Skip to content

Commit

Permalink
Merge branch 'main' into migrateUnorderedListToTypeScript
Browse files Browse the repository at this point in the history
  • Loading branch information
JKobrynski committed Nov 20, 2023
2 parents 6079041 + ff4c947 commit 5be74c4
Show file tree
Hide file tree
Showing 117 changed files with 1,614 additions and 772 deletions.
4 changes: 2 additions & 2 deletions .github/actions/composite/setupGitForOSBotifyApp/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,9 @@ runs:
shell: bash
run: |
if [[ -f .github/workflows/OSBotify-private-key.asc.gpg ]]; then
echo "::set-output name=key_exists::true"
echo "key_exists=true" >> "$GITHUB_OUTPUT"
fi
- name: Checkout
uses: actions/checkout@v4
if: steps.key_check.outputs.key_exists != 'true'
Expand Down
2 changes: 1 addition & 1 deletion .github/actions/javascript/awaitStagingDeploys/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ inputs:
description: If provided, this action will only wait for a deploy matching this tag.
required: false
runs:
using: 'node16'
using: 'node20'
main: './index.js'
2 changes: 1 addition & 1 deletion .github/actions/javascript/bumpVersion/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ outputs:
NEW_VERSION:
description: The new semver version of the application, updated in the JS and native layers.
runs:
using: 'node16'
using: 'node20'
main: './index.js'
2 changes: 1 addition & 1 deletion .github/actions/javascript/checkDeployBlockers/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ outputs:
HAS_DEPLOY_BLOCKERS:
description: A true/false indicating whether or not a deploy blocker was found.
runs:
using: 'node16'
using: 'node20'
main: 'index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ inputs:
description: The new NPM version of the StagingDeployCash issue.
required: false
runs:
using: 'node16'
using: 'node20'
main: './index.js'
22 changes: 12 additions & 10 deletions .github/actions/javascript/createOrUpdateStagingDeploy/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -198,13 +198,16 @@ function fetchTag(tag) {
let needsRepack = false;
while (shouldRetry) {
try {
let command = '';
if (needsRepack) {
// We have seen some scenarios where this fixes the git fetch.
// Why? Who knows... https://github.com/Expensify/App/pull/31459
execSync('git repack -d');
command = 'git repack -d';
console.log(`Running command: ${command}`);
execSync(command);
}

let command = `git fetch origin tag ${tag} --no-tags`;
command = `git fetch origin tag ${tag} --no-tags`;

// Exclude commits reachable from the previous patch version (i.e: previous checklist),
// so that we don't have to fetch the full history
Expand Down Expand Up @@ -315,16 +318,15 @@ function getValidMergedPRs(commits) {
* @param {String} toTag
* @returns {Promise<Array<Number>>} – Pull request numbers
*/
function getPullRequestsMergedBetween(fromTag, toTag) {
async function getPullRequestsMergedBetween(fromTag, toTag) {
console.log(`Looking for commits made between ${fromTag} and ${toTag}...`);
return getCommitHistoryAsJSON(fromTag, toTag).then((commitList) => {
console.log(`Commits made between ${fromTag} and ${toTag}:`, commitList);
const commitList = await getCommitHistoryAsJSON(fromTag, toTag);
console.log(`Commits made between ${fromTag} and ${toTag}:`, commitList);

// Find which commit messages correspond to merged PR's
const pullRequestNumbers = getValidMergedPRs(commitList);
console.log(`List of pull requests merged between ${fromTag} and ${toTag}`, pullRequestNumbers);
return _.map(pullRequestNumbers, (prNum) => Number.parseInt(prNum, 10));
});
// Find which commit messages correspond to merged PR's
const pullRequestNumbers = getValidMergedPRs(commitList).sort((a, b) => a - b);
console.log(`List of pull requests merged between ${fromTag} and ${toTag}`, pullRequestNumbers);
return pullRequestNumbers;
}

module.exports = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,5 @@ outputs:
PR_LIST:
description: Array of pull request numbers
runs:
using: 'node16'
using: 'node20'
main: './index.js'
22 changes: 12 additions & 10 deletions .github/actions/javascript/getDeployPullRequestList/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -140,13 +140,16 @@ function fetchTag(tag) {
let needsRepack = false;
while (shouldRetry) {
try {
let command = '';
if (needsRepack) {
// We have seen some scenarios where this fixes the git fetch.
// Why? Who knows... https://github.com/Expensify/App/pull/31459
execSync('git repack -d');
command = 'git repack -d';
console.log(`Running command: ${command}`);
execSync(command);
}

let command = `git fetch origin tag ${tag} --no-tags`;
command = `git fetch origin tag ${tag} --no-tags`;

// Exclude commits reachable from the previous patch version (i.e: previous checklist),
// so that we don't have to fetch the full history
Expand Down Expand Up @@ -257,16 +260,15 @@ function getValidMergedPRs(commits) {
* @param {String} toTag
* @returns {Promise<Array<Number>>} – Pull request numbers
*/
function getPullRequestsMergedBetween(fromTag, toTag) {
async function getPullRequestsMergedBetween(fromTag, toTag) {
console.log(`Looking for commits made between ${fromTag} and ${toTag}...`);
return getCommitHistoryAsJSON(fromTag, toTag).then((commitList) => {
console.log(`Commits made between ${fromTag} and ${toTag}:`, commitList);
const commitList = await getCommitHistoryAsJSON(fromTag, toTag);
console.log(`Commits made between ${fromTag} and ${toTag}:`, commitList);

// Find which commit messages correspond to merged PR's
const pullRequestNumbers = getValidMergedPRs(commitList);
console.log(`List of pull requests merged between ${fromTag} and ${toTag}`, pullRequestNumbers);
return _.map(pullRequestNumbers, (prNum) => Number.parseInt(prNum, 10));
});
// Find which commit messages correspond to merged PR's
const pullRequestNumbers = getValidMergedPRs(commitList).sort((a, b) => a - b);
console.log(`List of pull requests merged between ${fromTag} and ${toTag}`, pullRequestNumbers);
return pullRequestNumbers;
}

module.exports = {
Expand Down
2 changes: 1 addition & 1 deletion .github/actions/javascript/getPreviousVersion/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ outputs:
PREVIOUS_VERSION:
description: The previous semver version of the application, according to the SEMVER_LEVEL provided
runs:
using: 'node16'
using: 'node20'
main: './index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,5 @@ outputs:
FORKED_REPO_URL:
description: 'Output forked repo URL if PR includes changes from a fork'
runs:
using: 'node16'
using: 'node20'
main: './index.js'
2 changes: 1 addition & 1 deletion .github/actions/javascript/getReleaseBody/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ outputs:
RELEASE_BODY:
description: String body of a production release.
runs:
using: 'node16'
using: 'node20'
main: './index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@ outputs:
NUMBER:
description: StagingDeployCash issue number
runs:
using: 'node16'
using: 'node20'
main: 'index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,5 @@ inputs:
description: "Web job result ('success', 'failure', 'cancelled', or 'skipped')"
required: true
runs:
using: "node16"
using: "node20"
main: "./index.js"
2 changes: 1 addition & 1 deletion .github/actions/javascript/postTestBuildComment/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,5 @@ inputs:
description: "Link for the web build"
required: false
runs:
using: "node16"
using: "node20"
main: "./index.js"
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ inputs:
description: The comment string we want to leave on the issue after we reopen it.
required: true
runs:
using: 'node16'
using: 'node20'
main: './index.js'
2 changes: 1 addition & 1 deletion .github/actions/javascript/reviewerChecklist/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@ inputs:
description: Auth token for New Expensify Github
required: true
runs:
using: 'node16'
using: 'node20'
main: './index.js'
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ inputs:
description: Refers to the results obtained from regression tests `.reassure/output.json`.
required: true
runs:
using: 'node16'
using: 'node20'
main: './index.js'
2 changes: 1 addition & 1 deletion .github/actions/javascript/verifySignedCommits/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@ inputs:
required: false

runs:
using: 'node16'
using: 'node20'
main: './index.js'
22 changes: 12 additions & 10 deletions .github/libs/GitUtils.js
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,16 @@ function fetchTag(tag) {
let needsRepack = false;
while (shouldRetry) {
try {
let command = '';
if (needsRepack) {
// We have seen some scenarios where this fixes the git fetch.
// Why? Who knows... https://github.com/Expensify/App/pull/31459
execSync('git repack -d');
command = 'git repack -d';
console.log(`Running command: ${command}`);
execSync(command);
}

let command = `git fetch origin tag ${tag} --no-tags`;
command = `git fetch origin tag ${tag} --no-tags`;

// Exclude commits reachable from the previous patch version (i.e: previous checklist),
// so that we don't have to fetch the full history
Expand Down Expand Up @@ -130,16 +133,15 @@ function getValidMergedPRs(commits) {
* @param {String} toTag
* @returns {Promise<Array<Number>>} – Pull request numbers
*/
function getPullRequestsMergedBetween(fromTag, toTag) {
async function getPullRequestsMergedBetween(fromTag, toTag) {
console.log(`Looking for commits made between ${fromTag} and ${toTag}...`);
return getCommitHistoryAsJSON(fromTag, toTag).then((commitList) => {
console.log(`Commits made between ${fromTag} and ${toTag}:`, commitList);
const commitList = await getCommitHistoryAsJSON(fromTag, toTag);
console.log(`Commits made between ${fromTag} and ${toTag}:`, commitList);

// Find which commit messages correspond to merged PR's
const pullRequestNumbers = getValidMergedPRs(commitList);
console.log(`List of pull requests merged between ${fromTag} and ${toTag}`, pullRequestNumbers);
return _.map(pullRequestNumbers, (prNum) => Number.parseInt(prNum, 10));
});
// Find which commit messages correspond to merged PR's
const pullRequestNumbers = getValidMergedPRs(commitList).sort((a, b) => a - b);
console.log(`List of pull requests merged between ${fromTag} and ${toTag}`, pullRequestNumbers);
return pullRequestNumbers;
}

module.exports = {
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ git fetch origin tag 1.0.1-0 --no-tags --shallow-exclude=1.0.0-0 # This will fet

## Security Rules 🔐
1. Do **not** use `pull_request_target` trigger unless an external fork needs access to secrets, or a _write_ `GITHUB_TOKEN`.
1. Do **not ever** write a `pull_request_target` trigger with an explicit PR checkout, e.g. using `actions/checkout@v2`. This is [discussed further here](https://securitylab.github.com/research/github-actions-preventing-pwn-requests)
1. Do **not ever** write a `pull_request_target` trigger with an explicit PR checkout, e.g. using `actions/checkout@v4`. This is [discussed further here](https://securitylab.github.com/research/github-actions-preventing-pwn-requests)
1. **Do use** the `pull_request` trigger as it does not send internal secrets and only grants a _read_ `GITHUB_TOKEN`.
1. If an untrusted (i.e: not maintained by GitHub) external action needs access to any secret (`GITHUB_TOKEN` or internal secret), use the commit hash of the workflow to prevent a modification of underlying source code at that version. For example:
1. **Bad:** `hmarr/[email protected]` Relies on the tag
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/authorChecklist.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
if: github.actor != 'OSBotify' && github.actor != 'imgbot[bot]'
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4

- name: authorChecklist.js
uses: ./.github/actions/javascript/authorChecklist
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ jobs:
if: github.ref == 'refs/heads/staging'
steps:
- name: Checkout staging branch
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
uses: actions/checkout@v4
with:
ref: staging
token: ${{ secrets.OS_BOTIFY_TOKEN }}

- uses: Expensify/App/.github/actions/composite/setupGitForOSBotifyApp@8c19d6da4a3d7ce3b15c9cd89a802187d208ecab
id: setupGitForOSBotify
with:
Expand Down
53 changes: 24 additions & 29 deletions .github/workflows/deployBlocker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,28 +13,22 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Get URL, title, & number of new deploy blocker (issue)
if: ${{ github.event_name == 'issues' }}
env:
TITLE: ${{ github.event.issue.title }}
run: |
{ echo "DEPLOY_BLOCKER_URL=${{ github.event.issue.html_url }}";
echo "DEPLOY_BLOCKER_NUMBER=${{ github.event.issue.number }}";
echo "DEPLOY_BLOCKER_TITLE=$(sed -e "s/'/'\\\\''/g; s/\`/\\\\\`/g; 1s/^/'/; \$s/\$/'/" <<< "$TITLE")";} >> "$GITHUB_ENV"
- uses: ./.github/actions/composite/setupGitForOSBotifyApp
id: setupGitForOSBotify
with:
GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}

- name: Update StagingDeployCash with new deploy blocker
uses: Expensify/App/.github/actions/javascript/createOrUpdateStagingDeploy@main
uses: ./.github/actions/javascript/createOrUpdateStagingDeploy
with:
GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}

- name: Give the issue/PR the Hourly, Engineering labels
uses: andymckay/labeler@978f846c4ca6299fd136f465b42c5e87aca28cac
with:
add-labels: 'Hourly, Engineering'
remove-labels: 'Daily, Weekly, Monthly'
- run: gh issue edit ${{ github.event.issue.number }} --add-label 'Engineering,Hourly' --remove-label 'Daily,Weekly,Monthly'
env:
GITHUB_TOKEN: ${{ github.token }}

- name: 'Post the issue in the #expensify-open-source slack room'
if: ${{ success() }}
Expand All @@ -46,26 +40,27 @@ jobs:
channel: '#expensify-open-source',
attachments: [{
color: "#DB4545",
text: '💥 We have found a New Expensify Deploy Blocker, if you have any idea which PR could be causing this, please comment in the issue: <${{ env.DEPLOY_BLOCKER_URL }}|'+ `${{ env.DEPLOY_BLOCKER_TITLE }}`.replace(/(^'|'$)/gi, '').replace(/'\''/gi,'\'') + '>',
text: '💥 We have found a New Expensify Deploy Blocker, if you have any idea which PR could be causing this, please comment in the issue: <${{ github.event.issue.html_url }}|${{ toJSON(github.event.issue.title) }}>',
}]
}
env:
GITHUB_TOKEN: ${{ github.token }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

- name: Comment on deferred PR
uses: actions-ecosystem/action-create-comment@cd098164398331c50e7dfdd0dfa1b564a1873fac
with:
github_token: ${{ secrets.OS_BOTIFY_TOKEN }}
number: ${{ env.DEPLOY_BLOCKER_NUMBER }}
body: |
:wave: Friendly reminder that deploy blockers are time-sensitive ⏱ issues! [Check out the open `StagingDeployCash` deploy checklist](https://github.com/Expensify/App/issues?q=is%3Aopen+is%3Aissue+label%3AStagingDeployCash) to see the list of PRs included in this release, then work quickly to do one of the following:
1. Identify the pull request that introduced this issue and revert it.
2. Find someone who can quickly fix the issue.
3. Fix the issue yourself.
- name: Comment on deploy blocker
run: |
gh issue comment ${{ github.event.issue.number }} --body "$(cat <<'EOF'
:wave: Friendly reminder that deploy blockers are time-sensitive ⏱ issues! [Check out the open \`StagingDeployCash\` deploy checklist](https://github.com/Expensify/App/issues?q=is%3Aopen+is%3Aissue+label%3AStagingDeployCash) to see the list of PRs included in this release, then work quickly to do one of the following:
1. Identify the pull request that introduced this issue and revert it.
2. Find someone who can quickly fix the issue.
3. Fix the issue yourself.
EOF
)"
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Announce failed workflow in Slack
if: ${{ failure() }}
uses: Expensify/App/.github/actions/composite/announceFailedWorkflowInSlack@main
uses: ./.github/actions/composite/announceFailedWorkflowInSlack
with:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
2 changes: 1 addition & 1 deletion .github/workflows/deployExpensifyHelp.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
uses: actions/checkout@v4

- name: Setup NodeJS
uses: Expensify/App/.github/actions/composite/setupNode@main
Expand Down
Loading

0 comments on commit 5be74c4

Please sign in to comment.