diff --git a/.dockerignore b/.dockerignore index b39dd7f9c053..c32587f39ac0 100644 --- a/.dockerignore +++ b/.dockerignore @@ -12,3 +12,4 @@ Dockerfile .ebignore .ebextensions .direnv +.github \ No newline at end of file diff --git a/.github/workflows/.reusable-docker-e2e-tests.yml b/.github/workflows/.reusable-docker-e2e-tests.yml index 9634838d65f1..3078a8ceb47e 100644 --- a/.github/workflows/.reusable-docker-e2e-tests.yml +++ b/.github/workflows/.reusable-docker-e2e-tests.yml @@ -27,6 +27,10 @@ on: description: The runner label to use. Defaults to `ubuntu-latest` required: false default: ubuntu-latest + secrets: + gcr-token: + description: A token to use for logging into Github Container Registry. If not provided, login does not occur. + required: false jobs: run-e2e: @@ -38,16 +42,20 @@ jobs: packages: read id-token: write + env: + GCR_TOKEN: ${{ secrets.gcr-token }} + steps: - name: Cloning repo uses: actions/checkout@v4 - name: Login to Github Container Registry + if: ${{ env.GCR_TOKEN }} uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + password: ${{ env.GCR_TOKEN }} - name: Set up Depot CLI uses: depot/setup-action@v1 diff --git a/.github/workflows/conventional-commit.yml b/.github/workflows/conventional-commit.yml index ab9dc2ae9eff..f05c2a640d12 100644 --- a/.github/workflows/conventional-commit.yml +++ b/.github/workflows/conventional-commit.yml @@ -3,14 +3,11 @@ name: Conventional Commit on: pull_request: types: [opened, synchronize, reopened, ready_for_review] - branches-ignore: - - release-please-* + jobs: conventional-commit: name: Conventional Commit runs-on: ubuntu-latest - permissions: - pull-requests: write steps: - name: Check PR Conventional Commit title uses: amannn/action-semantic-pull-request@v5 @@ -28,20 +25,3 @@ jobs: refactor test chore - - name: Auto-label PR with Conventional Commit title - uses: kramen22/conventional-release-labels@v1 - with: - type_labels: | - { - "feat": "feature", - "fix": "fix", - "infra": "infrastructure", - "ci": "ci-cd", - "docs": "docs", - "deps": "dependencies", - "perf": "performance", - "refactor": "refactor", - "test": "testing", - "chore": "chore" - } - ignored_types: '[]' diff --git a/.github/workflows/platform-pull-request.yml b/.github/workflows/platform-pull-request.yml index 550e484a5355..13c171bf9c94 100644 --- a/.github/workflows/platform-pull-request.yml +++ b/.github/workflows/platform-pull-request.yml @@ -6,11 +6,9 @@ on: paths-ignore: - docs/** - infrastructure/** - branches-ignore: - - release-please-* jobs: - check-permissions: + permissions-check: name: Check actor permissions runs-on: ubuntu-latest outputs: @@ -21,10 +19,36 @@ jobs: with: require: write + conventional-commit-label: + if: needs.permissions-check.outputs.can-write == 'true' + name: Add Conventional Commit labels + needs: permissions-check + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - name: Auto-label PR with Conventional Commit title + uses: kramen22/conventional-release-labels@v1 + with: + type_labels: | + { + "feat": "feature", + "fix": "fix", + "infra": "infrastructure", + "ci": "ci-cd", + "docs": "docs", + "deps": "dependencies", + "perf": "performance", + "refactor": "refactor", + "test": "testing", + "chore": "chore" + } + ignored_types: '[]' + docker-prepare-report-comment: - if: needs.check-permissions.outputs.can-write == 'true' + if: github.event.pull_request.draft == false && needs.permissions-check.outputs.can-write == 'true' name: Prepare Docker report comment - needs: check-permissions + needs: permissions-check runs-on: ubuntu-latest permissions: pull-requests: write @@ -36,64 +60,65 @@ jobs: - uses: ./.github/actions/docker-build-report-to-pr docker-build-unified: - if: github.event.pull_request.draft == false - needs: [check-permissions, docker-prepare-report-comment] + if: github.event.pull_request.draft == false && !cancelled() + needs: [permissions-check, docker-prepare-report-comment] name: Build Unified Image uses: ./.github/workflows/.reusable-docker-build.yml with: - ephemeral: ${{ needs.check-permissions.outputs.can-write == 'false' }} target: oss-unified image-name: flagsmith - comment: ${{ needs.check-permissions.outputs.can-write == 'true' }} + ephemeral: ${{ needs.permissions-check.outputs.can-write == 'false' }} + comment: ${{ needs.docker-prepare-report-comment.result == 'success' }} docker-build-api: - if: github.event.pull_request.draft == false - needs: [check-permissions, docker-prepare-report-comment] + if: github.event.pull_request.draft == false && !cancelled() + needs: [permissions-check, docker-prepare-report-comment] name: Build API Image uses: ./.github/workflows/.reusable-docker-build.yml with: - ephemeral: ${{ needs.check-permissions.outputs.can-write == 'false' }} target: oss-api image-name: flagsmith-api - comment: ${{ needs.check-permissions.outputs.can-write == 'true' }} + ephemeral: ${{ needs.permissions-check.outputs.can-write == 'false' }} + comment: ${{ needs.docker-prepare-report-comment.result == 'success' }} docker-build-frontend: - if: github.event.pull_request.draft == false - needs: [check-permissions, docker-prepare-report-comment] + if: github.event.pull_request.draft == false && !cancelled() + needs: [permissions-check, docker-prepare-report-comment] name: Build Frontend Image uses: ./.github/workflows/.reusable-docker-build.yml with: - ephemeral: ${{ needs.check-permissions.outputs.can-write == 'false' }} target: oss-frontend image-name: flagsmith-frontend - comment: ${{ needs.check-permissions.outputs.can-write == 'true' }} + ephemeral: ${{ needs.permissions-check.outputs.can-write == 'false' }} + comment: ${{ needs.docker-prepare-report-comment.result == 'success' }} docker-build-api-test: - if: github.event.pull_request.draft == false - needs: [check-permissions, docker-prepare-report-comment] + if: github.event.pull_request.draft == false && !cancelled() + needs: [permissions-check, docker-prepare-report-comment] name: Build API Test Image uses: ./.github/workflows/.reusable-docker-build.yml with: target: api-test image-name: flagsmith-api-test + ephemeral: ${{ needs.permissions-check.outputs.can-write == 'false' }} + comment: ${{ needs.docker-prepare-report-comment.result == 'success' }} scan: false - comment: ${{ needs.check-permissions.outputs.can-write == 'true' }} docker-build-e2e: - if: github.event.pull_request.draft == false - needs: [check-permissions, docker-prepare-report-comment] + if: github.event.pull_request.draft == false && !cancelled() + needs: [permissions-check, docker-prepare-report-comment] name: Build E2E Image uses: ./.github/workflows/.reusable-docker-build.yml with: - ephemeral: ${{ needs.check-permissions.outputs.can-write == 'false' }} file: frontend/Dockerfile.e2e image-name: flagsmith-e2e + ephemeral: ${{ needs.permissions-check.outputs.can-write == 'false' }} + comment: ${{ needs.docker-prepare-report-comment.result == 'success' }} scan: false - comment: ${{ needs.check-permissions.outputs.can-write == 'true' }} docker-build-private-cloud: - if: github.event.pull_request.draft == false && needs.check-permissions.outputs.can-write == 'true' - needs: [check-permissions, docker-prepare-report-comment] + if: github.event.pull_request.draft == false && needs.permissions-check.outputs.can-write == 'true' + needs: [permissions-check, docker-prepare-report-comment] name: Build Private Cloud Image uses: ./.github/workflows/.reusable-docker-build.yml with: @@ -105,7 +130,8 @@ jobs: github_private_cloud_token=${{ secrets.GH_PRIVATE_ACCESS_TOKEN }} run-e2e-tests: - needs: [docker-build-api, docker-build-e2e] + if: '!cancelled()' + needs: [permissions-check, docker-build-api, docker-build-e2e] uses: ./.github/workflows/.reusable-docker-e2e-tests.yml with: runs-on: ${{ matrix.runs-on }} @@ -113,7 +139,8 @@ jobs: api-image: ${{ needs.docker-build-api.outputs.image }} concurrency: ${{ matrix.args.concurrency }} tests: ${{ matrix.args.tests }} - secrets: inherit + secrets: + gcr-token: ${{ needs.permissions-check.outputs.can-write == 'true' && secrets.GITHUB_TOKEN || '' }} strategy: matrix: