OCram85/code-server
Archived
1
0
Fork 0
Code Pull Requests 2 Activity

refactor(ci): fix fetch-depth and add some caching (#5563)

Browse Source 
* refactor: rename ci -> build.yaml

* feat: add build.yaml

* feat: add node caching to platform jobs

* trigger ci
This commit is contained in:
Joe Previte 2022-09-19 09:56:34 -07:00 committed by GitHub
parent 987c68a32a
commit 4223cf6e2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 44 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
.github/workflows/ci.yaml → .github/workflows/build.yaml vendored
View File

@ -18,7 +18,7 @@ concurrency:
# Note: if: success() is used in several jobs - # Note: if: success() is used in several jobs -
# this ensures that it only executes if all previous jobs succeeded. # this ensures that it only executes if all previous jobs succeeded.
# if: steps.cache-yarn.outputs.cache-hit != 'true' # if: steps.cache-node-modules.outputs.cache-hit != 'true'
# will skip running `yarn install` if it successfully fetched from cache # will skip running `yarn install` if it successfully fetched from cache
jobs: jobs:
@ -29,9 +29,6 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: true
- name: Install Node.js v16 - name: Install Node.js v16
uses: actions/setup-node@v3 uses: actions/setup-node@v3
@ -40,9 +37,14 @@ jobs:
- name: Install helm - name: Install helm
uses: azure/setup-helm@v3.3 uses: azure/setup-helm@v3.3
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install helm kubeval plugin
run: helm plugin install https://github.com/instrumenta/helm-kubeval
- name: Fetch dependencies from cache - name: Fetch dependencies from cache
id: cache-yarn id: cache-node-modules
uses: actions/cache@v3 uses: actions/cache@v3
with: with:
path: "**/node_modules" path: "**/node_modules"
@ -51,8 +53,8 @@ jobs:
yarn-build- yarn-build-
- name: Install dependencies - name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true' if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: yarn --frozen-lockfile run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
- name: Run yarn fmt - name: Run yarn fmt
run: yarn fmt run: yarn fmt
@ -73,11 +75,13 @@ jobs:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:
fetch-depth: 0
submodules: true submodules: true
- name: Install quilt - name: Install quilt
run: sudo apt update && sudo apt install quilt uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: quilt
version: 1.0
- name: Patch Code - name: Patch Code
run: quilt push -a run: quilt push -a
@ -88,7 +92,7 @@ jobs:
node-version: "16" node-version: "16"
- name: Fetch dependencies from cache - name: Fetch dependencies from cache
id: cache-yarn id: cache-node-modules
uses: actions/cache@v3 uses: actions/cache@v3
with: with:
path: "**/node_modules" path: "**/node_modules"
@ -97,7 +101,7 @@ jobs:
yarn-build- yarn-build-
- name: Install dependencies - name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true' if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: yarn --frozen-lockfile run: yarn --frozen-lockfile
- name: Build code-server - name: Build code-server
@ -171,8 +175,6 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download artifact - name: Download artifact
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
@ -224,8 +226,6 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js v16 - name: Install Node.js v16
uses: actions/setup-node@v3 uses: actions/setup-node@v3
@ -262,8 +262,18 @@ jobs:
- name: Build standalone release - name: Build standalone release
run: source scl_source enable devtoolset-9 && yarn release:standalone run: source scl_source enable devtoolset-9 && yarn release:standalone
- name: Fetch dependencies from cache
id: cache-node-modules
uses: actions/cache@v3
with:
path: "**/node_modules"
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-build-
- name: Install test dependencies - name: Install test dependencies
run: SKIP_SUBMODULE_DEPS=1 yarn install if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
- name: Run integration tests on standalone release - name: Run integration tests on standalone release
run: yarn test:integration run: yarn test:integration
@ -320,8 +330,6 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js v16 - name: Install Node.js v16
uses: actions/setup-node@v3 uses: actions/setup-node@v3
@ -373,8 +381,6 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js v16 - name: Install Node.js v16
uses: actions/setup-node@v3 uses: actions/setup-node@v3
@ -398,7 +404,17 @@ jobs:
- name: Build standalone release - name: Build standalone release
run: yarn release:standalone run: yarn release:standalone
- name: Fetch dependencies from cache
id: cache-node-modules
uses: actions/cache@v3
with:
path: "**/node_modules"
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-build-
- name: Install test dependencies - name: Install test dependencies
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: SKIP_SUBMODULE_DEPS=1 yarn install run: SKIP_SUBMODULE_DEPS=1 yarn install
- name: Run integration tests on standalone release - name: Run integration tests on standalone release
@ -425,8 +441,6 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js v16 - name: Install Node.js v16
uses: actions/setup-node@v3 uses: actions/setup-node@v3
@ -434,7 +448,7 @@ jobs:
node-version: "16" node-version: "16"
- name: Fetch dependencies from cache - name: Fetch dependencies from cache
id: cache-yarn id: cache-node-modules
uses: actions/cache@v3 uses: actions/cache@v3
with: with:
path: "**/node_modules" path: "**/node_modules"
@ -455,7 +469,7 @@ jobs:
mv code-server*-linux-amd64 code-server-linux-amd64 mv code-server*-linux-amd64 code-server-linux-amd64
- name: Install dependencies - name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true' if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
- name: Install Playwright OS dependencies - name: Install Playwright OS dependencies
@ -488,8 +502,6 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js v16 - name: Install Node.js v16
uses: actions/setup-node@v3 uses: actions/setup-node@v3
@ -497,7 +509,7 @@ jobs:
node-version: "16" node-version: "16"
- name: Fetch dependencies from cache - name: Fetch dependencies from cache
id: cache-yarn id: cache-node-modules
uses: actions/cache@v3 uses: actions/cache@v3
with: with:
path: "**/node_modules" path: "**/node_modules"
@ -518,7 +530,7 @@ jobs:
mv code-server*-linux-amd64 code-server-linux-amd64 mv code-server*-linux-amd64 code-server-linux-amd64
- name: Install dependencies - name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true' if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
- name: Install Playwright OS dependencies - name: Install Playwright OS dependencies

2
.github/workflows/publish.yaml vendored
View File

@ -33,7 +33,7 @@ jobs:
id: download id: download
with: with:
branch: release/v${{ steps.version.outputs.version }} branch: release/v${{ steps.version.outputs.version }}
workflow: ci.yaml workflow: build.yaml
workflow_conclusion: completed workflow_conclusion: completed
name: "npm-package" name: "npm-package"
path: release-npm-package path: release-npm-package

2
.github/workflows/release.yaml vendored
View File

@ -26,7 +26,7 @@ jobs:
id: download id: download
with: with:
branch: ${{ github.ref }} branch: ${{ github.ref }}
workflow: ci.yaml workflow: build.yaml
workflow_conclusion: completed workflow_conclusion: completed
check_artifacts: true check_artifacts: true
name: release-packages name: release-packages

4
docs/SECURITY.md
View File

@ -16,10 +16,10 @@ We use the following tools to help us stay on top of vulnerability mitigation.
- [trivy](https://github.com/aquasecurity/trivy) - [trivy](https://github.com/aquasecurity/trivy)
- Comprehensive vulnerability scanner that runs on PRs into the default - Comprehensive vulnerability scanner that runs on PRs into the default
branch and scans both our container image and repository code (see branch and scans both our container image and repository code (see
`trivy-scan-repo` and `trivy-scan-image` jobs in `ci.yaml`) `trivy-scan-repo` and `trivy-scan-image` jobs in `build.yaml`)
- [`audit-ci`](https://github.com/IBM/audit-ci) - [`audit-ci`](https://github.com/IBM/audit-ci)
- Audits npm and Yarn dependencies in CI (see `Audit for vulnerabilities` step - Audits npm and Yarn dependencies in CI (see `Audit for vulnerabilities` step
in `ci.yaml`) on PRs into the default branch and fails CI if moderate or in `build.yaml`) on PRs into the default branch and fails CI if moderate or
higher vulnerabilities (see the `audit.sh` script) are present. higher vulnerabilities (see the `audit.sh` script) are present.
## Supported Versions ## Supported Versions