PATCH: GitHubCI Configuration

Tailor the GitHubCI workflow to match our needs. Tweak some jobs: - checks (linter and type-checking) - Advisory only! Don't block the build/test/deploy process just because the linter is OCD on code layout. They can even run in parallel to the build. - build - Always run Reset Meteor task. Not sure though what difference it makes. - test-* - Disabled most of them, since they assume usage of Docker images. - Advisory only! Don't block the deploy for them. We can even deploy (copy to S3) while the tests are still running. - Strangely, they test on 4.4 and 6.0, but not 5.0 (which we run). I was going to change it to 5.0, but decided to minimize my changes, especially since I don't know what side-effects changing it might have. - deploy - Always run, not just releases and the `develop` branch - Save a `-latest` build, in addition to the versionized one - Skip the code signing/registration steps - Upload to *our* S3 bucket, not upstream’s - This is the bulk of the edits! Disable jobs we aren't interested in: - notify-draft-services - build-prod - Q: How is this different from `build`? A: 1. This waits for tests-done. `build` does not. 2. `build` has `coverage:true`, although that only kicks in for PRs. Nonetheless, I changed build.coverage to false. - build-gh-docker-coverage - build-gh-docker - test-api - test-ui - test-api-ee - test-ui-ee - test-ui-ee-no-watcher - build-docker-preview - docker-image-publish - services-docker-image-publish - notify-services - trigger-dependent-workflows Delete the other workflow files: - We don't need them - Keep only ci.yml and its extracted ci-*.yml files
seekingalpha · Jun 17, 2024 · da20143 · da20143
1 parent ce72824
commit da20143
Show file tree

Hide file tree

Showing 11 changed files with 28 additions and 264 deletions.
diff --git a/.github/workflows/ci-code-check.yml b/.github/workflows/ci-code-check.yml
@@ -12,6 +12,7 @@ env:
 
 jobs:
   code-check:
+    continue-on-error: true
     runs-on: ubuntu-20.04
 
     name: ${{ matrix.check == 'ts' && 'TypeScript' || 'Code Lint' }}

diff --git a/.github/workflows/ci-test-e2e.yml b/.github/workflows/ci-test-e2e.yml
@@ -76,6 +76,7 @@ env:
 
 jobs:
   test:
+    continue-on-error: true
     runs-on: ubuntu-20.04
     env:
       RC_DOCKERFILE: ${{ matrix.mongodb-version == '6.0' && inputs.rc-dockerfile-alpine || inputs.rc-dockerfile }}

diff --git a/.github/workflows/ci-test-unit.yml b/.github/workflows/ci-test-unit.yml
@@ -16,6 +16,7 @@ env:
 
 jobs:
   test:
+    continue-on-error: true
     runs-on: ubuntu-20.04
 
     name: Unit Tests

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,7 +7,7 @@ on:
     branches: '**'
   push:
     branches:
-      - develop
+      - '**'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@@ -81,6 +81,7 @@ jobs:
           echo "gh-docker-tag=${DOCKER_TAG}" >> $GITHUB_OUTPUT
 
   notify-draft-services:
+    if: false
     name: 🚀 Notify external services - draft
     runs-on: ubuntu-20.04
     needs: [release-versions]
@@ -122,7 +123,7 @@ jobs:
 
   packages-build:
     name: 📦 Build Packages
-    needs: [release-versions, notify-draft-services]
+    needs: [release-versions]
     runs-on: ubuntu-20.04
     steps:
       - name: Github Info
@@ -183,12 +184,12 @@ jobs:
       - uses: ./.github/actions/meteor-build
         with:
           node-version: ${{ needs.release-versions.outputs.node-version }}
-          coverage: ${{ github.event_name != 'release' }}
+          coverage: false
 
   build-prod:
+    if: false
     name: 📦 Meteor Build - official
     needs: [tests-done, release-versions, packages-build]
-    if: (github.event_name == 'release' || github.ref == 'refs/heads/develop')
     runs-on: ubuntu-20.04
 
     steps:
@@ -210,6 +211,7 @@ jobs:
           coverage: ${{ github.event_name != 'release' }}
 
   build-gh-docker-coverage:
+    if: false
     name: 🚢 Build Docker Images for Testing
     needs: [build, release-versions]
     runs-on: ubuntu-20.04
@@ -239,6 +241,7 @@ jobs:
           build-containers: ${{ matrix.platform == 'alpine' && 'authorization-service account-service ddp-streamer-service presence-service stream-hub-service queue-worker-service omnichannel-transcript-service' || '' }}
 
   build-gh-docker:
+    if: false
     name: 🚢 Build Docker Images for Production
     needs: [build-prod, release-versions]
     runs-on: ubuntu-20.04
@@ -293,6 +296,7 @@ jobs:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
   test-api:
+    if: false
     name: 🔨 Test API (CE)
     needs: [checks, build-gh-docker-coverage, release-versions]
 
@@ -312,6 +316,7 @@ jobs:
       CR_PAT: ${{ secrets.CR_PAT }}
 
   test-ui:
+    if: false
     name: 🔨 Test UI (CE)
     needs: [checks, build-gh-docker-coverage, release-versions]
 
@@ -339,6 +344,7 @@ jobs:
       REPORTER_ROCKETCHAT_URL: ${{ secrets.REPORTER_ROCKETCHAT_URL }}
 
   test-api-ee:
+    if: false
     name: 🔨 Test API (EE)
     needs: [checks, build-gh-docker-coverage, release-versions]
 
@@ -361,6 +367,7 @@ jobs:
       CR_PAT: ${{ secrets.CR_PAT }}
 
   test-ui-ee:
+    if: false
     name: 🔨 Test UI (EE)
     needs: [checks, build-gh-docker-coverage, release-versions]
 
@@ -390,6 +397,7 @@ jobs:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
   test-ui-ee-no-watcher:
+    if: false
     name: 🔨 Test UI (EE)
     needs: [checks, build-gh-docker-coverage, release-versions]
 
@@ -430,10 +438,9 @@ jobs:
           echo finished
 
   deploy:
-    name: 🚀 Publish build assets
+    name: 🚀 Copy to S3  # The actual deployment to our servers is done via Jenkins
     runs-on: ubuntu-20.04
-    if: github.event_name == 'release' || github.ref == 'refs/heads/develop'
-    needs: [build-gh-docker, release-versions]
+    needs: [build, release-versions]
 
     steps:
       - uses: Bhacaz/checkout-files@v2
@@ -449,10 +456,9 @@ jobs:
 
       - name: Publish assets
         env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: 'us-east-1'
-          GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USER_GITHUB_ROCKETCHAT_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_USER_GITHUB_ROCKETCHAT_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: us-west-2
         run: |
           REPO_VERSION=$(node -p "require('./package.json').version")
 
@@ -466,26 +472,22 @@ jobs:
 
           ROCKET_DEPLOY_DIR="/tmp/deploy"
           FILENAME="$ROCKET_DEPLOY_DIR/rocket.chat-$ARTIFACT_NAME.tgz";
+          FILENAME_LATEST="$ROCKET_DEPLOY_DIR/rocket.chat-latest.tgz";
 
-          aws s3 cp s3://rocketchat/sign.key.gpg .github/sign.key.gpg
 
           mkdir -p $ROCKET_DEPLOY_DIR
 
-          cp .github/sign.key.gpg /tmp
-          gpg --yes --batch --passphrase=$GPG_PASSWORD /tmp/sign.key.gpg
-          gpg --allow-secret-key-import --import /tmp/sign.key
-          rm /tmp/sign.key
 
           ln -s /tmp/build/Rocket.Chat.tar.gz "$FILENAME"
-          gpg --armor --detach-sign "$FILENAME"
+          ln -s /tmp/build/Rocket.Chat.tar.gz "$FILENAME_LATEST"
 
-          aws s3 cp $ROCKET_DEPLOY_DIR/ s3://download.rocket.chat/build/ --recursive
+          aws s3 cp $ROCKET_DEPLOY_DIR/ s3://seekingalpha-rocketchat-builds/ --recursive
 
   build-docker-preview:
+    if: false
     name: 🚢 Build Docker Image (preview)
     runs-on: ubuntu-20.04
     needs: [build, checks, release-versions]
-    if: github.event_name == 'release' || github.ref == 'refs/heads/develop'
     steps:
       - uses: actions/checkout@v4
 
@@ -512,6 +514,7 @@ jobs:
           password: ${{ secrets.CR_PAT }}
 
   docker-image-publish:
+    if: false
     name: 🚀 Publish Docker Image (main)
     runs-on: ubuntu-20.04
     needs: [deploy, build-docker-preview, release-versions]
@@ -623,6 +626,7 @@ jobs:
           echo "::endgroup::"
 
   services-docker-image-publish:
+    if: false
     name: 🚀 Publish Docker Image (services)
     runs-on: ubuntu-20.04
     needs: [deploy, release-versions]
@@ -712,6 +716,7 @@ jobs:
           echo "::endgroup::"
 
   notify-services:
+    if: false
     name: 🚀 Notify external services
     runs-on: ubuntu-20.04
     needs:
@@ -757,8 +762,8 @@ jobs:
           curl --fail https://releases.rocket.chat/$RC_VERSION/info
 
   trigger-dependent-workflows:
+    if: false
     runs-on: ubuntu-latest
-    if: github.event_name == 'release'
     needs:
       - services-docker-image-publish
       - docker-image-publish

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
diff --git a/.github/workflows/new-release.yml b/.github/workflows/new-release.yml
diff --git a/.github/workflows/pr-title-checker.yml b/.github/workflows/pr-title-checker.yml
diff --git a/.github/workflows/pr-update-description.yml b/.github/workflows/pr-update-description.yml