Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
a30adfa5b3
PromucFlow_constructor/.github/workflows/client-build.yml
Rajat Agrawal d1a586e0bb
ci: Add pre push hook to not allow ee changes in ce (#35276) 
## Description
This PR fixes failure in the CI build workflow. The workflow was failing
in `Put release build in cache` job. The workflow was failing because
while installing git lfs, there was a conflict with the newly added pre
push hook. git lfs also contains its pre push hooks which was
conflicting with our hooks. In this PR, I have configured the workflow
for git lfs pre push hooks to override appsmith pre push commit since
appsmith git hooks are not required during workflows.


Fixes #`Issue Number`  
_or_  
Fixes `Issue URL`
> [!WARNING]  
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._

## Automation

/ok-to-test tags=""

### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!CAUTION]  
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.

<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Introduced a pre-push hook to ensure integrity by preventing
inadvertent pushes of certain files to the repository.
  
- **Improvements**
- Updated GitHub Actions workflow to enhance management of large files,
ensuring the latest configurations are applied before builds.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-07-30 12:11:27 +05:30

253 lines
12 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: Client Build
on:
workflow_call:
inputs:
pr:
description: "This is the PR number in case the workflow is being called in a pull request"
required: false
type: number
skip-tests:
description: "This is a boolean value in case the workflow is being called in build deploy-preview"
required: false
type: string
default: "false"
branch:
description: "This is the branch to be used for the build."
required: false
type: string
permissions:
contents: read
pull-requests: write
# Change the working directory for all "run" steps in this workflow
defaults:
run:
working-directory: app/client
shell: bash
jobs:
client-build:
runs-on: ${{ vars.RUNNER_CLIENT_BUILD }}
# Only run this workflow for internally triggered events
if: |
github.event.pull_request.head.repo.full_name == github.repository ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
github.event_name == 'repository_dispatch' ||
github.event_name == 'schedule'
steps:
# The checkout steps MUST happen first because the default directory is set according to the code base.
# GitHub Action expects all future commands to be executed in the code directory. Hence, we need to check out
# the code before doing anything else.
# Check out merge commit with the base branch in case this workflow is invoked via pull request
- name: Checkout the merged commit from PR and base branch
if: inputs.pr != 0
uses: actions/checkout@v4
with:
fetch-tags: true
ref: refs/pull/${{ inputs.pr }}/merge
# Check out the specified branch in case this workflow is called by another workflow
- name: Checkout the specified branch
if: inputs.pr == 0 && inputs.branch != ''
uses: actions/checkout@v4
with:
fetch-tags: true
ref: ${{ inputs.branch }}
# Checkout the code in the current branch in case the workflow is called because of a branch push event
- name: Checkout the head commit of the branch
if: inputs.pr == 0 && inputs.branch == ''
uses: actions/checkout@v4
with:
fetch-tags: true
- name: Get changed files in the client folder
id: changed-files-specific
uses: tj-actions/changed-files@v41
with:
files: "app/client/**"
- name: Run step if any file(s) in the client folder change
if: steps.changed-files-specific.outputs.any_changed == 'true'
env:
ALL_CHANGED_FILES: ${{ steps.changed-files-specific.outputs.all_changed_files }}
run: |
echo "One or more files in the server folder has changed."
echo "List all the files that have changed: $ALL_CHANGED_FILES"
- name: Check compliance
if: inputs.pr != 0 && steps.changed-files-specific.outputs.any_changed == 'true'
uses: actions/github-script@v7
env:
NODE_PATH: "${{ github.workspace }}/.github/workflows/scripts"
PR_NUMBER: ${{ inputs.pr }}
with:
script: |
await require("client-build-compliance.js")({core, github, context})
# In case this is second attempt try restoring status of the prior attempt from cache
- name: Restore the previous run result
if: steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
uses: actions/cache@v4
with:
path: |
~/run_result
key: ${{ github.run_id }}-${{ github.job }}-client
# Fetch prior run result
- name: Get the previous run result
if: steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
id: run_result
run: cat ~/run_result 2>/dev/null || echo 'default'
# In case of prior failure run the job
- if: steps.run_result.outputs.run_result != 'success' && (steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule')
run: echo "I'm alive!" && exit 0
- name: Use Node.js
if: steps.run_result.outputs.run_result != 'success' && (steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule')
uses: actions/setup-node@v4
with:
node-version-file: app/client/package.json
# actions/setup-node@v4 doesnt work properly with Yarn 3
# when the project lives in a subdirectory: https://github.com/actions/setup-node/issues/488
# Restoring the cache manually instead
- name: Restore Yarn cache
if: steps.run_result.outputs.run_result != 'success' && (steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule')
uses: actions/cache@v4
id: cache-dependencies
with:
path: |
app/client/.yarn/cache
app/client/node_modules/.cache/webpack/
key: v1-yarn3-${{ hashFiles('app/client/yarn.lock') }}
# Install all the dependencies
- name: Install dependencies
if: steps.run_result.outputs.run_result != 'success' && (steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule')
run: yarn install --immutable
# Type checking before starting the build
- name: Run type check
if: steps.run_result.outputs.run_result != 'success' && (steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule')
run: yarn run check-types
- name: Set the build environment based on the branch
if: steps.run_result.outputs.run_result != 'success' && (steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule')
id: vars
run: |
set +o pipefail
echo "REACT_APP_ENVIRONMENT=DEVELOPMENT" >> $GITHUB_OUTPUT
if [[ "${{github.ref}}" == "refs/heads/master" ]]; then
echo "REACT_APP_ENVIRONMENT=PRODUCTION" >> $GITHUB_OUTPUT
fi
if [[ "${{github.ref}}" == "refs/heads/release" ]]; then
echo "REACT_APP_ENVIRONMENT=STAGING" >> $GITHUB_OUTPUT
fi
# We burn React environment & the Segment analytics key into the build itself.
# This is to ensure that we don't need to configure it in each installation
- name: Create the bundle
if: steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
run: |
if [[ "${{ github.ref }}" == "refs/heads/master" ]]; then
export REACT_APP_SEGMENT_CE_KEY="${{ secrets.APPSMITH_SEGMENT_CE_KEY }}"
else
export REACT_APP_SEGMENT_CE_KEY="${{ secrets.APPSMITH_SEGMENT_CE_KEY_RELEASE }}"
fi
REACT_APP_ENVIRONMENT=${{steps.vars.outputs.REACT_APP_ENVIRONMENT}} \
REACT_APP_FUSIONCHARTS_LICENSE_KEY=${{ secrets.APPSMITH_FUSIONCHARTS_LICENSE_KEY }} \
SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \
REACT_APP_VERSION_EDITION="Community" \
yarn build
# Saving the cache to use it in subsequent runs
- name: Save Yarn cache
uses: actions/cache/save@v4
if: steps.cache-dependencies.outputs.cache-hit != 'true' && (steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule')
with:
path: |
app/client/.yarn/cache
app/client/node_modules/.cache/webpack/
key: v1-yarn3-${{ hashFiles('app/client/yarn.lock') }}
# Restore the previous built bundle if present. If not push the newly built into the cache
- name: Restore the previous bundle
if: steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
uses: actions/cache@v4
with:
path: |
app/client/build/
key: ${{ github.run_id }}-${{ github.job }}-client
- name: Pack the client build directory
if: steps.changed-files-specific.outputs.any_changed == 'true' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
run: |
tar -cvf ./build.tar -C build .
- name: Fetch client build from cache
if: steps.changed-files-specific.outputs.any_changed == 'false' && success() && github.event_name != 'push' && github.event_name != 'workflow_dispatch' && github.event_name != 'schedule'
env:
cachetoken: ${{ secrets.CACHETOKEN }}
reponame: ${{ github.event.repository.name }}
gituser: ${{ secrets.CACHE_GIT_USER }}
gituseremail: ${{ secrets.CACHE_GIT_EMAIL }}
run: |
mkdir cacherepo
cd ./cacherepo
git lfs install
git config --global user.email "$gituseremail"
git config --global user.name "$gituser"
git clone https://$cachetoken@github.com/appsmithorg/cibuildcache.git
git lfs install
if [ "$reponame" = "appsmith" ]; then export repodir="CE"; fi
if [ "$reponame" = "appsmith-ee" ]; then export repodir="EE"; fi
cd cibuildcache/$repodir/release/client
git lfs pull ./build.tar
mv ./build.tar ../../../../../build.tar
# Upload the build artifact so that it can be used by the test & deploy job in the workflow
- name: Upload react build bundle
uses: actions/upload-artifact@v4
with:
name: client-build
path: app/client/build.tar
overwrite: true
- name: Put release build in cache
if: success() && github.ref == 'refs/heads/release' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule')
env:
cachetoken: ${{ secrets.CACHETOKEN }}
reponame: ${{ github.event.repository.name }}
gituser: ${{ secrets.CACHE_GIT_USER }}
gituseremail: ${{ secrets.CACHE_GIT_EMAIL }}
# git lfs update --force in the script below overrides appsmith git hooks with git lfs hooks since appsmith hooks are not required during workflow runs
run: |
pwd
mkdir cacherepo
cd ./cacherepo
git config --global user.email "$gituseremail"
git config --global user.name "$gituser"
git clone https://$cachetoken@github.com/appsmithorg/cibuildcache.git
git lfs update --force
git lfs install
cd cibuildcache/
if [ "$reponame" = "appsmith" ]; then export repodir="CE"; fi
if [ "$reponame" = "appsmith-ee" ]; then export repodir="EE"; fi
cd $repodir/release/client
cp ../../../../../build.tar ./
git lfs track "build.tar"
git add build.tar
git commit -m "Update Latest build.tar"
git push
# Set status = success
- name: Save the status of the run
run: echo "run_result=success" >> $GITHUB_OUTPUT > ~/run_result
Reference in New Issue View Git Blame Copy Permalink