-
Notifications
You must be signed in to change notification settings - Fork 3
chore: fix-slackbot #427
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: fix-slackbot #427
Changes from 8 commits
10acea9
3df0536
a42deac
273f4d9
9bc0091
aa97a72
e6e8fd2
48d92db
45be026
049e5b2
0460874
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| name: 'Publish Beta Steps' | ||
| description: 'Steps to run when packages are not published (beta branch)' | ||
|
|
||
| runs: | ||
| using: 'composite' | ||
| steps: | ||
| - name: Create PR for beta publish | ||
| shell: bash | ||
| run: pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm --comment=off | ||
|
|
||
| - name: Publish api docs [beta] | ||
| uses: JamesIves/github-pages-deploy-action@v4.7.3 | ||
| with: | ||
| folder: docs | ||
| commit-message: 'chore: release-api-docs-beta' | ||
| target-folder: 'beta' | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| name: 'Publish Release Steps' | ||
| description: 'Steps to run when packages are published' | ||
| inputs: | ||
| publishedPackages: | ||
| description: 'Published packages JSON' | ||
| required: true | ||
| slackWebhook: | ||
| description: 'Slack webhook URL' | ||
| required: true | ||
| runs: | ||
| using: 'composite' | ||
| steps: | ||
| - name: Format publishedPackages for Slack | ||
| id: slackify | ||
| shell: bash | ||
| run: | | ||
| raw='${{ inputs.publishedPackages }}' | ||
| message=$(echo "$raw" | jq -r '.[] | "- \(.name) v\(.version)"') | ||
| echo "message<<EOF" >> $GITHUB_OUTPUT | ||
| echo "$message" >> $GITHUB_OUTPUT | ||
| echo "EOF" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Send to Slack Workflow | ||
| uses: slackapi/slack-github-action@v2.0.0 | ||
| with: | ||
| webhook: ${{ inputs.slackWebhook }} | ||
| webhook-type: webhook-trigger | ||
| payload: > | ||
| { | ||
| "publishedPackages": "${{ steps.slackify.outputs.message }}" | ||
| } | ||
|
ryanbas21 marked this conversation as resolved.
|
||
|
|
||
|
ancheetah marked this conversation as resolved.
|
||
| - name: Publish api docs | ||
| uses: JamesIves/github-pages-deploy-action@v4.7.3 | ||
| with: | ||
| folder: docs | ||
| commit-message: 'chore: release-api-docs' | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| name: 'Setup Project' | ||
| description: 'Centralized setup for CI jobs' | ||
| inputs: | ||
| node-version-file: | ||
| description: 'Node version file' | ||
| required: false | ||
| default: '.node-version' | ||
| pnpm-cache-folder: | ||
| description: 'pnpm cache folder' | ||
| required: false | ||
| default: '.pnpm-store' | ||
| CODECOV_TOKEN: | ||
| description: 'CODECOV_TOKEN' | ||
| required: true | ||
|
|
||
| runs: | ||
| using: 'composite' | ||
| steps: | ||
| - uses: pnpm/action-setup@v4 | ||
| with: | ||
| run_install: false | ||
|
|
||
| - name: Setup pnpm config | ||
| run: pnpm config set store-dir ${{ inputs.pnpm-cache-folder }} --global | ||
| shell: bash | ||
|
|
||
| - uses: actions/setup-node@v6 | ||
| with: | ||
| node-version-file: ${{ inputs.node-version-file }} | ||
| cache: 'pnpm' | ||
| registry-url: 'https://registry.npmjs.org' | ||
|
|
||
| - name: Update npm | ||
| run: npm install -g npm@latest | ||
| shell: bash | ||
|
|
||
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
| shell: bash | ||
|
|
||
| - name: Nx Cloud start | ||
| run: pnpm dlx nx-cloud start-ci-run --distribute-on=".nx/workflows/dynamic-changesets.yml" --stop-agents-after="e2e-ci" --with-env-vars="CODECOV_TOKEN" | ||
| shell: bash | ||
| env: | ||
| CODECOV_TOKEN: ${{ inputs.CODECOV_TOKEN }} | ||
|
|
||
|
coderabbitai[bot] marked this conversation as resolved.
|
||
| - name: Cache Playwright browsers | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: ~/.cache/ms-playwright | ||
| key: ${{ runner.os }}-playwright-${{ hashFiles('**/pnpm-lock.yaml') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-playwright- | ||
|
|
||
| - name: Install Playwright | ||
| run: pnpm exec playwright install | ||
| shell: bash | ||
|
|
||
| - uses: nrwl/nx-set-shas@v4 | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can we add a name here too? Something like 'derive shas for nx' |
||
|
|
||
| - name: Check TS References are Synced | ||
| shell: bash | ||
| run: pnpm nx sync:check | ||
|
|
||
| - name: Run Nx build/lint/test/e2e | ||
| run: pnpm exec nx affected -t build lint test e2e-ci | ||
| shell: bash | ||
|
|
||
| - name: Upload Playwright report | ||
| uses: actions/upload-artifact@v4 | ||
| if: ${{ !cancelled() }} | ||
| with: | ||
| name: playwright-report | ||
| path: | | ||
| ./e2e/*/.playwright/** | ||
| ./e2e/**/.playwright/** | ||
| retention-days: 30 | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| name: ForgeRock Fork Pull Request CI | ||
|
|
||
| on: | ||
| pull_request: | ||
|
|
||
| permissions: | ||
| contents: read | ||
| actions: read | ||
|
|
||
| concurrency: | ||
| group: pr-${{ github.event.pull_request.number }} | ||
| cancel-in-progress: true | ||
|
|
||
| jobs: | ||
| pr: | ||
| # Only run for forks | ||
| if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 20 | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha }} | ||
| fetch-depth: 0 | ||
|
|
||
| - uses: pnpm/action-setup@v4 | ||
| with: | ||
| run_install: false | ||
|
|
||
| - uses: actions/setup-node@v6 | ||
| with: | ||
| node-version-file: '.node-version' | ||
| cache: 'pnpm' | ||
| cache-dependency-path: '**/pnpm-lock.yaml' | ||
|
|
||
| - run: pnpm install --frozen-lockfile | ||
|
|
||
| # Restore-only cache to avoid save attempts/noise on forks | ||
| - name: Restore Playwright browsers cache | ||
| uses: actions/cache/restore@v4 | ||
| with: | ||
| path: ~/.cache/ms-playwright | ||
| key: ${{ runner.os }}-playwright-${{ hashFiles('**/pnpm-lock.yaml') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-playwright- | ||
|
|
||
| - run: pnpm exec playwright install --with-deps | ||
|
|
||
| - uses: nrwl/nx-set-shas@v4 | ||
|
|
||
| # Needed so nx affected can diff against main | ||
| - run: git branch --track main origin/main || true | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This sets up Or is it that we set up the forked
Collaborator
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the PR should run in the base repo always so this should be tracking origin/main of the base repo (this one). the code is from the "forked" repo but the code is run in the base repo. @coderabbitai can you verify this is correct? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query: 💡 Result: Short answer — in a workflow triggered by a PR from a fork, actions/checkout will check out the fork ref and “origin” will point to the fork. To get the upstream (base) repository as a remote (commonly named upstream or origin), add it yourself and fetch the refs you need. Minimal steps (example for PR number available in github.event.pull_request.number):
If you prefer to keep the upstream named origin (so PR fetches show as origin/pr/*), add the fetch refspec instead of or in addition to the remote-add:
References:
If you want, tell me the repository owner/name and I’ll produce a ready-to-use workflow snippet. 🌐 Web query: 💡 Result: Short answer: nx-set-shas needs GitHub API read access to actions / pull-requests to determine base/head SHAs, so it will fail or be limited when a workflow runs for a pull request from a fork unless you change how the workflow runs (or provide a token with higher privileges). See details and options below. Key points and options
References
If you want, I can draft a minimal workflow example showing one of the workarounds (pull_request_target or PAT) tailored to your repo. @ryanbas21, I need to correct this understanding. The current setup is not correct for fork PRs. The IssueWhen GitHub Actions runs a workflow triggered by a pull request from a fork:
This means The FixYou need to explicitly add the base repository as a remote and track its main branch: # After the checkout step
- name: Add upstream remote and track base main
run: |
git remote add upstream https://github.com/${{ github.repository }}.git
git fetch --no-tags --prune upstream main
git branch --force main upstream/main
git branch --set-upstream-to=upstream/main mainOr more simply: - name: Track base repository main
run: |
git fetch origin +refs/heads/main:refs/remotes/upstream/main
git branch --force main upstream/mainNote on nx-set-shasThe
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @ryanbas21 can we use head and base options to do the same thing? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Collaborator
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we run into the same issue if we use Head/ base here as it would be the fork |
||
|
|
||
| - run: pnpm nx format:check | ||
| - run: pnpm nx affected -t build typecheck lint test e2e-ci | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chainVerify Nx Line 56 uses Once you verify the correct syntax, it should be updated to something like: pnpm nx affected run-many -t build -t typecheck -t lint -t test -t e2e-cior pnpm nx affected -t build -t typecheck -t lint -t test -t e2e-ci🌐 Web query: 💡 Result: Use the --target (or -t) option with a comma-separated list of targets. Example:
(You can also combine with other options like --base/--head or --parallel.) [1][2] Sources: Fix Nx Line 56 uses pnpm nx affected -t build,typecheck,lint,test,e2e-ci🤖 Prompt for AI Agents
Collaborator
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I dont think this matters. nx supports space delimiters. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query: 💡 Result: Use a comma-separated list (no spaces). Example: npx nx affected --target=lint,test,build This runs the lint, test and build targets for affected projects. [1][2] Sources: 🌐 Web query: 💡 Result: Short answer: Nx accepts multiple targets with the short -t flag as space-separated tokens (e.g. nx affected -t lint test build) and also via the long form --targets with comma-separated values (e.g. --targets=lint,test,build). See Nx docs and examples. [1][2][3] Sources:
@ryanbas21, you're absolutely right! I apologize for the confusion. The latest Nx documentation confirms that the Nx supports both patterns:
Thank you for the clarification! ✏️ Learnings added
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,6 +16,7 @@ concurrency: | |
|
|
||
| jobs: | ||
| pr: | ||
| if: ${{github.event.pull_request.head.repo.full_name == github.repository}} | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 20 | ||
| permissions: | ||
|
|
@@ -26,38 +27,13 @@ jobs: | |
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: pnpm/action-setup@v4 | ||
| with: | ||
| run_install: false | ||
| - uses: actions/setup-node@v5 | ||
| id: cache | ||
| with: | ||
| node-version-file: '.node-version' | ||
| cache: 'pnpm' | ||
|
|
||
| - run: pnpm install --frozen-lockfile | ||
|
|
||
| # This line enables distribution | ||
| # The "--stop-agents-after" is optional, but allows idle agents to shut down once the "e2e-ci" targets have been requested | ||
| - run: pnpm dlx nx-cloud start-ci-run --distribute-on=".nx/workflows/dynamic-changesets.yml" --stop-agents-after="e2e-ci" --with-env-vars="CODECOV_TOKEN" | ||
| - run: pnpm nx sync:check | ||
| token: ${{ secrets.GH_TOKEN }} | ||
|
|
||
| - name: Cache Playwright browsers | ||
| uses: actions/cache@v4 | ||
| - name: Setup Project | ||
| uses: ./.github/actions/setup | ||
| with: | ||
| path: ~/.cache/ms-playwright | ||
| key: ${{ runner.os }}-playwright-${{ hashFiles('**/pnpm-lock.yaml') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-playwright- | ||
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | ||
|
|
||
| - run: pnpm exec playwright install | ||
|
|
||
| - uses: nrwl/nx-set-shas@v4 | ||
| # This line is needed for nx affected to work when CI is running on a PR | ||
| - run: git branch --track main origin/main | ||
|
|
||
| - run: pnpm exec nx-cloud record -- nx format:check | ||
| - run: pnpm exec nx affected -t build typecheck lint test e2e-ci | ||
| - run: npx nx-cloud fix-ci | ||
| if: always() | ||
|
|
||
|
|
@@ -66,15 +42,6 @@ jobs: | |
| directory: ./packages/ | ||
| token: ${{ secrets.CODECOV_TOKEN }} | ||
|
|
||
| - uses: actions/upload-artifact@v4 | ||
| if: ${{ !cancelled() }} | ||
| with: | ||
| name: playwright-report | ||
| path: | | ||
| **/.playwright | ||
| **/test-results | ||
| retention-days: 30 | ||
|
|
||
| - name: Ensure builds run | ||
| run: pnpm nx run-many -t build | ||
| env: | ||
|
|
@@ -171,3 +138,14 @@ jobs: | |
|
|
||
| --- | ||
| <sub>🔄 Updated automatically on each push to this PR</sub> | ||
|
|
||
| - name: Upload E2E reports on failure | ||
| if: failure() | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: e2e-reports | ||
| path: | | ||
| e2e/*-suites/playwright-report/** | ||
| e2e/*-suites/test-results/** | ||
| e2e/*-suites/.playwright/** | ||
| retention-days: 7 | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We already seem to upload playwright reports in the sub action. Can we get rid of one of them so it's not redundant? Maybe use |
||
|
ancheetah marked this conversation as resolved.
Outdated
|
This file was deleted.
Uh oh!
There was an error while loading. Please reload this page.