Merge pull request #108 from au-heartbeat/main

Rebase back to main branch

.buildkite/pipeline.yml

@@ -2,110 +2,57 @@ env:
   RETENTION_DAYS: "10"
 
 steps:
-  - label: ":white_check_mark: Check Shell"
-    key: "check-shell"
-    command: ./ops/check.sh shell
-
-  - label: ":lock: Check Security"
-    key: "check-security"
-    command: ./ops/check.sh security
-
-  - label: ":lock: Check CSS px"
-    key: "check-px"
-    command: ./ops/check.sh px
-
-  - label: ":lock: Deny CSS hex"
-    key: "deny-css-hex-check"
-    command: ./ops/check.sh hex
-
-  - label: ":lock: Deny CSS rgba"
-    key: "deny-css-rgba-check"
-    command: ./ops/check.sh rgba
-
-  - label: ":lock: Check .* in backend"
-    key: "check-dot-star"
-    command: ./ops/check.sh dot-star
-
-  - label: ":white_check_mark: Check Backend"
-    if: build.branch == "main" && build.message =~ /(?i)\[backend\]/
-    key: "check-backend"
-    command: ./ops/check.sh backend
-
-  - label: ":white_check_mark: Check Frontend"
-    if: build.branch == "main" && build.message =~ /(?i)\[frontend\]/
-    key: "check-frontend"
-    command: ./ops/check.sh frontend
-
-  - label: ":mag: Check Frontend License"
-    key: "check-frontend-license"
-    commands: ./ops/check.sh frontend-license
-
-  - label: ":mag: Check Backend License"
-    key: "check-backend-license"
-    commands: ./ops/check.sh backend-license
-    plugins:
-      - artifacts#v1.9.0:
-          upload:
-            - "backend/build/reports/dependency-license/**/*"
-          name: "backend-license-report"
-          expire_in: "${RETENTION_DAYS} days"
-
   - label: ":cloudformation: Deploy infra"
     if: build.branch == "main" && build.message =~ /(?i)\[infra\]/
     key: "deploy-infra"
-    depends_on:
-      - "check-shell"
-      - "check-security"
-      - "check-frontend"
-      - "check-px"
-      - deny-css-rgba-check
-      - deny-css-hex-check
-      - "check-backend"
-      - "check-frontend-license"
-      - "check-backend-license"
     env:
       AWSHost: "$AWS_HOST"
       AWSAccountId: "$AWS_ACCOUNT_ID"
       AWSRegion: "$AWS_REGION"
     command: ./ops/deploy.sh infra
 
+  - label: ":white_check_mark: GitHub Basic Check"
+    if: build.branch == "main"
+    key: "check-github-basic"
+    command: ./ops/check.sh github-basic-passed
+    env:
+      COMMIT_SHA: "$BUILDKITE_COMMIT"
+      GITHUB_TOKEN: "$E2E_TOKEN_GITHUB"
+      BRANCH: "$BUILDKITE_BRANCH"
+    depends_on:
+      - "deploy-infra"
+
   - label: ":react: Build Frontend"
     if: build.branch == "main" && build.message =~ /(?i)\[frontend\]/
     key: "build-frontend"
-    depends_on: "deploy-infra"
+    depends_on:
+      - "check-github-basic"
     command: ./ops/build.sh frontend
 
   - label: ":java: Build Backend"
     if: build.branch == "main" && build.message =~ /(?i)\[backend\]/
     key: "build-backend"
-    depends_on: "deploy-infra"
+    depends_on:
+      - "check-github-basic"
     command: ./ops/build.sh backend
 
   - label: ":rocket: Deploy e2e"
-    if: build.branch == "main" && (build.message =~ /(?i)\[frontend\]/ || build.message =~ /(?i)\[backend\]/)
+    if: build.branch == "main"
     key: "deploy-e2e"
     depends_on:
       - "build-frontend"
       - "build-backend"
+      - "check-github-basic"
     command: ./ops/deploy.sh e2e
 
   - label: ":rocket: Run e2e"
-    branches: main
+    if: build.branch == "main"
     key: "check-e2e"
     depends_on:
       - "deploy-e2e"
-      - "check-shell"
-      - "check-security"
-      - "check-frontend"
-      - "check-px"
-      - deny-css-rgba-check
-      - deny-css-hex-check
-      - "check-backend"
-      - "check-frontend-license"
-      - "check-backend-license"
     command: ./ops/check.sh e2e-container
     plugins:
-      - artifacts#v1.9.0:
+      - artifacts#v1.9.3:
           upload: "./e2e-reports.tar.gz"
           expire_in: "${RETENTION_DAYS} days"
 

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -6,6 +6,8 @@ body:
   - type: markdown
     attributes:
       value: |
+        ## Request Detail
+
         The issue list is reserved exclusively for bug reports and feature requests.
 
         For usage questions, please use the following resources:
@@ -54,8 +56,51 @@ body:
       description: What tools will support your request feature?
       multiple: true
       options:
-        - Board
-        - Pipeline Tool
-        - Source Control
+        - Board (like Jira)
+        - Pipeline Tool (like buildkite)
+        - Source Control (like github)
+    validations:
+      required: true
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Account Detail
+
+        Let's know more about you and your account. We will horizontally evaluate all received requests to adjust the priority.
+
+        **Below information are important in terms of prioritization.**
+
+  - type: input
+    id: account_info
+    attributes:
+      label: Account name
+      description: What's your account name?
+      placeholder: Make sure it could be found in jigsaw
+    validations:
+      required: true
+
+  - type: input
+    id: account_location
+    attributes:
+      label: Account location
+      description: Which country you account locate at?
+    validations:
+      required: true
+
+  - type: input
+    id: account_size
+    attributes:
+      label: Teams in Account
+      description: How many teams will adopt heartbeat after feature release?
+    validations:
+      required: true
+
+  - type: input
+    id: expected_date
+    attributes:
+      label: Expected launch date
+      description: What is the latest possible launch date you can accept?
+      placeholder: 2024-12
     validations:
-      required: true
+      required: false

.github/workflows/Docs.yaml

@@ -28,7 +28,7 @@ jobs:
       - name: Build docs
         run: pnpm run build
       - name: Deploy to github pages
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: ./docs/dist

.github/workflows/Release.yaml

@@ -24,7 +24,7 @@ jobs:
       - name: Validate Gradle wrapper
         uses: gradle/wrapper-validation-action@v2
       - name: Set up Gradle
-        uses: gradle/gradle-build-action@v3.1.0
+        uses: gradle/gradle-build-action@v3.2.1
       - name: Build
         run: ./gradlew clean build
       - uses: actions/upload-artifact@v4
@@ -91,10 +91,23 @@ jobs:
           tags: |
             ghcr.io/${{ env.LOWCASE_REPO_NAME }}_backend:${{ env.TAG_NAME }}
             ghcr.io/${{ env.LOWCASE_REPO_NAME }}_backend:latest
-  release:
+
+  build-sbom:
     runs-on: ubuntu-latest
     needs:
       - build_and_push_image
+    steps:
+      - uses: actions/checkout@v4
+      - uses: anchore/sbom-action@v0
+        with:
+          path: ./
+          artifact-name: ${{ env.REPO_NAME }}.${{ env.TAG_NAME }}.sbom.spdx.json
+      - uses: anchore/sbom-action/publish-sbom@v0
+
+  release:
+    runs-on: ubuntu-latest
+    needs:
+      - build-sbom
     steps:
       - uses: actions/checkout@v4
       - name: Download frontend artifact
@@ -119,7 +132,7 @@ jobs:
           ls
           echo "TAG_NAME=$(git tag --sort version:refname | tail -n 1)" >> "$GITHUB_ENV"
       - name: Upload zip file
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           files: ${{ env.REPO_NAME }}-${{ env.TAG_NAME }}.zip
 

.github/workflows/build-and-deploy.yml

@@ -91,7 +91,7 @@ jobs:
       - name: Validate Gradle wrapper
         uses: gradle/wrapper-validation-action@v2
       - name: Set up Gradle
-        uses: gradle/gradle-build-action@v3.1.0
+        uses: gradle/gradle-build-action@v3.2.1
       - name: Test and check
         run: ./gradlew clean check
       - name: Build
@@ -120,7 +120,7 @@ jobs:
       - name: Validate Gradle wrapper
         uses: gradle/wrapper-validation-action@v2
       - name: Set up Gradle
-        uses: gradle/gradle-build-action@v3.1.0
+        uses: gradle/gradle-build-action@v3.2.1
       - name: License check
         run: ./gradlew clean checkLicense
       - uses: actions/upload-artifact@v4
@@ -228,21 +228,23 @@ jobs:
         run: |
           ./ops/check.sh frontend-license
 
-  #  check-buildkite-status:
-  #    if: ${{ github.event_name == 'pull_request' }}
-  #    runs-on: ubuntu-latest
-  #    steps:
-  #      - name: Checkout code
-  #        uses: actions/checkout@v4
-  #
-  #      - name: Check BuildKite status
-  #        run: |
-  #          buildkite_status=$(curl -H "Authorization: Bearer ${{ secrets.BUILDKITE_TOKEN }}" "https://api.buildkite.com/v2/organizations/thoughtworks-Heartbeat/pipelines/heartbeat/builds?branch=main"| jq -r '.[0].state')
-  #
-  #          if [ "$buildkite_status" != "passed" ]; then
-  #            echo "BuildKite build failed. Cannot merge the PR."
-  #            exit 1
-  #          fi
+  check-buildkite-status:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Check BuildKite status
+        env:
+          BUILDKITE_TOKEN: ${{ secrets.BUILDKITE_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          CURRENT_ACTOR: ${{ github.actor }}
+          EVENT_NAME: ${{ github.event_name }}
+          CURRENT_BRANCH_NAME: ${{ github.ref }}
+          PULL_REQUEST_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          ./ops/check.sh buildkite-status
+
   images-check:
     runs-on: ubuntu-latest
     steps:
@@ -289,6 +291,7 @@ jobs:
       - credential-check
       - frontend-license-check
       - backend-license-check
+      - check-buildkite-status
     runs-on: ubuntu-latest
     permissions:
       id-token: write
@@ -459,13 +462,22 @@ jobs:
           npm install -g pnpm
       - name: Set env
         run: echo "HOME=/root" >> $GITHUB_ENV
+      - name: Install shell deps
+        run: |
+          apt-get update && apt-get install -y jq
+          jq --version
+      - name: Check e2e deployment
+        env:
+          BUILDKITE_TOKEN: ${{ secrets.BUILDKITE_TOKEN }}
+          COMMIT_SHA: ${{ github.sha }}
+        run: ./ops/check.sh buildkite-e2e-deployed
       - name: Run E2E
         env:
           APP_ORIGIN: ${{ vars.APP_HTTP_SCHEDULE }}://${{ secrets.AWS_EC2_IP_E2E }}:${{ secrets.AWS_EC2_IP_E2E_FRONTEND_PORT }}
           E2E_TOKEN_JIRA: ${{ secrets.E2E_TOKEN_JIRA }}
           E2E_TOKEN_BUILD_KITE: ${{ secrets.E2E_TOKEN_BUILD_KITE }}
           E2E_TOKEN_GITHUB: ${{ secrets.E2E_TOKEN_GITHUB }}
-          E2E_TOKEN_FLAG_AS_BLOCK_JIRA: ${{ secrets.E2E_TOKEN_FLAG_AS_BLOCK_JIRA }}
+          E2E_TOKEN_PIPELINE_NO_ORG_CONFIG_BUILDKITE: ${{ secrets.E2E_TOKEN_PIPELINE_NO_ORG_CONFIG_BUILDKITE }}
         shell: bash {0}
         run: ./ops/check.sh e2e
       - uses: actions/upload-artifact@v4
@@ -474,6 +486,14 @@ jobs:
           name: playwright-report
           path: frontend/e2e/reports/
           retention-days: 30
+      - name: Slack Notification
+        uses: rtCamp/action-slack-notify@v2
+        if: always()
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          SLACK_ICON_EMOJI: ":heart-beat:"
+          SLACK_COLOR: ${{ job.status }}
+          SLACK_USERNAME: "Heartbeat E2E Status"
 
   deploy:
     runs-on: ubuntu-latest

.gitignore

@@ -7,6 +7,7 @@
 /out-tsc
 /logs
 /app
+/stubs/logs/*
 frontend/cypress/
 # Only exists if Bazel was run
 /bazel-out
@@ -51,3 +52,4 @@ volume
 csv
 
 gitleaks-report.json
+*.sbom.spdx.json

.gitleaksignore

@@ -19,3 +19,4 @@ e001f3e4dc70deb4638d106d2ebfab520b9a2745:docs/src/components/Header/DocSearch.ts
 6cff3275f5fcff29462e33b0508359b5d619ffec:docs/src/components/Header/DocSearch.tsx:generic-api-key:54
 9102192bbe6790a348e5558cefbb051caa092411:_astro/DocSearch.d9740404.js:generic-api-key:13
 a3fe6c206ca324e9e5e9a0e1422fd8c72845d855:_astro/DocSearch.d5fd0ff0.js:generic-api-key:13
+cb693e0c6117cb8f383b72e4bb1c8f2635b7b041:_astro/DocSearch.E1RdsI6d.js:generic-api-key:13

.trivyignore

@@ -12,3 +12,5 @@ CVE-2023-49468
 CVE-2024-0553
 CVE-2024-0567
 CVE-2024-22201
+CVE-2024-22259
+CVE-2024-28085