diff --git a/.github/workflows/coder.yaml b/.github/workflows/ci.yaml similarity index 92% rename from .github/workflows/coder.yaml rename to .github/workflows/ci.yaml index 9a79a590241d4..eac75e21ef56a 100644 --- a/.github/workflows/coder.yaml +++ b/.github/workflows/ci.yaml @@ -1,4 +1,4 @@ -name: coder +name: ci on: push: @@ -28,109 +28,44 @@ concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' }} jobs: - typos: - runs-on: ubuntu-latest + lint: + runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} steps: - name: Checkout - uses: actions/checkout@v2 - - name: typos-action + uses: actions/checkout@v3 + + # Install Go! + - uses: actions/setup-go@v3 + with: + go-version: "~1.19" + + # Check for any typos! + - name: Check for typos uses: crate-ci/typos@v1.13.3 with: config: .github/workflows/typos.toml - - name: Fix Helper + - name: Fix the typos if: ${{ failure() }} run: | echo "::notice:: you can automatically fix typos from your CLI: cargo install typos-cli typos -c .github/workflows/typos.toml -w" - changes: - runs-on: ubuntu-latest - outputs: - docs-only: ${{ steps.filter.outputs.docs_count == steps.filter.outputs.all_count }} - sh: ${{ steps.filter.outputs.sh }} - ts: ${{ steps.filter.outputs.ts }} - k8s: ${{ steps.filter.outputs.k8s }} - steps: - - uses: actions/checkout@v3 - # For pull requests it's not necessary to checkout the code - - uses: dorny/paths-filter@v2 - id: filter - with: - filters: | - all: - - '**' - docs: - - 'docs/**' - # For testing: - # - '.github/**' - sh: - - "**.sh" - ts: - - 'site/**' - k8s: - - 'helm/**' - - Dockerfile - - scripts/helm.sh - - id: debug - run: | - echo "${{ toJSON(steps.filter )}}" - - # Debug step - debug-inputs: - needs: - - changes - runs-on: ubuntu-latest - steps: - - id: log - run: | - echo "${{ toJSON(needs) }}" - - style-lint-golangci: - name: style/lint/golangci - timeout-minutes: 5 - runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 - with: - go-version: "~1.19" - - name: golangci-lint + # Check for Go linting errors! + - name: Lint Go uses: golangci/golangci-lint-action@v3.3.1 with: version: v1.48.0 - check-enterprise-imports: - name: check/enterprise-imports - timeout-minutes: 5 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Check imports of enterprise code - run: ./scripts/check_enterprise_imports.sh - - style-lint-shellcheck: - name: style/lint/shellcheck - timeout-minutes: 5 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Run ShellCheck + - name: Lint shell scripts uses: ludeeus/action-shellcheck@1.1.0 env: SHELLCHECK_OPTS: --external-sources with: ignore: node_modules - style-lint-typescript: - name: "style/lint/typescript" - timeout-minutes: 5 - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Cache Node + # Lint our dashboard! + - name: Cache node_modules id: cache-node uses: actions/cache@v3 with: @@ -140,36 +75,79 @@ jobs: key: js-${{ runner.os }}-test-${{ hashFiles('**/yarn.lock') }} restore-keys: | js-${{ runner.os }}- - - name: Install node_modules run: ./scripts/yarn_install.sh - - - name: "yarn lint" + - name: Lint TypeScript run: yarn lint working-directory: site - style-lint-k8s: - name: "style/lint/k8s" - timeout-minutes: 5 - needs: changes - if: needs.changes.outputs.k8s == 'true' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - + # Make sure the Helm chart is linted! - name: Install helm uses: azure/setup-helm@v3 with: version: v3.9.2 - - - name: cd helm && make lint + - name: Lint Helm chart run: | cd helm make lint + # Check for dead links in our markdown! + # For the main branch: + - if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork + uses: gaurav-nelson/github-action-markdown-link-check@v1 + name: Check for dead links (main) + with: + use-quiet-mode: yes + use-verbose-mode: yes + config-file: .github/workflows/mlc_config.json + # For pull requests: + - if: github.ref != 'refs/heads/main' || github.event.pull_request.head.repo.fork + uses: gaurav-nelson/github-action-markdown-link-check@v1 + name: Check for dead links (pull request) + with: + use-quiet-mode: yes + use-verbose-mode: yes + check-modified-files-only: yes + base-branch: main + config-file: .github/workflows/mlc_config.json + + # Ensure AGPL and Enterprise are separated! + - name: Check for AGPL code importing Enterprise... + run: ./scripts/check_enterprise_imports.sh + + changes: + runs-on: ubuntu-latest + outputs: + docs-only: ${{ steps.filter.outputs.docs_count == steps.filter.outputs.all_count }} + sh: ${{ steps.filter.outputs.sh }} + ts: ${{ steps.filter.outputs.ts }} + k8s: ${{ steps.filter.outputs.k8s }} + steps: + - uses: actions/checkout@v3 + # For pull requests it's not necessary to checkout the code + - uses: dorny/paths-filter@v2 + id: filter + with: + filters: | + all: + - '**' + docs: + - 'docs/**' + # For testing: + # - '.github/**' + sh: + - "**.sh" + ts: + - 'site/**' + k8s: + - 'helm/**' + - Dockerfile + - scripts/helm.sh + - id: debug + run: | + echo "${{ toJSON(steps.filter )}}" + gen: - name: "style/gen" timeout-minutes: 8 runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} needs: changes @@ -243,8 +221,7 @@ jobs: - name: Check for unstaged files run: ./scripts/check_unstaged.sh - style-fmt: - name: "style/fmt" + fmt: runs-on: ubuntu-latest timeout-minutes: 5 steps: @@ -280,7 +257,6 @@ jobs: run: ./scripts/check_unstaged.sh test-go: - name: "test/go" runs-on: ${{ matrix.os == 'ubuntu-latest' && github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || matrix.os == 'windows-2022' && github.repository_owner == 'coder' && 'windows-latest-8-cores'|| matrix.os }} timeout-minutes: 20 strategy: @@ -365,8 +341,7 @@ jobs: files: ./gotests.coverage flags: unittest-go-${{ matrix.os }} - test-go-postgres: - name: "test/go/postgres" + test-go-psql: runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} # This timeout must be greater than the timeout set by `go test` in # `make test-postgres` to ensure we receive a trace of running @@ -532,7 +507,6 @@ jobs: retention-days: 7 test-js: - name: "test/js" runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} timeout-minutes: 20 steps: @@ -572,16 +546,11 @@ jobs: flags: unittest-js test-e2e: - name: "test/e2e/${{ matrix.os }}" needs: - changes if: needs.changes.outputs.docs-only == 'false' - runs-on: ${{ matrix.os }} + runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} timeout-minutes: 20 - strategy: - matrix: - os: - - ubuntu-latest steps: - uses: actions/checkout@v3 @@ -693,23 +662,3 @@ jobs: buildScriptName: "storybook:build" projectToken: 695c25b6cb65 workingDir: "./site" - markdown-link-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - # For the main branch: - - if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: yes - use-verbose-mode: yes - config-file: .github/workflows/mlc_config.json - # For pull requests: - - if: github.ref != 'refs/heads/main' || github.event.pull_request.head.repo.fork - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: yes - use-verbose-mode: yes - check-modified-files-only: yes - base-branch: main - config-file: .github/workflows/mlc_config.json diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml deleted file mode 100644 index 5893c9cdc618b..0000000000000 --- a/.github/workflows/cla.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: "CLA Assistant" -on: - issue_comment: - types: [created] - pull_request_target: - types: [opened, closed, synchronize] - -jobs: - CLAssistant: - runs-on: ubuntu-latest - steps: - - name: "CLA Assistant" - if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@v2.2.1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # the below token should have repo scope and must be manually added by you in the repository's secret - PERSONAL_ACCESS_TOKEN: ${{ secrets.CDRCOMMUNITY_GITHUB_TOKEN }} - with: - remote-organization-name: "coder" - remote-repository-name: "cla" - path-to-signatures: "v2022-09-04/signatures.json" - path-to-document: "https://github.com/coder/cla/blob/main/README.md" - # branch should not be protected - branch: "main" - allowlist: dependabot* diff --git a/.github/workflows/pr.yaml b/.github/workflows/contrib.yaml similarity index 74% rename from .github/workflows/pr.yaml rename to .github/workflows/contrib.yaml index 6033bca345a20..70f8e448d6ff5 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/contrib.yaml @@ -1,8 +1,13 @@ -name: Pull Request +name: contrib on: + issue_comment: + types: [created] pull_request_target: types: + - opened + - closed + - synchronize - labeled - unlabeled - opened @@ -13,11 +18,41 @@ on: concurrency: pr-${{ github.ref }} jobs: - lint-title: - name: Lint title + # Dependabot is annoying, but this makes it a bit less so. + auto-approve: + runs-on: ubuntu-latest + if: github.event_name == 'pull_request_target' + permissions: + pull-requests: write + steps: + - uses: hmarr/auto-approve-action@v3 + if: github.actor == 'dependabot[bot]' + + cla: + runs-on: ubuntu-latest + steps: + - name: cla + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' + uses: contributor-assistant/github-action@v2.2.1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # the below token should have repo scope and must be manually added by you in the repository's secret + PERSONAL_ACCESS_TOKEN: ${{ secrets.CDRCOMMUNITY_GITHUB_TOKEN }} + with: + remote-organization-name: "coder" + remote-repository-name: "cla" + path-to-signatures: "v2022-09-04/signatures.json" + path-to-document: "https://github.com/coder/cla/blob/main/README.md" + # branch should not be protected + branch: "main" + allowlist: dependabot* + + title: runs-on: ubuntu-latest + if: github.event_name == 'pull_request_target' steps: - - uses: amannn/action-semantic-pull-request@v5 + - name: Validate PR title + uses: amannn/action-semantic-pull-request@v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -29,7 +64,7 @@ jobs: # Depend on lint so that title is Conventional Commits-compatible. needs: [lint-title] # Skip tagging for draft PRs. - if: ${{ success() && !github.event.pull_request.draft }} + if: ${{ github.event_name == 'pull_request_target' && success() && !github.event.pull_request.draft }} steps: - uses: actions/github-script@v6 with: diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml deleted file mode 100644 index 066b4988c95aa..0000000000000 --- a/.github/workflows/dependabot.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# Dependabot is annoying, but this makes it a bit less so. -name: Auto Approve Dependabot - -on: pull_request_target - -jobs: - auto-approve: - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - uses: hmarr/auto-approve-action@v3 - if: github.actor == 'dependabot[bot]' diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 3addc3d8b821b..eecb7f882f8c6 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -1,4 +1,4 @@ -name: "Security" +name: "security" permissions: actions: read @@ -26,7 +26,6 @@ concurrency: jobs: codeql: - name: CodeQL runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} strategy: fail-fast: false @@ -73,7 +72,6 @@ jobs: category: "/language:${{matrix.language}}" trivy: - name: Trivy runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/welcome.yaml b/.github/workflows/welcome.yaml deleted file mode 100644 index 80493eb6f6d4a..0000000000000 --- a/.github/workflows/welcome.yaml +++ /dev/null @@ -1,18 +0,0 @@ -name: Welcome -on: - pull_request: - types: [opened] -jobs: - test: - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - uses: wow-actions/welcome@v1 - with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - FIRST_PR_REACTIONS: "+1, hooray, rocket, heart" - FIRST_PR_COMMENT: | - 👋 Welcome @{{ author }} to Coder! Yo @coder/docs this is @{{ author }}'s first pull-request here! - FIRST_PR_MERGED: | - 🎉 Thanks for the contribution @{{ author }}! Yo @coder/docs @{{ author }}'s first contribution has been merged! 👀👀👀