chore(deps): upgrade dependencies #750
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen". | |
| name: build | |
| on: | |
| pull_request: {} | |
| workflow_dispatch: {} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| outputs: | |
| self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }} | |
| env: | |
| CI: "true" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| - name: Install dependencies | |
| run: yarn install --check-files | |
| - name: build | |
| run: npx projen build | |
| - name: Find mutations | |
| id: self_mutation | |
| run: |- | |
| git add . | |
| git diff --staged --patch --exit-code > repo.patch || echo "self_mutation_happened=true" >> $GITHUB_OUTPUT | |
| working-directory: ./ | |
| - name: Upload patch | |
| if: steps.self_mutation.outputs.self_mutation_happened | |
| uses: actions/[email protected] | |
| with: | |
| name: repo.patch | |
| path: repo.patch | |
| overwrite: true | |
| - name: Fail build on mutation | |
| if: steps.self_mutation.outputs.self_mutation_happened | |
| run: |- | |
| echo "::error::Files were changed during build (see build log). If this was triggered from a fork, you will need to update your branch." | |
| cat repo.patch | |
| exit 1 | |
| - name: Backup artifact permissions | |
| run: cd dist && getfacl -R . > permissions-backup.acl | |
| continue-on-error: true | |
| - name: Upload artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: build-artifact | |
| path: dist | |
| overwrite: true | |
| self-mutation: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository) | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.PROJEN_GITHUB_TOKEN }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Download patch | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: repo.patch | |
| path: ${{ runner.temp }} | |
| - name: Apply patch | |
| run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."' | |
| - name: Set git identity | |
| run: |- | |
| git config user.name "github-actions" | |
| git config user.email "[email protected]" | |
| - name: Push changes | |
| env: | |
| PULL_REQUEST_REF: ${{ github.event.pull_request.head.ref }} | |
| run: |- | |
| git add . | |
| git commit -s -m "chore: self mutation" | |
| git push origin HEAD:$PULL_REQUEST_REF | |
| package-js: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| if: ${{ !needs.build.outputs.self_mutation_happened }} | |
| steps: | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build-artifact | |
| path: dist | |
| - name: Restore build artifact permissions | |
| run: cd dist && setfacl --restore=permissions-backup.acl | |
| continue-on-error: true | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| path: .repo | |
| - name: Install Dependencies | |
| run: cd .repo && yarn install --check-files --frozen-lockfile | |
| - name: Extract build artifact | |
| run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo | |
| - name: Move build artifact out of the way | |
| run: mv dist dist.old | |
| - name: Create js artifact | |
| run: cd .repo && npx projen package:js | |
| - name: Collect js artifact | |
| run: mv .repo/dist dist | |
| e2e_integ_test: | |
| name: Run e2e integ tests | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| outputs: | |
| self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }} | |
| if: "!(needs.build.outputs.self_mutation_happened) && !(github.event.pull_request.head.repo.full_name != github.repository)" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-1 | |
| role-to-assume: ${{ secrets.E2E_INTEG_ROLE }} | |
| role-session-name: e2e-integ-test-federatedOIDC | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| - name: Install dependencies | |
| run: yarn install --check-files | |
| - name: Prepare integ tests | |
| run: yarn run compile | |
| - name: Run e2e integ tests | |
| run: yarn run integ-test | |
| timeout-minutes: 15 | |
| - name: Install Python dependencies | |
| run: pip install -r requirements.txt | |
| working-directory: integ-tests | |
| - name: Post e2e integ tests cleanup | |
| run: |- | |
| for bucket in $(aws s3 ls | grep rootmailinteg | awk '{ print $3 }'); do echo $bucket; python cleanup/empty-and-delete-s3-bucket.py $bucket; done | |
| for lgregion in eu-west-1 eu-west-2; do echo $lgregion; python cleanup/delete-log-groups.py Integ $lgregion; done | |
| working-directory: integ-tests | |
| - name: Find mutations | |
| id: self_mutation | |
| run: |- | |
| git add . | |
| git diff --staged --patch --exit-code > repo.patch || echo "self_mutation_happened=true" >> $GITHUB_OUTPUT | |
| working-directory: ./ | |
| - name: Debug output | |
| run: cat $GITHUB_OUTPUT | |
| - name: Upload patch | |
| if: steps.self_mutation.outputs.self_mutation_happened | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: repo.patch | |
| path: repo.patch | |
| overwrite: true | |
| self-mutation-e2e: | |
| name: Self mutation after e2e integ tests | |
| needs: e2e_integ_test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| if: always() && needs.e2e_integ_test.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository) | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.PROJEN_GITHUB_TOKEN }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Download patch | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: repo.patch | |
| path: ${{ runner.temp }} | |
| - name: Apply patch | |
| run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."' | |
| - name: Set git identity | |
| run: |- | |
| git config user.name "github-actions" | |
| git config user.email "[email protected]" | |
| - name: Push changes | |
| env: | |
| PULL_REQUEST_REF: ${{ github.event.pull_request.head.ref }} | |
| run: |- | |
| git add . | |
| git commit -s -m "chore: self mutation after e2e integ tests" | |
| git push origin HEAD:$PULL_REQUEST_REF | |
| release_s3_dev: | |
| name: Publish to S3 (dev) | |
| needs: e2e_integ_test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| if: "!(needs.e2e_integ_test.outputs.self_mutation_happened) && !(github.event.pull_request.head.repo.full_name != github.repository)" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-1 | |
| role-to-assume: ${{ secrets.DEV_RELEASE_ROLE }} | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| - name: Install Build and publish assets dependencies | |
| run: |- | |
| pip install cfn-flip && cfn-flip --version | |
| yarn global add aws-cdk | |
| yarn global add esbuild | |
| - name: Additional install, build and synth | |
| run: yarn install && yarn build | |
| - name: Inject environment variables | |
| uses: FranzDiebold/github-env-vars-action@v2 | |
| - name: Prepare version for branch | |
| run: |- | |
| mkdir -p $GITHUB_WORKSPACE/dist | |
| echo "0.0.0-${CI_HEAD_REF_SLUG}-$(date -u +'%Y%m%d-%H%M%S')-${GITHUB_SHA::8}" > $GITHUB_WORKSPACE/dist/releasetag.txt | |
| - name: Build and publish assets | |
| env: | |
| S3_PUBLISH_BUCKET: mvc-dev-releases | |
| S3_FILE_ASSETS_BUCKET_PREFIX: mvc-dev-assets | |
| RELEASE_TAG_FILE: dist/releasetag.txt | |
| RELEASE_RETRIES: "20" | |
| RELEASE_REGIONS: us-east-1,eu-west-1,us-west-2,eu-central-1,us-east-2,ca-central-1,ap-northeast-1,ap-southeast-1,ap-southeast-2 | |
| RELEASE_PREFIX: rootmail | |
| run: |- | |
| set -x | |
| echo $GITHUB_WORKSPACE | |
| pwd | |
| ls -lash | |
| ls -lash $GITHUB_WORKSPACE/dist || true | |
| ls -lash $GITHUB_WORKSPACE/dist.old || true | |
| ls -lash $GITHUB_WORKSPACE/.repo || true | |
| set +x | |
| export RELEASE_NAME=${CI_REPOSITORY_NAME} | |
| export RELEASE_VERSION=$(cat $GITHUB_WORKSPACE/$RELEASE_TAG_FILE) | |
| echo "Releasing ${CI_REPOSITORY_NAME} with prefix ${RELEASE_PREFIX} and version ${RELEASE_VERSION} to S3 bucket ${S3_PUBLISH_BUCKET} and file assets bucket prefix ${S3_FILE_ASSETS_BUCKET_PREFIX}" | |
| yarn install | |
| yarn compile | |
| yarn synth | |
| yarn publish-assets | |
| aws s3 cp cdk.out/${RELEASE_NAME}.template.json s3://${S3_PUBLISH_BUCKET}/${RELEASE_PREFIX}/${RELEASE_VERSION}/ | |
| cfn-flip cdk.out/${RELEASE_NAME}.template.json cdk.out/${RELEASE_NAME}.template.yaml | |
| aws s3 cp cdk.out/${RELEASE_NAME}.template.yaml s3://${S3_PUBLISH_BUCKET}/${RELEASE_PREFIX}/${RELEASE_VERSION}/ | |
| - name: Upload release version | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: release-version | |
| path: dist/releasetag.txt | |
| e2e_cloudformation_test: | |
| name: Run e2e cloudformation tests | |
| needs: release_s3_dev | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-1 | |
| role-to-assume: ${{ secrets.E2E_INTEG_ROLE }} | |
| role-session-name: e2e-cloudformation-test-federatedOIDC | |
| - name: Download release version | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: release-version | |
| path: ${{ runner.temp }} | |
| - name: Create e2e cloudformation stack | |
| run: |- | |
| ls -R ${{ runner.temp }} | |
| echo "Relase version: $(cat ${{ runner.temp }}/releasetag.txt)" | |
| bash integ-tests/create-e2e-cfn-stack.bash $(cat ${{ runner.temp }}/releasetag.txt) | |
| timeout-minutes: 11 | |
| - name: Delete e2e cloudformation stack | |
| run: bash integ-tests/delete-e2e-cfn-stack.bash | |
| timeout-minutes: 11 | |
| - name: Install Python dependencies | |
| run: pip install -r requirements.txt | |
| working-directory: integ-tests | |
| - name: Post e2e integ tests cleanup | |
| run: |- | |
| for bucket in $(aws s3 ls | grep rootmail-cfn | awk '{ print $3 }'); do echo $bucket; python cleanup/empty-and-delete-s3-bucket.py $bucket; done | |
| for lgregion in eu-central-1; do echo $lgregion; python cleanup/delete-log-groups.py rootmail-cfn $lgregion; done | |
| working-directory: integ-tests |