ env.SANITIZED_BRANCH }}-${{ matrix.platform }}-cache | |
| - name: Build image | |
| if: ${{ !vars.ECR_REGION }} | |
| uses: docker/[email protected] | |
| with: | |
| context: . | |
| file: ./${{ matrix.target.file }} | |
| build-args: VERSION=${{ env.SHORT_SHA }} | |
| provenance: false | |
| platforms: linux/${{ matrix.platform }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| create-manifest: | |
| if: ${{ vars.ECR_REGION }} | |
| strategy: | |
| matrix: | |
| repository: [openops-app, openops-engine] | |
| name: Create and Push Manifest for ${{ matrix.repository }} | |
| runs-on: ubuntu-latest | |
| needs: build-images | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-access-key-id: ${{ secrets.ECR_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.ECR_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ vars.ECR_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/[email protected] | |
| - name: Format image tag components | |
| env: | |
| BRANCH: ${{ github.head_ref || github.ref_name }} | |
| SHA: ${{ github.event.pull_request.head.sha || github.sha }} | |
| run: | | |
| echo SANITIZED_BRANCH=${BRANCH//[\/.:_]/-} >> "$GITHUB_ENV" | |
| echo BASE_REPOSITORY_URI=${{ steps.login-ecr.outputs.registry }}/openops/${{ matrix.repository }} >> "$GITHUB_ENV" | |
| echo SHORT_SHA=${SHA::8} >> "$GITHUB_ENV" | |
| - name: Create and push manifests | |
| run: | | |
| # Create and push SHA manifest | |
| docker manifest create --amend $BASE_REPOSITORY_URI:$SHORT_SHA \ | |
| $BASE_REPOSITORY_URI:${SHORT_SHA}-amd64 \ | |
| $BASE_REPOSITORY_URI:${SHORT_SHA}-arm64 | |
| docker manifest push $BASE_REPOSITORY_URI:$SHORT_SHA | |
| echo "✅ Successfully pushed image $BASE_REPOSITORY_URI:$SHORT_SHA" >> $GITHUB_STEP_SUMMARY | |
| # Create and push branch-manifest | |
| docker manifest create --amend $BASE_REPOSITORY_URI:$SANITIZED_BRANCH \ | |
| $BASE_REPOSITORY_URI:${SANITIZED_BRANCH}-amd64 \ | |
| $BASE_REPOSITORY_URI:${SANITIZED_BRANCH}-arm64 | |
| docker manifest push $BASE_REPOSITORY_URI:$SANITIZED_BRANCH | |
| echo "✅ Successfully pushed image $BASE_REPOSITORY_URI:$SANITIZED_BRANCH" >> $GITHUB_STEP_SUMMARY | |