Merge branch 'develop' of https://github.com/kokonect-link/cherrypick

.config/example.yml

@@ -38,7 +38,7 @@
 # Option 3: If neither of the above applies to you.
 #           (In this case, the source code should be published
 #           on the CherryPick interface.  IT IS NOT ENOUGH TO
-#           DISCLOSE THE SOURCE CODE WEHN A USER REQUESTS IT BY
+#           DISCLOSE THE SOURCE CODE WHEN A USER REQUESTS IT BY
 #           E-MAIL OR OTHER MEANS.  If you are not satisfied
 #           with this, it is recommended that you read the
 #           license again carefully.  Anyway, enabling this

.devcontainer/devcontainer.json

@@ -19,7 +19,6 @@
 				"editorconfig.editorconfig",
 				"dbaeumer.vscode-eslint",
 				"Vue.volar",
-				"Vue.vscode-typescript-vue-plugin",
 				"Orta.vscode-jest",
 				"dbaeumer.vscode-eslint",
 				"mrmlnc.vscode-json5"

.github/workflows/check-cherrypick-js-autogen.yml

@@ -5,24 +5,23 @@ on:
     branches:
       - master
       - develop
+      - improve-cherrypick-js-autogen-check
     paths:
       - packages/backend/**
 
 jobs:
-  check-cherrypick-js-autogen:
+  # pull_request_target safety: permissions: read-all, and there are no secrets used in this job
+  generate-cherrypick-js:
     runs-on: ubuntu-latest
     permissions:
-      pull-requests: write
-
-    env:
-      api_json_name: "api-head.json"
-
+      contents: read
+    if: ${{ github.event.pull_request.mergeable == null || github.event.pull_request.mergeable == true }}
     steps:
       - name: checkout
         uses: actions/checkout@v4.1.1
         with:
           submodules: true
-          ref: ${{ github.event.pull_request.head.sha }}
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
 
       - name: setup pnpm
         uses: pnpm/action-setup@v3
@@ -39,79 +38,81 @@ jobs:
       - name: install dependencies
         run: pnpm i --frozen-lockfile
 
-      - name: wait get-api-diff
-        uses: lewagon/wait-on-check-action@v1.3.3
+      # generate api.json
+      - name: Copy Config
+        run: cp .config/example.yml .config/default.yml
+      - name: Build
+        run: pnpm build
+      - name: Generate API JSON
+        run: pnpm --filter backend generate-api-json
+
+      # build cherrypick js
+      - name: Build cherrypick-js
+        run: |-
+          cp packages/backend/built/api.json packages/cherrypick-js/generator/api.json
+          pnpm run --filter cherrypick-js-type-generator generate
+
+      # packages/cherrypick-js/generator/built/autogen
+      - name: Upload Generated
+        uses: actions/upload-artifact@v4
         with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          check-regexp: get-from-cherrypick .+
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          wait-interval: 30
+          name: generated-cherrypick-js
+          path: packages/cherrypick-js/generator/built/autogen
 
-      - name: Download artifact
-        uses: actions/github-script@v7.0.1
+  # pull_request_target safety: permissions: read-all, and there are no secrets used in this job
+  get-actual-cherrypick-js:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    if: ${{ github.event.pull_request.mergeable == null || github.event.pull_request.mergeable == true }}
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4.1.1
         with:
-          script: |
-            const fs = require('fs');
-
-            const workflows = await github.rest.actions.listWorkflowRunsForRepo({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              head_sha: `${{ github.event.pull_request.head.sha }}`
-            }).then(x => x.data.workflow_runs);
-
-            console.log(workflows.map(x => ({name: x.name, title: x.display_title})));
-
-            const run_id = workflows.find(x => x.name.includes("Get api.json from CherryPick")).id;
-
-            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: run_id,
-            });
-
-            let matchArtifacts = allArtifacts.data.artifacts.filter((artifact) => {
-              return artifact.name.startsWith("api-artifact-") || artifact.name == "api-artifact"
-            });
-
-            await Promise.all(matchArtifacts.map(async (artifact) => {
-              let download = await github.rest.actions.downloadArtifact({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                artifact_id: artifact.id,
-                archive_format: 'zip',
-              });
-              await fs.promises.writeFile(`${process.env.GITHUB_WORKSPACE}/${artifact.name}.zip`, Buffer.from(download.data));
-            }));
-
-      - name: unzip artifacts
-        run: |-
-          find . -mindepth 1 -maxdepth 1 -type f -name '*.zip' -exec unzip {} -d . ';'
-          ls -la
+          submodules: true
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
 
-      - name: get head checksum
-        run: |-
-          checksum=$(realpath head_checksum)
+      - name: Upload From Merged
+        uses: actions/upload-artifact@v4
+        with:
+          name: actual-cherrypick-js
+          path: packages/cherrypick-js/src/autogen
 
-          cd packages/cherrypick-js/src
-          find autogen -type f -exec sh -c 'echo $(sed -E "s/^\s+\*\s+generatedAt:.+$//" {} | sha256sum | cut -d" " -f 1) {}' \; > $checksum
-          cd ../../..
+  # pull_request_target safety: nothing is cloned from repository
+  comment-cherrypick-js-autogen:
+    runs-on: ubuntu-latest
+    needs: [generate-cherrypick-js, get-actual-cherrypick-js]
+    permissions:
+      pull-requests: write
+    steps:
+      - name: download generated-cherrypick-js
+        uses: actions/download-artifact@v4
+        with:
+          name: generated-cherrypick-js
+          path: cherrypick-js-generated
 
-      - name: build autogen
-        run: |-
-            checksum=$(realpath ${api_json_name}_checksum)
-            mv $api_json_name packages/cherrypick-js/generator/api.json
+      - name: download actual-cherrypick-js
+        uses: actions/download-artifact@v4
+        with:
+          name: actual-cherrypick-js
+          path: cherrypick-js-actual
+
+      - name: check cherrypick-js changes
+        id: check-changes
+        run: |
+          diff -r -u --label=generated --label=on-tree ./cherrypick-js-generated ./cherrypick-js-actual > cherrypick-js.diff || true
 
-            cd packages/cherrypick-js/generator
-            pnpm run generate
-            cd built
-            find autogen -type f -exec sh -c 'echo $(sed -E "s/^\s+\*\s+generatedAt:.+$//" {} | sha256sum | cut -d" " -f 1) {}' \; > $checksum
-            cd ../../../..
+          if [ -s cherrypick-js.diff ]; then
+            echo "changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "changes=false" >> $GITHUB_OUTPUT
+          fi
 
-      - name: check update for type definitions
-        run: diff head_checksum ${api_json_name}_checksum
+      - name: Print full diff
+        run: cat ./cherrypick-js.diff
 
       - name: send message
-        if: failure()
+        if: steps.check-changes.outputs.changes == 'true'
         uses: thollander/actions-comment-pull-request@v2
         with:
           comment_tag: check-cherrypick-js-autogen
@@ -125,7 +126,7 @@ jobs:
             ```
 
       - name: send message
-        if: success()
+        if: steps.check-changes.outputs.changes == 'false'
         uses: thollander/actions-comment-pull-request@v2
         with:
           comment_tag: check-cherrypick-js-autogen

.github/workflows/check-spdx-license-id.yml

@@ -0,0 +1,75 @@
+name: Check SPDX-License-Identifier
+
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  check-spdx-license-id:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.1.1
+      - name: Check
+        run: |
+          counter=0
+
+          search() {
+            local directory="$1"
+            find "$directory" -type f \
+              '(' \
+                -name "*.cjs" -and -not -name '*.config.cjs' -o \
+                -name "*.html" -o \
+                -name "*.js" -and -not -name '*.config.js' -o \
+                -name "*.mjs" -and -not -name '*.config.mjs' -o \
+                -name "*.scss" -o \
+                -name "*.ts" -and -not -name '*.config.ts' -o \
+                -name "*.vue" \
+              ')' -and \
+              -not -name '*eslint*'
+          }
+
+          check() {
+            local file="$1"
+            if ! (
+              grep -q "SPDX-FileCopyrightText: syuilo and misskey-project" "$file" ||
+              grep -q "SPDX-License-Identifier: AGPL-3.0-only" "$file"
+            ); then
+              echo "Missing: $file"
+              ((counter++))
+            fi
+          }
+
+          directories=(
+            "cypress/e2e"
+            "packages/backend/migration"
+            "packages/backend/src"
+            "packages/backend/test"
+            "packages/frontend/.storybook"
+            "packages/frontend/@types"
+            "packages/frontend/lib"
+            "packages/frontend/public"
+            "packages/frontend/src"
+            "packages/frontend/test"
+            "packages/misskey-bubble-game/src"
+            "packages/misskey-reversi/src"
+            "packages/sw/src"
+            "scripts"
+          )
+
+          for directory in "${directories[@]}"; do
+            for file in $(search $directory); do
+              check "$file"
+            done
+          done
+
+          if [ $counter -gt 0 ]; then
+            echo "SPDX-License-Identifier is missing in $counter files."
+            exit 1
+          else
+            echo "SPDX-License-Identifier is certainly described in all target files!"
+            exit 0
+          fi

.github/workflows/deploy-test-environment.yml

@@ -50,12 +50,9 @@ jobs:
 
       - name: Get PR ref
         id: get-ref
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          PR_NUMBER=$(jq --raw-output .issue.number $GITHUB_EVENT_PATH)
-          PR_REF=$(gh pr view $PR_NUMBER --json headRefName -q '.headRefName')
-          echo "pr-ref=$PR_REF" > $GITHUB_OUTPUT
+          PR_REF="refs/pull/${{ github.event.issue.number }}/head"
+          echo "pr-ref=$PR_REF" >> $GITHUB_OUTPUT
 
       - name: Extract wait time
         id: get-wait-time

.github/workflows/lint.yml

@@ -92,6 +92,6 @@ jobs:
     - run: pnpm i --frozen-lockfile
     - run: pnpm --filter cherrypick-js run build
       if: ${{ matrix.workspace == 'backend' }}
-    - run: pnpm --filter misskey-reversi run build:tsc
+    - run: pnpm --filter misskey-reversi run build
       if: ${{ matrix.workspace == 'backend' }}
     - run: pnpm --filter ${{ matrix.workspace }} run typecheck

.github/workflows/release-edit-with-push.yml

@@ -0,0 +1,40 @@
+name: "Release Manager: sync changelog with PR"
+
+on:
+  push:
+    branches:
+      - release/**
+    paths:
+      - 'CHANGELOG.md'
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  edit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      # headがrelease/かつopenのPRを1つ取得
+      - name: Get PR
+        run: |
+          echo "pr_number=$(gh pr list --limit 1 --head "${{ github.ref_name }}" --json number  --jq '.[] | .number')" >> $GITHUB_OUTPUT
+        id: get_pr
+      - name: Get target version
+        uses: misskey-dev/release-manager-actions/.github/actions/get-target-version@v1
+        id: v
+      # CHANGELOG.mdの内容を取得
+      - name: Get changelog
+        uses: misskey-dev/release-manager-actions/.github/actions/get-changelog@v1
+        with:
+          version: ${{ steps.v.outputs.target_version }}
+        id: changelog
+      # PRのnotesを更新
+      - name: Update PR
+        run: |
+          gh pr edit ${{ steps.get_pr.outputs.pr_number }} --body "${{ steps.changelog.outputs.changelog }}"