Merge branch 'main' into fix/metadata-ui-issues

.github/labeler.yml

@@ -12,6 +12,6 @@ api:
   - changed-files:
       - any-glob-to-any-file: api/**
 
-github:
+infrastructure:
   - changed-files:
-      - any-glob-to-any-file: .github/**
+      - any-glob-to-any-file: infrastructure/**

.github/workflows/.reusable-docker-build.yml

@@ -0,0 +1,84 @@
+# reusable workflow
+name: Build Docker Image
+
+on:
+  workflow_call:
+    inputs:
+      registry-url:
+        type: string
+        description: Github container registry base URL
+        required: false
+        default: ghcr.io
+      file:
+        type: string
+        description: Path to the Dockerfile
+        required: true
+      image-name:
+        type: string
+        description: Image slug
+        required: true
+      build-args:
+        type: string
+        description: List of build-time variables
+        required: false
+      scan:
+        type: boolean
+        description: Whether to scan image for vulnerabilities
+        required: false
+        default: true
+    outputs:
+      image:
+        description: Resulting image specifier
+        value: ${{ inputs.registry-url }}/flagsmith/${{ inputs.image-name }}:${{ jobs.build.outputs.version }}
+
+jobs:
+  build:
+    name: Build ${{ inputs.scan && 'and verify ' || '' }}${{ inputs.image-name }} image
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.meta.outputs.version }}
+
+    permissions:
+      packages: write
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Cloning repo
+        uses: actions/checkout@v4
+
+      - name: Set up Depot CLI
+        uses: depot/setup-action@v1
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ inputs.registry-url }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ inputs.registry-url }}/flagsmith/${{ inputs.image-name }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+
+      - name: Build and push image
+        uses: depot/build-push-action@v1
+        with:
+          push: true
+          build-args: ${{ inputs.build-args }}
+          file: ${{ inputs.file }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Run Trivy vulnerability scanner
+        if: ${{ inputs.scan }}
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ inputs.registry-url }}/flagsmith/${{ inputs.image-name }}:${{ steps.meta.outputs.version }}

.github/workflows/.reusable-docker-e2e-tests.yml

@@ -0,0 +1,58 @@
+# reusable workflow
+name: Run Docker E2E tests
+
+on:
+  workflow_call:
+    inputs:
+      api-image:
+        type: string
+        description: Core API Docker image to use, e.g., `ghcr.io/flagsmith/flagsmith-api:main`
+        required: true
+      e2e-image:
+        type: string
+        description: Frontend Docker with E2E capabilities image to use, e.g., `ghcr.io/flagsmith/flagsmith-e2e:main`
+        required: true
+      tests:
+        type: string
+        description: Space-delimited list of E2E tests to be executed
+        required: false
+        default: ''
+      concurrency:
+        type: number
+        description: The concurrent number of browsers to be used on testing
+        required: false
+        default: 3
+
+jobs:
+  run-e2e:
+    name: "E2E${{ inputs.tests && format(': {0}', inputs.tests) || '' }}"
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Cloning repo
+        uses: actions/checkout@v4
+
+      - name: Run tests on dockerised frontend
+        uses: nick-fields/retry@v3
+        with:
+          shell: bash
+          command: |
+            cd frontend
+            make test
+          max_attempts: 2
+          retry_on: error
+          timeout_minutes: 10
+        env:
+          opts: ${{ inputs.tests }}
+          API_IMAGE: ${{ inputs.api-image }}
+          E2E_IMAGE: ${{ inputs.e2e-image }}
+          E2E_CONCURRENCY: ${{ inputs.concurrency }}
+          SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }}
+          GITHUB_ACTION_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+      - name: Output Core API container status and logs
+        if: failure()
+        working-directory: frontend
+        run: |
+          docker compose -f docker-compose-e2e-tests.yml logs flagsmith-api
+        shell: bash

.github/workflows/api-deploy-production-ecs.yml

@@ -36,7 +36,7 @@ jobs:
           aws_identity_migration_event_bus_rule_id: identity_migration-b03c433
           aws_identity_migration_task_role_arn: arn:aws:iam::084060095745:role/task-exec-role-741a7e3
           aws_task_definitions_directory_path: infrastructure/aws/production
-          flagsmith_saml_revision: v1.4.0
+          flagsmith_saml_revision: v1.6.0
           flagsmith_auth_controller_revision: v0.0.1
           flagsmith_rbac_revision: v0.7.0
           sse_pgp_private_key: ${{ secrets.SSE_PGP_PRIVATE_KEY }}

.github/workflows/api-deploy-staging-ecs.yml

@@ -37,7 +37,7 @@ jobs:
           aws_identity_migration_event_bus_rule_id: identity_migration-08330ed
           aws_identity_migration_task_role_arn: arn:aws:iam::302456015006:role/task-exec-role-6fb76f6
           aws_task_definitions_directory_path: infrastructure/aws/staging
-          flagsmith_saml_revision: v1.4.0
+          flagsmith_saml_revision: v1.6.0
           flagsmith_auth_controller_revision: v0.0.1
           flagsmith_rbac_revision: v0.7.0
           sse_pgp_private_key: ${{ secrets.SSE_PGP_PRIVATE_KEY }}