Merge branch 'Sofie-Automation:main' into contribute/log-adlib-action-validation-errors

Author: imaretic

.github/CODEOWNERS

@@ -86,4 +86,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4
+        uses: actions/deploy-pages@v5

.github/workflows/deploy-docs.yml

@@ -96,7 +96,7 @@ jobs:
           CI: true
       - name: Send coverage
         if: ((github.event_name == 'pull_request') && (!startsWith(github.head_ref, 'release'))) || ((github.event_name == 'push') && (!startsWith(github.ref_name, 'release')))
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
@@ -161,7 +161,7 @@ jobs:
           cd meteor/bundle/programs/server
           meteor npm install
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       # Check how the image should be built and pushed
       - name: Determine if images should be published to DockerHub
@@ -196,7 +196,7 @@ jobs:
       # No-push build if no destination
       - name: Build without push
         if: steps.check-build-and-push.outputs.enable != 'true'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: .
           file: ./meteor/Dockerfile.circle
@@ -207,7 +207,7 @@ jobs:
       - name: Get the Docker tag for GHCR
         id: ghcr-tag
         if: steps.check-build-and-push.outputs.enable == 'true'
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
         with:
           images: |
             ghcr.io/${{ github.repository }}-server-core
@@ -218,14 +218,14 @@ jobs:
             type=raw,value=latest,enable={{is_default_branch}}
       - name: Login to GitHub Container Registry
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true'
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and push to GHCR
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: .
           file: ./meteor/Dockerfile.circle
@@ -239,7 +239,7 @@ jobs:
       - name: Get the Docker tag for DockerHub
         id: dockerhub-tag
         if: steps.check-build-and-push.outputs.enable == 'true'
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
         with:
           images: |
             ${{ secrets.DOCKERHUB_IMAGE_PREFIX }}server-core
@@ -250,13 +250,13 @@ jobs:
             type=raw,value=latest,enable={{is_default_branch}}
       - name: Login to DockerHub
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1'
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and push to DockerHub
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: .
           file: ./meteor/Dockerfile.circle
@@ -265,35 +265,6 @@ jobs:
           labels: ${{ steps.dockerhub-tag.outputs.labels }}
           tags: ${{ steps.dockerhub-tag.outputs.tags }}
 
-      # Trivy scanning
-      - name: Get image for Trivy scanning
-        id: trivy-image
-        if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        run: |
-          image=$(echo ${{ steps.ghcr-tag.outputs.tags }} | head -n 1)
-          echo "image=$image" >> $GITHUB_OUTPUT
-      - name: Trivy scanning
-        if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        uses: aquasecurity/trivy-action@0.33.1
-        env:
-          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
-        with:
-          image-ref: "${{ steps.trivy-image.outputs.image }}"
-          format: "table"
-          output: trivy-scan-result.txt
-          ignore-unfixed: true
-          severity: "CRITICAL,HIGH"
-      - name: Post all Trivy scan results to Github Summary as a table
-        if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        env:
-          CODE_BLOCK: "```"
-        run: |
-          echo "# Trivy scan results ~ core" >> $GITHUB_STEP_SUMMARY
-
-          echo $CODE_BLOCK >> $GITHUB_STEP_SUMMARY
-          cat trivy-scan-result.txt >> $GITHUB_STEP_SUMMARY
-          echo $CODE_BLOCK >> $GITHUB_STEP_SUMMARY
-
   build-gateways:
     # TODO - should this be dependant on tests or something passing if we are on a tag?
     name: Build gateways
@@ -334,7 +305,7 @@ jobs:
           yarn run pinst --disable
           yarn workspaces focus ${{ matrix.gateway-name }} --production
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       # Check how the image should be built and pushed
       - name: Determine if images should be published to DockerHub
@@ -369,7 +340,7 @@ jobs:
       # No-push build if no destination
       - name: Build without push
         if: steps.check-build-and-push.outputs.enable != 'true'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: ./packages
           file: ./packages/${{ matrix.gateway-name }}/Dockerfile.circle
@@ -380,7 +351,7 @@ jobs:
       - name: Get the Docker tag for GHCR
         id: ghcr-tag
         if: steps.check-build-and-push.outputs.enable == 'true'
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
         with:
           images: |
             ghcr.io/${{ github.repository }}-${{ matrix.gateway-name }}
@@ -391,14 +362,14 @@ jobs:
             type=raw,value=latest,enable={{is_default_branch}}
       - name: Login to GitHub Container Registry
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true'
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and push to GHCR
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: ./packages
           file: ./packages/${{ matrix.gateway-name }}/Dockerfile.circle
@@ -411,7 +382,7 @@ jobs:
       - name: Get the Docker tag for DockerHub
         id: dockerhub-tag
         if: steps.check-build-and-push.outputs.enable == 'true'
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
         with:
           images: |
             ${{ secrets.DOCKERHUB_IMAGE_PREFIX }}${{ matrix.gateway-name }}
@@ -422,13 +393,13 @@ jobs:
             type=raw,value=latest,enable={{is_default_branch}}
       - name: Login to DockerHub
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1'
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and push to DockerHub
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: ./packages
           file: ./packages/${{ matrix.gateway-name }}/Dockerfile.circle
@@ -437,59 +408,11 @@ jobs:
           labels: ${{ steps.dockerhub-tag.outputs.labels }}
           tags: "${{ steps.dockerhub-tag.outputs.tags }}"
 
-      # Trivy scanning
-      - name: Get image for Trivy scanning
-        id: trivy-image
-        if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        run: |
-          image=$(echo ${{ steps.ghcr-tag.outputs.tags }} | head -n 1)
-          echo "image=$image" >> $GITHUB_OUTPUT
-      - name: Trivy scanning
-        if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        uses: aquasecurity/trivy-action@0.33.1
-        env:
-          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
-        with:
-          image-ref: "${{ steps.trivy-image.outputs.image }}"
-          format: "table"
-          output: ${{ matrix.gateway-name }}-trivy-scan-result.txt
-          ignore-unfixed: true
-          severity: "CRITICAL,HIGH"
-      - name: Post all Trivy scan results to Github Summary as a table
-        if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        env:
-          CODE_BLOCK: "```"
-        run: |
-          echo "# Trivy scan results ~ ${{ matrix.gateway-name }}" >> $GITHUB_STEP_SUMMARY
-
-          echo $CODE_BLOCK >> $GITHUB_STEP_SUMMARY
-          cat ${{ matrix.gateway-name }}-trivy-scan-result.txt >> $GITHUB_STEP_SUMMARY
-          echo $CODE_BLOCK >> $GITHUB_STEP_SUMMARY
-
   lint-packages:
-    name: Lint Package ${{ matrix.package-name }}
+    name: Lint Packages
     runs-on: ubuntu-latest
     timeout-minutes: 15
 
-    strategy:
-      fail-fast: false
-      matrix:
-        package-name:
-          - blueprints-integration
-          - server-core-integration
-          - playout-gateway
-          - mos-gateway
-          - corelib
-          - shared-lib
-          - meteor-lib
-          - job-worker
-          - openapi
-          - live-status-gateway
-          - live-status-gateway-api
-        include:
-          - package-name: webui
-            tsconfig-name: tsconfig.json
-
     steps:
       - uses: actions/checkout@v6
         with:
@@ -498,30 +421,32 @@ jobs:
         uses: actions/setup-node@v6
         with:
           node-version-file: ".node-version"
+      - uses: ./.github/actions/setup-meteor
       - name: restore node_modules
         uses: actions/cache@v5
         with:
           path: |
+            node_modules
+            meteor/node_modules
             packages/node_modules
-          key: ${{ runner.os }}-${{ hashFiles('packages/yarn.lock') }}
+          key: ${{ runner.os }}-${{ hashFiles('yarn.lock', 'meteor/yarn.lock', 'meteor/.meteor/release', 'packages/yarn.lock') }}
       - name: Prepare Environment
         run: |
           corepack enable
 
-          cd packages
-          yarn config set cacheFolder /home/runner/${{ matrix.package-name }}-cache
+          yarn config set cacheFolder /home/runner/publish-docs-cache
           yarn install
 
-          if [ "${{ matrix.package-name }}" = "openapi" ]; then
-            yarn workspace @sofie-automation/openapi run build
-          else
-            yarn build:single ${{ matrix.package-name }}/${{ matrix.tsconfig-name || 'tsconfig.build.json' }}
-          fi
+          # setup zodern:types. No linters are setup, so this simply installs the packages
+          yarn meteor lint
+
+          cd packages
+          yarn build:all
         env:
           CI: true
       - name: Run typecheck and linter
         run: |
-          cd packages/${{ matrix.package-name }}
+          cd packages
           yarn lint
         env:
           CI: true
@@ -605,7 +530,7 @@ jobs:
           CI: true
       - name: Send coverage
         if: (matrix.node-version == '22.x' || matrix.send-coverage == true) && (((github.event_name == 'pull_request') && (!startsWith(github.head_ref, 'release'))) || ((github.event_name == 'push') && (!startsWith(github.ref_name, 'release'))))
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 

.github/workflows/node.yaml

@@ -43,7 +43,7 @@ jobs:
           fi
 
   lint-packages:
-    name: Lint Lib
+    name: Lint packages
     runs-on: ubuntu-latest
     continue-on-error: true
     timeout-minutes: 15
@@ -52,15 +52,6 @@ jobs:
 
     if: ${{ needs.check-publish.outputs.can-publish == '1' }}
 
-    strategy:
-      fail-fast: false
-      matrix:
-        package-name:
-          - blueprints-integration
-          - server-core-integration
-          - shared-lib
-          - live-status-gateway-api
-
     steps:
       - uses: actions/checkout@v6
         with:
@@ -69,18 +60,24 @@ jobs:
         uses: actions/setup-node@v6
         with:
           node-version-file: ".node-version"
+      - uses: ./.github/actions/setup-meteor
       - name: Prepare Environment
         run: |
           corepack enable
 
-          cd packages
+          yarn config set cacheFolder /home/runner/publish-docs-cache
           yarn install
-          yarn build:single ${{ matrix.package-name }}/tsconfig.build.json
+
+          # setup zodern:types. No linters are setup, so this simply installs the packages
+          yarn meteor lint
+
+          cd packages
+          yarn build:all
         env:
           CI: true
       - name: Run typecheck and linter
         run: |
-          cd packages/${{ matrix.package-name }}
+          cd packages
           yarn lint
         env:
           CI: true
@@ -199,7 +196,7 @@ jobs:
           yarn install --no-immutable
 
       - name: Upload release artifact
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: publish-dist
           path: |
@@ -234,7 +231,7 @@ jobs:
           node-version-file: ".node-version"
 
       - name: Download release artifact
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: publish-dist