Merge branch 'master' into dependabot-npm_and_yarn-decode-uri-compone… #4882

Workflow file for this run

	name: Node CI Suite

	on:
	push

	jobs:
	test:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	node-version: [14.x, 16.x]
	os: [ubuntu-latest, macos-latest, windows-latest]
	steps:
	- uses: actions/checkout@v3
	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ matrix.node-version }}
	yarn: cache
	- run: yarn --frozen-lockfile --network-timeout 1000000
	- run: yarn test

	acceptance:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	node-version: [14.x, 16.x]
	os: [ubuntu-latest, macos-latest, windows-latest]
	environment: AcceptanceTests
	env:
	RUN_ACCEPTANCE_TESTS: true
	HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
	steps:
	- uses: actions/checkout@v3
	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ matrix.node-version }}
	- run: yarn --frozen-lockfile
	- run: ./bin/run whoami
	- run: ./scripts/run-acceptance

	# dummy job needed to pass changeling compliance because it only watches one build
	done:
	runs-on: macos-latest
	needs: [test, acceptance]
	steps:
	- run: echo done
	working-directory: /

	pack_deb:
	if: github.ref == 'refs/heads/master' \|\| github.ref_type == 'tag' && startsWith(github.ref_name, 'v' )
	runs-on: ubuntu-latest
	env:
	HEROKU_AUTHOR: 'Heroku'
	steps:
	- uses: actions/checkout@v3
	- name: Install system deps
	run: \|
	sudo apt-get update
	sudo apt-get install -y nsis p7zip-full
	- run: sudo mkdir -p /build
	- name: Install package deps
	run: \|
	cp yarn.lock packages/cli
	cd packages/cli
	yarn --frozen-lockfile
	- name: Building deb
	run: ./scripts/pack/deb
	- uses: actions/upload-artifact@v3
	with:
	name: packed-deb
	path: /home/runner/work/cli/cli/packages/cli/dist

	pack_tarballs:
	if: github.ref == 'refs/heads/master' \|\| github.ref_type == 'tag' && startsWith(github.ref_name, 'v' )
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- name: Install system deps
	run: \|
	sudo apt-get update
	sudo apt-get install -y nsis p7zip-full
	- run: sudo mkdir -p /build
	- name: Install package deps
	run: \|
	cp yarn.lock packages/cli
	cd packages/cli
	yarn --frozen-lockfile
	- name: Building tarballs
	run: ./scripts/pack/tarballs
	- uses: actions/upload-artifact@v3
	with:
	name: packed-tarballs
	path: /home/runner/work/cli/cli/packages/cli/dist

	sign_deb:
	needs: [pack_deb]
	if: github.ref == 'refs/heads/master' \|\| github.ref_type == 'tag' && startsWith(github.ref_name, 'v' )
	runs-on: ubuntu-latest
	environment: SignDebian
	env:
	HEROKU_DEB_SECRET_KEY: ${{ secrets.HEROKU_DEB_SECRET_KEY }}
	HEROKU_DEB_SIGNING_PASSWORD: ${{ secrets.HEROKU_DEB_SIGNING_PASSWORD }}
	HEROKU_DEB_KEY_ID: ${{ secrets.HEROKU_DEB_KEY_ID }}
	HEROKU_DEB_PUBLIC_KEY: ${{ secrets.HEROKU_DEB_PUBLIC_KEY }}
	steps:
	- uses: actions/checkout@v3
	- run: sudo mkdir -p /build
	- uses: actions/download-artifact@v3
	with:
	name: packed-deb
	path: /home/runner/work/cli/cli/packages/cli/dist
	- run: \|
	cd /home/runner/work/cli/cli/packages/cli/dist/deb
	/home/runner/work/cli/cli/packages/cli/scripts/sign/deb
	- uses: actions/upload-artifact@v3
	with:
	name: signed-deb
	path: /home/runner/work/cli/cli/packages/cli/dist


	# TODO: the circle job ran `install_scripts` but this isn't, do we need to add that?
	release-deb-and-tarballs:
	needs: [test, acceptance, sign_deb, pack_tarballs]
	if: github.ref == 'refs/heads/master' \|\| github.ref_type == 'tag' && startsWith(github.ref_name, 'v' )
	runs-on: ubuntu-latest
	environment: CLIS3BucketAndCloudfront
	env:
	CLOUDFRONT_DISTRIBUTION: ${{ secrets.CLOUDFRONT_DISTRIBUTION }}
	HEROKU_S3_BUCKET: ${{ secrets.HEROKU_S3_BUCKET }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_EC2_METADATA_DISABLED: true
	steps:
	- uses: actions/checkout@v3
	- run: sudo mkdir -p /build
	- uses: actions/download-artifact@v3
	with:
	name: signed-deb
	path: /home/runner/work/cli/cli/packages/cli/dist

	- uses: actions/download-artifact@v3
	with:
	name: packed-tarballs
	path: /home/runner/work/cli/cli/packages/cli/dist
	- name: List all the downloaded files (for debugging)
	run: ls -R
	working-directory: /home/runner/work/cli/cli/packages/cli/dist
	- run: \|
	sudo apt-get update
	sudo apt-get install -y awscli
	- name: yarn install
	run: \|
	cp yarn.lock packages/cli
	cd packages/cli
	yarn --frozen-lockfile --prefer-offline
	- name: Upload production artifacts
	run: \|
	cd packages/cli
	pwd
	./scripts/release/tarballs
	./scripts/release/deb
	- uses: actions/upload-artifact@v3
	with:
	name: all-dist
	path: /home/runner/work/cli/cli/packages/cli/dist

	## POST release jobs
	invalidate-cdn-cache:
	needs: [release-deb-and-tarballs]
	if: github.ref == 'refs/heads/master' \|\| github.ref_type == 'tag' && startsWith(github.ref_name, 'v' )
	runs-on: ubuntu-latest
	environment: CLIS3BucketAndCloudfront
	env:
	CLOUDFRONT_DISTRIBUTION: ${{ secrets.CLOUDFRONT_DISTRIBUTION }}
	HEROKU_S3_BUCKET: ${{ secrets.HEROKU_S3_BUCKET }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_EC2_METADATA_DISABLED: true
	steps:
	- uses: actions/checkout@v3
	- run: \|
	sudo apt-get update
	sudo apt-get install -y awscli
	aws configure set preview.cloudfront true
	- run: ./scripts/postrelease/invalidate_cdn_cache

	release-homebrew:
	needs: [release-deb-and-tarballs]
	if: github.ref_type == 'tag' && startsWith(github.ref_name, 'v' )
	runs-on: ubuntu-latest
	environment: ReleaseHomebrew
	steps:
	- uses: actions/checkout@v3
	- uses: webfactory/[email protected]
	with:
	ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
	- uses: actions/download-artifact@v3
	with:
	name: all-dist
	path: /home/runner/work/cli/cli/packages/cli/dist
	- name: List all the downloaded files (for debugging)
	run: ls -R
	working-directory: /home/runner/work/cli/cli/packages/cli/dist
	- run: \|
	cp yarn.lock packages/cli
	cd packages/cli
	yarn --frozen-lockfile
	./scripts/release/homebrew.js

	change-management:
	needs: [release-deb-and-tarballs]
	if: github.ref_type == 'tag' && startsWith(github.ref_name, 'v' )
	runs-on: ubuntu-latest
	environment: ChangeManagement
	env:
	TPS_API_APP_ID: ${{ secrets.TPS_API_APP_ID }}
	TPS_API_RELEASE_ACTOR_EMAIL: ${{ secrets.TPS_API_RELEASE_ACTOR_EMAIL }}
	TPS_API_STAGE: ${{ secrets.TPS_API_STAGE }}
	TPS_API_TOKEN_PARAM: ${{ secrets.TPS_API_TOKEN_PARAM }}
	TPS_API_URL_PARAM: ${{ secrets.TPS_API_URL_PARAM }}
	steps:
	- uses: actions/checkout@v3
	- run: \|
	yarn --frozen-lockfile
	./scripts/postrelease/change_management

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge branch 'master' into dependabot-npm_and_yarn-decode-uri-compone… #4882

Workflow file

Merge branch 'master' into dependabot-npm_and_yarn-decode-uri-compone… #4882

Jobs

Run details

Workflow file for this run