diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 3aa7513..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,74 +0,0 @@ - -name: build -on: - pull_request: {} - workflow_dispatch: {} -jobs: - build: - runs-on: ubuntu-latest - permissions: - contents: write - outputs: - self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }} - env: - CI: "true" - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.ref }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: 14.0.0 - - name: Install dependencies - run: npm install - - name: build - run: scripts/run-task build - - name: Find mutations - id: self_mutation - run: |- - git add . - git diff --staged --patch --exit-code > .repo.patch || echo "::set-output name=self_mutation_happened::true" - - name: Upload patch - if: steps.self_mutation.outputs.self_mutation_happened - uses: actions/upload-artifact@v2 - with: - name: .repo.patch - path: .repo.patch - - name: Fail build on mutation - if: steps.self_mutation.outputs.self_mutation_happened - run: |- - echo "::error::Files were changed during build (see build log). If this was triggered from a fork, you will need to update your branch." - cat .repo.patch - exit 1 - self-mutation: - needs: build - runs-on: ubuntu-latest - permissions: - contents: write - if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository) - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - token: ${{ secrets.PROJEN_GITHUB_TOKEN }} - ref: ${{ github.event.pull_request.head.ref }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - - name: Download patch - uses: actions/download-artifact@v3 - with: - name: .repo.patch - path: ${{ runner.temp }} - - name: Apply patch - run: '[ -s ${{ runner.temp }}/.repo.patch ] && git apply ${{ runner.temp }}/.repo.patch || echo "Empty patch. Skipping."' - - name: Set git identity - run: |- - git config user.name "github-actions" - git config user.email "github-actions@github.com" - - name: Push changes - run: |2- - git add . - git commit -s -m "chore: self mutation" - git push origin HEAD:${{ github.event.pull_request.head.ref }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 6381416..0000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [main] - pull_request: - branches: [main] - schedule: - - cron: '0 0 * * 2' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - security-events: write - strategy: - fail-fast: false - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Initalize CodeQL - uses: github/codeql-actions/init@v2 - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml index e21e82e..f4d20b4 100644 --- a/.github/workflows/package.yml +++ b/.github/workflows/package.yml @@ -1,10 +1,9 @@ -name: Update dist files on target branch +name: Update dist files on main branch on: push: branches: - main - - v1-node16 paths-ignore: - 'dist/**' @@ -16,8 +15,19 @@ jobs: id-token: write contents: read steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ github.ref_name }} + persist-credentials: false + - name: Package + run: | + npm ci + npm test + npm run package - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 + uses: aws-actions/configure-aws-credentials@v3 with: aws-region: us-west-2 role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }} @@ -29,21 +39,12 @@ jobs: parse-json-secrets: true secret-ids: | OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.ref_name }} - token: ${{ env.OSDS_ACCESS_TOKEN }} - - name: Package - run: | - npm ci - npm test - npm run package - name: Commit run: | - echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}}" - git config --global user.name "GitHub Actions" - git add dist/ + echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}" + git config user.name "GitHub Actions" + git config user.email "github-aws-sdk-osds-automation@amazon.com" + git remote set-url origin https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git + git add dist git commit -m "chore: Update dist" || echo "No changes to commit" - git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git + git push origin diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 0f7f908..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: Update release tags - -on: - workflow_dispatch: - inputs: - v1: - description: 'Update v1 release tag to the tip of the selected branch' - required: false - type: boolean - v1-versioned: - description: 'Push a new release semantic versioned tag to the selected branch' - required: false - type: boolean - -jobs: - v1: - name: Update v1 release tag - if: ${{ v1 }} - timeout-minutes: 15 - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-region: us-west-2 - role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }} - role-session-name: SecretsManagerFetch - role-duration-seconds: 900 - - name: Get bot user token - uses: aws-actions/aws-secretsmanager-get-secrets@v1 - with: - parse-json-secrets: true - secret-ids: | - OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp - - name: Checkout repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.ref_name }} - token: ${{ env.OSDS_ACCESS_TOKEN }} - - name: Push tag - run: | - echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}" - git config --global user.name "GitHub Actions" - git tag -f -a v1 -m "Update v1 to ${{ github.sha }}" - git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git -f --tags - v1-versioned: - description: 'Push a new semantic version tag' - if: ${{ v1-versioned }} - timeout-minutes: 15 - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-region: us-west-2 - role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }} - role-session-name: SecretsManagerFetch - role-duration-seconds: 900 - - name: Get bot user token - uses: aws-actions/aws-secretsmanager-get-secrets@v1 - with: - parse-json-secrets: true - secret-ids: | - OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp - - name: Checkout repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.ref_name }} - token: ${{ env.OSDS_ACCESS_TOKEN }} - - name: Get new semantic version - id: semver - uses: paulhatch/semantic-version@v4.0.2 - with: - tag_prefix: 'v' - major_pattern: '!' - - name: Push semantic tag - run: | - echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}" - git config --global user.name "GitHub Actions" - git tag -f -a ${{ steps.semver.version_tag }} -m "New ${{ steps.semver.version_tag }} release" - git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git -f --tags diff --git a/.github/workflows/development.yml b/.github/workflows/tests-integ.yml similarity index 68% rename from .github/workflows/development.yml rename to .github/workflows/tests-integ.yml index 0cba2db..0ed6c2e 100644 --- a/.github/workflows/development.yml +++ b/.github/workflows/tests-integ.yml @@ -66,38 +66,3 @@ jobs: aws-region: us-west-2 aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - lint: - name: Ensure code standards - runs-on: ubuntu-latest - timeout-minutes: 5 - steps: - - name: "Checkout repostiory" - uses: actions/checkout@v3 - - name: "Setup node" - uses: actions/setup-node@v3 - with: - node-version: 16 - - name: "Install dependencies" - uses: bahmutov/npm-install@v1 - - name: "Lint code" - run: npm run lint --if-present - unit-test: - strategy: - fail-fast: false - matrix: - os: [windows-latest, ubuntu-latest, macos-latest] - node: [14, 16, 18] - name: Run unit tests - runs-on: ${{ matrix.os }} - timeout-minutes: 5 - steps: - - name: "Checkout repository" - uses: actions/checkout@v3 - - name: "Setup node" - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node }} - - name: "Install dependencies" - uses: bahmutov/npm-install@v1 - - name: "Run tests" - run: npm run test --if-present diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/tests-unit.yml similarity index 59% rename from .github/workflows/unit-tests.yml rename to .github/workflows/tests-unit.yml index 2f2ea76..2344be5 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/tests-unit.yml @@ -24,3 +24,18 @@ jobs: uses: bahmutov/npm-install@v1 - name: "Run tests" run: npm run test --if-present + lint: + name: Ensure code standards + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: "Checkout repostiory" + uses: actions/checkout@v3 + - name: "Setup node" + uses: actions/setup-node@v3 + with: + node-version: 16 + - name: "Install dependencies" + uses: bahmutov/npm-install@v1 + - name: "Lint code" + run: npm run lint --if-present diff --git a/.github/workflows/v1-node16.yml b/.github/workflows/v1-node16.yml deleted file mode 100644 index 6fb0fc0..0000000 --- a/.github/workflows/v1-node16.yml +++ /dev/null @@ -1,39 +0,0 @@ -on: - push: - branches: - - main - paths-ignore: - - 'dist/**' - -name: Update v1-node16 branch with changes from main - -jobs: - v1-node16-update: - name: Update v1-node16 - runs-on: ubuntu-latest - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-region: us-west-2 - role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }} - role-duration-seconds: 900 - role-session-name: SecretsManagerFetch - - name: Get bot user token - uses: aws-actions/aws-secretsmanager-get-secrets@v1 - with: - parse-json-secrets: true - secret-ids: | - OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.ref_name }} - token: ${{ env.OSDS_ACCESS_TOKEN }} - - name: Merge commit and push - run: | - echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}}" - git config --global user.name "GitHub Actions" - git merge --no-ff -m "Merge branch main into v1-node16" - git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git