refactor(ci): fix fetch-depth and add some caching (#5563)

* refactor: rename ci -> build.yaml

* feat: add build.yaml

* feat: add node caching to platform jobs

* trigger ci
This commit is contained in:
Joe Previte 2022-09-19 09:56:34 -07:00 committed by GitHub
parent 987c68a32a
commit 4223cf6e2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 44 additions and 32 deletions

View File

@ -18,7 +18,7 @@ concurrency:
# Note: if: success() is used in several jobs -
# this ensures that it only executes if all previous jobs succeeded.
# if: steps.cache-yarn.outputs.cache-hit != 'true'
# if: steps.cache-node-modules.outputs.cache-hit != 'true'
# will skip running `yarn install` if it successfully fetched from cache
jobs:
@ -29,9 +29,6 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: true
- name: Install Node.js v16
uses: actions/setup-node@v3
@ -40,9 +37,14 @@ jobs:
- name: Install helm
uses: azure/setup-helm@v3.3
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install helm kubeval plugin
run: helm plugin install https://github.com/instrumenta/helm-kubeval
- name: Fetch dependencies from cache
id: cache-yarn
id: cache-node-modules
uses: actions/cache@v3
with:
path: "**/node_modules"
@ -51,8 +53,8 @@ jobs:
yarn-build-
- name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true'
run: yarn --frozen-lockfile
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
- name: Run yarn fmt
run: yarn fmt
@ -73,11 +75,13 @@ jobs:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: true
- name: Install quilt
run: sudo apt update && sudo apt install quilt
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: quilt
version: 1.0
- name: Patch Code
run: quilt push -a
@ -88,7 +92,7 @@ jobs:
node-version: "16"
- name: Fetch dependencies from cache
id: cache-yarn
id: cache-node-modules
uses: actions/cache@v3
with:
path: "**/node_modules"
@ -97,7 +101,7 @@ jobs:
yarn-build-
- name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true'
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: yarn --frozen-lockfile
- name: Build code-server
@ -171,8 +175,6 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download artifact
uses: actions/download-artifact@v3
@ -224,8 +226,6 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js v16
uses: actions/setup-node@v3
@ -262,8 +262,18 @@ jobs:
- name: Build standalone release
run: source scl_source enable devtoolset-9 && yarn release:standalone
- name: Fetch dependencies from cache
id: cache-node-modules
uses: actions/cache@v3
with:
path: "**/node_modules"
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-build-
- name: Install test dependencies
run: SKIP_SUBMODULE_DEPS=1 yarn install
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
- name: Run integration tests on standalone release
run: yarn test:integration
@ -320,8 +330,6 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js v16
uses: actions/setup-node@v3
@ -373,8 +381,6 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js v16
uses: actions/setup-node@v3
@ -398,7 +404,17 @@ jobs:
- name: Build standalone release
run: yarn release:standalone
- name: Fetch dependencies from cache
id: cache-node-modules
uses: actions/cache@v3
with:
path: "**/node_modules"
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-build-
- name: Install test dependencies
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: SKIP_SUBMODULE_DEPS=1 yarn install
- name: Run integration tests on standalone release
@ -425,8 +441,6 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js v16
uses: actions/setup-node@v3
@ -434,7 +448,7 @@ jobs:
node-version: "16"
- name: Fetch dependencies from cache
id: cache-yarn
id: cache-node-modules
uses: actions/cache@v3
with:
path: "**/node_modules"
@ -455,7 +469,7 @@ jobs:
mv code-server*-linux-amd64 code-server-linux-amd64
- name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true'
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
- name: Install Playwright OS dependencies
@ -488,8 +502,6 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Node.js v16
uses: actions/setup-node@v3
@ -497,7 +509,7 @@ jobs:
node-version: "16"
- name: Fetch dependencies from cache
id: cache-yarn
id: cache-node-modules
uses: actions/cache@v3
with:
path: "**/node_modules"
@ -518,7 +530,7 @@ jobs:
mv code-server*-linux-amd64 code-server-linux-amd64
- name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true'
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
- name: Install Playwright OS dependencies

View File

@ -33,7 +33,7 @@ jobs:
id: download
with:
branch: release/v${{ steps.version.outputs.version }}
workflow: ci.yaml
workflow: build.yaml
workflow_conclusion: completed
name: "npm-package"
path: release-npm-package

View File

@ -26,7 +26,7 @@ jobs:
id: download
with:
branch: ${{ github.ref }}
workflow: ci.yaml
workflow: build.yaml
workflow_conclusion: completed
check_artifacts: true
name: release-packages

View File

@ -16,10 +16,10 @@ We use the following tools to help us stay on top of vulnerability mitigation.
- [trivy](https://github.com/aquasecurity/trivy)
- Comprehensive vulnerability scanner that runs on PRs into the default
branch and scans both our container image and repository code (see
`trivy-scan-repo` and `trivy-scan-image` jobs in `ci.yaml`)
`trivy-scan-repo` and `trivy-scan-image` jobs in `build.yaml`)
- [`audit-ci`](https://github.com/IBM/audit-ci)
- Audits npm and Yarn dependencies in CI (see `Audit for vulnerabilities` step
in `ci.yaml`) on PRs into the default branch and fails CI if moderate or
in `build.yaml`) on PRs into the default branch and fails CI if moderate or
higher vulnerabilities (see the `audit.sh` script) are present.
## Supported Versions