ci: merge main to release (PR #6932)

ci: merge main to release
ietf-tools · Jan 17, 2024 · 2b38e66 · 2b38e66
2 parents 9e0d937 + 0ba7eaf
commit 2b38e66
Show file tree

Hide file tree

Showing 234 changed files with 2,346 additions and 2,008 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,11 +9,67 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    reviewers:
+      - "ngpixel"
   - package-ecosystem: "docker"
     directory: "/docker"
     schedule:
       interval: "weekly"
+    reviewers:
+      - "ngpixel"
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "weekly"
+    reviewers:
+      - "rjsparks"
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    reviewers:
+      - "ngpixel"
+    groups:
+      yarn:
+        patterns:
+          - "*"
+  - package-ecosystem: "npm"
+    directory: "/playwright"
+    schedule:
+      interval: "weekly"
+    reviewers:
+      - "ngpixel"
+    groups:
+      npm:
+        patterns:
+          - "*"
+  - package-ecosystem: "npm"
+    directory: "/dev/coverage-action"
+    schedule:
+      interval: "weekly"
+    reviewers:
+      - "ngpixel"
+    groups:
+      npm:
+        patterns:
+          - "*"
+  - package-ecosystem: "npm"
+    directory: "/dev/deploy-to-container"
+    schedule:
+      interval: "weekly"
+    reviewers:
+      - "ngpixel"
+    groups:
+      npm:
+        patterns:
+          - "*"
+  - package-ecosystem: "npm"
+    directory: "/dev/diff"
+    schedule:
+      interval: "weekly"
+    reviewers:
+      - "ngpixel"
+    groups:
+      npm:
+        patterns:
+          - "*"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -17,6 +17,11 @@ on:
         default: true
         required: true
         type: boolean
+      sandboxNoDbRefresh:
+        description: 'Sandbox Disable Daily DB Refresh'
+        default: false
+        required: true
+        type: boolean
       legacySandbox:
         description: 'Deploy to Legacy Sandbox'
         default: false
@@ -54,7 +59,8 @@ jobs:
     steps:   
     - uses: actions/checkout@v4
       with:
-        fetch-depth: 0
+        fetch-depth: 1
+        fetch-tags: false
 
     - name: Get Next Version
       if: ${{ github.ref_name == 'release' }}
@@ -126,21 +132,22 @@ jobs:
     steps:
     - uses: actions/checkout@v4
       with:
-        fetch-depth: 0
+        fetch-depth: 1
+        fetch-tags: false
 
     - name: Setup Node.js
       uses: actions/setup-node@v4
       with:
         node-version: '16'
 
     - name: Setup Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: '3.x'
 
     - name: Download a Coverage Results
       if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }}
-      uses: actions/download-artifact@v3.0.2
+      uses: actions/download-artifact@v4.1.1
       with:
         name: coverage
 
@@ -172,6 +179,20 @@ jobs:
         echo "Build release tarball..."
         mkdir -p /home/runner/work/release
         tar -czf /home/runner/work/release/release.tar.gz -X dev/deploy/exclude-patterns.txt .
+
+    - name: Collect + Push Statics
+      env:
+        DEBIAN_FRONTEND: noninteractive
+        AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_KEY_SECRET }}
+        AWS_DEFAULT_REGION: auto
+        AWS_ENDPOINT_URL: ${{ secrets.CF_R2_ENDPOINT }}
+      run: |
+        echo "Collecting statics..."
+        docker run --rm --name collectstatics -v $(pwd):/workspace ghcr.io/ietf-tools/datatracker-app-base:latest sh dev/deploy/collectstatics.sh
+        echo "Pushing statics..."
+        cd static
+        aws s3 sync . s3://static/dt/$PKG_VERSION --only-show-errors
         
     - name: Update CHANGELOG
       id: changelog
@@ -229,7 +250,7 @@ jobs:
         token: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Upload Build Artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: release-${{ env.PKG_VERSION }}
         path: /home/runner/work/release/release.tar.gz
@@ -310,7 +331,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Download a Release Artifact
-      uses: actions/download-artifact@v3.0.2
+      uses: actions/download-artifact@v4.1.1
       with:
         name: release-${{ env.PKG_VERSION }}
 
@@ -325,7 +346,7 @@ jobs:
         npm ci
         cd ../..
         echo "Start Deploy..."
-        node ./dev/deploy-to-container/cli.js --branch ${{ github.ref_name }} --domain dev.ietf.org --appversion ${{ env.PKG_VERSION }} --commit ${{ github.sha }} --ghrunid ${{ github.run_id }}
+        node ./dev/deploy-to-container/cli.js --branch ${{ github.ref_name }} --domain dev.ietf.org --appversion ${{ env.PKG_VERSION }} --commit ${{ github.sha }} --ghrunid ${{ github.run_id }} --nodbrefresh ${{ github.event.inputs.sandboxNoDbRefresh }}
         
     - name: Cleanup old docker resources
       env:
@@ -346,7 +367,7 @@ jobs:
 
     steps:
     - name: Download a Release Artifact
-      uses: actions/download-artifact@v3.0.2
+      uses: actions/download-artifact@v4.1.1
       with:
         name: release-${{ env.PKG_VERSION }}
         path: /a/www/ietf-datatracker/main.dev.${{ github.run_number }}

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -29,9 +29,9 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -18,3 +18,5 @@ jobs:
         uses: actions/checkout@v4
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v3
+        with:
+          vulnerability-check: false
diff --git a/.github/workflows/tests-az.yml b/.github/workflows/tests-az.yml
@@ -38,7 +38,7 @@ jobs:
         ssh-keyscan -t rsa $vminfo >> ~/.ssh/known_hosts
 
     - name: Remote SSH into VM
-      uses: appleboy/ssh-action@55dabf81b49d4120609345970c91507e2d734799
+      uses: appleboy/ssh-action@029f5b4aeeeb58fdfe1410a5d17f967dacf36262
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -52,7 +52,7 @@ jobs:
         coverage xml
 
     - name: Upload geckodriver.log
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: ${{ failure() }}
       with:
         name: geckodriverlog
@@ -69,7 +69,7 @@ jobs:
         mv latest-coverage.json coverage.json
         
     - name: Upload Coverage Results as Build Artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: ${{ always() }}
       with:
         name: coverage
@@ -103,7 +103,7 @@ jobs:
         npx playwright test --project=${{ matrix.project }}
         
     - name: Upload Report
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: ${{ always() }}
       continue-on-error: true
       with:
@@ -162,7 +162,7 @@ jobs:
         npx playwright test --project=${{ matrix.project }} -c playwright-legacy.config.js
         
     - name: Upload Report
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: ${{ always() }}
       continue-on-error: true
       with:

diff --git a/.gitignore b/.gitignore
@@ -23,6 +23,7 @@ datatracker.sublime-workspace
 /media
 /node_modules
 /release-coverage.json
+/static
 /tmp-*
 /.testresult
 *.pyc