From cfc25544636d1b996d775cc14844b88b91a01889 Mon Sep 17 00:00:00 2001 From: Aung Htet Nay Date: Fri, 26 Apr 2024 19:00:18 +0630 Subject: [PATCH] patchwork dashboard staging setup --- .github/ISSUE_TEMPLATE/1.web_bug_report.yml | 76 ++++ .../ISSUE_TEMPLATE/2.server_bug_report.yml | 65 ++++ .github/ISSUE_TEMPLATE/3.feature_request.yml | 22 ++ .github/ISSUE_TEMPLATE/config.yml | 5 + .github/actions/setup-javascript/action.yml | 42 +++ .github/actions/setup-ruby/action.yml | 23 ++ .github/codecov.yml | 11 + .github/renovate.json5 | 150 ++++++++ .github/stale.yml | 10 + .github/stylelint-matcher.json | 21 ++ .github/workflows/build-container-image.yml | 102 ++++++ .github/workflows/build-nightly.yml | 66 ++++ .github/workflows/build-push-pr.yml | 58 +++ .github/workflows/build-releases.yml | 51 +++ .github/workflows/build-security.yml | 64 ++++ .github/workflows/bundler-audit.yml | 34 ++ .github/workflows/check-i18n.yml | 48 +++ .github/workflows/codeql.yml | 62 ++++ .github/workflows/crowdin-download.yml | 71 ++++ .github/workflows/crowdin-upload.yml | 35 ++ .github/workflows/format-check.yml | 18 + .../workflows/haml-lint-problem-matcher.json | 17 + .github/workflows/lint-css.yml | 46 +++ .github/workflows/lint-haml.yml | 39 ++ .github/workflows/lint-js.yml | 49 +++ .github/workflows/lint-ruby.yml | 45 +++ .github/workflows/rebase-needed.yml | 27 ++ .github/workflows/staging-deploy.yml | 83 +++++ .github/workflows/test-image-build.yml | 35 ++ .github/workflows/test-js.yml | 42 +++ .../workflows/test-migrations-one-step.yml | 88 +++++ .../workflows/test-migrations-two-step.yml | 95 +++++ .github/workflows/test-ruby.yml | 334 ++++++++++++++++++ 33 files changed, 1934 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/1.web_bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/2.server_bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/3.feature_request.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/actions/setup-javascript/action.yml create mode 100644 .github/actions/setup-ruby/action.yml create mode 100644 .github/codecov.yml create mode 100644 .github/renovate.json5 create mode 100644 .github/stale.yml create mode 100644 .github/stylelint-matcher.json create mode 100644 .github/workflows/build-container-image.yml create mode 100644 .github/workflows/build-nightly.yml create mode 100644 .github/workflows/build-push-pr.yml create mode 100644 .github/workflows/build-releases.yml create mode 100644 .github/workflows/build-security.yml create mode 100644 .github/workflows/bundler-audit.yml create mode 100644 .github/workflows/check-i18n.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/crowdin-download.yml create mode 100644 .github/workflows/crowdin-upload.yml create mode 100644 .github/workflows/format-check.yml create mode 100644 .github/workflows/haml-lint-problem-matcher.json create mode 100644 .github/workflows/lint-css.yml create mode 100644 .github/workflows/lint-haml.yml create mode 100644 .github/workflows/lint-js.yml create mode 100644 .github/workflows/lint-ruby.yml create mode 100644 .github/workflows/rebase-needed.yml create mode 100644 .github/workflows/staging-deploy.yml create mode 100644 .github/workflows/test-image-build.yml create mode 100644 .github/workflows/test-js.yml create mode 100644 .github/workflows/test-migrations-one-step.yml create mode 100644 .github/workflows/test-migrations-two-step.yml create mode 100644 .github/workflows/test-ruby.yml diff --git a/.github/ISSUE_TEMPLATE/1.web_bug_report.yml b/.github/ISSUE_TEMPLATE/1.web_bug_report.yml new file mode 100644 index 00000000..fe7c833e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/1.web_bug_report.yml @@ -0,0 +1,76 @@ +# name: Bug Report (Web Interface) +# description: If you are using Mastodon's web interface and something is not working as expected +# labels: [bug, 'status/to triage', 'area/web interface'] +# body: +# - type: markdown +# attributes: +# value: | +# Make sure that you are submitting a new bug that was not previously reported or already fixed. + +# Please use a concise and distinct title for the issue. +# - type: textarea +# attributes: +# label: Steps to reproduce the problem +# description: What were you trying to do? +# value: | +# 1. +# 2. +# 3. +# ... +# validations: +# required: true +# - type: input +# attributes: +# label: Expected behaviour +# description: What should have happened? +# validations: +# required: true +# - type: input +# attributes: +# label: Actual behaviour +# description: What happened? +# validations: +# required: true +# - type: textarea +# attributes: +# label: Detailed description +# validations: +# required: false +# - type: input +# attributes: +# label: Mastodon instance +# description: The address of the Mastodon instance where you experienced the issue +# placeholder: mastodon.social +# validations: +# required: true +# - type: input +# attributes: +# label: Mastodon version +# description: | +# This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627` +# placeholder: v4.1.2 +# validations: +# required: true +# - type: input +# attributes: +# label: Browser name and version +# description: | +# What browser are you using when getting this bug? Please specify the version as well. +# placeholder: Firefox 105.0.3 +# validations: +# required: true +# - type: input +# attributes: +# label: Operating system +# description: | +# What OS are you running? Please specify the version as well. +# placeholder: macOS 13.4.1 +# validations: +# required: true +# - type: textarea +# attributes: +# label: Technical details +# description: | +# Any additional technical details you may have. This can include the full error log, inspector's output… +# validations: +# required: false diff --git a/.github/ISSUE_TEMPLATE/2.server_bug_report.yml b/.github/ISSUE_TEMPLATE/2.server_bug_report.yml new file mode 100644 index 00000000..7c346a5c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/2.server_bug_report.yml @@ -0,0 +1,65 @@ +# name: Bug Report (server / API) +# description: | +# If something is not working as expected, but is not from using the web interface. +# labels: [bug, 'status/to triage'] +# body: +# - type: markdown +# attributes: +# value: | +# Make sure that you are submitting a new bug that was not previously reported or already fixed. + +# Please use a concise and distinct title for the issue. +# - type: textarea +# attributes: +# label: Steps to reproduce the problem +# description: What were you trying to do? +# value: | +# 1. +# 2. +# 3. +# ... +# validations: +# required: true +# - type: input +# attributes: +# label: Expected behaviour +# description: What should have happened? +# validations: +# required: true +# - type: input +# attributes: +# label: Actual behaviour +# description: What happened? +# validations: +# required: true +# - type: textarea +# attributes: +# label: Detailed description +# validations: +# required: false +# - type: input +# attributes: +# label: Mastodon instance +# description: The address of the Mastodon instance where you experienced the issue +# placeholder: mastodon.social +# validations: +# required: false +# - type: input +# attributes: +# label: Mastodon version +# description: | +# This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627` +# placeholder: v4.1.2 +# validations: +# required: false +# - type: textarea +# attributes: +# label: Technical details +# description: | +# Any additional technical details you may have, like logs or error traces +# value: | +# If this is happening on your own Mastodon server, please fill out those: +# - Ruby version: (from `ruby --version`, eg. v3.1.2) +# - Node.js version: (from `node --version`, eg. v18.16.0) +# validations: +# required: false diff --git a/.github/ISSUE_TEMPLATE/3.feature_request.yml b/.github/ISSUE_TEMPLATE/3.feature_request.yml new file mode 100644 index 00000000..7c2da178 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/3.feature_request.yml @@ -0,0 +1,22 @@ +# name: Feature Request +# description: I have a suggestion +# labels: [suggestion] +# body: +# - type: markdown +# attributes: +# value: | +# Please use a concise and distinct title for the issue. + +# Consider: Could it be implemented as a 3rd party app using the REST API instead? +# - type: textarea +# attributes: +# label: Pitch +# description: Describe your idea for a feature. Make sure it has not already been suggested/implemented/turned down before. +# validations: +# required: true +# - type: textarea +# attributes: +# label: Motivation +# description: Why do you think this feature is needed? Who would benefit from it? +# validations: +# required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..9b03cd56 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,5 @@ +# blank_issues_enabled: false +# contact_links: +# - name: GitHub Discussions +# url: https://github.com/mastodon/mastodon/discussions +# about: Please ask and answer questions here. diff --git a/.github/actions/setup-javascript/action.yml b/.github/actions/setup-javascript/action.yml new file mode 100644 index 00000000..46d6cd3e --- /dev/null +++ b/.github/actions/setup-javascript/action.yml @@ -0,0 +1,42 @@ +# name: 'Setup Javascript' +# description: 'Setup a Javascript environment ready to run the Mastodon code' +# inputs: +# onlyProduction: +# description: Only install production dependencies +# default: 'false' + +# runs: +# using: 'composite' +# steps: +# - name: Set up Node.js +# uses: actions/setup-node@v4 +# with: +# node-version-file: '.nvmrc' + +# # The following is needed because we can not use `cache: true` for `setup-node`, as it does not support Corepack yet and mess up with the cache location if ran after Node is installed +# - name: Enable corepack +# shell: bash +# run: corepack enable + +# - name: Get yarn cache directory path +# id: yarn-cache-dir-path +# shell: bash +# run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT + +# - uses: actions/cache@v4 +# id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) +# with: +# path: ${{ steps.yarn-cache-dir-path.outputs.dir }} +# key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} +# restore-keys: | +# ${{ runner.os }}-yarn- + +# - name: Install all yarn packages +# shell: bash +# run: yarn install --immutable +# if: inputs.onlyProduction == 'false' + +# - name: Install all production yarn packages +# shell: bash +# run: yarn workspaces focus --production +# if: inputs.onlyProduction != 'false' diff --git a/.github/actions/setup-ruby/action.yml b/.github/actions/setup-ruby/action.yml new file mode 100644 index 00000000..0feb14fa --- /dev/null +++ b/.github/actions/setup-ruby/action.yml @@ -0,0 +1,23 @@ +# name: 'Setup RUby' +# description: 'Setup a Ruby environment ready to run the Mastodon code' +# inputs: +# ruby-version: +# description: The Ruby version to install +# default: '.ruby-version' +# additional-system-dependencies: +# description: 'Additional packages to install' + +# runs: +# using: 'composite' +# steps: +# - name: Install system dependencies +# shell: bash +# run: | +# sudo apt-get update +# sudo apt-get install -y libicu-dev libidn11-dev ${{ inputs.additional-system-dependencies }} + +# - name: Set up Ruby +# uses: ruby/setup-ruby@v1 +# with: +# ruby-version: ${{ inputs.ruby-version }} +# bundler-cache: true diff --git a/.github/codecov.yml b/.github/codecov.yml new file mode 100644 index 00000000..1a2992fc --- /dev/null +++ b/.github/codecov.yml @@ -0,0 +1,11 @@ +# comment: false # Do not leave PR comments +# coverage: +# status: +# project: +# default: +# # Github status check is not blocking +# informational: true +# patch: +# default: +# # Github status check is not blocking +# informational: true diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 00000000..e92608a4 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,150 @@ +{ + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: [ + 'config:recommended', + ':labels(dependencies)', + ':prConcurrentLimitNone', // Remove limit for open PRs at any time. + ':prHourlyLimit2', // Rate limit PR creation to a maximum of two per hour. + ], + minimumReleaseAge: '3', // Wait 3 days after the package has been published before upgrading it + // packageRules order is important, they are applied from top to bottom and are merged, + // meaning the most important ones must be at the bottom, for example grouping rules + // If we do not want a package to be grouped with others, we need to set its groupName + // to `null` after any other rule set it to something. + dependencyDashboardHeader: 'This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. Before approving any upgrade: read the description and comments in the [`renovate.json5` file](https://github.com/mastodon/mastodon/blob/main/.github/renovate.json5).', + postUpdateOptions: ['yarnDedupeHighest'], + packageRules: [ + { + // Require Dependency Dashboard Approval for major version bumps of these node packages + matchManagers: ['npm'], + matchPackageNames: [ + 'tesseract.js', // Requires code changes + 'react-hotkeys', // Requires code changes + + // Requires Webpacker upgrade or replacement + '@svgr/webpack', + '@types/webpack', + 'babel-loader', + 'compression-webpack-plugin', + 'css-loader', + 'imports-loader', + 'mini-css-extract-plugin', + 'postcss-loader', + 'sass-loader', + 'terser-webpack-plugin', + 'webpack', + 'webpack-assets-manifest', + 'webpack-bundle-analyzer', + 'webpack-dev-server', + 'webpack-cli', + + // react-router: Requires manual upgrade + 'history', + 'react-router-dom', + ], + matchUpdateTypes: ['major'], + dependencyDashboardApproval: true, + }, + { + // Require Dependency Dashboard Approval for major version bumps of these Ruby packages + matchManagers: ['bundler'], + matchPackageNames: [ + 'rack', // Needs to be synced with Rails version + 'strong_migrations', // Requires manual upgrade + 'sidekiq', // Requires manual upgrade + 'sidekiq-unique-jobs', // Requires manual upgrades and sync with Sidekiq version + 'redis', // Requires manual upgrade and sync with Sidekiq version + ], + matchUpdateTypes: ['major'], + dependencyDashboardApproval: true, + }, + { + // Update Github Actions and Docker images weekly + matchManagers: ['github-actions', 'dockerfile', 'docker-compose'], + extends: ['schedule:weekly'], + }, + { + // Require Dependency Dashboard Approval for major & minor bumps for the ruby image, this needs to be synced with .ruby-version + matchManagers: ['dockerfile'], + matchPackageNames: ['moritzheiber/ruby-jemalloc'], + matchUpdateTypes: ['minor', 'major'], + dependencyDashboardApproval: true, + }, + { + // Require Dependency Dashboard Approval for major bumps for the node image, this needs to be synced with .nvmrc + matchManagers: ['dockerfile'], + matchPackageNames: ['node'], + matchUpdateTypes: ['major'], + dependencyDashboardApproval: true, + }, + { + // Require Dependency Dashboard Approval for major postgres bumps in the docker-compose file, as those break dev environments + matchManagers: ['docker-compose'], + matchPackageNames: ['postgres'], + matchUpdateTypes: ['major'], + dependencyDashboardApproval: true, + }, + { + // Update devDependencies every week, with one grouped PR + matchDepTypes: 'devDependencies', + matchUpdateTypes: ['patch', 'minor'], + groupName: 'devDependencies (non-major)', + extends: ['schedule:weekly'], + }, + { + // Group all eslint-related packages with `eslint` in the same PR + matchManagers: ['npm'], + matchPackageNames: ['eslint'], + matchPackagePrefixes: ['eslint-', '@typescript-eslint/'], + matchUpdateTypes: ['patch', 'minor'], + groupName: 'eslint (non-major)', + }, + { + // Group actions/*-artifact in the same PR + matchManagers: ['github-actions'], + matchPackageNames: [ + 'actions/download-artifact', + 'actions/upload-artifact', + ], + matchUpdateTypes: ['major'], + groupName: 'artifact actions (major)', + }, + { + // Update @types/* packages every week, with one grouped PR + matchPackagePrefixes: '@types/', + matchUpdateTypes: ['patch', 'minor'], + groupName: 'DefinitelyTyped types (non-major)', + extends: ['schedule:weekly'], + addLabels: ['typescript'], + }, + { + // We want those packages to always have their own PR + matchManagers: ['npm'], + matchPackageNames: [ + 'typescript', // Typescript has code-impacting changes in minor versions + ], + groupName: null, // We dont want them to belong to any group + }, + { + // Group all RuboCop packages with `rubocop` in the same PR + matchManagers: ['bundler'], + matchPackageNames: ['rubocop'], + matchPackagePrefixes: ['rubocop-'], + matchUpdateTypes: ['patch', 'minor'], + groupName: 'RuboCop (non-major)', + }, + { + // Group all RSpec packages with `rspec` in the same PR + matchManagers: ['bundler'], + matchPackageNames: ['rspec'], + matchPackagePrefixes: ['rspec-'], + matchUpdateTypes: ['patch', 'minor'], + groupName: 'RSpec (non-major)', + }, + // Add labels depending on package manager + { matchManagers: ['npm', 'nvm'], addLabels: ['javascript'] }, + { matchManagers: ['bundler', 'ruby-version'], addLabels: ['ruby'] }, + { matchManagers: ['docker-compose', 'dockerfile'], addLabels: ['docker'] }, + { matchManagers: ['github-actions'], addLabels: ['github_actions'] }, + ], +} diff --git a/.github/stale.yml b/.github/stale.yml new file mode 100644 index 00000000..6601ef8c --- /dev/null +++ b/.github/stale.yml @@ -0,0 +1,10 @@ +daysUntilStale: 120 +daysUntilClose: 7 +exemptLabels: + - security +staleLabel: wontfix +markComment: > + This issue has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions. +only: pulls diff --git a/.github/stylelint-matcher.json b/.github/stylelint-matcher.json new file mode 100644 index 00000000..cdfd4086 --- /dev/null +++ b/.github/stylelint-matcher.json @@ -0,0 +1,21 @@ +{ + "problemMatcher": [ + { + "owner": "stylelint", + "pattern": [ + { + "regexp": "^([^\\s].*)$", + "file": 1 + }, + { + "regexp": "^\\s+((\\d+):(\\d+))?\\s+(✖|×)\\s+(.*)\\s{2,}(.*)$", + "line": 2, + "column": 3, + "message": 5, + "code": 6, + "loop": true + } + ] + } + ] +} diff --git a/.github/workflows/build-container-image.yml b/.github/workflows/build-container-image.yml new file mode 100644 index 00000000..1d399caa --- /dev/null +++ b/.github/workflows/build-container-image.yml @@ -0,0 +1,102 @@ +# on: +# workflow_call: +# inputs: +# platforms: +# required: true +# type: string +# cache: +# type: boolean +# default: true +# use_native_arm64_builder: +# type: boolean +# push_to_images: +# type: string +# version_prerelease: +# type: string +# version_metadata: +# type: string +# flavor: +# type: string +# tags: +# type: string +# labels: +# type: string +# file_to_build: +# type: string + +# jobs: +# build-image: +# runs-on: ubuntu-latest + +# steps: +# - uses: actions/checkout@v4 + +# - uses: docker/setup-qemu-action@v3 +# if: contains(inputs.platforms, 'linux/arm64') && !inputs.use_native_arm64_builder + +# - uses: docker/setup-buildx-action@v3 +# id: buildx +# if: ${{ !(inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')) }} + +# - name: Start a local Docker Builder +# if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64') +# run: | +# docker run --rm -d --name buildkitd -p 1234:1234 --privileged moby/buildkit:latest --addr tcp://0.0.0.0:1234 + +# - uses: docker/setup-buildx-action@v3 +# id: buildx-native +# if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64') +# with: +# driver: remote +# endpoint: tcp://localhost:1234 +# platforms: linux/amd64 +# append: | +# - endpoint: tcp://${{ vars.DOCKER_BUILDER_HETZNER_ARM64_01_HOST }}:13865 +# platforms: linux/arm64 +# name: mastodon-docker-builder-arm64-01 +# driver-opts: +# - servername=mastodon-docker-builder-arm64-01 +# env: +# BUILDER_NODE_1_AUTH_TLS_CACERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CACERT }} +# BUILDER_NODE_1_AUTH_TLS_CERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CERT }} +# BUILDER_NODE_1_AUTH_TLS_KEY: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_KEY }} + +# - name: Log in to Docker Hub +# if: contains(inputs.push_to_images, 'tootsuite') +# uses: docker/login-action@v3 +# with: +# username: ${{ secrets.DOCKERHUB_USERNAME }} +# password: ${{ secrets.DOCKERHUB_TOKEN }} + +# - name: Log in to the Github Container registry +# if: contains(inputs.push_to_images, 'ghcr.io') +# uses: docker/login-action@v3 +# with: +# registry: ghcr.io +# username: ${{ github.actor }} +# password: ${{ secrets.GITHUB_TOKEN }} + +# - uses: docker/metadata-action@v5 +# id: meta +# if: ${{ inputs.push_to_images != '' }} +# with: +# images: ${{ inputs.push_to_images }} +# flavor: ${{ inputs.flavor }} +# tags: ${{ inputs.tags }} +# labels: ${{ inputs.labels }} + +# - uses: docker/build-push-action@v5 +# with: +# context: . +# file: ${{ inputs.file_to_build }} +# build-args: | +# MASTODON_VERSION_PRERELEASE=${{ inputs.version_prerelease }} +# MASTODON_VERSION_METADATA=${{ inputs.version_metadata }} +# platforms: ${{ inputs.platforms }} +# provenance: false +# builder: ${{ steps.buildx.outputs.name || steps.buildx-native.outputs.name }} +# push: ${{ inputs.push_to_images != '' }} +# tags: ${{ steps.meta.outputs.tags }} +# labels: ${{ steps.meta.outputs.labels }} +# cache-from: ${{ inputs.cache && 'type=gha' || '' }} +# cache-to: ${{ inputs.cache && 'type=gha,mode=max' || '' }} diff --git a/.github/workflows/build-nightly.yml b/.github/workflows/build-nightly.yml new file mode 100644 index 00000000..79ffbbe3 --- /dev/null +++ b/.github/workflows/build-nightly.yml @@ -0,0 +1,66 @@ +# name: Build nightly container image +# on: +# workflow_dispatch: +# schedule: +# - cron: '0 2 * * *' # run at 2 AM UTC + +# permissions: +# contents: read +# packages: write + +# jobs: +# compute-suffix: +# runs-on: ubuntu-latest +# if: github.repository == 'mastodon/mastodon' +# steps: +# - id: version_vars +# env: +# TZ: Etc/UTC +# run: | +# echo mastodon_version_prerelease=nightly.$(date +'%Y-%m-%d')>> $GITHUB_OUTPUT +# outputs: +# prerelease: ${{ steps.version_vars.outputs.mastodon_version_prerelease }} + +# build-image: +# needs: compute-suffix +# uses: ./.github/workflows/build-container-image.yml +# with: +# file_to_build: Dockerfile +# platforms: linux/amd64,linux/arm64 +# use_native_arm64_builder: true +# cache: false +# push_to_images: | +# tootsuite/mastodon +# ghcr.io/mastodon/mastodon +# version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }} +# labels: | +# org.opencontainers.image.description=Nightly build image used for testing purposes +# flavor: | +# latest=auto +# tags: | +# type=raw,value=edge +# type=raw,value=nightly +# type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }} +# secrets: inherit + +# build-image-streaming: +# needs: compute-suffix +# uses: ./.github/workflows/build-container-image.yml +# with: +# file_to_build: streaming/Dockerfile +# platforms: linux/amd64,linux/arm64 +# use_native_arm64_builder: true +# cache: false +# push_to_images: | +# tootsuite/mastodon-streaming +# ghcr.io/mastodon/mastodon-streaming +# version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }} +# labels: | +# org.opencontainers.image.description=Nightly build image used for testing purposes +# flavor: | +# latest=auto +# tags: | +# type=raw,value=edge +# type=raw,value=nightly +# type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }} +# secrets: inherit diff --git a/.github/workflows/build-push-pr.yml b/.github/workflows/build-push-pr.yml new file mode 100644 index 00000000..4b168fa0 --- /dev/null +++ b/.github/workflows/build-push-pr.yml @@ -0,0 +1,58 @@ +# name: Build container image for PR +# on: +# pull_request: +# types: [labeled, synchronize, reopened, ready_for_review, opened] + +# permissions: +# contents: read +# packages: write + +# jobs: +# compute-suffix:a/ +# runs-on: ubuntu-latest +# # This is only allowed to run if: +# # - the PR branch is in the `mastodon/mastodon` repository +# # - the PR is not a draft +# # - the PR has the "build-image" label +# if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !github.event.pull_request.draft && contains(github.event.pull_request.labels.*.name, 'build-image') }} +# steps: +# # Repository needs to be cloned so `git rev-parse` below works +# - name: Clone repository +# uses: actions/checkout@v4 +# - id: version_vars +# run: | +# echo mastodon_version_metadata=pr-${{ github.event.pull_request.number }}-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT +# outputs: +# metadata: ${{ steps.version_vars.outputs.mastodon_version_metadata }} + +# build-image: +# needs: compute-suffix +# uses: ./.github/workflows/build-container-image.yml +# with: +# file_to_build: Dockerfile +# platforms: linux/amd64,linux/arm64 +# use_native_arm64_builder: true +# push_to_images: | +# ghcr.io/mastodon/mastodon +# version_metadata: ${{ needs.compute-suffix.outputs.metadata }} +# flavor: | +# latest=auto +# tags: | +# type=ref,event=pr +# secrets: inherit + +# build-image-streaming: +# needs: compute-suffix +# uses: ./.github/workflows/build-container-image.yml +# with: +# file_to_build: streaming/Dockerfile +# platforms: linux/amd64,linux/arm64 +# use_native_arm64_builder: true +# push_to_images: | +# ghcr.io/mastodon/mastodon-streaming +# version_metadata: ${{ needs.compute-suffix.outputs.metadata }} +# flavor: | +# latest=auto +# tags: | +# type=ref,event=pr +# secrets: inherit diff --git a/.github/workflows/build-releases.yml b/.github/workflows/build-releases.yml new file mode 100644 index 00000000..cf715fe8 --- /dev/null +++ b/.github/workflows/build-releases.yml @@ -0,0 +1,51 @@ +# name: Build container release images +# on: +# push: +# tags: +# - '*' + +# permissions: +# contents: read +# packages: write + +# jobs: +# build-image: +# uses: ./.github/workflows/build-container-image.yml +# with: +# file_to_build: Dockerfile +# platforms: linux/amd64,linux/arm64 +# use_native_arm64_builder: true +# push_to_images: | +# tootsuite/mastodon +# ghcr.io/mastodon/mastodon +# # Do not use cache when building releases, so apt update is always ran and the release always contain the latest packages +# cache: false +# # Only tag with latest when ran against the latest stable branch +# # This needs to be updated after each minor version release +# flavor: | +# latest=${{ startsWith(github.ref, 'refs/tags/v4.2.') }} +# tags: | +# type=pep440,pattern={{raw}} +# type=pep440,pattern=v{{major}}.{{minor}} +# secrets: inherit + +# build-image-streaming: +# if: startsWith(github.ref, 'refs/tags/v4.3.') +# uses: ./.github/workflows/build-container-image.yml +# with: +# file_to_build: streaming/Dockerfile +# platforms: linux/amd64,linux/arm64 +# use_native_arm64_builder: true +# push_to_images: | +# tootsuite/mastodon-streaming +# ghcr.io/mastodon/mastodon-streaming +# # Do not use cache when building releases, so apt update is always ran and the release always contain the latest packages +# cache: false +# # Only tag with latest when ran against the latest stable branch +# # This needs to be updated after each minor version release +# flavor: | +# latest=${{ startsWith(github.ref, 'refs/tags/v4.3.') }} +# tags: | +# type=pep440,pattern={{raw}} +# type=pep440,pattern=v{{major}}.{{minor}} +# secrets: inherit diff --git a/.github/workflows/build-security.yml b/.github/workflows/build-security.yml new file mode 100644 index 00000000..1f0646dc --- /dev/null +++ b/.github/workflows/build-security.yml @@ -0,0 +1,64 @@ +# name: Build security nightly container image +# on: +# workflow_dispatch: + +# permissions: +# contents: read +# packages: write + +# jobs: +# compute-suffix: +# runs-on: ubuntu-latest +# if: github.repository == 'mastodon/mastodon' +# steps: +# - id: version_vars +# env: +# TZ: Etc/UTC +# run: | +# echo mastodon_version_prerelease=nightly.$(date --date='next day' +'%Y-%m-%d')-security>> $GITHUB_OUTPUT +# outputs: +# prerelease: ${{ steps.version_vars.outputs.mastodon_version_prerelease }} + +# build-image: +# needs: compute-suffix +# uses: ./.github/workflows/build-container-image.yml +# with: +# file_to_build: Dockerfile +# platforms: linux/amd64,linux/arm64 +# use_native_arm64_builder: true +# cache: false +# push_to_images: | +# tootsuite/mastodon +# ghcr.io/mastodon/mastodon +# version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }} +# labels: | +# org.opencontainers.image.description=Nightly build image used for testing purposes +# flavor: | +# latest=auto +# tags: | +# type=raw,value=edge +# type=raw,value=nightly +# type=raw,value=${{ needs.compute-suffix.outputs.prerelease }} +# secrets: inherit + +# build-image-streaming: +# needs: compute-suffix +# uses: ./.github/workflows/build-container-image.yml +# with: +# file_to_build: streaming/Dockerfile +# platforms: linux/amd64,linux/arm64 +# use_native_arm64_builder: true +# cache: false +# push_to_images: | +# tootsuite/mastodon-streaming +# ghcr.io/mastodon/mastodon-streaming +# version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }} +# labels: | +# org.opencontainers.image.description=Nightly build image used for testing purposes +# flavor: | +# latest=auto +# tags: | +# type=raw,value=edge +# type=raw,value=nightly +# type=raw,value=${{ needs.compute-suffix.outputs.prerelease }} +# secrets: inherit diff --git a/.github/workflows/bundler-audit.yml b/.github/workflows/bundler-audit.yml new file mode 100644 index 00000000..855c7275 --- /dev/null +++ b/.github/workflows/bundler-audit.yml @@ -0,0 +1,34 @@ +# name: Bundler Audit +# on: +# push: +# branches-ignore: +# - 'dependabot/**' +# paths: +# - 'Gemfile*' +# - '.ruby-version' +# - '.bundler-audit.yml' +# - '.github/workflows/bundler-audit.yml' + +# pull_request: +# paths: +# - 'Gemfile*' +# - '.ruby-version' +# - '.bundler-audit.yml' +# - '.github/workflows/bundler-audit.yml' + +# schedule: +# - cron: '0 5 * * 1' + +# jobs: +# security: +# runs-on: ubuntu-latest + +# steps: +# - name: Clone repository +# uses: actions/checkout@v4 + +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby + +# - name: Run bundler-audit +# run: bundle exec bundler-audit diff --git a/.github/workflows/check-i18n.yml b/.github/workflows/check-i18n.yml new file mode 100644 index 00000000..7a926f0f --- /dev/null +++ b/.github/workflows/check-i18n.yml @@ -0,0 +1,48 @@ +# name: Check i18n + +# on: +# push: +# branches: [main] +# pull_request: +# branches: [main] + +# env: +# RAILS_ENV: test + +# permissions: +# contents: read + +# jobs: +# check-i18n: +# runs-on: ubuntu-22.04 + +# steps: +# - uses: actions/checkout@v4 + +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby + +# - name: Set up Javascript environment +# uses: ./.github/actions/setup-javascript + +# - name: Check for missing strings in English JSON +# run: | +# yarn i18n:extract --throws +# git diff --exit-code + +# - name: Check locale file normalization +# run: bundle exec i18n-tasks check-normalized + +# - name: Check for unused strings +# run: bundle exec i18n-tasks unused + +# - name: Check for missing strings in English YML +# run: | +# bundle exec i18n-tasks add-missing -l en +# git diff --exit-code + +# - name: Check for wrong string interpolations +# run: bundle exec i18n-tasks check-consistent-interpolations + +# - name: Check that all required locale files exist +# run: bundle exec rake repo:check_locales_files diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..7923f2c6 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,62 @@ +# name: 'CodeQL' + +# on: +# push: +# branches: ['main'] +# pull_request: +# # The branches below must be a subset of the branches above +# branches: ['main'] +# schedule: +# - cron: '22 6 * * 1' + +# jobs: +# analyze: +# name: Analyze +# runs-on: ubuntu-latest +# permissions: +# actions: read +# contents: read +# security-events: write + +# strategy: +# fail-fast: false +# matrix: +# language: ['javascript', 'ruby'] +# # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] +# # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + +# steps: +# - name: Checkout repository +# uses: actions/checkout@v4 + +# # Initializes the CodeQL tools for scanning. +# - name: Initialize CodeQL +# uses: github/codeql-action/init@v3 +# with: +# languages: ${{ matrix.language }} +# # If you wish to specify custom queries, you can do so here or in a config file. +# # By default, queries listed here will override any specified in a config file. +# # Prefix the list here with "+" to use these queries and those in the config file. + +# # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs +# # queries: security-extended,security-and-quality + +# # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). +# # If this step fails, then you should remove it and run the build manually (see below) +# - name: Autobuild +# uses: github/codeql-action/autobuild@v3 + +# # ℹ️ Command-line programs to run using the OS shell. +# # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + +# # If the Autobuild fails above, remove it and uncomment the following three lines. +# # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + +# # - run: | +# # echo "Run, Build Application using script" +# # ./location_of_script_within_repo/buildscript.sh + +# - name: Perform CodeQL Analysis +# uses: github/codeql-action/analyze@v3 +# with: +# category: '/language:${{matrix.language}}' diff --git a/.github/workflows/crowdin-download.yml b/.github/workflows/crowdin-download.yml new file mode 100644 index 00000000..1b74aa8e --- /dev/null +++ b/.github/workflows/crowdin-download.yml @@ -0,0 +1,71 @@ +# name: Crowdin / Download translations +# on: +# schedule: +# - cron: '17 4 * * *' # Every day +# workflow_dispatch: + +# permissions: +# contents: write +# pull-requests: write + +# jobs: +# download-translations: +# runs-on: ubuntu-latest +# if: github.repository == 'mastodon/mastodon' + +# steps: +# - name: Checkout +# uses: actions/checkout@v4 + +# - name: Increase Git http.postBuffer +# # This is needed due to a bug in Ubuntu's cURL version? +# # See https://github.com/orgs/community/discussions/55820 +# run: | +# git config --global http.version HTTP/1.1 +# git config --global http.postBuffer 157286400 + +# # Download the translation files from Crowdin +# - name: crowdin action +# uses: crowdin/github-action@v1 +# with: +# upload_sources: false +# upload_translations: false +# download_translations: true +# crowdin_branch_name: main +# push_translations: false +# create_pull_request: false +# env: +# CROWDIN_PROJECT_ID: ${{ vars.CROWDIN_PROJECT_ID }} +# CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }} + +# # As the files are extracted from a Docker container, they belong to root:root +# # We need to fix this before the next steps +# - name: Fix file permissions +# run: sudo chown -R runner:docker . + +# # This is needed to run the normalize step +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby + +# - name: Run i18n normalize task +# run: bundle exec i18n-tasks normalize + +# # Create or update the pull request +# - name: Create Pull Request +# uses: peter-evans/create-pull-request@v6.0.2 +# with: +# commit-message: 'New Crowdin translations' +# title: 'New Crowdin Translations (automated)' +# author: 'GitHub Actions ' +# body: | +# New Crowdin translations, automated with Github Actions + +# See `.github/workflows/crowdin-download.yml` + +# This PR will be updated every day with new translations. + +# Due to a limitation in Github Actions, checks are not running on this PR without manual action. +# If you want to run the checks, then close and re-open it. +# branch: i18n/crowdin/translations +# base: main +# labels: i18n diff --git a/.github/workflows/crowdin-upload.yml b/.github/workflows/crowdin-upload.yml new file mode 100644 index 00000000..1235fb2b --- /dev/null +++ b/.github/workflows/crowdin-upload.yml @@ -0,0 +1,35 @@ +# name: Crowdin / Upload translations + +# on: +# push: +# branches: +# - main +# paths: +# - crowdin.yml +# - app/javascript/mastodon/locales/en.json +# - config/locales/en.yml +# - config/locales/simple_form.en.yml +# - config/locales/activerecord.en.yml +# - config/locales/devise.en.yml +# - config/locales/doorkeeper.en.yml +# - .github/workflows/crowdin-upload.yml + +# jobs: +# upload-translations: +# runs-on: ubuntu-latest + +# steps: +# - name: Checkout +# uses: actions/checkout@v4 + +# - name: crowdin action +# uses: crowdin/github-action@v1 +# with: +# upload_sources: true +# upload_translations: false +# download_translations: false +# crowdin_branch_name: main + +# env: +# CROWDIN_PROJECT_ID: ${{ vars.CROWDIN_PROJECT_ID }} +# CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }} diff --git a/.github/workflows/format-check.yml b/.github/workflows/format-check.yml new file mode 100644 index 00000000..f4ad32f1 --- /dev/null +++ b/.github/workflows/format-check.yml @@ -0,0 +1,18 @@ +# name: Check formatting +# on: +# push: +# pull_request: + +# jobs: +# lint: +# runs-on: ubuntu-latest + +# steps: +# - name: Clone repository +# uses: actions/checkout@v4 + +# - name: Set up Javascript environment +# uses: ./.github/actions/setup-javascript + +# - name: Check formatting with Prettier +# run: yarn format:check diff --git a/.github/workflows/haml-lint-problem-matcher.json b/.github/workflows/haml-lint-problem-matcher.json new file mode 100644 index 00000000..3523ea29 --- /dev/null +++ b/.github/workflows/haml-lint-problem-matcher.json @@ -0,0 +1,17 @@ +{ + "problemMatcher": [ + { + "owner": "haml-lint", + "severity": "warning", + "pattern": [ + { + "regexp": "^(.*):(\\d+)\\s\\[W]\\s(.*):\\s(.*)$", + "file": 1, + "line": 2, + "code": 3, + "message": 4 + } + ] + } + ] +} diff --git a/.github/workflows/lint-css.yml b/.github/workflows/lint-css.yml new file mode 100644 index 00000000..1f868a2c --- /dev/null +++ b/.github/workflows/lint-css.yml @@ -0,0 +1,46 @@ +# name: CSS Linting +# on: +# push: +# branches-ignore: +# - 'dependabot/**' +# - 'renovate/**' +# paths: +# - 'package.json' +# - 'yarn.lock' +# - '.nvmrc' +# - '.prettier*' +# - 'stylelint.config.js' +# - '**/*.css' +# - '**/*.scss' +# - '.github/workflows/lint-css.yml' +# - '.github/stylelint-matcher.json' + +# pull_request: +# paths: +# - 'package.json' +# - 'yarn.lock' +# - '.nvmrc' +# - '.prettier*' +# - 'stylelint.config.js' +# - '**/*.css' +# - '**/*.scss' +# - '.github/workflows/lint-css.yml' +# - '.github/stylelint-matcher.json' + +# jobs: +# lint: +# runs-on: ubuntu-latest + +# steps: +# - name: Clone repository +# uses: actions/checkout@v4 + +# - name: Set up Javascript environment +# uses: ./.github/actions/setup-javascript + +# - uses: xt0rted/stylelint-problem-matcher@v1 + +# - run: echo "::add-matcher::.github/stylelint-matcher.json" + +# - name: Stylelint +# run: yarn lint:css diff --git a/.github/workflows/lint-haml.yml b/.github/workflows/lint-haml.yml new file mode 100644 index 00000000..7588168e --- /dev/null +++ b/.github/workflows/lint-haml.yml @@ -0,0 +1,39 @@ +# name: Haml Linting +# on: +# push: +# branches-ignore: +# - 'dependabot/**' +# - 'renovate/**' +# paths: +# - '.github/workflows/haml-lint-problem-matcher.json' +# - '.github/workflows/lint-haml.yml' +# - '.haml-lint*.yml' +# - '.rubocop*.yml' +# - '.ruby-version' +# - '**/*.haml' +# - 'Gemfile*' + +# pull_request: +# paths: +# - '.github/workflows/haml-lint-problem-matcher.json' +# - '.github/workflows/lint-haml.yml' +# - '.haml-lint*.yml' +# - '.rubocop*.yml' +# - '.ruby-version' +# - '**/*.haml' +# - 'Gemfile*' + +# jobs: +# lint: +# runs-on: ubuntu-latest +# steps: +# - name: Clone repository +# uses: actions/checkout@v4 + +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby + +# - name: Run haml-lint +# run: | +# echo "::add-matcher::.github/workflows/haml-lint-problem-matcher.json" +# bundle exec haml-lint --reporter github diff --git a/.github/workflows/lint-js.yml b/.github/workflows/lint-js.yml new file mode 100644 index 00000000..1c2b9f85 --- /dev/null +++ b/.github/workflows/lint-js.yml @@ -0,0 +1,49 @@ +# name: JavaScript Linting +# on: +# push: +# branches-ignore: +# - 'dependabot/**' +# - 'renovate/**' +# paths: +# - 'package.json' +# - 'yarn.lock' +# - 'tsconfig.json' +# - '.nvmrc' +# - '.prettier*' +# - '.eslint*' +# - '**/*.js' +# - '**/*.jsx' +# - '**/*.ts' +# - '**/*.tsx' +# - '.github/workflows/lint-js.yml' + +# pull_request: +# paths: +# - 'package.json' +# - 'yarn.lock' +# - 'tsconfig.json' +# - '.nvmrc' +# - '.prettier*' +# - '.eslint*' +# - '**/*.js' +# - '**/*.jsx' +# - '**/*.ts' +# - '**/*.tsx' +# - '.github/workflows/lint-js.yml' + +# jobs: +# lint: +# runs-on: ubuntu-latest + +# steps: +# - name: Clone repository +# uses: actions/checkout@v4 + +# - name: Set up Javascript environment +# uses: ./.github/actions/setup-javascript + +# - name: ESLint +# run: yarn lint:js --max-warnings 0 + +# - name: Typecheck +# run: yarn typecheck diff --git a/.github/workflows/lint-ruby.yml b/.github/workflows/lint-ruby.yml new file mode 100644 index 00000000..d24b8824 --- /dev/null +++ b/.github/workflows/lint-ruby.yml @@ -0,0 +1,45 @@ +# name: Ruby Linting +# on: +# push: +# branches-ignore: +# - 'dependabot/**' +# - 'renovate/**' +# paths: +# - 'Gemfile*' +# - '.rubocop*.yml' +# - '.ruby-version' +# - 'config/brakeman.ignore' +# - '**/*.rb' +# - '**/*.rake' +# - '.github/workflows/lint-ruby.yml' + +# pull_request: +# paths: +# - 'Gemfile*' +# - '.rubocop*.yml' +# - '.ruby-version' +# - 'config/brakeman.ignore' +# - '**/*.rb' +# - '**/*.rake' +# - '.github/workflows/lint-ruby.yml' + +# jobs: +# lint: +# runs-on: ubuntu-latest + +# steps: +# - name: Clone repository +# uses: actions/checkout@v4 + +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby + +# - name: Set-up RuboCop Problem Matcher +# uses: r7kamura/rubocop-problem-matchers-action@v1 + +# - name: Run rubocop +# run: bundle exec rubocop + +# - name: Run brakeman +# if: always() # Run both checks, even if the first failed +# run: bundle exec brakeman diff --git a/.github/workflows/rebase-needed.yml b/.github/workflows/rebase-needed.yml new file mode 100644 index 00000000..34111b08 --- /dev/null +++ b/.github/workflows/rebase-needed.yml @@ -0,0 +1,27 @@ +# name: PR Needs Rebase + +# on: +# schedule: +# - cron: '0 * * * *' + +# permissions: +# pull-requests: write + +# jobs: +# label-rebase-needed: +# runs-on: ubuntu-latest + +# concurrency: +# group: ${{ github.workflow }}-${{ github.ref }} +# cancel-in-progress: true + +# steps: +# - name: Check for merge conflicts +# uses: eps1lon/actions-label-merge-conflict@releases/2.x +# with: +# dirtyLabel: 'rebase needed :construction:' +# repoToken: '${{ secrets.GITHUB_TOKEN }}' +# commentOnClean: This pull request has resolved merge conflicts and is ready for review. +# commentOnDirty: This pull request has merge conflicts that must be resolved before it can be merged. +# retryMax: 30 +# continueOnMissingPermissions: false diff --git a/.github/workflows/staging-deploy.yml b/.github/workflows/staging-deploy.yml new file mode 100644 index 00000000..32cad5c4 --- /dev/null +++ b/.github/workflows/staging-deploy.yml @@ -0,0 +1,83 @@ +run-name: Deploy to Patchwork Web Production by @${{ github.actor }} + +on: + workflow_dispatch: + push: + branches: + - staging + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +jobs: + Build: + name: Build and Push + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + with: + mask-password: 'true' + + # This is a separate action that sets up buildx runner + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v2 + + # Use Github action cache + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: ${{ secrets.REPOSITORY }} + IMAGE_TAG: ${{ vars.IMAGE_STAGING_TAG }} + run: | + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + # deploy: + # name: Deploy Server + # needs: Build + # runs-on: ubuntu-latest + # steps: + # - name: Git Checkout + # uses: actions/checkout@v2 + # - name: Echo Branch + # run: echo running on branch ${GITHUB_REF##*/} + # - uses: actions/setup-node@v3 + # with: + # node-version: 18 + # - name: Deploy to server + # uses: appleboy/ssh-action@master + # with: + # host: ${{ secrets.PROD_SERVER_IP }} + # username: ${{ secrets.PROD_SERVER_USERNAME }} + # port: ${{ secrets.PORT }} + # key: ${{ secrets.PROD_SSH_PRIVATE_KEY }} + # script: | + # eval "$(ssh-agent -s)" + # ssh-add ~/.ssh/patchwork_github-actions + # cd /home/ubuntu/devops + # ansible-playbook alldeploy.yml -e "@patchwork_web.json" \ No newline at end of file diff --git a/.github/workflows/test-image-build.yml b/.github/workflows/test-image-build.yml new file mode 100644 index 00000000..44dd0966 --- /dev/null +++ b/.github/workflows/test-image-build.yml @@ -0,0 +1,35 @@ +# name: Test container image build +# on: +# pull_request: +# paths: +# - .github/workflows/build-nightly.yml +# - .github/workflows/build-push-pr.yml +# - .github/workflows/build-releases.yml +# - .github/workflows/test-image-build.yml +# - Dockerfile +# - streaming/Dockerfile +# permissions: +# contents: read + +# jobs: +# build-image: +# concurrency: +# group: ${{ github.workflow }}-${{ github.ref }} +# cancel-in-progress: true + +# uses: ./.github/workflows/build-container-image.yml +# with: +# file_to_build: Dockerfile +# platforms: linux/amd64 # Taesting only on native platform so it is performant +# cache: true + +# build-image-streaming: +# concurrency: +# group: ${{ github.workflow }}-${{ github.ref }}-streaming +# cancel-in-progress: true + +# uses: ./.github/workflows/build-container-image.yml +# with: +# file_to_build: streaming/Dockerfile +# platforms: linux/amd64 # Testing only on native platform so it is performant +# cache: true diff --git a/.github/workflows/test-js.yml b/.github/workflows/test-js.yml new file mode 100644 index 00000000..e11e35e5 --- /dev/null +++ b/.github/workflows/test-js.yml @@ -0,0 +1,42 @@ +# name: JavaScript Testing +# on: +# push: +# branches-ignore: +# - 'dependabot/**' +# - 'renovate/**' +# paths: +# - 'package.json' +# - 'yarn.lock' +# - '.nvmrc' +# - '**/*.js' +# - '**/*.jsx' +# - '**/*.ts' +# - '**/*.tsx' +# - '**/*.snap' +# - '.github/workflows/test-js.yml' + +# pull_request: +# paths: +# - 'package.json' +# - 'yarn.lock' +# - '.nvmrc' +# - '**/*.js' +# - '**/*.jsx' +# - '**/*.ts' +# - '**/*.tsx' +# - '**/*.snap' +# - '.github/workflows/test-js.yml' + +# jobs: +# test: +# runs-on: ubuntu-latest + +# steps: +# - name: Clone repository +# uses: actions/checkout@v4 + +# - name: Set up Javascript environment +# uses: ./.github/actions/setup-javascript + +# - name: Jest testing +# run: yarn jest --reporters github-actions summary diff --git a/.github/workflows/test-migrations-one-step.yml b/.github/workflows/test-migrations-one-step.yml new file mode 100644 index 00000000..703ac966 --- /dev/null +++ b/.github/workflows/test-migrations-one-step.yml @@ -0,0 +1,88 @@ +# name: Test one step migrations +# on: +# push: +# branches-ignore: +# - 'dependabot/**' +# - 'renovate/**' +# pull_request: + +# jobs: +# pre_job: +# runs-on: ubuntu-latest + +# outputs: +# should_skip: ${{ steps.skip_check.outputs.should_skip }} + +# steps: +# - id: skip_check +# uses: fkirc/skip-duplicate-actions@v5 +# with: +# paths: '["Gemfile*", ".ruby-version", "**/*.rb", ".github/workflows/test-migrations-one-step.yml", "lib/tasks/tests.rake"]' + +# test: +# runs-on: ubuntu-latest +# needs: pre_job +# if: needs.pre_job.outputs.should_skip != 'true' + +# strategy: +# fail-fast: false + +# matrix: +# postgres: +# - 14-alpine +# - 15-alpine + +# services: +# postgres: +# image: postgres:${{ matrix.postgres}} +# env: +# POSTGRES_PASSWORD: postgres +# POSTGRES_USER: postgres +# options: >- +# --health-cmd pg_isready +# --health-interval 10s +# --health-timeout 5s +# --health-retries 5 +# ports: +# - 5432:5432 + +# redis: +# image: redis:7-alpine +# options: >- +# --health-cmd "redis-cli ping" +# --health-interval 10s +# --health-timeout 5s +# --health-retries 5 +# ports: +# - 6379:6379 + +# env: +# CONTINUOUS_INTEGRATION: true +# DB_HOST: localhost +# DB_USER: postgres +# DB_PASS: postgres +# DISABLE_SIMPLECOV: true +# RAILS_ENV: test +# BUNDLE_CLEAN: true +# BUNDLE_FROZEN: true +# BUNDLE_WITHOUT: 'development production' +# BUNDLE_JOBS: 3 +# BUNDLE_RETRY: 3 + +# steps: +# - uses: actions/checkout@v4 + +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby + +# - name: Create database +# run: './bin/rails db:create' + +# - name: Run historical migrations with data population +# run: './bin/rails tests:migrations:prepare_database' + +# - name: Run all remaining migrations +# run: './bin/rails db:migrate' + +# - name: Check migration result +# run: './bin/rails tests:migrations:check_database' diff --git a/.github/workflows/test-migrations-two-step.yml b/.github/workflows/test-migrations-two-step.yml new file mode 100644 index 00000000..f1bd8e3a --- /dev/null +++ b/.github/workflows/test-migrations-two-step.yml @@ -0,0 +1,95 @@ +# name: Test two step migrations +# on: +# push: +# branches-ignore: +# - 'dependabot/**' +# - 'renovate/**' +# pull_request: + +# jobs: +# pre_job: +# runs-on: ubuntu-latest + +# outputs: +# should_skip: ${{ steps.skip_check.outputs.should_skip }} + +# steps: +# - id: skip_check +# uses: fkirc/skip-duplicate-actions@v5 +# with: +# paths: '["Gemfile*", ".ruby-version", "**/*.rb", ".github/workflows/test-migrations-two-step.yml", "lib/tasks/tests.rake"]' + +# test: +# runs-on: ubuntu-latest +# needs: pre_job +# if: needs.pre_job.outputs.should_skip != 'true' + +# strategy: +# fail-fast: false + +# matrix: +# postgres: +# - 14-alpine +# - 15-alpine + +# services: +# postgres: +# image: postgres:${{ matrix.postgres}} +# env: +# POSTGRES_PASSWORD: postgres +# POSTGRES_USER: postgres +# options: >- +# --health-cmd pg_isready +# --health-interval 10s +# --health-timeout 5s +# --health-retries 5 +# ports: +# - 5432:5432 + +# redis: +# image: redis:7-alpine +# options: >- +# --health-cmd "redis-cli ping" +# --health-interval 10s +# --health-timeout 5s +# --health-retries 5 +# ports: +# - 6379:6379 + +# env: +# CONTINUOUS_INTEGRATION: true +# DB_HOST: localhost +# DB_USER: postgres +# DB_PASS: postgres +# DISABLE_SIMPLECOV: true +# RAILS_ENV: test +# BUNDLE_CLEAN: true +# BUNDLE_FROZEN: true +# BUNDLE_WITHOUT: 'development production' +# BUNDLE_JOBS: 3 +# BUNDLE_RETRY: 3 + +# steps: +# - uses: actions/checkout@v4 + +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby + +# - name: Create database +# run: './bin/rails db:create' + +# - name: Run historical migrations with data population +# run: './bin/rails tests:migrations:prepare_database' +# env: +# SKIP_POST_DEPLOYMENT_MIGRATIONS: true + +# - name: Run all remaining pre-deployment migrations +# run: './bin/rails db:migrate' +# env: +# SKIP_POST_DEPLOYMENT_MIGRATIONS: true + +# - name: Run all post-deployment migrations +# run: './bin/rails db:migrate' + +# - name: Check migration result +# run: './bin/rails tests:migrations:check_database' diff --git a/.github/workflows/test-ruby.yml b/.github/workflows/test-ruby.yml new file mode 100644 index 00000000..4abc7b8b --- /dev/null +++ b/.github/workflows/test-ruby.yml @@ -0,0 +1,334 @@ +# name: Ruby Testing + +# on: +# push: +# branches-ignore: +# - 'dependabot/**' +# - 'renovate/**' +# pull_request: + +# env: +# BUNDLE_CLEAN: true +# BUNDLE_FROZEN: true + +# concurrency: +# group: ${{ github.workflow }}-${{ github.ref }} +# cancel-in-progress: true + +# jobs: +# build: +# runs-on: ubuntu-latest + +# strategy: +# fail-fast: true +# matrix: +# mode: +# - production +# - test +# env: +# RAILS_ENV: ${{ matrix.mode }} +# BUNDLE_WITH: ${{ matrix.mode }} +# OTP_SECRET: precompile_placeholder +# SECRET_KEY_BASE: precompile_placeholder + +# steps: +# - uses: actions/checkout@v4 + +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby + +# - name: Set up Javascript environment +# uses: ./.github/actions/setup-javascript +# with: +# onlyProduction: 'true' + +# - name: Precompile assets +# # Previously had set this, but it's not supported +# # export NODE_OPTIONS=--openssl-legacy-provider +# run: |- +# ./bin/rails assets:precompile + +# - name: Archive asset artifacts +# run: | +# tar --exclude={"*.br","*.gz"} -zcf artifacts.tar.gz public/assets public/packs* + +# - uses: actions/upload-artifact@v4 +# if: matrix.mode == 'test' +# with: +# path: |- +# ./artifacts.tar.gz +# name: ${{ github.sha }} +# retention-days: 0 + +# test: +# runs-on: ubuntu-latest + +# needs: +# - build + +# services: +# postgres: +# image: postgres:14-alpine +# env: +# POSTGRES_PASSWORD: postgres +# POSTGRES_USER: postgres +# options: >- +# --health-cmd pg_isready +# --health-interval 10s +# --health-timeout 5s +# --health-retries 5 +# ports: +# - 5432:5432 + +# redis: +# image: redis:7-alpine +# options: >- +# --health-cmd "redis-cli ping" +# --health-interval 10s +# --health-timeout 5s +# --health-retries 5 +# ports: +# - 6379:6379 + +# env: +# DB_HOST: localhost +# DB_USER: postgres +# DB_PASS: postgres +# DISABLE_SIMPLECOV: ${{ matrix.ruby-version != '.ruby-version' }} +# RAILS_ENV: test +# ALLOW_NOPAM: true +# PAM_ENABLED: true +# PAM_DEFAULT_SERVICE: pam_test +# PAM_CONTROLLED_SERVICE: pam_test_controlled +# OIDC_ENABLED: true +# OIDC_SCOPE: read +# SAML_ENABLED: true +# CAS_ENABLED: true +# BUNDLE_WITH: 'pam_authentication test' +# GITHUB_RSPEC: ${{ matrix.ruby-version == '.ruby-version' && github.event.pull_request && 'true' }} + +# strategy: +# fail-fast: false +# matrix: +# ruby-version: +# - '3.0' +# - '3.1' +# - '.ruby-version' +# - '3.3' +# steps: +# - uses: actions/checkout@v4 + +# - uses: actions/download-artifact@v4 +# with: +# path: './' +# name: ${{ github.sha }} + +# - name: Expand archived asset artifacts +# run: | +# tar xvzf artifacts.tar.gz + +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby +# with: +# ruby-version: ${{ matrix.ruby-version}} +# additional-system-dependencies: ffmpeg imagemagick libpam-dev + +# - name: Load database schema +# run: './bin/rails db:create db:schema:load db:seed' + +# - run: bin/rspec + +# - name: Upload coverage reports to Codecov +# if: matrix.ruby-version == '.ruby-version' +# uses: codecov/codecov-action@v4 +# with: +# files: coverage/lcov/mastodon.lcov + +# test-e2e: +# name: End to End testing +# runs-on: ubuntu-latest + +# needs: +# - build + +# services: +# postgres: +# image: postgres:14-alpine +# env: +# POSTGRES_PASSWORD: postgres +# POSTGRES_USER: postgres +# options: >- +# --health-cmd pg_isready +# --health-interval 10s +# --health-timeout 5s +# --health-retries 5 +# ports: +# - 5432:5432 + +# redis: +# image: redis:7-alpine +# options: >- +# --health-cmd "redis-cli ping" +# --health-interval 10s +# --health-timeout 5s +# --health-retries 5 +# ports: +# - 6379:6379 + +# env: +# DB_HOST: localhost +# DB_USER: postgres +# DB_PASS: postgres +# DISABLE_SIMPLECOV: true +# RAILS_ENV: test +# BUNDLE_WITH: test + +# strategy: +# fail-fast: false +# matrix: +# ruby-version: +# - '3.0' +# - '3.1' +# - '.ruby-version' +# - '3.3' + +# steps: +# - uses: actions/checkout@v4 + +# - uses: actions/download-artifact@v4 +# with: +# path: './public' +# name: ${{ github.sha }} + +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby +# with: +# ruby-version: ${{ matrix.ruby-version}} +# additional-system-dependencies: ffmpeg imagemagick + +# - name: Set up Javascript environment +# uses: ./.github/actions/setup-javascript + +# - name: Load database schema +# run: './bin/rails db:create db:schema:load db:seed' + +# - run: bundle exec rake spec:system + +# - name: Archive logs +# uses: actions/upload-artifact@v4 +# if: failure() +# with: +# name: e2e-logs-${{ matrix.ruby-version }} +# path: log/ + +# - name: Archive test screenshots +# uses: actions/upload-artifact@v4 +# if: failure() +# with: +# name: e2e-screenshots +# path: tmp/capybara/ + +# test-search: +# name: Elastic Search integration testing +# runs-on: ubuntu-latest + +# needs: +# - build + +# services: +# postgres: +# image: postgres:14-alpine +# env: +# POSTGRES_PASSWORD: postgres +# POSTGRES_USER: postgres +# options: >- +# --health-cmd pg_isready +# --health-interval 10s +# --health-timeout 5s +# --health-retries 5 +# ports: +# - 5432:5432 + +# redis: +# image: redis:7-alpine +# options: >- +# --health-cmd "redis-cli ping" +# --health-interval 10s +# --health-timeout 5s +# --health-retries 5 +# ports: +# - 6379:6379 + +# search: +# image: ${{ matrix.search-image }} +# env: +# discovery.type: single-node +# xpack.security.enabled: false +# options: >- +# --health-cmd "curl http://localhost:9200/_cluster/health" +# --health-interval 10s +# --health-timeout 5s +# --health-retries 10 +# ports: +# - 9200:9200 + +# env: +# DB_HOST: localhost +# DB_USER: postgres +# DB_PASS: postgres +# DISABLE_SIMPLECOV: true +# RAILS_ENV: test +# BUNDLE_WITH: test +# ES_ENABLED: true +# ES_HOST: localhost +# ES_PORT: 9200 + +# strategy: +# fail-fast: false +# matrix: +# ruby-version: +# - '3.0' +# - '3.1' +# - '.ruby-version' +# - '3.3' +# search-image: +# - docker.elastic.co/elasticsearch/elasticsearch:7.17.13 +# include: +# - ruby-version: '.ruby-version' +# search-image: docker.elastic.co/elasticsearch/elasticsearch:8.10.2 + +# steps: +# - uses: actions/checkout@v4 + +# - uses: actions/download-artifact@v4 +# with: +# path: './public' +# name: ${{ github.sha }} + +# - name: Set up Ruby environment +# uses: ./.github/actions/setup-ruby +# with: +# ruby-version: ${{ matrix.ruby-version}} +# additional-system-dependencies: ffmpeg imagemagick + +# - name: Set up Javascript environment +# uses: ./.github/actions/setup-javascript + +# - name: Load database schema +# run: './bin/rails db:create db:schema:load db:seed' + +# - run: bin/rspec --tag search + +# - name: Archive logs +# uses: actions/upload-artifact@v4 +# if: failure() +# with: +# name: test-search-logs-${{ matrix.ruby-version }} +# path: log/ + +# - name: Archive test screenshots +# uses: actions/upload-artifact@v4 +# if: failure() +# with: +# name: test-search-screenshots +# path: tmp/capybara/