1
0
mirror of https://github.com/coder/code-server.git synced 2024-12-04 23:03:06 +08:00
code-server/.github/workflows/ci.yaml
Teffen 1b60ef418c
Use upstream server (#4414)
* Flesh out fixes to align with upstream.

* Update route handlers to better reflect fallback behavior.

* Add platform to vscode-reh-web task

Our strategy has been to build once and then recompile native modules
for individual platforms.  It looks like VS Code builds from scratch for
each platform.

But we can target any platform, grab the pre-packaged folder, then
continue with own packaging.

In the future we may want to rework to match upstream.

* Fix issue where workspace args are not parsed.

* Fix issues surrounding opening files within code-server's terminal.

* Readd parent wrapper for hot reload.

* Allow more errors.

* Fix issues surrounding Coder link.

* Add dir creation and fix cli

It seems VS Code explodes when certain directories do not exist so
import the reh agent instead of the server component since it creates
the directories (require patching thus the VS Code update).

Also the CLI (for installing extensions) did not seem to be working so
point that to the same place since it also exports a function for
running that part of the CLI.

* Remove hardcoded VSCODE_DEV=1

This causes VS Code to use the development HTML file.  Move this to the
watch command instead.

I deleted the other stuff before it as well since in the latest main.js
they do not have this code so I figure we should be safe to omit it.

* Fix mismatching commit between client and server

* Mostly restore command-line parity

Restore most everything and remove the added server arguments.  This
will let us add and remove options after later so we can contain the
number of breaking changes.

To accomplish this a hard separation is added between the CLI arguments
and the server arguments.

The separation between user-provided arguments and arguments with
defaults is also made more clear.

The extra directory flags have been left out as they were buggy and
should be implemented upstream although I think there are better
solutions anyway.  locale and install-source are unsupported with the
web remote and are left removed.  It is unclear whether they were used
before anyway.

Some restored flags still need to have their behavior re-implemented.

* Fix static endpoint not emitting 404s

This fixes the last failing unit test.

Fix a missing dependency, add some generic reverse proxy support for the
protocol, and add back a missing nfpm fix.

* Import missing logError

* Fix 403 errors

* Add code-server version to about dialog

* Use user settings to disable welcome page

The workspace setting seems to be recognized but if so it is having no
effect.

* Update VS Code cache step with new build directories

Co-authored-by: Asher <ash@coder.com>
2021-11-09 23:28:31 -06:00

444 lines
14 KiB
YAML

name: Build
on:
push:
branches:
- main
pull_request:
branches:
- main
# Note: if: success() is used in several jobs -
# this ensures that it only executes if all previous jobs succeeded.
# if: steps.cache-yarn.outputs.cache-hit != 'true'
# will skip running `yarn install` if it successfully fetched from cache
jobs:
prebuild:
name: Pre-build checks
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Install Node.js v14
uses: actions/setup-node@v2
with:
node-version: "14"
- name: Install helm
uses: azure/setup-helm@v1.1
# NOTE@jsjoeio
# disabling this until we can audit the build process
# and the usefulness of this step
# See: https://github.com/cdr/code-server/issues/4287
# - name: Fetch dependencies from cache
# id: cache-yarn
# uses: actions/cache@v2
# with:
# path: "**/node_modules"
# key: yarn-build-${{ hashFiles('**/yarn.lock') }}
# restore-keys: |
# yarn-build-
- name: Install dependencies
# if: steps.cache-yarn.outputs.cache-hit != 'true'
run: yarn --frozen-lockfile
- name: Run yarn fmt
run: yarn fmt
if: success()
- name: Run yarn lint
run: yarn lint
if: success()
audit-ci:
name: Run audit-ci
needs: prebuild
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Install Node.js v14
uses: actions/setup-node@v2
with:
node-version: "14"
- name: Fetch dependencies from cache
id: cache-yarn
uses: actions/cache@v2
with:
path: "**/node_modules"
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-build-
- name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true'
run: yarn --frozen-lockfile
- name: Audit for vulnerabilities
run: yarn _audit
if: success()
build:
name: Build
needs: prebuild
runs-on: ubuntu-latest
timeout-minutes: 30
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install Node.js v14
uses: actions/setup-node@v2
with:
node-version: "14"
# TODO@Teffen investigate why this omits code-oss-dev/node_modules
# - name: Fetch dependencies from cache
# id: cache-yarn
# uses: actions/cache@v2
# with:
# path: |
# "**/node_modules"
# "**/vendor/modules"
# "**/vendor/modules/code-oss-dev/node_modules"
# key: yarn-build-${{ hashFiles('**/yarn.lock') }}-${{ hashFiles('**/vendor/yarn.lock') }}
# restore-keys: |
# yarn-build-
- name: Install dependencies
# if: steps.cache-yarn.outputs.cache-hit != 'true'
run: yarn --frozen-lockfile
- name: Build code-server
run: yarn build
# Parse the hash of the latest commit inside vendor/modules/code-oss-dev
# use this to avoid rebuilding it if nothing changed
# How it works: the `git log` command fetches the hash of the last commit
# that changed a file inside `vendor/modules/code-oss-dev`. If a commit changes any file in there,
# the hash returned will change, and we rebuild vscode. If the hash did not change,
# (for example, a change to `src/` or `docs/`), we reuse the same build as last time.
# This saves a lot of time in CI, as compiling VSCode can take anywhere from 5-10 minutes.
- name: Get latest vendor/modules/code-oss-dev rev
id: vscode-rev
run: echo "::set-output name=rev::$(jq -r '.devDependencies["code-oss-dev"]' vendor/package.json | sed -r 's|.*#(.*)$|\1|')"
- name: Attempt to fetch vscode build from cache
id: cache-vscode
uses: actions/cache@v2
with:
path: |
vendor/modules/code-oss-dev/.build
vendor/modules/code-oss-dev/out-build
vendor/modules/code-oss-dev/out-vscode-reh-web
vendor/modules/code-oss-dev/out-vscode-reh-web-min
key: vscode-reh-build-${{ steps.vscode-rev.outputs.rev }}
- name: Build vscode
if: steps.cache-vscode.outputs.cache-hit != 'true'
run: yarn build:vscode
# Our code imports code from VS Code's `out` directory meaning VS Code
# must be built before running these tests.
# TODO: Move to its own step?
- name: Run code-server unit tests
run: yarn test:unit
if: success()
- name: Upload coverage report to Codecov
run: yarn coverage
if: success()
# The release package does not contain any native modules
# and is neutral to architecture/os/libc version.
- name: Create release package
run: yarn release
if: success()
# https://github.com/actions/upload-artifact/issues/38
- name: Compress release package
run: tar -czf package.tar.gz release
- name: Upload npm package artifact
uses: actions/upload-artifact@v2
with:
name: npm-package
path: ./package.tar.gz
# TODO: cache building yarn --production
# possibly 2m30s of savings(?)
# this requires refactoring our release scripts
package-linux-amd64:
name: x86-64 Linux build
needs: build
runs-on: ubuntu-latest
timeout-minutes: 15
container: "centos:7"
steps:
- uses: actions/checkout@v2
- name: Install Node.js v14
uses: actions/setup-node@v2
with:
node-version: "14"
- name: Install development tools
run: |
yum install -y epel-release centos-release-scl
yum install -y devtoolset-9-{make,gcc,gcc-c++} jq rsync
- name: Install nfpm and envsubst
run: |
curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
curl -L https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
chmod +x envsubst
mv envsubst ~/.local/bin
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Install yarn
run: npm install -g yarn
- name: Download npm package
uses: actions/download-artifact@v2
with:
name: npm-package
- name: Decompress npm package
run: tar -xzf package.tar.gz
# NOTE: && here is deliberate - GitHub puts each line in its own `.sh`
# file when running inside a docker container.
- name: Build standalone release
run: source scl_source enable devtoolset-9 && yarn release:standalone
- name: Sanity test standalone release
run: yarn test:standalone-release
- name: Build packages with nfpm
run: yarn package
- name: Upload release artifacts
uses: actions/upload-artifact@v2
with:
name: release-packages
path: ./release-packages
# NOTE@oxy:
# We use Ubuntu 16.04 here, so that our build is more compatible
# with older libc versions. We used to (Q1'20) use CentOS 7 here,
# but it has a full update EOL of Q4'20 and a 'critical security'
# update EOL of 2024. We're dropping full support a few years before
# the final EOL, but I don't believe CentOS 7 has a large arm64 userbase.
# It is not feasible to cross-compile with CentOS.
# Cross-compile notes: To compile native dependencies for arm64,
# we install the aarch64/armv7l cross toolchain and then set it as the default
# compiler/linker/etc. with the AR/CC/CXX/LINK environment variables.
# qemu-user-static on ubuntu-16.04 currently doesn't run Node correctly,
# so we just build with "native"/x86_64 node, then download arm64/armv7l node
# and then put it in our release. We can't smoke test the cross build this way,
# but this means we don't need to maintain a self-hosted runner!
# NOTE@jsjoeio:
# We used to use 16.04 until GitHub deprecated it on September 20, 2021
# See here: https://github.com/actions/virtual-environments/pull/3862/files
package-linux-cross:
name: Linux cross-compile builds
needs: build
runs-on: ubuntu-18.04
timeout-minutes: 15
strategy:
matrix:
include:
- prefix: aarch64-linux-gnu
arch: arm64
- prefix: arm-linux-gnueabihf
arch: armv7l
env:
AR: ${{ format('{0}-ar', matrix.prefix) }}
CC: ${{ format('{0}-gcc', matrix.prefix) }}
CXX: ${{ format('{0}-g++', matrix.prefix) }}
LINK: ${{ format('{0}-g++', matrix.prefix) }}
NPM_CONFIG_ARCH: ${{ matrix.arch }}
NODE_VERSION: v14.17.4
steps:
- uses: actions/checkout@v2
- name: Install Node.js v14
uses: actions/setup-node@v2
with:
node-version: "14"
- name: Install nfpm
run: |
curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Install cross-compiler
run: sudo apt update && sudo apt install $PACKAGE
env:
PACKAGE: ${{ format('g++-{0}', matrix.prefix) }}
- name: Download npm package
uses: actions/download-artifact@v2
with:
name: npm-package
- name: Decompress npm package
run: tar -xzf package.tar.gz
- name: Build standalone release
run: yarn release:standalone
- name: Replace node with cross-compile equivalent
run: |
wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz
tar -xf node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}/bin/node --strip-components=2
mv ./node ./release-standalone/lib/node
- name: Build packages with nfpm
run: yarn package ${NPM_CONFIG_ARCH}
- name: Upload release artifacts
uses: actions/upload-artifact@v2
with:
name: release-packages
path: ./release-packages
package-macos-amd64:
name: x86-64 macOS build
needs: build
runs-on: macos-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v2
- name: Install Node.js v14
uses: actions/setup-node@v2
with:
node-version: "14"
- name: Install nfpm
run: |
curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Download npm package
uses: actions/download-artifact@v2
with:
name: npm-package
- name: Decompress npm package
run: tar -xzf package.tar.gz
- name: Build standalone release
run: yarn release:standalone
- name: Sanity test standalone release
run: yarn test:standalone-release
- name: Build packages with nfpm
run: yarn package
- name: Upload release artifacts
uses: actions/upload-artifact@v2
with:
name: release-packages
path: ./release-packages
test-e2e:
name: End-to-end tests
needs: package-linux-amd64
runs-on: ubuntu-latest
timeout-minutes: 15
env:
# Since we build code-server we might as well run tests from the release
# since VS Code will load faster due to the bundling.
CODE_SERVER_TEST_ENTRY: "./release-packages/code-server-linux-amd64"
steps:
- uses: actions/checkout@v2
- name: Install Node.js v14
uses: actions/setup-node@v2
with:
node-version: "14"
- name: Fetch dependencies from cache
id: cache-yarn
uses: actions/cache@v2
with:
path: "**/node_modules"
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-build-
- name: Download release packages
uses: actions/download-artifact@v2
with:
name: release-packages
path: ./release-packages
- name: Untar code-server release
run: |
cd release-packages
tar -xzf code-server*-linux-amd64.tar.gz
mv code-server*-linux-amd64 code-server-linux-amd64
- name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true'
run: yarn --frozen-lockfile
- name: Install Playwright OS dependencies
run: |
./test/node_modules/.bin/playwright install-deps
./test/node_modules/.bin/playwright install
- name: Run end-to-end tests
run: yarn test:e2e
- name: Upload test artifacts
if: always()
uses: actions/upload-artifact@v2
with:
name: failed-test-videos
path: ./test/test-results
- name: Remove release packages and test artifacts
run: rm -rf ./release-packages ./test/test-results
trivy-scan-repo:
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run Trivy vulnerability scanner in repo mode
#Commit SHA for v0.0.17
uses: aquasecurity/trivy-action@1ccef265f594a7555a720f623a461a3d69b45bf7
with:
scan-type: "fs"
scan-ref: "."
ignore-unfixed: true
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-repo-results.sarif"
severity: "HIGH,CRITICAL"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: "trivy-repo-results.sarif"