From 89514bda7604281774d94b6b293cd51a8d8cf0f8 Mon Sep 17 00:00:00 2001 From: balakrishna-binary Date: Wed, 17 Jan 2024 11:23:45 +0800 Subject: [PATCH 1/2] chore: add sha to the github action versions --- .github/actions/npm_install/action.yml | 32 ++--- .github/workflows/generate_preview_link.yml | 8 +- .../workflows/pre_generate_preview_link.yml | 2 +- .github/workflows/release_production.yml | 112 +++++++++--------- .github/workflows/release_staging.yml | 104 ++++++++-------- .github/workflows/test.yml | 28 ++--- 6 files changed, 143 insertions(+), 143 deletions(-) diff --git a/.github/actions/npm_install/action.yml b/.github/actions/npm_install/action.yml index 35e6155f1b4..bce743f7cb4 100644 --- a/.github/actions/npm_install/action.yml +++ b/.github/actions/npm_install/action.yml @@ -3,19 +3,19 @@ description: Install npm packages runs: using: composite steps: - - name: restore_cache - uses: actions/cache@v3.3.2 - with: - key: node-{{ checksum "package-lock.json" }} - path: UPDATE_ME - restore-keys: |- - node-{{ checksum "package-lock.json" }} - node- - - name: Install npm packages - run: npm ci - shell: bash - - name: save_cache - uses: actions/cache@v3.3.2 - with: - path: node_modules - key: node-{{ checksum "package-lock.json" }} + - name: restore_cache + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 + with: + key: node-{{ checksum "package-lock.json" }} + path: UPDATE_ME + restore-keys: |- + node-{{ checksum "package-lock.json" }} + node- + - name: Install npm packages + run: npm ci + shell: bash + - name: save_cache + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 + with: + path: node_modules + key: node-{{ checksum "package-lock.json" }} diff --git a/.github/workflows/generate_preview_link.yml b/.github/workflows/generate_preview_link.yml index ba988edd61f..385efd4cf52 100644 --- a/.github/workflows/generate_preview_link.yml +++ b/.github/workflows/generate_preview_link.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Download artifact id: download-artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e with: workflow_conclusion: success run_id: ${{ github.event.workflow_run.id }} @@ -54,12 +54,12 @@ jobs: token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: ref: ${{ github.event.workflow_run.head_sha }} - name: Setup Node - uses: actions/setup-node@v1 + uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e with: node-version: 12.22 @@ -80,7 +80,7 @@ jobs: run: npm run test - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 with: node-version: 20 diff --git a/.github/workflows/pre_generate_preview_link.yml b/.github/workflows/pre_generate_preview_link.yml index 207fc62534e..8130a45559a 100644 --- a/.github/workflows/pre_generate_preview_link.yml +++ b/.github/workflows/pre_generate_preview_link.yml @@ -28,7 +28,7 @@ jobs: echo "$USERNAME" > ./pr/USERNAME - name: Upload PR information to artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 with: name: "pr-${{github.run_id}}" path: pr/ diff --git a/.github/workflows/release_production.yml b/.github/workflows/release_production.yml index e348623908f..dc1fb52ae75 100644 --- a/.github/workflows/release_production.yml +++ b/.github/workflows/release_production.yml @@ -2,67 +2,67 @@ name: DSmartTrader Production Release on: push: tags: - - production_* + - production_* jobs: build_and_test: name: Build and Test runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v1 - with: - node-version: 12 - - name: Install dependencies - uses: "./.github/actions/npm_install" - - name: Build - uses: "./.github/actions/build" - with: - target: production - - name: Versioning - uses: "./.github/actions/versioning" - with: - target_branch: production - - name: "Run Tests" - run: npm run test - - name: Upload Artifacts - uses: actions/upload-artifact@v3 - with: - name: dist - path: dist + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Setup Node + uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e + with: + node-version: 12 + - name: Install dependencies + uses: "./.github/actions/npm_install" + - name: Build + uses: "./.github/actions/build" + with: + target: production + - name: Versioning + uses: "./.github/actions/versioning" + with: + target_branch: production + - name: "Run Tests" + run: npm run test + - name: Upload Artifacts + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 + with: + name: dist + path: dist publish_cloudflare_production: name: Publish to Cloudflare Production runs-on: ubuntu-latest needs: [build_and_test] steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version: 20 - - name: Download Artifacts - uses: actions/download-artifact@v3.0.2 - with: - name: dist - path: dist - - name: Publish to Cloudflare - uses: "./.github/actions/publish_to_pages_production" - with: - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - - name: Build Docker image and push to Docker hub and K8S - uses: "./.github/actions/build_and_push_docker_image" - with: - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} - DOCKERHUB_ORGANISATION: ${{ secrets.DOCKERHUB_ORGANISATION }} - K8S_NAMESPACE: smarttrader-deriv-app-production - KUBE_SERVER: ${{ secrets.KUBE_SERVER }} - SERVICEACCOUNT_TOKEN: ${{ secrets.SERVICEACCOUNT_TOKEN }} - CA_CRT: ${{ secrets.CA_CRT }} - APP_VERSION: latest + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Setup Node + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 + with: + node-version: 20 + - name: Download Artifacts + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a + with: + name: dist + path: dist + - name: Publish to Cloudflare + uses: "./.github/actions/publish_to_pages_production" + with: + CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} + - name: Build Docker image and push to Docker hub and K8S + uses: "./.github/actions/build_and_push_docker_image" + with: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} + DOCKERHUB_ORGANISATION: ${{ secrets.DOCKERHUB_ORGANISATION }} + K8S_NAMESPACE: smarttrader-deriv-app-production + KUBE_SERVER: ${{ secrets.KUBE_SERVER }} + SERVICEACCOUNT_TOKEN: ${{ secrets.SERVICEACCOUNT_TOKEN }} + CA_CRT: ${{ secrets.CA_CRT }} + APP_VERSION: latest notify_on_slack: name: Notify on Slack @@ -72,16 +72,16 @@ jobs: needs: [publish_cloudflare_production, build_and_test] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 with: node-version: 20 - name: Conclusion - uses: technote-space/workflow-conclusion-action@v3 + uses: technote-space/workflow-conclusion-action@45ce8e0eb155657ab8ccf346ade734257fd196a5 - name: Download Artifacts - uses: actions/download-artifact@v3.0.2 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: dist path: dist @@ -93,5 +93,5 @@ jobs: with: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} status: ${{ env.WORKFLOW_CONCLUSION }} - release_type: Production + release_type: Production version: ${{ steps.extract_version.outputs.RELEASE_VERSION }} diff --git a/.github/workflows/release_staging.yml b/.github/workflows/release_staging.yml index 17c53b728ce..bd92f0d85ed 100644 --- a/.github/workflows/release_staging.yml +++ b/.github/workflows/release_staging.yml @@ -8,60 +8,60 @@ jobs: name: Build and Test runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v1 - with: - node-version: 12 - - name: Install dependencies - uses: "./.github/actions/npm_install" - - name: Build Staging - uses: "./.github/actions/build" - with: - target: staging - - name: Build Translations - uses: "./.github/actions/build" - with: - target: translations - - name: Versioning - uses: "./.github/actions/versioning" - with: - target_branch: staging - - name: "Run Tests" - run: npm run test - - uses: actions/upload-artifact@v3 - with: - name: dist - path: dist + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Setup Node + uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e + with: + node-version: 12 + - name: Install dependencies + uses: "./.github/actions/npm_install" + - name: Build Staging + uses: "./.github/actions/build" + with: + target: staging + - name: Build Translations + uses: "./.github/actions/build" + with: + target: translations + - name: Versioning + uses: "./.github/actions/versioning" + with: + target_branch: staging + - name: "Run Tests" + run: npm run test + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 + with: + name: dist + path: dist publish_cloudflare_staging: name: Publish to Cloudflare Pages Staging runs-on: ubuntu-latest needs: [build_and_test] steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version: 20 - - uses: actions/download-artifact@v3.0.2 - with: - name: dist - path: dist - - name: Publish to Cloudflare - uses: "./.github/actions/publish_to_pages_staging" - with: - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - - name: Build Docker image and push to Docker hub and K8S - uses: "./.github/actions/build_and_push_docker_image" - with: - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} - DOCKERHUB_ORGANISATION: ${{ secrets.DOCKERHUB_ORGANISATION }} - K8S_NAMESPACE: smarttrader-deriv-app-staging - KUBE_SERVER: ${{ secrets.KUBE_SERVER }} - SERVICEACCOUNT_TOKEN: ${{ secrets.SERVICEACCOUNT_TOKEN }} - CA_CRT: ${{ secrets.CA_CRT }} - APP_VERSION: latest-staging + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Setup Node + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 + with: + node-version: 20 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a + with: + name: dist + path: dist + - name: Publish to Cloudflare + uses: "./.github/actions/publish_to_pages_staging" + with: + CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} + - name: Build Docker image and push to Docker hub and K8S + uses: "./.github/actions/build_and_push_docker_image" + with: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} + DOCKERHUB_ORGANISATION: ${{ secrets.DOCKERHUB_ORGANISATION }} + K8S_NAMESPACE: smarttrader-deriv-app-staging + KUBE_SERVER: ${{ secrets.KUBE_SERVER }} + SERVICEACCOUNT_TOKEN: ${{ secrets.SERVICEACCOUNT_TOKEN }} + CA_CRT: ${{ secrets.CA_CRT }} + APP_VERSION: latest-staging diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b9db24945f2..fff6fbac09d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,17 +8,17 @@ jobs: name: Build and Test runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v1 - with: - node-version: 12.22 - - name: Install dependencies - uses: "./.github/actions/npm_install" - - name: Build - uses: "./.github/actions/build" - with: - target: production - - name: "Run Tests" - run: npm run test + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Setup Node + uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e + with: + node-version: 12.22 + - name: Install dependencies + uses: "./.github/actions/npm_install" + - name: Build + uses: "./.github/actions/build" + with: + target: production + - name: "Run Tests" + run: npm run test From 8f7c5a426c44e354f0b504c63a2da8416b20b5e3 Mon Sep 17 00:00:00 2001 From: balakrishna-binary Date: Wed, 17 Jan 2024 11:46:49 +0800 Subject: [PATCH 2/2] chore: remove unwanted permissions --- .github/workflows/generate_preview_link.yml | 11 +++-------- .github/workflows/pre_generate_preview_link.yml | 3 --- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/.github/workflows/generate_preview_link.yml b/.github/workflows/generate_preview_link.yml index 385efd4cf52..0e89eda1464 100644 --- a/.github/workflows/generate_preview_link.yml +++ b/.github/workflows/generate_preview_link.yml @@ -1,13 +1,5 @@ name: Generate preview link -permissions: - actions: write - checks: write - contents: write - deployments: write - pull-requests: write - statuses: write - on: workflow_run: workflows: ["Pre-generate preview link"] @@ -24,6 +16,9 @@ concurrency: jobs: build_and_deploy_preview_link: runs-on: Ubuntu-latest + permissions: + checks: write + pull-requests: write steps: - name: Download artifact id: download-artifact diff --git a/.github/workflows/pre_generate_preview_link.yml b/.github/workflows/pre_generate_preview_link.yml index 8130a45559a..c5a006978cf 100644 --- a/.github/workflows/pre_generate_preview_link.yml +++ b/.github/workflows/pre_generate_preview_link.yml @@ -1,8 +1,5 @@ name: Pre-generate preview link -permissions: - pull-requests: write - on: pull_request: types: [opened, synchronize]