From 6b6bbb3fe0ae5ebc2e20e2a32ade278bcc119511 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 31 Mar 2021 23:29:12 -0700 Subject: [PATCH 01/11] Setup yaml validation script --- .../scripts/validateActionsAndWorkflows.sh | 16 ++++ package-lock.json | 87 +++++++++++++++++++ package.json | 2 + 3 files changed, 105 insertions(+) create mode 100755 .github/scripts/validateActionsAndWorkflows.sh diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh new file mode 100755 index 000000000000..c77f6cd64fbe --- /dev/null +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# +# 1) Lints the yaml style +# 2) Validates the Github Actions and workflows using the json schemas provided by https://www.schemastore.org/json/ + +# Download the up-to-date json schemas for github actions and workflows +cd ./.github && mkdir ./tempSchemas || exit 1; +curl https://json.schemastore.org/github-action.json --output ./tempSchemas/github-action.json --silent +curl https://json.schemastore.org/github-workflow.json --output ./tempSchemas/github-workflow.json --silent + +# Validate the actions and workflows using the JSON schemas and ajv https://github.com/ajv-validator/ajv-cli +find ./actions/ -type f -name "*.yml" -print0 | xargs -I file ajv -s ./tempSchemas/github-action.json -d file --strict=false +find ./workflows/ -type f -name "*.yml" -print0 | xargs -I file ajv -s ./tempSchemas/github-workflow.json -d file --strict=false + +# Cleanup after ourselves and delete the schemas +rm -rf ./tempSchemas diff --git a/package-lock.json b/package-lock.json index 7f12bd92e1f0..a3225cdcd93d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5044,6 +5044,41 @@ "uri-js": "^4.2.2" } }, + "ajv-cli": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/ajv-cli/-/ajv-cli-5.0.0.tgz", + "integrity": "sha512-LY4m6dUv44HTyhV+u2z5uX4EhPYTM38Iv1jdgDJJJCyOOuqB8KtZEGjPZ2T+sh5ZIJrXUfgErYx/j3gLd3+PlQ==", + "dev": true, + "requires": { + "ajv": "^8.0.0", + "fast-json-patch": "^2.0.0", + "glob": "^7.1.0", + "js-yaml": "^3.14.0", + "json-schema-migrate": "^2.0.0", + "json5": "^2.1.3", + "minimist": "^1.2.0" + }, + "dependencies": { + "ajv": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.0.2.tgz", + "integrity": "sha512-V0HGxJd0PiDF0ecHYIesTOqfd1gJguwQUOYfMfAWnRsWQEXfc5ifbUFhD3Wjc+O+y7VAqL+g07prq9gHQ/JOZQ==", + "dev": true, + "requires": { + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.2.2" + } + }, + "json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true + } + } + }, "ajv-errors": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/ajv-errors/-/ajv-errors-1.0.1.tgz", @@ -11418,6 +11453,23 @@ } } }, + "fast-json-patch": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/fast-json-patch/-/fast-json-patch-2.2.1.tgz", + "integrity": "sha512-4j5uBaTnsYAV5ebkidvxiLUYOwjQ+JSFljeqfTxCrH9bDmlCQaOJFS84oDJ2rAXZq2yskmk3ORfoP9DCwqFNig==", + "dev": true, + "requires": { + "fast-deep-equal": "^2.0.1" + }, + "dependencies": { + "fast-deep-equal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz", + "integrity": "sha1-ewUhjd+WZ79/Nwv3/bLLFf3Qqkk=", + "dev": true + } + } + }, "fast-json-stable-stringify": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", @@ -16808,6 +16860,35 @@ "integrity": "sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=", "dev": true }, + "json-schema-migrate": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/json-schema-migrate/-/json-schema-migrate-2.0.0.tgz", + "integrity": "sha512-r38SVTtojDRp4eD6WsCqiE0eNDt4v1WalBXb9cyZYw9ai5cGtBwzRNWjHzJl38w6TxFkXAIA7h+fyX3tnrAFhQ==", + "dev": true, + "requires": { + "ajv": "^8.0.0" + }, + "dependencies": { + "ajv": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.0.2.tgz", + "integrity": "sha512-V0HGxJd0PiDF0ecHYIesTOqfd1gJguwQUOYfMfAWnRsWQEXfc5ifbUFhD3Wjc+O+y7VAqL+g07prq9gHQ/JOZQ==", + "dev": true, + "requires": { + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.2.2" + } + }, + "json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true + } + } + }, "json-schema-traverse": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", @@ -22094,6 +22175,12 @@ "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=" }, + "require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "dev": true + }, "require-main-filename": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", diff --git a/package.json b/package.json index e798a62f8e2f..a0eeb5ce8a1b 100644 --- a/package.json +++ b/package.json @@ -25,6 +25,7 @@ "detox-build": "detox build --configuration ios.sim.debug", "detox-test": "detox test --configuration ios.sim.debug", "gh-actions-build": "./.github/scripts/buildActions.sh", + "gh-actions-lint": "./.github/scripts/validateActionsAndWorkflows.sh", "analyze-packages": "ANALYZE_BUNDLE=true webpack --config config/webpack/webpack.prod.js" }, "dependencies": { @@ -99,6 +100,7 @@ "@testing-library/jest-native": "^3.4.2", "@testing-library/react-native": "^7.0.2", "@vercel/ncc": "^0.27.0", + "ajv-cli": "^5.0.0", "babel-eslint": "^10.1.0", "babel-jest": "^26.2.2", "babel-loader": "^8.1.0", From ee8b1f7323c5758b1a336b6d2faf9d5731b11f84 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 31 Mar 2021 23:48:36 -0700 Subject: [PATCH 02/11] Fix exit code propagation --- .github/scripts/validateActionsAndWorkflows.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh index c77f6cd64fbe..724c5bdd9bb5 100755 --- a/.github/scripts/validateActionsAndWorkflows.sh +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -3,14 +3,21 @@ # 1) Lints the yaml style # 2) Validates the Github Actions and workflows using the json schemas provided by https://www.schemastore.org/json/ +# Track exit codes so we can run a full lint, report errors, and exit with the correct code +declare EXIT_CODE=0 + # Download the up-to-date json schemas for github actions and workflows -cd ./.github && mkdir ./tempSchemas || exit 1; +cd ./.github && mkdir ./tempSchemas || exit 1 curl https://json.schemastore.org/github-action.json --output ./tempSchemas/github-action.json --silent curl https://json.schemastore.org/github-workflow.json --output ./tempSchemas/github-workflow.json --silent # Validate the actions and workflows using the JSON schemas and ajv https://github.com/ajv-validator/ajv-cli -find ./actions/ -type f -name "*.yml" -print0 | xargs -I file ajv -s ./tempSchemas/github-action.json -d file --strict=false -find ./workflows/ -type f -name "*.yml" -print0 | xargs -I file ajv -s ./tempSchemas/github-workflow.json -d file --strict=false +find ./actions/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-action.json -d file --strict=false || EXIT_CODE=1 +find ./workflows/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-workflow.json -d file --strict=false || EXIT_CODE=1 + +echo $EXIT_CODE # Cleanup after ourselves and delete the schemas rm -rf ./tempSchemas + +exit $EXIT_CODE From c4809e2d5cd3a91419322c30109640c3079d4e89 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 31 Mar 2021 23:49:30 -0700 Subject: [PATCH 03/11] Remove unnecessary echo --- .github/scripts/validateActionsAndWorkflows.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh index 724c5bdd9bb5..2b51b73d7109 100755 --- a/.github/scripts/validateActionsAndWorkflows.sh +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -15,8 +15,6 @@ curl https://json.schemastore.org/github-workflow.json --output ./tempSchemas/gi find ./actions/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-action.json -d file --strict=false || EXIT_CODE=1 find ./workflows/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-workflow.json -d file --strict=false || EXIT_CODE=1 -echo $EXIT_CODE - # Cleanup after ourselves and delete the schemas rm -rf ./tempSchemas From 0a860023058fe2188dbc1df56213929a226c2e08 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 31 Mar 2021 23:59:43 -0700 Subject: [PATCH 04/11] Add github actions validation to Github Actions workflow (how meta) --- ...fyGithubActionBuilds.yml => validateGithubActions.yml} | 8 ++++++-- package.json | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) rename .github/workflows/{verifyGithubActionBuilds.yml => validateGithubActions.yml} (77%) diff --git a/.github/workflows/verifyGithubActionBuilds.yml b/.github/workflows/validateGithubActions.yml similarity index 77% rename from .github/workflows/verifyGithubActionBuilds.yml rename to .github/workflows/validateGithubActions.yml index 21fa3213259b..e6c8e0d04186 100644 --- a/.github/workflows/verifyGithubActionBuilds.yml +++ b/.github/workflows/validateGithubActions.yml @@ -1,4 +1,4 @@ -name: Verify Github Action Builds +name: Validate Github Actions on: pull_request: @@ -25,4 +25,8 @@ jobs: # Rebuild all the actions on this branch and check for a diff. Fail if there is one, # because that would be a sign that the PR author did not rebuild the Github Actions - - run: ./.github/scripts/verifyActions.sh + - name: Verify Javascript Action Builds + run: ./.github/scripts/verifyActions.sh + + - name: Validate actions and workflows + run: npm run gh-actions-validate diff --git a/package.json b/package.json index a0eeb5ce8a1b..e5683c871cf9 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "detox-build": "detox build --configuration ios.sim.debug", "detox-test": "detox test --configuration ios.sim.debug", "gh-actions-build": "./.github/scripts/buildActions.sh", - "gh-actions-lint": "./.github/scripts/validateActionsAndWorkflows.sh", + "gh-actions-validate": "./.github/scripts/validateActionsAndWorkflows.sh", "analyze-packages": "ANALYZE_BUNDLE=true webpack --config config/webpack/webpack.prod.js" }, "dependencies": { From c2895982ec799977a233f0cd84925e3246f46710 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Thu, 1 Apr 2021 00:04:17 -0700 Subject: [PATCH 05/11] Improve comment and add more early exits --- .github/scripts/validateActionsAndWorkflows.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh index 2b51b73d7109..0ff92289b524 100755 --- a/.github/scripts/validateActionsAndWorkflows.sh +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -1,15 +1,14 @@ #!/bin/bash # -# 1) Lints the yaml style -# 2) Validates the Github Actions and workflows using the json schemas provided by https://www.schemastore.org/json/ +# Validates the Github Actions and workflows using the json schemas provided by https://www.schemastore.org/json/ -# Track exit codes so we can run a full lint, report errors, and exit with the correct code +# Track exit codes separately so we can run a full validation, report errors, and exit with the correct code declare EXIT_CODE=0 # Download the up-to-date json schemas for github actions and workflows cd ./.github && mkdir ./tempSchemas || exit 1 -curl https://json.schemastore.org/github-action.json --output ./tempSchemas/github-action.json --silent -curl https://json.schemastore.org/github-workflow.json --output ./tempSchemas/github-workflow.json --silent +curl https://json.schemastore.org/github-action.json --output ./tempSchemas/github-action.json --silent || exit 1 +curl https://json.schemastore.org/github-workflow.json --output ./tempSchemas/github-workflow.json --silent || exit 1 # Validate the actions and workflows using the JSON schemas and ajv https://github.com/ajv-validator/ajv-cli find ./actions/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-action.json -d file --strict=false || EXIT_CODE=1 From e45001f3dff8ec12e8314a2a30774b8325b245f7 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Thu, 1 Apr 2021 14:52:10 -0700 Subject: [PATCH 06/11] Purposely commit incorrect value in Github Action --- .github/actions/bumpVersion/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/bumpVersion/action.yml b/.github/actions/bumpVersion/action.yml index 4118916bb768..d6a3bd8761e9 100644 --- a/.github/actions/bumpVersion/action.yml +++ b/.github/actions/bumpVersion/action.yml @@ -6,7 +6,7 @@ inputs: required: true SEMVER_LEVEL: description: Semantic Versioning Level - required: true + required: blarginfogigglenohip outputs: NEW_VERSION: description: The new semver version of the application, updated in the JS and native layers. From b67183c98440fec60c58e92c0845d70d6633e91c Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Thu, 1 Apr 2021 14:54:07 -0700 Subject: [PATCH 07/11] Purposely commit invalid key in github action --- .github/actions/bumpVersion/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/bumpVersion/action.yml b/.github/actions/bumpVersion/action.yml index d6a3bd8761e9..9b50e4cb5699 100644 --- a/.github/actions/bumpVersion/action.yml +++ b/.github/actions/bumpVersion/action.yml @@ -5,8 +5,8 @@ inputs: description: Auth token for Expensify.cash Github required: true SEMVER_LEVEL: - description: Semantic Versioning Level - required: blarginfogigglenohip + balshaefyaer: Semantic Versioning Level + required: true outputs: NEW_VERSION: description: The new semver version of the application, updated in the JS and native layers. From 286085e621abf86cf302e9193ae7e9029eb1cc3c Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Thu, 1 Apr 2021 16:18:53 -0700 Subject: [PATCH 08/11] Purposely commit invalid key in github workflow --- .github/actions/bumpVersion/action.yml | 2 +- .github/workflows/automerge.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/bumpVersion/action.yml b/.github/actions/bumpVersion/action.yml index 9b50e4cb5699..4118916bb768 100644 --- a/.github/actions/bumpVersion/action.yml +++ b/.github/actions/bumpVersion/action.yml @@ -5,7 +5,7 @@ inputs: description: Auth token for Expensify.cash Github required: true SEMVER_LEVEL: - balshaefyaer: Semantic Versioning Level + description: Semantic Versioning Level required: true outputs: NEW_VERSION: diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 098b00e26223..ab653766c70d 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest outputs: isMergeable: ${{ steps.isPullRequestMergeable.outputs.IS_MERGEABLE }} - steps: + balksraeb: - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f with: ref: master From 9e33976b370cae4815763a2a06963b32ff55edac Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Thu, 1 Apr 2021 16:20:44 -0700 Subject: [PATCH 09/11] Purposely commit incorrect value in github workflow --- .github/workflows/automerge.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index ab653766c70d..c434859c10a9 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -9,11 +9,11 @@ on: jobs: getPullRequestMergeability: - if: github.actor == 'OSBotify' && github.event.label.name == 'automerge' + if: lerueavhba runs-on: ubuntu-latest outputs: isMergeable: ${{ steps.isPullRequestMergeable.outputs.IS_MERGEABLE }} - balksraeb: + steps: - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f with: ref: master From 80de9738de9fc379b7dace753e9912055c4210d5 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Thu, 1 Apr 2021 16:22:09 -0700 Subject: [PATCH 10/11] Reset everything back to normal --- .github/workflows/automerge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index c434859c10a9..3304d37a2903 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -9,7 +9,7 @@ on: jobs: getPullRequestMergeability: - if: lerueavhba + if: github.actor == 'OSBotify' && github.event.label.name == 'automerge' runs-on: ubuntu-latest outputs: isMergeable: ${{ steps.isPullRequestMergeable.outputs.IS_MERGEABLE }} From b0217ba1d889a4a64970022bd6ef87c97a94c162 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Thu, 1 Apr 2021 16:26:03 -0700 Subject: [PATCH 11/11] Nix extra space in automerge workflow --- .github/workflows/automerge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 3304d37a2903..098b00e26223 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest outputs: isMergeable: ${{ steps.isPullRequestMergeable.outputs.IS_MERGEABLE }} - steps: + steps: - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f with: ref: master