From 45a9d6f28cf3b44768df0dc35f72b8bee8d40bbb Mon Sep 17 00:00:00 2001 From: Kyle Carberry Date: Sun, 29 Jan 2023 18:32:03 +0000 Subject: [PATCH 1/8] chore: merge CI linting jobs --- .github/workflows/coder.yaml | 157 +++++++++++++---------------------- 1 file changed, 57 insertions(+), 100 deletions(-) diff --git a/.github/workflows/coder.yaml b/.github/workflows/coder.yaml index 9a79a590241d4..6aa4a573dbe39 100644 --- a/.github/workflows/coder.yaml +++ b/.github/workflows/coder.yaml @@ -28,109 +28,44 @@ concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' }} jobs: - typos: - runs-on: ubuntu-latest + lint: + runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} steps: - name: Checkout - uses: actions/checkout@v2 - - name: typos-action + uses: actions/checkout@v3 + + # Install Go! + - uses: actions/setup-go@v3 + with: + go-version: "~1.19" + + # Check for any typos! + - name: Check for typos uses: crate-ci/typos@v1.13.3 with: config: .github/workflows/typos.toml - - name: Fix Helper + - name: Fix the typos if: ${{ failure() }} run: | echo "::notice:: you can automatically fix typos from your CLI: cargo install typos-cli typos -c .github/workflows/typos.toml -w" - changes: - runs-on: ubuntu-latest - outputs: - docs-only: ${{ steps.filter.outputs.docs_count == steps.filter.outputs.all_count }} - sh: ${{ steps.filter.outputs.sh }} - ts: ${{ steps.filter.outputs.ts }} - k8s: ${{ steps.filter.outputs.k8s }} - steps: - - uses: actions/checkout@v3 - # For pull requests it's not necessary to checkout the code - - uses: dorny/paths-filter@v2 - id: filter - with: - filters: | - all: - - '**' - docs: - - 'docs/**' - # For testing: - # - '.github/**' - sh: - - "**.sh" - ts: - - 'site/**' - k8s: - - 'helm/**' - - Dockerfile - - scripts/helm.sh - - id: debug - run: | - echo "${{ toJSON(steps.filter )}}" - - # Debug step - debug-inputs: - needs: - - changes - runs-on: ubuntu-latest - steps: - - id: log - run: | - echo "${{ toJSON(needs) }}" - - style-lint-golangci: - name: style/lint/golangci - timeout-minutes: 5 - runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 - with: - go-version: "~1.19" - - name: golangci-lint + # Check for Go linting errors! + - name: Lint Go uses: golangci/golangci-lint-action@v3.3.1 with: version: v1.48.0 - check-enterprise-imports: - name: check/enterprise-imports - timeout-minutes: 5 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Check imports of enterprise code - run: ./scripts/check_enterprise_imports.sh - - style-lint-shellcheck: - name: style/lint/shellcheck - timeout-minutes: 5 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Run ShellCheck + - name: Lint shell scripts uses: ludeeus/action-shellcheck@1.1.0 env: SHELLCHECK_OPTS: --external-sources with: ignore: node_modules - style-lint-typescript: - name: "style/lint/typescript" - timeout-minutes: 5 - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Cache Node + # Lint our dashboard! + - name: Cache node_modules id: cache-node uses: actions/cache@v3 with: @@ -140,36 +75,59 @@ jobs: key: js-${{ runner.os }}-test-${{ hashFiles('**/yarn.lock') }} restore-keys: | js-${{ runner.os }}- - - name: Install node_modules run: ./scripts/yarn_install.sh - - - name: "yarn lint" + - name: Lint TypeScript run: yarn lint working-directory: site - style-lint-k8s: - name: "style/lint/k8s" - timeout-minutes: 5 - needs: changes - if: needs.changes.outputs.k8s == 'true' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - + # Make sure the Helm chart is linted! - name: Install helm uses: azure/setup-helm@v3 with: version: v3.9.2 - - - name: cd helm && make lint + - name: Lint Helm chart run: | cd helm make lint + # Ensure AGPL and Enterprise are separated! + - name: Check for AGPL code importing Enterprise... + run: ./scripts/check_enterprise_imports.sh + + changes: + runs-on: ubuntu-latest + outputs: + docs-only: ${{ steps.filter.outputs.docs_count == steps.filter.outputs.all_count }} + sh: ${{ steps.filter.outputs.sh }} + ts: ${{ steps.filter.outputs.ts }} + k8s: ${{ steps.filter.outputs.k8s }} + steps: + - uses: actions/checkout@v3 + # For pull requests it's not necessary to checkout the code + - uses: dorny/paths-filter@v2 + id: filter + with: + filters: | + all: + - '**' + docs: + - 'docs/**' + # For testing: + # - '.github/**' + sh: + - "**.sh" + ts: + - 'site/**' + k8s: + - 'helm/**' + - Dockerfile + - scripts/helm.sh + - id: debug + run: | + echo "${{ toJSON(steps.filter )}}" + gen: - name: "style/gen" timeout-minutes: 8 runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} needs: changes @@ -243,8 +201,7 @@ jobs: - name: Check for unstaged files run: ./scripts/check_unstaged.sh - style-fmt: - name: "style/fmt" + fmt: runs-on: ubuntu-latest timeout-minutes: 5 steps: From e8f786f544a05d7a9f322d41365065a012aba83e Mon Sep 17 00:00:00 2001 From: Kyle Carberry Date: Sun, 29 Jan 2023 18:41:02 +0000 Subject: [PATCH 2/8] Merge the `markdown-lint-check` step into `lint` --- .github/workflows/coder.yaml | 40 ++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/coder.yaml b/.github/workflows/coder.yaml index 6aa4a573dbe39..b3cfc72a04c0d 100644 --- a/.github/workflows/coder.yaml +++ b/.github/workflows/coder.yaml @@ -91,6 +91,26 @@ jobs: cd helm make lint + # Check for dead links in our markdown! + # For the main branch: + - if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork + uses: gaurav-nelson/github-action-markdown-link-check@v1\ + name: Check for dead links (main) + with: + use-quiet-mode: yes + use-verbose-mode: yes + config-file: .github/workflows/mlc_config.json + # For pull requests: + - if: github.ref != 'refs/heads/main' || github.event.pull_request.head.repo.fork + uses: gaurav-nelson/github-action-markdown-link-check@v1 + name: Check for dead links (pull request) + with: + use-quiet-mode: yes + use-verbose-mode: yes + check-modified-files-only: yes + base-branch: main + config-file: .github/workflows/mlc_config.json + # Ensure AGPL and Enterprise are separated! - name: Check for AGPL code importing Enterprise... run: ./scripts/check_enterprise_imports.sh @@ -650,23 +670,3 @@ jobs: buildScriptName: "storybook:build" projectToken: 695c25b6cb65 workingDir: "./site" - markdown-link-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - # For the main branch: - - if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: yes - use-verbose-mode: yes - config-file: .github/workflows/mlc_config.json - # For pull requests: - - if: github.ref != 'refs/heads/main' || github.event.pull_request.head.repo.fork - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: yes - use-verbose-mode: yes - check-modified-files-only: yes - base-branch: main - config-file: .github/workflows/mlc_config.json From 814e3dab3803c149cfb82999466c7b137c9dfc21 Mon Sep 17 00:00:00 2001 From: Kyle Carberry Date: Sun, 29 Jan 2023 18:45:23 +0000 Subject: [PATCH 3/8] Rename `coder.yaml` to `ci.yaml` --- .github/workflows/{coder.yaml => ci.yaml} | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) rename .github/workflows/{coder.yaml => ci.yaml} (98%) diff --git a/.github/workflows/coder.yaml b/.github/workflows/ci.yaml similarity index 98% rename from .github/workflows/coder.yaml rename to .github/workflows/ci.yaml index b3cfc72a04c0d..0ae115ea3fc56 100644 --- a/.github/workflows/coder.yaml +++ b/.github/workflows/ci.yaml @@ -1,4 +1,4 @@ -name: coder +name: ci on: push: @@ -257,7 +257,6 @@ jobs: run: ./scripts/check_unstaged.sh test-go: - name: "test/go" runs-on: ${{ matrix.os == 'ubuntu-latest' && github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || matrix.os == 'windows-2022' && github.repository_owner == 'coder' && 'windows-latest-8-cores'|| matrix.os }} timeout-minutes: 20 strategy: @@ -342,8 +341,7 @@ jobs: files: ./gotests.coverage flags: unittest-go-${{ matrix.os }} - test-go-postgres: - name: "test/go/postgres" + test-go-psql: runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} # This timeout must be greater than the timeout set by `go test` in # `make test-postgres` to ensure we receive a trace of running @@ -509,7 +507,6 @@ jobs: retention-days: 7 test-js: - name: "test/js" runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} timeout-minutes: 20 steps: @@ -549,16 +546,11 @@ jobs: flags: unittest-js test-e2e: - name: "test/e2e/${{ matrix.os }}" needs: - changes if: needs.changes.outputs.docs-only == 'false' - runs-on: ${{ matrix.os }} + runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} timeout-minutes: 20 - strategy: - matrix: - os: - - ubuntu-latest steps: - uses: actions/checkout@v3 From 6b3744aafed5d42c93741a596f17dd09a2c8ad22 Mon Sep 17 00:00:00 2001 From: Kyle Carberry Date: Sun, 29 Jan 2023 18:53:38 +0000 Subject: [PATCH 4/8] Improve casing of security workflow --- .github/workflows/security.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 3addc3d8b821b..ebe893034b4b5 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -1,4 +1,4 @@ -name: "Security" +name: "security" permissions: actions: read @@ -26,12 +26,11 @@ concurrency: jobs: codeql: - name: CodeQL runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} strategy: fail-fast: false matrix: - language: ["go", "javascript"] + language: ["go", "js"] steps: - name: Checkout repository @@ -73,7 +72,6 @@ jobs: category: "/language:${{matrix.language}}" trivy: - name: Trivy runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} steps: - uses: actions/checkout@v3 From b51b103c7631aef65881bae3174b52f62ba72f52 Mon Sep 17 00:00:00 2001 From: Kyle Carberry Date: Sun, 29 Jan 2023 18:59:33 +0000 Subject: [PATCH 5/8] Remove unused workflows and merge into contrib --- .github/workflows/cla.yaml | 26 ------------ .github/workflows/{pr.yaml => contrib.yaml} | 45 ++++++++++++++++++--- .github/workflows/dependabot.yaml | 13 ------ .github/workflows/welcome.yaml | 18 --------- 4 files changed, 40 insertions(+), 62 deletions(-) delete mode 100644 .github/workflows/cla.yaml rename .github/workflows/{pr.yaml => contrib.yaml} (74%) delete mode 100644 .github/workflows/dependabot.yaml delete mode 100644 .github/workflows/welcome.yaml diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml deleted file mode 100644 index 5893c9cdc618b..0000000000000 --- a/.github/workflows/cla.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: "CLA Assistant" -on: - issue_comment: - types: [created] - pull_request_target: - types: [opened, closed, synchronize] - -jobs: - CLAssistant: - runs-on: ubuntu-latest - steps: - - name: "CLA Assistant" - if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@v2.2.1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # the below token should have repo scope and must be manually added by you in the repository's secret - PERSONAL_ACCESS_TOKEN: ${{ secrets.CDRCOMMUNITY_GITHUB_TOKEN }} - with: - remote-organization-name: "coder" - remote-repository-name: "cla" - path-to-signatures: "v2022-09-04/signatures.json" - path-to-document: "https://github.com/coder/cla/blob/main/README.md" - # branch should not be protected - branch: "main" - allowlist: dependabot* diff --git a/.github/workflows/pr.yaml b/.github/workflows/contrib.yaml similarity index 74% rename from .github/workflows/pr.yaml rename to .github/workflows/contrib.yaml index 6033bca345a20..70f8e448d6ff5 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/contrib.yaml @@ -1,8 +1,13 @@ -name: Pull Request +name: contrib on: + issue_comment: + types: [created] pull_request_target: types: + - opened + - closed + - synchronize - labeled - unlabeled - opened @@ -13,11 +18,41 @@ on: concurrency: pr-${{ github.ref }} jobs: - lint-title: - name: Lint title + # Dependabot is annoying, but this makes it a bit less so. + auto-approve: + runs-on: ubuntu-latest + if: github.event_name == 'pull_request_target' + permissions: + pull-requests: write + steps: + - uses: hmarr/auto-approve-action@v3 + if: github.actor == 'dependabot[bot]' + + cla: + runs-on: ubuntu-latest + steps: + - name: cla + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' + uses: contributor-assistant/github-action@v2.2.1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # the below token should have repo scope and must be manually added by you in the repository's secret + PERSONAL_ACCESS_TOKEN: ${{ secrets.CDRCOMMUNITY_GITHUB_TOKEN }} + with: + remote-organization-name: "coder" + remote-repository-name: "cla" + path-to-signatures: "v2022-09-04/signatures.json" + path-to-document: "https://github.com/coder/cla/blob/main/README.md" + # branch should not be protected + branch: "main" + allowlist: dependabot* + + title: runs-on: ubuntu-latest + if: github.event_name == 'pull_request_target' steps: - - uses: amannn/action-semantic-pull-request@v5 + - name: Validate PR title + uses: amannn/action-semantic-pull-request@v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -29,7 +64,7 @@ jobs: # Depend on lint so that title is Conventional Commits-compatible. needs: [lint-title] # Skip tagging for draft PRs. - if: ${{ success() && !github.event.pull_request.draft }} + if: ${{ github.event_name == 'pull_request_target' && success() && !github.event.pull_request.draft }} steps: - uses: actions/github-script@v6 with: diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml deleted file mode 100644 index 066b4988c95aa..0000000000000 --- a/.github/workflows/dependabot.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# Dependabot is annoying, but this makes it a bit less so. -name: Auto Approve Dependabot - -on: pull_request_target - -jobs: - auto-approve: - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - uses: hmarr/auto-approve-action@v3 - if: github.actor == 'dependabot[bot]' diff --git a/.github/workflows/welcome.yaml b/.github/workflows/welcome.yaml deleted file mode 100644 index 80493eb6f6d4a..0000000000000 --- a/.github/workflows/welcome.yaml +++ /dev/null @@ -1,18 +0,0 @@ -name: Welcome -on: - pull_request: - types: [opened] -jobs: - test: - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - uses: wow-actions/welcome@v1 - with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - FIRST_PR_REACTIONS: "+1, hooray, rocket, heart" - FIRST_PR_COMMENT: | - 👋 Welcome @{{ author }} to Coder! Yo @coder/docs this is @{{ author }}'s first pull-request here! - FIRST_PR_MERGED: | - 🎉 Thanks for the contribution @{{ author }}! Yo @coder/docs @{{ author }}'s first contribution has been merged! 👀👀👀 From c777fb388a33f2e401369bcc87418649b5f9b28c Mon Sep 17 00:00:00 2001 From: Kyle Carberry Date: Sun, 29 Jan 2023 19:02:16 +0000 Subject: [PATCH 6/8] Format ci.yaml --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0ae115ea3fc56..147b6e3e7c4aa 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -549,7 +549,7 @@ jobs: needs: - changes if: needs.changes.outputs.docs-only == 'false' - runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} + runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }} timeout-minutes: 20 steps: - uses: actions/checkout@v3 From ec5e7f59bd21b6f8b57e55d80d81e7ec80c9f83e Mon Sep 17 00:00:00 2001 From: Kyle Carberry Date: Sun, 29 Jan 2023 19:03:43 +0000 Subject: [PATCH 7/8] Fix CodeQL language --- .github/workflows/security.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index ebe893034b4b5..eecb7f882f8c6 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -30,7 +30,7 @@ jobs: strategy: fail-fast: false matrix: - language: ["go", "js"] + language: ["go", "javascript"] steps: - name: Checkout repository From 05c794a925f9d77d51e180c73790c0173bdb2772 Mon Sep 17 00:00:00 2001 From: Kyle Carberry Date: Sun, 29 Jan 2023 19:04:50 +0000 Subject: [PATCH 8/8] Fix github action name --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 147b6e3e7c4aa..eac75e21ef56a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -94,7 +94,7 @@ jobs: # Check for dead links in our markdown! # For the main branch: - if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork - uses: gaurav-nelson/github-action-markdown-link-check@v1\ + uses: gaurav-nelson/github-action-markdown-link-check@v1 name: Check for dead links (main) with: use-quiet-mode: yes