From 4b39b17f8609b68aa6c02f38f1caa27690101b3f Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 21:24:45 -0700 Subject: [PATCH 01/59] Add GitHub Actions workflow for release creation --- .github/workflows/create-release.yml | 121 +++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 .github/workflows/create-release.yml diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml new file mode 100644 index 0000000000..f0306b5329 --- /dev/null +++ b/.github/workflows/create-release.yml @@ -0,0 +1,121 @@ +name: Create release + +on: + workflow_dispatch: {} + +defaults: + run: + shell: bash + +env: + node-version: 22 + +jobs: + prepare: + outputs: + version: ${{ steps.version.outputs.version }} + version-type: ${{ steps.version-type.outputs.version-type }} + permissions: + contents: read + runs-on: ubuntu-latest + + steps: + - id: version-type + name: Determine version type + run: 'if [[ "$(cat ./package.json | jq -r ''.version'')" == *-0 ]]; then echo version-type=prerelease | tee --append $GITHUB_OUTPUT; else echo version-type=production | tee --append $GITHUB_OUTPUT; fi' + + - if: steps.version-type.outputs.version-type != 'production' + name: Set version + run: | + BRANCH_NAME=${{ github.ref_name }} + COMMITISH=${{ github.sha }} + NOW=$(date +%Y%m%d%H%M) + + SHORT_COMMITISH=${COMMITISH:0:7} + + # npm version simply ignoring the build metadata + (plus) sign, we need to use dot or hyphen instead. + npm version --no-git-tag-version $(echo $(cat ./package.json | jq -r '.version') | cut -d- -f1)-$BRANCH_NAME.$NOW.$SHORT_COMMITISH + + - id: version + name: Get version + run: echo version=$(cat package.json | jq -r '.version') | tee --append $GITHUB_OUTPUT + + build: + permissions: + contents: read + needs: prepare + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v6 + + - uses: actions/setup-node@v6 + with: + node-version: ${{ env.node-version }} + + - run: npm clean-install + + - run: npm run build + + - run: npm pack --workspaces + + - uses: actions/upload-artifact@v7 + with: + name: tarball + path: | + ./packages/core/*.tgz + ./packages/api/*.tgz + ./packages/component/*.tgz + ./packages/bundle/*.tgz + ./packages/fluent-theme/*.tgz + + - uses: actions/upload-artifact@v7 + with: + name: bundle-iife + path: ./packages/bundle/dist/**/* + + - uses: actions/upload-artifact@v7 + with: + name: bundle-esm + path: ./packages/bundle/static/**/* + + - uses: actions/upload-artifact@v7 + with: + name: fluent-theme-iife + path: ./packages/fluent-theme/dist/**/* + + - uses: actions/upload-artifact@v7 + with: + name: fluent-theme-esm + path: ./packages/fluent-theme/static/**/* + + upload-changelog: + continue-on-error: true + name: Upload changelog + needs: prepare + permissions: + contents: read + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v6 + + - uses: actions/setup-node@v6 + with: + node-version: ${{ env.node-version }} + + - if: needs.prepare.outputs.version-type == 'production' + name: Extract from latest release + run: npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md + + - if: needs.prepare.outputs.version-type != 'production' + name: Extract from unreleased + run: | + npx keep-a-changelog --format markdownlint --release ${{ needs.prepare.outputs.version }} + npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md + + - name: Upload changelog + uses: actions/upload-artifact@v7 + with: + name: changelog + path: ./CHANGELOG.latest.md From 0db11235734d8aea853d9efb641bb9710b7df505 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 21:26:16 -0700 Subject: [PATCH 02/59] Add pull_request trigger to create-release workflow Temporarily add pull_request trigger for testing. --- .github/workflows/create-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index f0306b5329..4c4be05af8 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -1,6 +1,8 @@ name: Create release on: + pull_request: # Temporarily add pull_request for testing + branches: main workflow_dispatch: {} defaults: From bbbc5ddb9f2634051b98d6362dd7b81366bfa4ff Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 21:28:47 -0700 Subject: [PATCH 03/59] Update GitHub Actions workflow for release preparation --- .github/workflows/create-release.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 4c4be05af8..8acdf5be5f 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -14,6 +14,7 @@ env: jobs: prepare: + name: Prepare outputs: version: ${{ steps.version.outputs.version }} version-type: ${{ steps.version-type.outputs.version-type }} @@ -22,6 +23,12 @@ jobs: runs-on: ubuntu-latest steps: + - uses: actions/checkout@v6 + + - uses: actions/setup-node@v6 + with: + node-version: ${{ env.node-version }} + - id: version-type name: Determine version type run: 'if [[ "$(cat ./package.json | jq -r ''.version'')" == *-0 ]]; then echo version-type=prerelease | tee --append $GITHUB_OUTPUT; else echo version-type=production | tee --append $GITHUB_OUTPUT; fi' @@ -43,6 +50,7 @@ jobs: run: echo version=$(cat package.json | jq -r '.version') | tee --append $GITHUB_OUTPUT build: + name: Build permissions: contents: read needs: prepare From 1fb5815900bd991bc179e53ed339df38c2da8dd5 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 21:39:46 -0700 Subject: [PATCH 04/59] Update create-release.yml --- .github/workflows/create-release.yml | 241 ++++++++++++++++++--------- 1 file changed, 164 insertions(+), 77 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 8acdf5be5f..38b4dd2633 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -1,42 +1,61 @@ -name: Create release +name: Continuous deployment on: - pull_request: # Temporarily add pull_request for testing - branches: main - workflow_dispatch: {} + workflow_call: + inputs: + github-pages: + default: true + required: false + type: boolean + node-version: + default: lts/* + required: false + type: string + package-name: + required: true + type: string + secrets: + WORKFLOW_BOT_APP_ID: + required: true + WORKFLOW_BOT_PRIVATE_KEY: + required: true defaults: run: shell: bash env: - node-version: 22 + node-version: ${{ inputs.node-version }} jobs: - prepare: - name: Prepare + build: + name: Build outputs: version: ${{ steps.version.outputs.version }} version-type: ${{ steps.version-type.outputs.version-type }} - permissions: - contents: read runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - - uses: actions/setup-node@v6 - with: - node-version: ${{ env.node-version }} - + - uses: actions/checkout@main + - id: find-package-path + name: Find package path + run: | + path=$(find packages -name "package.json" -exec sh -c 'jq -e ".name == \"${{ inputs.package-name }}\"" {} > /dev/null && dirname {}' \;) + [ -z "$path" ] && exit 1 + echo package-path=$path | tee --append $GITHUB_OUTPUT - id: version-type name: Determine version type run: 'if [[ "$(cat ./package.json | jq -r ''.version'')" == *-0 ]]; then echo version-type=prerelease | tee --append $GITHUB_OUTPUT; else echo version-type=production | tee --append $GITHUB_OUTPUT; fi' - + - name: Use Node.js ${{ env.node-version }} + uses: actions/setup-node@main + with: + node-version: ${{ env.node-version }} + cache: npm - if: steps.version-type.outputs.version-type != 'production' name: Set version run: | - BRANCH_NAME=${{ github.ref_name }} + # Temporarily set the BRANCH_NAME for PR validation + # BRANCH_NAME=${{ github.ref_name }} + BRANCH_NAME=main COMMITISH=${{ github.sha }} NOW=$(date +%Y%m%d%H%M) @@ -44,88 +63,156 @@ jobs: # npm version simply ignoring the build metadata + (plus) sign, we need to use dot or hyphen instead. npm version --no-git-tag-version $(echo $(cat ./package.json | jq -r '.version') | cut -d- -f1)-$BRANCH_NAME.$NOW.$SHORT_COMMITISH - - id: version name: Get version run: echo version=$(cat package.json | jq -r '.version') | tee --append $GITHUB_OUTPUT - - build: - name: Build - permissions: - contents: read - needs: prepare - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v6 - - - uses: actions/setup-node@v6 - with: - node-version: ${{ env.node-version }} - + - name: Uninstall current version + run: npm uninstall --workspaces ${{ inputs.package-name }} + - name: Update version + run: npm version --no-git-tag-version --no-workspaces-update --workspace=${{ inputs.package-name }} ${{ steps.version.outputs.version }} + - name: Propagate versions + run: npm install --workspaces ${{ inputs.package-name }}@${{ steps.version.outputs.version }} - run: npm clean-install - - - run: npm run build - - - run: npm pack --workspaces - - - uses: actions/upload-artifact@v7 + - name: Run npm run build + run: npm run build --if-present --no-ignore-scripts + - name: Run npm pack + run: npm pack --no-ignore-scripts + working-directory: ${{ steps.find-package-path.outputs.package-path }} + - name: Upload tarball artifact + uses: actions/upload-artifact@main with: name: tarball - path: | - ./packages/core/*.tgz - ./packages/api/*.tgz - ./packages/component/*.tgz - ./packages/bundle/*.tgz - ./packages/fluent-theme/*.tgz - - - uses: actions/upload-artifact@v7 + path: ${{ steps.find-package-path.outputs.package-path }}/*.tgz + - if: inputs.github-pages + name: Build pages + run: | + npm install ../../${{ steps.find-package-path.outputs.package-path }}/*.tgz + npm run build --no-ignore-scripts + working-directory: packages/pages + - if: inputs.github-pages + name: Upload pages artifact + uses: actions/upload-pages-artifact@main with: - name: bundle-iife - path: ./packages/bundle/dist/**/* - - - uses: actions/upload-artifact@v7 + path: packages/pages/public + - name: Generate SBOM + # --workspace has no effect, the resulting SBOM still contains other packages in the workspace + run: npm sbom -package-lock-only --sbom-format spdx --sbom-type library | tee ./sbom.spdx.json + - name: Upload SBOM artifact + uses: actions/upload-artifact@main with: - name: bundle-esm - path: ./packages/bundle/static/**/* + name: sbom + path: ./sbom.spdx.json - - uses: actions/upload-artifact@v7 + sign-attestations: + name: Sign attestations + needs: + - build + runs-on: ubuntu-latest + permissions: + attestations: write + id-token: write + steps: + - name: Download tarball artifact + uses: actions/download-artifact@main with: - name: fluent-theme-iife - path: ./packages/fluent-theme/dist/**/* - - - uses: actions/upload-artifact@v7 + name: tarball + - name: Download SBOM artifact + uses: actions/download-artifact@main + with: + name: sbom + - uses: actions/attest-build-provenance@main + with: + subject-path: './*.tgz' + - uses: actions/attest-sbom@main with: - name: fluent-theme-esm - path: ./packages/fluent-theme/static/**/* + sbom-path: './sbom.spdx.json' + subject-path: './*.tgz' upload-changelog: continue-on-error: true name: Upload changelog - needs: prepare - permissions: - contents: read + needs: build runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - - uses: actions/setup-node@v6 - with: - node-version: ${{ env.node-version }} - - - if: needs.prepare.outputs.version-type == 'production' + - uses: actions/checkout@main + - if: needs.build.outputs.version-type == 'production' name: Extract from latest release run: npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md - - - if: needs.prepare.outputs.version-type != 'production' + - if: needs.build.outputs.version-type != 'production' name: Extract from unreleased run: | - npx keep-a-changelog --format markdownlint --release ${{ needs.prepare.outputs.version }} + npx keep-a-changelog --format markdownlint --release ${{ needs.build.outputs.version }} npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md - - name: Upload changelog - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@main with: name: changelog path: ./CHANGELOG.latest.md + + publish-release: + environment: + name: workflow-bot + url: ${{ github.server_url }}/${{ github.repository }}/releases/tag/v${{ needs.build.outputs.version }} + # if: needs.build.outputs.version-type == 'production' + name: Publish release + needs: + - build + - upload-changelog + runs-on: ubuntu-latest + steps: + - id: generate-token + name: Generate token for workflow-bot + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.WORKFLOW_BOT_APP_ID }} + private-key: ${{ secrets.WORKFLOW_BOT_PRIVATE_KEY }} + - continue-on-error: true # Partial changelog could be unavailable before first production release + name: Download changelog artifact + uses: actions/download-artifact@main + with: + name: changelog + - name: Download SBOM artifact + uses: actions/download-artifact@main + with: + name: sbom + - name: Download tarball artifact + uses: actions/download-artifact@main + with: + name: tarball + - env: + GH_TOKEN: ${{ steps.generate-token.outputs.token }} + id: release + name: Create release + # Do not upload assets while creating release, otherwise, it will not trigger "release created" event. + run: | + if [[ "${{ needs.build.outputs.version-type }}" == "prerelease" ]]; then PRERELEASE=1; fi + + TAG=v${{ needs.build.outputs.version }} + + gh release create $TAG \ + --notes-file ./CHANGELOG.latest.md \ + ${PRERELEASE:+--prerelease} \ + --repo ${{ github.repository }} \ + --target ${{ github.ref }} + + echo tag=$TAG | tee --append $GITHUB_OUTPUT + - env: + GH_TOKEN: ${{ steps.generate-token.outputs.token }} + name: Upload assets + run: gh release upload ${{ steps.release.outputs.tag }} *.tgz sbom.spdx.json --repo ${{ github.repository }} + + publish-pages: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + if: inputs.github-pages + name: Publish to GitHub Pages + needs: build + permissions: + pages: write + id-token: write + runs-on: ubuntu-latest + steps: + - id: deployment + name: Deploy to GitHub Pages + uses: actions/deploy-pages@main From 79a76cd49524e3917c132ec2d9b00aabdea15dc4 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 21:43:19 -0700 Subject: [PATCH 05/59] Refactor release workflow and update node version Refactor GitHub Actions workflow for release process, changing the name, adjusting jobs, and updating node version handling. --- .github/workflows/create-release.yml | 241 +++++++++------------------ 1 file changed, 77 insertions(+), 164 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 38b4dd2633..8acdf5be5f 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -1,61 +1,42 @@ -name: Continuous deployment +name: Create release on: - workflow_call: - inputs: - github-pages: - default: true - required: false - type: boolean - node-version: - default: lts/* - required: false - type: string - package-name: - required: true - type: string - secrets: - WORKFLOW_BOT_APP_ID: - required: true - WORKFLOW_BOT_PRIVATE_KEY: - required: true + pull_request: # Temporarily add pull_request for testing + branches: main + workflow_dispatch: {} defaults: run: shell: bash env: - node-version: ${{ inputs.node-version }} + node-version: 22 jobs: - build: - name: Build + prepare: + name: Prepare outputs: version: ${{ steps.version.outputs.version }} version-type: ${{ steps.version-type.outputs.version-type }} + permissions: + contents: read runs-on: ubuntu-latest + steps: - - uses: actions/checkout@main - - id: find-package-path - name: Find package path - run: | - path=$(find packages -name "package.json" -exec sh -c 'jq -e ".name == \"${{ inputs.package-name }}\"" {} > /dev/null && dirname {}' \;) - [ -z "$path" ] && exit 1 - echo package-path=$path | tee --append $GITHUB_OUTPUT + - uses: actions/checkout@v6 + + - uses: actions/setup-node@v6 + with: + node-version: ${{ env.node-version }} + - id: version-type name: Determine version type run: 'if [[ "$(cat ./package.json | jq -r ''.version'')" == *-0 ]]; then echo version-type=prerelease | tee --append $GITHUB_OUTPUT; else echo version-type=production | tee --append $GITHUB_OUTPUT; fi' - - name: Use Node.js ${{ env.node-version }} - uses: actions/setup-node@main - with: - node-version: ${{ env.node-version }} - cache: npm + - if: steps.version-type.outputs.version-type != 'production' name: Set version run: | - # Temporarily set the BRANCH_NAME for PR validation - # BRANCH_NAME=${{ github.ref_name }} - BRANCH_NAME=main + BRANCH_NAME=${{ github.ref_name }} COMMITISH=${{ github.sha }} NOW=$(date +%Y%m%d%H%M) @@ -63,156 +44,88 @@ jobs: # npm version simply ignoring the build metadata + (plus) sign, we need to use dot or hyphen instead. npm version --no-git-tag-version $(echo $(cat ./package.json | jq -r '.version') | cut -d- -f1)-$BRANCH_NAME.$NOW.$SHORT_COMMITISH + - id: version name: Get version run: echo version=$(cat package.json | jq -r '.version') | tee --append $GITHUB_OUTPUT - - name: Uninstall current version - run: npm uninstall --workspaces ${{ inputs.package-name }} - - name: Update version - run: npm version --no-git-tag-version --no-workspaces-update --workspace=${{ inputs.package-name }} ${{ steps.version.outputs.version }} - - name: Propagate versions - run: npm install --workspaces ${{ inputs.package-name }}@${{ steps.version.outputs.version }} - - run: npm clean-install - - name: Run npm run build - run: npm run build --if-present --no-ignore-scripts - - name: Run npm pack - run: npm pack --no-ignore-scripts - working-directory: ${{ steps.find-package-path.outputs.package-path }} - - name: Upload tarball artifact - uses: actions/upload-artifact@main - with: - name: tarball - path: ${{ steps.find-package-path.outputs.package-path }}/*.tgz - - if: inputs.github-pages - name: Build pages - run: | - npm install ../../${{ steps.find-package-path.outputs.package-path }}/*.tgz - npm run build --no-ignore-scripts - working-directory: packages/pages - - if: inputs.github-pages - name: Upload pages artifact - uses: actions/upload-pages-artifact@main - with: - path: packages/pages/public - - name: Generate SBOM - # --workspace has no effect, the resulting SBOM still contains other packages in the workspace - run: npm sbom -package-lock-only --sbom-format spdx --sbom-type library | tee ./sbom.spdx.json - - name: Upload SBOM artifact - uses: actions/upload-artifact@main - with: - name: sbom - path: ./sbom.spdx.json - sign-attestations: - name: Sign attestations - needs: - - build - runs-on: ubuntu-latest + build: + name: Build permissions: - attestations: write - id-token: write + contents: read + needs: prepare + runs-on: ubuntu-latest + steps: - - name: Download tarball artifact - uses: actions/download-artifact@main + - uses: actions/checkout@v6 + + - uses: actions/setup-node@v6 + with: + node-version: ${{ env.node-version }} + + - run: npm clean-install + + - run: npm run build + + - run: npm pack --workspaces + + - uses: actions/upload-artifact@v7 with: name: tarball - - name: Download SBOM artifact - uses: actions/download-artifact@main + path: | + ./packages/core/*.tgz + ./packages/api/*.tgz + ./packages/component/*.tgz + ./packages/bundle/*.tgz + ./packages/fluent-theme/*.tgz + + - uses: actions/upload-artifact@v7 with: - name: sbom - - uses: actions/attest-build-provenance@main + name: bundle-iife + path: ./packages/bundle/dist/**/* + + - uses: actions/upload-artifact@v7 + with: + name: bundle-esm + path: ./packages/bundle/static/**/* + + - uses: actions/upload-artifact@v7 with: - subject-path: './*.tgz' - - uses: actions/attest-sbom@main + name: fluent-theme-iife + path: ./packages/fluent-theme/dist/**/* + + - uses: actions/upload-artifact@v7 with: - sbom-path: './sbom.spdx.json' - subject-path: './*.tgz' + name: fluent-theme-esm + path: ./packages/fluent-theme/static/**/* upload-changelog: continue-on-error: true name: Upload changelog - needs: build + needs: prepare + permissions: + contents: read runs-on: ubuntu-latest + steps: - - uses: actions/checkout@main - - if: needs.build.outputs.version-type == 'production' + - uses: actions/checkout@v6 + + - uses: actions/setup-node@v6 + with: + node-version: ${{ env.node-version }} + + - if: needs.prepare.outputs.version-type == 'production' name: Extract from latest release run: npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md - - if: needs.build.outputs.version-type != 'production' + + - if: needs.prepare.outputs.version-type != 'production' name: Extract from unreleased run: | - npx keep-a-changelog --format markdownlint --release ${{ needs.build.outputs.version }} + npx keep-a-changelog --format markdownlint --release ${{ needs.prepare.outputs.version }} npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md + - name: Upload changelog - uses: actions/upload-artifact@main + uses: actions/upload-artifact@v7 with: name: changelog path: ./CHANGELOG.latest.md - - publish-release: - environment: - name: workflow-bot - url: ${{ github.server_url }}/${{ github.repository }}/releases/tag/v${{ needs.build.outputs.version }} - # if: needs.build.outputs.version-type == 'production' - name: Publish release - needs: - - build - - upload-changelog - runs-on: ubuntu-latest - steps: - - id: generate-token - name: Generate token for workflow-bot - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ secrets.WORKFLOW_BOT_APP_ID }} - private-key: ${{ secrets.WORKFLOW_BOT_PRIVATE_KEY }} - - continue-on-error: true # Partial changelog could be unavailable before first production release - name: Download changelog artifact - uses: actions/download-artifact@main - with: - name: changelog - - name: Download SBOM artifact - uses: actions/download-artifact@main - with: - name: sbom - - name: Download tarball artifact - uses: actions/download-artifact@main - with: - name: tarball - - env: - GH_TOKEN: ${{ steps.generate-token.outputs.token }} - id: release - name: Create release - # Do not upload assets while creating release, otherwise, it will not trigger "release created" event. - run: | - if [[ "${{ needs.build.outputs.version-type }}" == "prerelease" ]]; then PRERELEASE=1; fi - - TAG=v${{ needs.build.outputs.version }} - - gh release create $TAG \ - --notes-file ./CHANGELOG.latest.md \ - ${PRERELEASE:+--prerelease} \ - --repo ${{ github.repository }} \ - --target ${{ github.ref }} - - echo tag=$TAG | tee --append $GITHUB_OUTPUT - - env: - GH_TOKEN: ${{ steps.generate-token.outputs.token }} - name: Upload assets - run: gh release upload ${{ steps.release.outputs.tag }} *.tgz sbom.spdx.json --repo ${{ github.repository }} - - publish-pages: - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - if: inputs.github-pages - name: Publish to GitHub Pages - needs: build - permissions: - pages: write - id-token: write - runs-on: ubuntu-latest - steps: - - id: deployment - name: Deploy to GitHub Pages - uses: actions/deploy-pages@main From a8250459da879d9ddbae39f22407ce5605673955 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 21:49:35 -0700 Subject: [PATCH 06/59] Change branch name to 'main' in release workflow Set the branch name to 'main' for non-production versions. --- .github/workflows/create-release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 8acdf5be5f..bf529d62c9 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -36,7 +36,8 @@ jobs: - if: steps.version-type.outputs.version-type != 'production' name: Set version run: | - BRANCH_NAME=${{ github.ref_name }} + # BRANCH_NAME=${{ github.ref_name }} + BRANCH_NAME=main COMMITISH=${{ github.sha }} NOW=$(date +%Y%m%d%H%M) From e3ab4e23c245b8b8c35f6b1bad6dd5966d7c0e82 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 22:09:41 -0700 Subject: [PATCH 07/59] Update create-release.yml --- .github/workflows/create-release.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index bf529d62c9..7076188076 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -115,15 +115,14 @@ jobs: with: node-version: ${{ env.node-version }} - - if: needs.prepare.outputs.version-type == 'production' - name: Extract from latest release - run: npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md + - run: npm install --global keep-a-changelog - if: needs.prepare.outputs.version-type != 'production' - name: Extract from unreleased - run: | - npx keep-a-changelog --format markdownlint --release ${{ needs.prepare.outputs.version }} - npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md + name: Tag unreleased as latest + run: npx keep-a-changelog --format markdownlint --release ${{ needs.prepare.outputs.version }} + + - name: Extract latest entry + run: npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md - name: Upload changelog uses: actions/upload-artifact@v7 From 62da395f890fab90253efbf848ae2d1821829913 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 22:12:34 -0700 Subject: [PATCH 08/59] Refactor create-release.yml to pack workspaces and upload Updated the create-release workflow to pack multiple workspaces into a single tarball and simplified the artifact upload path. --- .github/workflows/create-release.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 7076188076..96d7b1e454 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -68,17 +68,19 @@ jobs: - run: npm run build - - run: npm pack --workspaces + - name: Pack as tarball + run: | + npm pack \ + --workspace=./packages/core \ + --workspace=./packages/api \ + --workspace=./packages/component \ + --workspace=./packages/bundle \ + --workspace=./packages/fluent-theme - uses: actions/upload-artifact@v7 with: name: tarball - path: | - ./packages/core/*.tgz - ./packages/api/*.tgz - ./packages/component/*.tgz - ./packages/bundle/*.tgz - ./packages/fluent-theme/*.tgz + path: ./*.tgz - uses: actions/upload-artifact@v7 with: From c41f62089f39ad6115f4ae908be400d4768dbbf9 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 22:19:50 -0700 Subject: [PATCH 09/59] Fix branch name retrieval and update changelog command --- .github/workflows/create-release.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 96d7b1e454..9efe20f612 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -36,8 +36,7 @@ jobs: - if: steps.version-type.outputs.version-type != 'production' name: Set version run: | - # BRANCH_NAME=${{ github.ref_name }} - BRANCH_NAME=main + BRANCH_NAME=$(git branch --show-current) COMMITISH=${{ github.sha }} NOW=$(date +%Y%m%d%H%M) @@ -117,11 +116,11 @@ jobs: with: node-version: ${{ env.node-version }} - - run: npm install --global keep-a-changelog + - run: npm install --global keep-a-changelog@3 - if: needs.prepare.outputs.version-type != 'production' name: Tag unreleased as latest - run: npx keep-a-changelog --format markdownlint --release ${{ needs.prepare.outputs.version }} + run: npx keep-a-changelog --format markdownlint --release=${{ needs.prepare.outputs.version }} - name: Extract latest entry run: npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md From efc6281741cbf2247f4bebc327cc65b815761c32 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 22:25:29 -0700 Subject: [PATCH 10/59] Update create-release.yml --- .github/workflows/create-release.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 9efe20f612..01d0c1e041 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -36,7 +36,8 @@ jobs: - if: steps.version-type.outputs.version-type != 'production' name: Set version run: | - BRANCH_NAME=$(git branch --show-current) + # BRANCH_NAME=${{ github.ref }} + BRANCH_NAME=main COMMITISH=${{ github.sha }} NOW=$(date +%Y%m%d%H%M) @@ -102,7 +103,6 @@ jobs: path: ./packages/fluent-theme/static/**/* upload-changelog: - continue-on-error: true name: Upload changelog needs: prepare permissions: @@ -116,14 +116,12 @@ jobs: with: node-version: ${{ env.node-version }} - - run: npm install --global keep-a-changelog@3 - - if: needs.prepare.outputs.version-type != 'production' name: Tag unreleased as latest - run: npx keep-a-changelog --format markdownlint --release=${{ needs.prepare.outputs.version }} + run: npx keep-a-changelog@3 --format markdownlint --release=${{ needs.prepare.outputs.version }} - name: Extract latest entry - run: npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md + run: npx keep-a-changelog@3 --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md - name: Upload changelog uses: actions/upload-artifact@v7 From 11eb304c5a6f09998dc7a62c877cef4060ecc075 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 22:34:39 -0700 Subject: [PATCH 11/59] Update create-release.yml --- .github/workflows/create-release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 01d0c1e041..9f49cd12f0 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -116,12 +116,14 @@ jobs: with: node-version: ${{ env.node-version }} + - run: npm install --global keep-a-changelog@2 + - if: needs.prepare.outputs.version-type != 'production' name: Tag unreleased as latest - run: npx keep-a-changelog@3 --format markdownlint --release=${{ needs.prepare.outputs.version }} + run: npx keep-a-changelog --format markdownlint --release=${{ needs.prepare.outputs.version }} - name: Extract latest entry - run: npx keep-a-changelog@3 --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md + run: npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md - name: Upload changelog uses: actions/upload-artifact@v7 From 4693abe5736449b6f621305c370596ef54f9ad99 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 22:39:14 -0700 Subject: [PATCH 12/59] Update create-release.yml --- .github/workflows/create-release.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 9f49cd12f0..86e1961fa4 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -116,7 +116,7 @@ jobs: with: node-version: ${{ env.node-version }} - - run: npm install --global keep-a-changelog@2 + - run: npm install --global keep-a-changelog@2 prettier - if: needs.prepare.outputs.version-type != 'production' name: Tag unreleased as latest @@ -125,6 +125,9 @@ jobs: - name: Extract latest entry run: npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md + - name: Format extracted entry + run: npx prettier CHANGELOG.latest.md --tab-width 3 --write + - name: Upload changelog uses: actions/upload-artifact@v7 with: From 6f641f0a8c0d491080f75ded49d0a1769d8a0bb3 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 22:43:40 -0700 Subject: [PATCH 13/59] Update create-release.yml --- .github/workflows/create-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 86e1961fa4..84fa59f9fb 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -64,6 +64,8 @@ jobs: with: node-version: ${{ env.node-version }} + - run: npm version --no-git-tag-version ${{ needs.prepare.outputs.version }} + - run: npm clean-install - run: npm run build From 2420334b1ce259728cd20cf82413394c45419c66 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 22:58:37 -0700 Subject: [PATCH 14/59] Update create-release.yml --- .github/workflows/create-release.yml | 82 +++++++++++++++++++++++++++- 1 file changed, 81 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 84fa59f9fb..598fb6c43e 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -3,7 +3,12 @@ name: Create release on: pull_request: # Temporarily add pull_request for testing branches: main - workflow_dispatch: {} + workflow_dispatch: + inputs: + skip-release: + default: false + description: Skip release + type: boolean defaults: run: @@ -51,6 +56,8 @@ jobs: run: echo version=$(cat package.json | jq -r '.version') | tee --append $GITHUB_OUTPUT build: + env: + NODE_ENV: production name: Build permissions: contents: read @@ -79,6 +86,10 @@ jobs: --workspace=./packages/bundle \ --workspace=./packages/fluent-theme + - name: Generate SBOM + # --workspace has no effect, the resulting SBOM still contains other packages in the workspace + run: npm sbom --package-lock-only --sbom-format spdx --sbom-type library | tee ./sbom.spdx.json + - uses: actions/upload-artifact@v7 with: name: tarball @@ -104,6 +115,12 @@ jobs: name: fluent-theme-esm path: ./packages/fluent-theme/static/**/* + - name: Upload SBOM artifact + uses: actions/upload-artifact@v7 + with: + name: sbom + path: ./sbom.spdx.json + upload-changelog: name: Upload changelog needs: prepare @@ -135,3 +152,66 @@ jobs: with: name: changelog path: ./CHANGELOG.latest.md + + release: + name: Release + needs: + - build + - prepare + - upload-changelog + permissions: + contents: read + runs-on: ubuntu-latest + + steps: + - name: Download artifact (tarball) + uses: actions/download-artifact@v8 + with: + name: tarball + path: ./asset + + - name: Download artifact (bundle-iife) + uses: actions/download-artifact@v8 + with: + name: bundle-iife + path: ./asset + + - name: Download artifact (changelog) + uses: actions/download-artifact@v8 + with: + name: changelog + path: ./ + + - name: Download artifact (sbom) + uses: actions/download-artifact@v8 + with: + name: sbom + path: ./asset + + - env: + # Use actions/create-github-app-token if create release would need to trigger another workflow. + GH_TOKEN: ${{ github.token }} + id: release + name: Create release + # Do not upload assets while creating release, otherwise, it will not trigger "release created" event. + run: | + if [[ "${{ needs.prepare.outputs.version-type }}" == "prerelease" ]]; then PRERELEASE=1; fi + + TAG=v${{ needs.prepare.outputs.version }} + + gh release create $TAG \ + --notes-file ./CHANGELOG.latest.md \ + ${PRERELEASE:+--prerelease} \ + --repo ${{ github.repository }} \ + --target ${{ github.ref }} + + echo tag=$TAG | tee --append $GITHUB_OUTPUT + - env: + GH_TOKEN: ${{ github.token }} + name: Upload assets + run: | + gh release upload ${{ steps.release.outputs.tag }} \ + --repo ${{ github.repository }} \ + ./asset/*.js \ + ./asset/*.tgz \ + ./aseet/sbom.spdx.json From a7ef9c4adfce2890cbd532bcd70ec2ff62e4db98 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 23:04:01 -0700 Subject: [PATCH 15/59] Set NODE_ENV for build step in release workflow --- .github/workflows/create-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 598fb6c43e..0bf0ab4224 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -56,8 +56,6 @@ jobs: run: echo version=$(cat package.json | jq -r '.version') | tee --append $GITHUB_OUTPUT build: - env: - NODE_ENV: production name: Build permissions: contents: read @@ -75,7 +73,9 @@ jobs: - run: npm clean-install - - run: npm run build + - env: + NODE_ENV: production + run: npm run build - name: Pack as tarball run: | From c8a5adc822aa4a8344f8fb17aa5fae5f2d3d6520 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 23:10:02 -0700 Subject: [PATCH 16/59] Disable SBOM generation and upload in release workflow Comment out SBOM generation and upload steps in the workflow. --- .github/workflows/create-release.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 0bf0ab4224..c8d382ccef 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -86,9 +86,9 @@ jobs: --workspace=./packages/bundle \ --workspace=./packages/fluent-theme - - name: Generate SBOM - # --workspace has no effect, the resulting SBOM still contains other packages in the workspace - run: npm sbom --package-lock-only --sbom-format spdx --sbom-type library | tee ./sbom.spdx.json + # - name: Generate SBOM + # # --workspace has no effect, the resulting SBOM still contains other packages in the workspace + # run: npm sbom --package-lock-only --sbom-format spdx --sbom-type library | tee ./sbom.spdx.json - uses: actions/upload-artifact@v7 with: @@ -115,11 +115,11 @@ jobs: name: fluent-theme-esm path: ./packages/fluent-theme/static/**/* - - name: Upload SBOM artifact - uses: actions/upload-artifact@v7 - with: - name: sbom - path: ./sbom.spdx.json + # - name: Upload SBOM artifact + # uses: actions/upload-artifact@v7 + # with: + # name: sbom + # path: ./sbom.spdx.json upload-changelog: name: Upload changelog @@ -213,5 +213,5 @@ jobs: gh release upload ${{ steps.release.outputs.tag }} \ --repo ${{ github.repository }} \ ./asset/*.js \ - ./asset/*.tgz \ - ./aseet/sbom.spdx.json + ./asset/*.tgz + # ./aseet/sbom.spdx.json From 620632ba6613c8944d796def986940025d57f6b6 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 23:20:35 -0700 Subject: [PATCH 17/59] Enhance release workflow with metadata and notes Updated release workflow to compute build metadata and generate release notes. --- .github/workflows/create-release.yml | 56 +++++++++++++++++++++++++--- 1 file changed, 50 insertions(+), 6 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index c8d382ccef..3141398f77 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -182,11 +182,55 @@ jobs: name: changelog path: ./ - - name: Download artifact (sbom) - uses: actions/download-artifact@v8 - with: - name: sbom - path: ./asset + # - name: Download artifact (sbom) + # uses: actions/download-artifact@v8 + # with: + # name: sbom + # path: ./asset + + - id: compute-hash + name: Compute build metadata + run: | + echo git-short-sha=`echo ${{ github.sha }} | cut -c 1-7` | tee --append $GITHUB_OUTPUT + echo release-date=`date "+%Y-%m-%d %R:%S"` | tee --append $GITHUB_OUTPUT + echo sha384-es5=`cat webchat-es5.js | openssl dgst -sha384 -binary | openssl base64 -A` | tee --append $GITHUB_OUTPUT + echo sha384-full=`cat webchat.js | openssl dgst -sha384 -binary | openssl base64 -A` | tee --append $GITHUB_OUTPUT + echo sha384-minimal=`cat webchat-minimal.js | openssl dgst -sha384 -binary | openssl base64 -A` | tee --append $GITHUB_OUTPUT + + - name: Build release notes + run: | + tee ./release.txt < + + + + + \`\`\` + + # Changelog + + EOF + + cat ./CHANGELOG.latest.md | tee --append ./release.txt - env: # Use actions/create-github-app-token if create release would need to trigger another workflow. @@ -200,7 +244,7 @@ jobs: TAG=v${{ needs.prepare.outputs.version }} gh release create $TAG \ - --notes-file ./CHANGELOG.latest.md \ + --notes-file ./release.txt \ ${PRERELEASE:+--prerelease} \ --repo ${{ github.repository }} \ --target ${{ github.ref }} From b645df6e812b25f67000df2587ab99dcbef4e5e9 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 23:29:20 -0700 Subject: [PATCH 18/59] Change permissions from read to write for contents --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 3141398f77..2abd8d6fad 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -160,7 +160,7 @@ jobs: - prepare - upload-changelog permissions: - contents: read + contents: write runs-on: ubuntu-latest steps: From 32b24b333e454457f95e6c12b42b94435fd74ac0 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 23:39:58 -0700 Subject: [PATCH 19/59] Modify release workflow trigger and name Updated workflow to trigger on push to feat-create-request branch and added emoji to name. --- .github/workflows/create-release.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 2abd8d6fad..649675ea79 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -1,8 +1,8 @@ -name: Create release +name: 🚀 Create release on: - pull_request: # Temporarily add pull_request for testing - branches: main + push: # Temporarily added for testing + branches: feat-create-request workflow_dispatch: inputs: skip-release: @@ -41,8 +41,7 @@ jobs: - if: steps.version-type.outputs.version-type != 'production' name: Set version run: | - # BRANCH_NAME=${{ github.ref }} - BRANCH_NAME=main + BRANCH_NAME=${{ github.ref }} COMMITISH=${{ github.sha }} NOW=$(date +%Y%m%d%H%M) From 6a86b9a8b3d9d7c3a64a3be17c722d7c265f9e63 Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 23:45:55 -0700 Subject: [PATCH 20/59] Update create-release.yml --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 649675ea79..84490fc12f 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -41,7 +41,7 @@ jobs: - if: steps.version-type.outputs.version-type != 'production' name: Set version run: | - BRANCH_NAME=${{ github.ref }} + BRANCH_NAME=$(git symbolic-ref --short HEAD 2>/dev/null || git rev-parse --short HEAD) COMMITISH=${{ github.sha }} NOW=$(date +%Y%m%d%H%M) From cbf570a21456aa31dead988272712328da31c99a Mon Sep 17 00:00:00 2001 From: William Wong Date: Thu, 26 Mar 2026 23:53:19 -0700 Subject: [PATCH 21/59] Update create-release.yml --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 84490fc12f..1089852733 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -97,7 +97,7 @@ jobs: - uses: actions/upload-artifact@v7 with: name: bundle-iife - path: ./packages/bundle/dist/**/* + path: ./packages/bundle/dist/webchat*.js - uses: actions/upload-artifact@v7 with: From dab90b26b67ea6936ad38777c43438995c2a3e53 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 00:04:25 -0700 Subject: [PATCH 22/59] Modify npm version command in create-release workflow Update npm version command to include workspace options. --- .github/workflows/create-release.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 1089852733..0a11dafe05 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -68,7 +68,13 @@ jobs: with: node-version: ${{ env.node-version }} - - run: npm version --no-git-tag-version ${{ needs.prepare.outputs.version }} + - name: npm version ${{ needs.prepare.outputs.version }} + run: | + npm version ${{ needs.prepare.outputs.version }} \ + --include-workspace-root \ + --no-git-tag-version \ + --no-workspaces-update \ + --workspaces - run: npm clean-install From 3f26e4343f70d3229f91c7005db4a61225dbaac3 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 00:06:02 -0700 Subject: [PATCH 23/59] Update create-release.yml --- .github/workflows/create-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 0a11dafe05..26b55ab78e 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -68,6 +68,8 @@ jobs: with: node-version: ${{ env.node-version }} + - run: npm clean-install + - name: npm version ${{ needs.prepare.outputs.version }} run: | npm version ${{ needs.prepare.outputs.version }} \ @@ -76,8 +78,6 @@ jobs: --no-workspaces-update \ --workspaces - - run: npm clean-install - - env: NODE_ENV: production run: npm run build From f4e68c26c1a61eeb05d42cfbaf0e6d035d9a42d6 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 11:52:59 -0700 Subject: [PATCH 24/59] Add AzDO build workflow configuration --- .github/workflows/azdo-build.yml | 44 ++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/azdo-build.yml diff --git a/.github/workflows/azdo-build.yml b/.github/workflows/azdo-build.yml new file mode 100644 index 0000000000..5b5fb85405 --- /dev/null +++ b/.github/workflows/azdo-build.yml @@ -0,0 +1,44 @@ +name: '🚀 [AzDO] Build' + +on: + push: # Temporarily added for testing + branches: feat-create-request + # push: + # branches: ['main'] + workflow_dispatch: {} + +defaults: + run: + shell: bash + +env: + AZDO_ORG: ${{ vars.AZDO_ORG }} + AZDO_PROJECT: ${{ vars.AZDO_PROJECT }} + +jobs: + build: + environment: + name: azure-devops + name: Build + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + + steps: + - name: Debug OIDC Claims + uses: github/actions-oidc-debugger@bc12dcf + with: + audience: '${{ github.server_url }}/${{ github.repository_owner }}' + + - uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + + - uses: azure/cli@v2 + with: + inlineScript: | + az extension add --name azure-devops + az pipelines list --org ${{ env.AZDO_ORG }} --project ${{ env.AZDO_PROJECT }} From 52cd2abac27d80daedb048d730d1742500fecb97 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 11:53:52 -0700 Subject: [PATCH 25/59] Update azdo-build.yml --- .github/workflows/azdo-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/azdo-build.yml b/.github/workflows/azdo-build.yml index 5b5fb85405..41a6f880a7 100644 --- a/.github/workflows/azdo-build.yml +++ b/.github/workflows/azdo-build.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Debug OIDC Claims - uses: github/actions-oidc-debugger@bc12dcf + uses: github/actions-oidc-debugger@v1 with: audience: '${{ github.server_url }}/${{ github.repository_owner }}' From ddcab28965c2e93f5a3b54738a21c4c3b2442316 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 11:54:47 -0700 Subject: [PATCH 26/59] Update azdo-build.yml --- .github/workflows/azdo-build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/azdo-build.yml b/.github/workflows/azdo-build.yml index 41a6f880a7..9fe29004e7 100644 --- a/.github/workflows/azdo-build.yml +++ b/.github/workflows/azdo-build.yml @@ -26,10 +26,10 @@ jobs: runs-on: ubuntu-latest steps: - - name: Debug OIDC Claims - uses: github/actions-oidc-debugger@v1 - with: - audience: '${{ github.server_url }}/${{ github.repository_owner }}' + # - name: Debug OIDC Claims + # uses: github/actions-oidc-debugger@bc12dcf + # with: + # audience: '${{ github.server_url }}/${{ github.repository_owner }}' - uses: azure/login@v2 with: From 14718fdee70e8564892c6f007c976b8a01b4cbc4 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 13:34:54 -0700 Subject: [PATCH 27/59] Update workflow --- .github/workflows/azdo-build.yml | 44 --- .github/workflows/create-release.yml | 259 +++++++++----- .github/workflows/reusable-azdo-build.yml | 408 ++++++++++++++++++++++ 3 files changed, 579 insertions(+), 132 deletions(-) delete mode 100644 .github/workflows/azdo-build.yml create mode 100644 .github/workflows/reusable-azdo-build.yml diff --git a/.github/workflows/azdo-build.yml b/.github/workflows/azdo-build.yml deleted file mode 100644 index 9fe29004e7..0000000000 --- a/.github/workflows/azdo-build.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: '🚀 [AzDO] Build' - -on: - push: # Temporarily added for testing - branches: feat-create-request - # push: - # branches: ['main'] - workflow_dispatch: {} - -defaults: - run: - shell: bash - -env: - AZDO_ORG: ${{ vars.AZDO_ORG }} - AZDO_PROJECT: ${{ vars.AZDO_PROJECT }} - -jobs: - build: - environment: - name: azure-devops - name: Build - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - - steps: - # - name: Debug OIDC Claims - # uses: github/actions-oidc-debugger@bc12dcf - # with: - # audience: '${{ github.server_url }}/${{ github.repository_owner }}' - - - uses: azure/login@v2 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - - - uses: azure/cli@v2 - with: - inlineScript: | - az extension add --name azure-devops - az pipelines list --org ${{ env.AZDO_ORG }} --project ${{ env.AZDO_PROJECT }} diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 26b55ab78e..b704928d62 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -18,117 +18,201 @@ env: node-version: 22 jobs: - prepare: - name: Prepare + # prepare: + # name: Prepare + # outputs: + # branch-name: ${{ steps.get-branch-name.outputs.branch-name }} + # permissions: + # contents: read + # runs-on: ubuntu-latest + + # steps: + # - uses: actions/checkout@v6 + + # - id: get-branch-name + # name: Get branch name + # run: | + # BRANCH_NAME=$(git symbolic-ref --short HEAD 2>/dev/null || git rev-parse --short HEAD) + + # echo branch-name=$BRANCH_NAME | tee --append $GITHUB_OUTPUT + + # # - uses: actions/setup-node@v6 + # # with: + # # node-version: ${{ env.node-version }} + + # # - id: version-type + # # name: Determine version type + # # run: 'if [[ "$(cat ./package.json | jq -r ''.version'')" == *-0 ]]; then echo version-type=prerelease | tee --append $GITHUB_OUTPUT; else echo version-type=production | tee --append $GITHUB_OUTPUT; fi' + + # # - if: steps.version-type.outputs.version-type != 'production' + # # name: Set version + # # run: | + # # BRANCH_NAME=$(git symbolic-ref --short HEAD 2>/dev/null || git rev-parse --short HEAD) + # # COMMITISH=${{ github.sha }} + # # NOW=$(date +%Y%m%d%H%M) + + # # SHORT_COMMITISH=${COMMITISH:0:7} + + # # # npm version simply ignoring the build metadata + (plus) sign, we need to use dot or hyphen instead. + # # npm version --no-git-tag-version $(echo $(cat ./package.json | jq -r '.version') | cut -d- -f1)-$BRANCH_NAME.$NOW.$SHORT_COMMITISH + + # # - id: version + # # name: Get version + # # run: echo version=$(cat package.json | jq -r '.version') | tee --append $GITHUB_OUTPUT + + # build: + # name: Build + # permissions: + # contents: read + # needs: prepare + # runs-on: ubuntu-latest + + # steps: + # - uses: actions/checkout@v6 + + # - uses: actions/setup-node@v6 + # with: + # node-version: ${{ env.node-version }} + + # - run: npm clean-install + + # - name: npm version ${{ needs.prepare.outputs.version }} + # run: | + # npm version ${{ needs.prepare.outputs.version }} \ + # --include-workspace-root \ + # --no-git-tag-version \ + # --no-workspaces-update \ + # --workspaces + + # - env: + # NODE_ENV: production + # run: npm run build + + # - name: Pack as tarball + # run: | + # npm pack \ + # --workspace=./packages/core \ + # --workspace=./packages/api \ + # --workspace=./packages/component \ + # --workspace=./packages/bundle \ + # --workspace=./packages/fluent-theme + + # # - name: Generate SBOM + # # # --workspace has no effect, the resulting SBOM still contains other packages in the workspace + # # run: npm sbom --package-lock-only --sbom-format spdx --sbom-type library | tee ./sbom.spdx.json + + # - uses: actions/upload-artifact@v7 + # with: + # name: tarball + # path: ./*.tgz + + # - uses: actions/upload-artifact@v7 + # with: + # name: bundle-iife + # path: ./packages/bundle/dist/webchat*.js + + # - uses: actions/upload-artifact@v7 + # with: + # name: bundle-esm + # path: ./packages/bundle/static/**/* + + # - uses: actions/upload-artifact@v7 + # with: + # name: fluent-theme-iife + # path: ./packages/fluent-theme/dist/**/* + + # - uses: actions/upload-artifact@v7 + # with: + # name: fluent-theme-esm + # path: ./packages/fluent-theme/static/**/* + + # # - name: Upload SBOM artifact + # # uses: actions/upload-artifact@v7 + # # with: + # # name: sbom + # # path: ./sbom.spdx.json + + build: + name: Build outputs: - version: ${{ steps.version.outputs.version }} - version-type: ${{ steps.version-type.outputs.version-type }} - permissions: - contents: read - runs-on: ubuntu-latest + version: ${{ steps.azdo-build.outputs.version }} + version-type: ${{ steps.azdo-build.outputs.version-type }} + permissions: {} + runs-on: ubuntu-slim steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 - with: - node-version: ${{ env.node-version }} - - - id: version-type - name: Determine version type - run: 'if [[ "$(cat ./package.json | jq -r ''.version'')" == *-0 ]]; then echo version-type=prerelease | tee --append $GITHUB_OUTPUT; else echo version-type=production | tee --append $GITHUB_OUTPUT; fi' - - - if: steps.version-type.outputs.version-type != 'production' - name: Set version + - id: get-branch-name + name: Get branch name run: | BRANCH_NAME=$(git symbolic-ref --short HEAD 2>/dev/null || git rev-parse --short HEAD) - COMMITISH=${{ github.sha }} - NOW=$(date +%Y%m%d%H%M) - - SHORT_COMMITISH=${COMMITISH:0:7} - - # npm version simply ignoring the build metadata + (plus) sign, we need to use dot or hyphen instead. - npm version --no-git-tag-version $(echo $(cat ./package.json | jq -r '.version') | cut -d- -f1)-$BRANCH_NAME.$NOW.$SHORT_COMMITISH - - - id: version - name: Get version - run: echo version=$(cat package.json | jq -r '.version') | tee --append $GITHUB_OUTPUT - - build: - name: Build - permissions: - contents: read - needs: prepare - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 + echo branch-name=$BRANCH_NAME | tee --append $GITHUB_OUTPUT - - uses: actions/setup-node@v6 + - id: azdo-build + uses: ./.github/workflows/reusable-azdo-build.yml with: - node-version: ${{ env.node-version }} - - - run: npm clean-install + artifact-name: azdo-artifact + branch-name: ${{ steps.get-branch-name.outputs.branch-name }} - - name: npm version ${{ needs.prepare.outputs.version }} + - name: Extract artifact (bundle) run: | - npm version ${{ needs.prepare.outputs.version }} \ - --include-workspace-root \ - --no-git-tag-version \ - --no-workspaces-update \ - --workspaces + mkdir -p ./bundle/ + cd ./bundle/ - - env: - NODE_ENV: production - run: npm run build + tar \ + --extract \ + --file=botframework-webchat-${{ steps.azdo-build.outputs.version }}.tgz \ + --strip-component=1 \ + package/dist/ \ + package/static/ - - name: Pack as tarball + - name: Extract artifact (fluent-theme) run: | - npm pack \ - --workspace=./packages/core \ - --workspace=./packages/api \ - --workspace=./packages/component \ - --workspace=./packages/bundle \ - --workspace=./packages/fluent-theme - - # - name: Generate SBOM - # # --workspace has no effect, the resulting SBOM still contains other packages in the workspace - # run: npm sbom --package-lock-only --sbom-format spdx --sbom-type library | tee ./sbom.spdx.json - - - uses: actions/upload-artifact@v7 + mkdir -p ./fluent-theme/ + cd ./fluent-theme/ + + tar \ + --extract \ + --file=botframework-webchat-fluent-theme-${{ steps.azdo-build.outputs.version }}.tgz \ + --strip-component=1 \ + package/dist/ \ + package/static/ + + - name: Upload artifact (tarball) + uses: actions/upload-artifact@v7 with: name: tarball - path: ./*.tgz + path: ./tgzfiles/*.tgz - - uses: actions/upload-artifact@v7 + - name: Upload artifact (bundle-iife) + uses: actions/upload-artifact@v7 with: name: bundle-iife - path: ./packages/bundle/dist/webchat*.js + path: ./bundle/dist/webchat*.js - - uses: actions/upload-artifact@v7 + - name: Upload artifact (bundle-esm) + uses: actions/upload-artifact@v7 with: name: bundle-esm - path: ./packages/bundle/static/**/* + path: ./bundle/static/ - - uses: actions/upload-artifact@v7 + - name: Upload artifact (fluent-theme-iife) + uses: actions/upload-artifact@v7 with: name: fluent-theme-iife - path: ./packages/fluent-theme/dist/**/* + path: ./fluent-theme/dist/webchat*.js - - uses: actions/upload-artifact@v7 + - name: Upload artifact (fluent-theme-esm) + uses: actions/upload-artifact@v7 with: name: fluent-theme-esm - path: ./packages/fluent-theme/static/**/* - - # - name: Upload SBOM artifact - # uses: actions/upload-artifact@v7 - # with: - # name: sbom - # path: ./sbom.spdx.json + path: ./fluent-theme/static/ upload-changelog: name: Upload changelog - needs: prepare + needs: build permissions: contents: read runs-on: ubuntu-latest @@ -142,9 +226,9 @@ jobs: - run: npm install --global keep-a-changelog@2 prettier - - if: needs.prepare.outputs.version-type != 'production' + - if: needs.build.outputs.version-type != 'production' name: Tag unreleased as latest - run: npx keep-a-changelog --format markdownlint --release=${{ needs.prepare.outputs.version }} + run: npx keep-a-changelog --format markdownlint --release=${{ needs.build.outputs.version }} - name: Extract latest entry run: npx keep-a-changelog --format markdownlint --latest-release-full | tee ./CHANGELOG.latest.md @@ -162,7 +246,6 @@ jobs: name: Release needs: - build - - prepare - upload-changelog permissions: contents: write @@ -209,25 +292,25 @@ jobs: | Build time | Run ID | Source version | Git ref | Package version | | - | - | - | - | - | - | ${{ steps.compute-hash.outputs.release-date }}Z | [\`${{ github.run_id }}\`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) | [\`${{ steps.compute-hash.outputs.git-short-sha }}\`](https://github.com/${{ github.repository }}/commit/${{ github.sha }}) | \`${{ github.ref }}\` | \`${{ needs.prepare.outputs.version }}\` | + | ${{ steps.compute-hash.outputs.release-date }}Z | [\`${{ github.run_id }}\`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) | [\`${{ steps.compute-hash.outputs.git-short-sha }}\`](https://github.com/${{ github.repository }}/commit/${{ github.sha }}) | \`${{ github.ref }}\` | \`${{ needs.build.outputs.version }}\` | \`\`\`html \`\`\` @@ -244,9 +327,9 @@ jobs: name: Create release # Do not upload assets while creating release, otherwise, it will not trigger "release created" event. run: | - if [[ "${{ needs.prepare.outputs.version-type }}" == "prerelease" ]]; then PRERELEASE=1; fi + if [[ "${{ needs.build.outputs.version-type }}" == "prerelease" ]]; then PRERELEASE=1; fi - TAG=v${{ needs.prepare.outputs.version }} + TAG=v${{ needs.build.outputs.version }} gh release create $TAG \ --notes-file ./release.txt \ diff --git a/.github/workflows/reusable-azdo-build.yml b/.github/workflows/reusable-azdo-build.yml new file mode 100644 index 0000000000..f01e2f3036 --- /dev/null +++ b/.github/workflows/reusable-azdo-build.yml @@ -0,0 +1,408 @@ +name: '🦾 [AzDO] Build' + +on: + # push: + # branches: ['main'] + workflow_call: + inputs: + artifact-name: + description: Output artifact name + default: azdo-artifact + type: string + + branch-name: + description: Branch name + default: main + type: string + + # dist-tag: + # description: Dist-tag + # default: main + # type: string + + # version: + # description: Version + # required: true + # type: string + + outputs: + version: + description: Version + value: ${{ jobs.download-pipeline-artifact.outputs.version }} + + version-type: + description: Version + value: ${{ jobs.download-pipeline-artifact.outputs.version-type }} + +defaults: + run: + shell: bash + +env: + AZDO_ORG: ${{ vars.AZDO_ORG }} + AZDO_PIPELINE_NAME: ${{ vars.AZDO_PIPELINE_NAME }} + AZDO_PROJECT: ${{ vars.AZDO_PROJECT }} + AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + +jobs: + run-pipeline: + environment: + name: azure-devops + name: Run build pipeline + outputs: + run-id: ${{ steps.run-pipeline.outputs.run-id }} + run-url: ${{ steps.run-pipeline.outputs.url }} + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + + steps: + - uses: azure/login@v2 + with: + allow-no-subscriptions: true + client-id: ${{ env.AZURE_CLIENT_ID }} + tenant-id: ${{ env.AZURE_TENANT_ID }} + + # - id: run-pipeline + # uses: azure/cli@v2 + # with: + # inlineScript: | + # set -e -o pipefail + + # az extension add --name azure-devops --only-show-errors + # # az pipelines list --org ${{ env.AZDO_ORG }} --project ${{ env.AZDO_PROJECT }} + # OUTPUT=$( + # az pipelines run \ + # --detect false --output json) \ + # --name ${{ env.AZDO_PIPELINE_NAME }} \ + # --org ${{ env.AZDO_ORG }} \ + # --project ${{ env.AZDO_PROJECT }} \ + # --variable ProjectBranch=${{ inputs.branch-name }} + # ) + + # RUN_ID=$(echo "$OUTPUT" | jq -r '.id') + # RUN_URL=$(echo "$OUTPUT" | jq -r '.url') + + # if [ -z "$RUN_ID" ] || [ "$RUN_ID" = "null" ]; then + # echo "$OUTPUT" + # echo "Failed to extract run ID from output" + # exit 1 + # fi + + # if [ -z "$RUN_URL" ] || [ "$RUN_URL" = "null" ]; then + # echo "$OUTPUT" + # echo "Failed to extract run URL from output" + # exit 1 + # fi + + # echo "run-id=$RUN_ID" | tee --append $GITHUB_OUTPUT + # echo "url=$RUN_URL" | tee --append $GITHUB_OUTPUT + + # Temporarily not running pipeline but getting from existing result + - id: run-pipeline + run: | + echo run-id=422059 | tee --append $GITHUB_OUTPUT + echo url=https://fuselabs.visualstudio.com/531382a8-71ae-46c8-99eb-9512ccb91a43/_apis/build/Builds/422059 | tee --append $GITHUB_OUTPUT + + wait-for-run-completion: + environment: + name: azure-devops + name: Wait for run completion + needs: + - run-pipeline + permissions: + id-token: write + runs-on: ubuntu-latest + + steps: + - uses: azure/login@v2 + with: + allow-no-subscriptions: true + client-id: ${{ env.AZURE_CLIENT_ID }} + tenant-id: ${{ env.AZURE_TENANT_ID }} + + - name: Wait for pipeline completion + uses: azure/cli@v2 + with: + inlineScript: | + set -e -o pipefail + + az extension add --name azure-devops --only-show-errors + + RUN_ID="${{ needs.run-pipeline.outputs.run-id }}" + echo "Waiting for run ID: $RUN_ID to complete..." + + # Timeout after 45 minutes (2700 seconds) + TIMEOUT=2700 + ELAPSED=0 + INTERVAL=5 + + while [ $ELAPSED -lt $TIMEOUT ]; do + OUTPUT=$(az pipelines runs show --id "$RUN_ID" --org ${{ env.AZDO_ORG }} --project ${{ env.AZDO_PROJECT }} --detect false --output json) + STATUS=$(echo "$OUTPUT" | jq -r '.status') + + if [ -z "$STATUS" ] || [ "$STATUS" = "null" ]; then + echo "Failed to extract status from output" + exit 1 + fi + + echo "Current status: $STATUS (elapsed: ${ELAPSED}s)" + + # Check for terminal states + if [ "$STATUS" = "completed" ]; then + echo "Pipeline completed!" + RESULT=$(echo "$OUTPUT" | jq -r '.result') + echo "Result: $RESULT" + + if [ "$RESULT" != "succeeded" ]; then + echo "Pipeline failed with result: $RESULT" + exit 1 + fi + + echo "Pipeline succeeded!" + exit 0 + elif [ "$STATUS" = "canceling" ] || [ "$STATUS" = "canceled" ]; then + echo "Pipeline was canceled" + exit 1 + fi + + sleep $INTERVAL + ELAPSED=$((ELAPSED + INTERVAL)) + done + + echo "Timeout reached after ${TIMEOUT} seconds for run ID: $RUN_ID" + exit 1 + + download-pipeline-artifact: + environment: + name: azure-devops + name: Download pipeline artifact + needs: + - run-pipeline + - wait-for-run-completion + outputs: + version: ${{ steps.get-version.outputs.version }} + version-type: ${{ steps.get-version.outputs.version-type }} + permissions: + id-token: write + runs-on: ubuntu-latest + + steps: + - uses: azure/login@v2 + with: + allow-no-subscriptions: true + client-id: ${{ env.AZURE_CLIENT_ID }} + tenant-id: ${{ env.AZURE_TENANT_ID }} + + - name: Download artifact from Azure DevOps + uses: azure/cli@v2 + with: + inlineScript: | + set -e -o pipefail + + tdnf install -y icu + tdnf install -y jq + az extension add --name azure-devops --only-show-errors + + RUN_ID="${{ needs.run-pipeline.outputs.run-id }}" + echo "Downloading artifact 'drop_build_main' from run ID: $RUN_ID" + + # Create directory for artifact + mkdir -p ./artifact-download/ + + # Download the artifact + az pipelines runs artifact download \ + --artifact-name "drop_build_main" \ + --detect false \ + --org ${{ env.AZDO_ORG }} \ + --path "$GITHUB_WORKSPACE/artifact-download/" \ + --project ${{ env.AZDO_PROJECT }} \ + --run-id "$RUN_ID" + + # Verify artifact was downloaded + if [ -z "$(ls -A artifact-download)" ]; then + echo "Artifact directory is empty after download" + exit 1 + fi + + echo "Artifact downloaded successfully" + + - name: Upload artifact + uses: actions/upload-artifact@v6 + with: + name: drop_build_main + path: ./artifact-download/ + + - id: get-version + name: Get version + run: | + VERSION=$(tar -xzOf botframework-webchat-core-*.tgz package/package.json) + + echo version=$VERSION | tee --append $GITHUB_OUTPUT + + if [[ "$VERSION" == *-0 ]]; then echo version-type=prerelease | tee --append $GITHUB_OUTPUT; else echo version-type=production | tee --append $GITHUB_OUTPUT; fi + working-directory: ./artifact-download/tgzfiles + + # prepare-release: + # name: Prepare release + # needs: + # - upload-pipeline-artifact + # outputs: + # prerelease: ${{ steps.save-version.outputs.prerelease }} + # version: ${{ steps.save-version.outputs.version }} + # permissions: + # actions: read + # contents: read + # id-token: write + # runs-on: ubuntu-latest + + # steps: + # - uses: actions/checkout@v6 + # - uses: actions/setup-node@v6 + + # - name: Download build artifact + # uses: actions/download-artifact@v7 + # with: + # name: drop_build_main + # path: ./azdo-artifact/ + + # - name: Prepare CDN artifact + # run: | + # mkdir -p ./github-artifact/cdn/ + # cd ./github-artifact/cdn/ + # unzip ../../azdo-artifact/cdn_files/CdnFilesUpload.zip + + # - name: Upload CDN artifact + # uses: actions/upload-artifact@v6 + # with: + # name: asset-cdn + # path: ./github-artifact/cdn/ + + # - name: Prepare tarball artifact + # run: | + # mkdir -p ./github-artifact/tarball/ + # cd ./github-artifact/tarball/ + # cp ../../azdo-artifact/tgzfiles/* . + + # - name: Upload tarball artifact + # uses: actions/upload-artifact@v6 + # with: + # name: asset-tarball + # path: ./github-artifact/tarball/ + + # - id: save-version + # name: Save version + # run: | + # version=$(cat version.txt) + + # prerelease=$([[ "$version" == *-* ]] && echo true || echo false) + + # echo prerelease="$prerelease" | tee --append $GITHUB_OUTPUT + # echo version="$version" | tee --append $GITHUB_OUTPUT + # working-directory: ./azdo-artifact/version/ + + # - name: Prepare release notes + # run: | + # cp ./.github/release_notes_template.md ./release_notes.md + + # node \ + # --eval "import fs from 'node:fs'; fs.writeFileSync(process.argv[1], fs.readFileSync(process.argv[1], 'utf8').replaceAll(process.argv[2], process.argv[3]));" \ + # --input-type=module \ + # -- \ + # ./release_notes.md \ + # {{webchat-js-integrity}} \ + # "sha384-$(openssl dgst -sha384 -binary ./github-artifact/cdn/webchat.js | openssl base64 -A)" + + # node \ + # --eval "import fs from 'node:fs'; fs.writeFileSync(process.argv[1], fs.readFileSync(process.argv[1], 'utf8').replaceAll(process.argv[2], process.argv[3]));" \ + # --input-type=module \ + # -- \ + # ./release_notes.md \ + # {{webchat-minimal-js-integrity}} \ + # "sha384-$(openssl dgst -sha384 -binary ./github-artifact/cdn/webchat-minimal.js | openssl base64 -A)" + + # node \ + # --eval "import fs from 'node:fs'; fs.writeFileSync(process.argv[1], fs.readFileSync(process.argv[1], 'utf8').replaceAll(process.argv[2], process.argv[3]));" \ + # --input-type=module \ + # -- \ + # ./release_notes.md \ + # {{version}} \ + # "${{ steps.save-version.outputs.version }}" + + # cat ./release_notes.md + + # - name: Upload release notes + # uses: actions/upload-artifact@v6 + # with: + # name: release-notes + # path: ./release_notes.md + + # create-release: + # name: Create release + # needs: + # - prepare-release + # outputs: + # release-tag: ${{ steps.create-release.outputs.release-tag }} + # permissions: + # contents: write + # runs-on: ubuntu-latest + + # steps: + # - name: Download release notes + # uses: actions/download-artifact@v7 + # with: + # name: release-notes + # path: release-notes + + # - env: + # GH_TOKEN: ${{ github.token }} + # id: create-release + # name: Create release + # run: | + # if [[ "${{ needs.prepare-release.outputs.prerelease }}" == "true" ]]; then prerelease=1; fi + + # release_tag=v${{ needs.prepare-release.outputs.version }} + + # gh release create $release_tag \ + # --draft \ + # --notes-file ./release-notes/release_notes.md \ + # ${prerelease:+--prerelease} \ + # --repo ${{ github.repository }} \ + # --target ${{ github.ref }} + + # echo release-tag=$release_tag | tee --append $GITHUB_OUTPUT + + # upload-release-asset: + # name: Upload release asset + # needs: + # - create-release + # permissions: + # contents: write + # runs-on: ubuntu-latest + + # steps: + # - name: Download asset artifact + # uses: actions/download-artifact@v7 + # with: + # merge-multiple: true + # path: ./asset/ + # pattern: asset-* + + # - env: + # GH_TOKEN: ${{ github.token }} + # name: Upload assets + # run: | + # gh release upload ${{ needs.create-release.outputs.release-tag }} \ + # ./asset/* \ + # --repo ${{ github.repository }} + + # - env: + # GH_TOKEN: ${{ github.token }} + # name: Publish release + # run: | + # gh release edit ${{ needs.create-release.outputs.release-tag }} \ + # --draft=false \ + # --repo ${{ github.repository }} From 2a15f6221a0754a74bac214af47d049ab315817a Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 13:38:16 -0700 Subject: [PATCH 28/59] Fix permission --- .github/workflows/create-release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index b704928d62..09f3934934 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -137,7 +137,8 @@ jobs: outputs: version: ${{ steps.azdo-build.outputs.version }} version-type: ${{ steps.azdo-build.outputs.version-type }} - permissions: {} + permissions: + contents: read runs-on: ubuntu-slim steps: From b90430f50dba8ace253a334cc4a2ab60b4f29ee8 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 13:48:39 -0700 Subject: [PATCH 29/59] Use composite action --- .github/actions/azdo-build/action.yml | 356 +++++++++++++++++++ .github/workflows/create-release.yml | 2 +- .github/workflows/reusable-azdo-build.yml | 408 ---------------------- 3 files changed, 357 insertions(+), 409 deletions(-) create mode 100644 .github/actions/azdo-build/action.yml delete mode 100644 .github/workflows/reusable-azdo-build.yml diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml new file mode 100644 index 0000000000..c383069370 --- /dev/null +++ b/.github/actions/azdo-build/action.yml @@ -0,0 +1,356 @@ +name: 'Build via AzDO' + +inputs: + artifact-name: + description: Output artifact name + default: azdo-artifact + type: string + + branch-name: + description: Branch name + default: main + type: string + + # dist-tag: + # description: Dist-tag + # default: main + # type: string + + # version: + # description: Version + # required: true + # type: string + +outputs: + version: + description: Version + value: ${{ jobs.download-pipeline-artifact.outputs.version }} + + version-type: + description: Version + value: ${{ jobs.download-pipeline-artifact.outputs.version-type }} + +defaults: + run: + shell: bash + +env: + AZDO_ORG: ${{ vars.AZDO_ORG }} + AZDO_PIPELINE_NAME: ${{ vars.AZDO_PIPELINE_NAME }} + AZDO_PROJECT: ${{ vars.AZDO_PROJECT }} + AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + +runs: + using: composite + steps: + - uses: azure/login@v2 + with: + allow-no-subscriptions: true + client-id: ${{ env.AZURE_CLIENT_ID }} + tenant-id: ${{ env.AZURE_TENANT_ID }} + + # - id: run-pipeline + # uses: azure/cli@v2 + # with: + # inlineScript: | + # set -e -o pipefail + + # az extension add --name azure-devops --only-show-errors + # # az pipelines list --org ${{ env.AZDO_ORG }} --project ${{ env.AZDO_PROJECT }} + # OUTPUT=$( + # az pipelines run \ + # --detect false --output json) \ + # --name ${{ env.AZDO_PIPELINE_NAME }} \ + # --org ${{ env.AZDO_ORG }} \ + # --project ${{ env.AZDO_PROJECT }} \ + # --variable ProjectBranch=${{ inputs.branch-name }} + # ) + + # RUN_ID=$(echo "$OUTPUT" | jq -r '.id') + # RUN_URL=$(echo "$OUTPUT" | jq -r '.url') + + # if [ -z "$RUN_ID" ] || [ "$RUN_ID" = "null" ]; then + # echo "$OUTPUT" + # echo "Failed to extract run ID from output" + # exit 1 + # fi + + # if [ -z "$RUN_URL" ] || [ "$RUN_URL" = "null" ]; then + # echo "$OUTPUT" + # echo "Failed to extract run URL from output" + # exit 1 + # fi + + # echo "run-id=$RUN_ID" | tee --append $GITHUB_OUTPUT + # echo "url=$RUN_URL" | tee --append $GITHUB_OUTPUT + + # Temporarily not running pipeline but getting from existing result + - id: run-pipeline + name: Run pipeline + run: | + echo run-id=422059 | tee --append $GITHUB_OUTPUT + echo url=https://fuselabs.visualstudio.com/531382a8-71ae-46c8-99eb-9512ccb91a43/_apis/build/Builds/422059 | tee --append $GITHUB_OUTPUT + + - name: Wait for pipeline completion + uses: azure/cli@v2 + with: + inlineScript: | + set -e -o pipefail + + az extension add --name azure-devops --only-show-errors + + RUN_ID="${{ needs.run-pipeline.outputs.run-id }}" + echo "Waiting for run ID: $RUN_ID to complete..." + + # Timeout after 45 minutes (2700 seconds) + TIMEOUT=2700 + ELAPSED=0 + INTERVAL=5 + + while [ $ELAPSED -lt $TIMEOUT ]; do + OUTPUT=$(az pipelines runs show --id "$RUN_ID" --org ${{ env.AZDO_ORG }} --project ${{ env.AZDO_PROJECT }} --detect false --output json) + STATUS=$(echo "$OUTPUT" | jq -r '.status') + + if [ -z "$STATUS" ] || [ "$STATUS" = "null" ]; then + echo "Failed to extract status from output" + exit 1 + fi + + echo "Current status: $STATUS (elapsed: ${ELAPSED}s)" + + # Check for terminal states + if [ "$STATUS" = "completed" ]; then + echo "Pipeline completed!" + RESULT=$(echo "$OUTPUT" | jq -r '.result') + echo "Result: $RESULT" + + if [ "$RESULT" != "succeeded" ]; then + echo "Pipeline failed with result: $RESULT" + exit 1 + fi + + echo "Pipeline succeeded!" + exit 0 + elif [ "$STATUS" = "canceling" ] || [ "$STATUS" = "canceled" ]; then + echo "Pipeline was canceled" + exit 1 + fi + + sleep $INTERVAL + ELAPSED=$((ELAPSED + INTERVAL)) + done + + echo "Timeout reached after ${TIMEOUT} seconds for run ID: $RUN_ID" + exit 1 + + - name: Download artifact from Azure DevOps + uses: azure/cli@v2 + with: + inlineScript: | + set -e -o pipefail + + tdnf install -y icu + tdnf install -y jq + az extension add --name azure-devops --only-show-errors + + RUN_ID="${{ needs.run-pipeline.outputs.run-id }}" + echo "Downloading artifact 'drop_build_main' from run ID: $RUN_ID" + + # Create directory for artifact + mkdir -p ./artifact-download/ + + # Download the artifact + az pipelines runs artifact download \ + --artifact-name "drop_build_main" \ + --detect false \ + --org ${{ env.AZDO_ORG }} \ + --path "$GITHUB_WORKSPACE/artifact-download/" \ + --project ${{ env.AZDO_PROJECT }} \ + --run-id "$RUN_ID" + + # Verify artifact was downloaded + if [ -z "$(ls -A artifact-download)" ]; then + echo "Artifact directory is empty after download" + exit 1 + fi + + echo "Artifact downloaded successfully" + + - name: Upload artifact + uses: actions/upload-artifact@v6 + with: + name: drop_build_main + path: ./artifact-download/ + + - id: get-version + name: Get version + run: | + VERSION=$(tar -xzOf botframework-webchat-core-*.tgz package/package.json) + + echo version=$VERSION | tee --append $GITHUB_OUTPUT + + if [[ "$VERSION" == *-0 ]]; then echo version-type=prerelease | tee --append $GITHUB_OUTPUT; else echo version-type=production | tee --append $GITHUB_OUTPUT; fi + working-directory: ./artifact-download/tgzfiles + +# prepare-release: +# name: Prepare release +# needs: +# - upload-pipeline-artifact +# outputs: +# prerelease: ${{ steps.save-version.outputs.prerelease }} +# version: ${{ steps.save-version.outputs.version }} +# permissions: +# actions: read +# contents: read +# id-token: write +# runs-on: ubuntu-latest + +# steps: +# - uses: actions/checkout@v6 +# - uses: actions/setup-node@v6 + +# - name: Download build artifact +# uses: actions/download-artifact@v7 +# with: +# name: drop_build_main +# path: ./azdo-artifact/ + +# - name: Prepare CDN artifact +# run: | +# mkdir -p ./github-artifact/cdn/ +# cd ./github-artifact/cdn/ +# unzip ../../azdo-artifact/cdn_files/CdnFilesUpload.zip + +# - name: Upload CDN artifact +# uses: actions/upload-artifact@v6 +# with: +# name: asset-cdn +# path: ./github-artifact/cdn/ + +# - name: Prepare tarball artifact +# run: | +# mkdir -p ./github-artifact/tarball/ +# cd ./github-artifact/tarball/ +# cp ../../azdo-artifact/tgzfiles/* . + +# - name: Upload tarball artifact +# uses: actions/upload-artifact@v6 +# with: +# name: asset-tarball +# path: ./github-artifact/tarball/ + +# - id: save-version +# name: Save version +# run: | +# version=$(cat version.txt) + +# prerelease=$([[ "$version" == *-* ]] && echo true || echo false) + +# echo prerelease="$prerelease" | tee --append $GITHUB_OUTPUT +# echo version="$version" | tee --append $GITHUB_OUTPUT +# working-directory: ./azdo-artifact/version/ + +# - name: Prepare release notes +# run: | +# cp ./.github/release_notes_template.md ./release_notes.md + +# node \ +# --eval "import fs from 'node:fs'; fs.writeFileSync(process.argv[1], fs.readFileSync(process.argv[1], 'utf8').replaceAll(process.argv[2], process.argv[3]));" \ +# --input-type=module \ +# -- \ +# ./release_notes.md \ +# {{webchat-js-integrity}} \ +# "sha384-$(openssl dgst -sha384 -binary ./github-artifact/cdn/webchat.js | openssl base64 -A)" + +# node \ +# --eval "import fs from 'node:fs'; fs.writeFileSync(process.argv[1], fs.readFileSync(process.argv[1], 'utf8').replaceAll(process.argv[2], process.argv[3]));" \ +# --input-type=module \ +# -- \ +# ./release_notes.md \ +# {{webchat-minimal-js-integrity}} \ +# "sha384-$(openssl dgst -sha384 -binary ./github-artifact/cdn/webchat-minimal.js | openssl base64 -A)" + +# node \ +# --eval "import fs from 'node:fs'; fs.writeFileSync(process.argv[1], fs.readFileSync(process.argv[1], 'utf8').replaceAll(process.argv[2], process.argv[3]));" \ +# --input-type=module \ +# -- \ +# ./release_notes.md \ +# {{version}} \ +# "${{ steps.save-version.outputs.version }}" + +# cat ./release_notes.md + +# - name: Upload release notes +# uses: actions/upload-artifact@v6 +# with: +# name: release-notes +# path: ./release_notes.md + +# create-release: +# name: Create release +# needs: +# - prepare-release +# outputs: +# release-tag: ${{ steps.create-release.outputs.release-tag }} +# permissions: +# contents: write +# runs-on: ubuntu-latest + +# steps: +# - name: Download release notes +# uses: actions/download-artifact@v7 +# with: +# name: release-notes +# path: release-notes + +# - env: +# GH_TOKEN: ${{ github.token }} +# id: create-release +# name: Create release +# run: | +# if [[ "${{ needs.prepare-release.outputs.prerelease }}" == "true" ]]; then prerelease=1; fi + +# release_tag=v${{ needs.prepare-release.outputs.version }} + +# gh release create $release_tag \ +# --draft \ +# --notes-file ./release-notes/release_notes.md \ +# ${prerelease:+--prerelease} \ +# --repo ${{ github.repository }} \ +# --target ${{ github.ref }} + +# echo release-tag=$release_tag | tee --append $GITHUB_OUTPUT + +# upload-release-asset: +# name: Upload release asset +# needs: +# - create-release +# permissions: +# contents: write +# runs-on: ubuntu-latest + +# steps: +# - name: Download asset artifact +# uses: actions/download-artifact@v7 +# with: +# merge-multiple: true +# path: ./asset/ +# pattern: asset-* + +# - env: +# GH_TOKEN: ${{ github.token }} +# name: Upload assets +# run: | +# gh release upload ${{ needs.create-release.outputs.release-tag }} \ +# ./asset/* \ +# --repo ${{ github.repository }} + +# - env: +# GH_TOKEN: ${{ github.token }} +# name: Publish release +# run: | +# gh release edit ${{ needs.create-release.outputs.release-tag }} \ +# --draft=false \ +# --repo ${{ github.repository }} diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 09f3934934..76fce5fffc 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -152,7 +152,7 @@ jobs: echo branch-name=$BRANCH_NAME | tee --append $GITHUB_OUTPUT - id: azdo-build - uses: ./.github/workflows/reusable-azdo-build.yml + uses: ./.github/actions/azdo-build with: artifact-name: azdo-artifact branch-name: ${{ steps.get-branch-name.outputs.branch-name }} diff --git a/.github/workflows/reusable-azdo-build.yml b/.github/workflows/reusable-azdo-build.yml deleted file mode 100644 index f01e2f3036..0000000000 --- a/.github/workflows/reusable-azdo-build.yml +++ /dev/null @@ -1,408 +0,0 @@ -name: '🦾 [AzDO] Build' - -on: - # push: - # branches: ['main'] - workflow_call: - inputs: - artifact-name: - description: Output artifact name - default: azdo-artifact - type: string - - branch-name: - description: Branch name - default: main - type: string - - # dist-tag: - # description: Dist-tag - # default: main - # type: string - - # version: - # description: Version - # required: true - # type: string - - outputs: - version: - description: Version - value: ${{ jobs.download-pipeline-artifact.outputs.version }} - - version-type: - description: Version - value: ${{ jobs.download-pipeline-artifact.outputs.version-type }} - -defaults: - run: - shell: bash - -env: - AZDO_ORG: ${{ vars.AZDO_ORG }} - AZDO_PIPELINE_NAME: ${{ vars.AZDO_PIPELINE_NAME }} - AZDO_PROJECT: ${{ vars.AZDO_PROJECT }} - AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} - AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} - -jobs: - run-pipeline: - environment: - name: azure-devops - name: Run build pipeline - outputs: - run-id: ${{ steps.run-pipeline.outputs.run-id }} - run-url: ${{ steps.run-pipeline.outputs.url }} - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - - steps: - - uses: azure/login@v2 - with: - allow-no-subscriptions: true - client-id: ${{ env.AZURE_CLIENT_ID }} - tenant-id: ${{ env.AZURE_TENANT_ID }} - - # - id: run-pipeline - # uses: azure/cli@v2 - # with: - # inlineScript: | - # set -e -o pipefail - - # az extension add --name azure-devops --only-show-errors - # # az pipelines list --org ${{ env.AZDO_ORG }} --project ${{ env.AZDO_PROJECT }} - # OUTPUT=$( - # az pipelines run \ - # --detect false --output json) \ - # --name ${{ env.AZDO_PIPELINE_NAME }} \ - # --org ${{ env.AZDO_ORG }} \ - # --project ${{ env.AZDO_PROJECT }} \ - # --variable ProjectBranch=${{ inputs.branch-name }} - # ) - - # RUN_ID=$(echo "$OUTPUT" | jq -r '.id') - # RUN_URL=$(echo "$OUTPUT" | jq -r '.url') - - # if [ -z "$RUN_ID" ] || [ "$RUN_ID" = "null" ]; then - # echo "$OUTPUT" - # echo "Failed to extract run ID from output" - # exit 1 - # fi - - # if [ -z "$RUN_URL" ] || [ "$RUN_URL" = "null" ]; then - # echo "$OUTPUT" - # echo "Failed to extract run URL from output" - # exit 1 - # fi - - # echo "run-id=$RUN_ID" | tee --append $GITHUB_OUTPUT - # echo "url=$RUN_URL" | tee --append $GITHUB_OUTPUT - - # Temporarily not running pipeline but getting from existing result - - id: run-pipeline - run: | - echo run-id=422059 | tee --append $GITHUB_OUTPUT - echo url=https://fuselabs.visualstudio.com/531382a8-71ae-46c8-99eb-9512ccb91a43/_apis/build/Builds/422059 | tee --append $GITHUB_OUTPUT - - wait-for-run-completion: - environment: - name: azure-devops - name: Wait for run completion - needs: - - run-pipeline - permissions: - id-token: write - runs-on: ubuntu-latest - - steps: - - uses: azure/login@v2 - with: - allow-no-subscriptions: true - client-id: ${{ env.AZURE_CLIENT_ID }} - tenant-id: ${{ env.AZURE_TENANT_ID }} - - - name: Wait for pipeline completion - uses: azure/cli@v2 - with: - inlineScript: | - set -e -o pipefail - - az extension add --name azure-devops --only-show-errors - - RUN_ID="${{ needs.run-pipeline.outputs.run-id }}" - echo "Waiting for run ID: $RUN_ID to complete..." - - # Timeout after 45 minutes (2700 seconds) - TIMEOUT=2700 - ELAPSED=0 - INTERVAL=5 - - while [ $ELAPSED -lt $TIMEOUT ]; do - OUTPUT=$(az pipelines runs show --id "$RUN_ID" --org ${{ env.AZDO_ORG }} --project ${{ env.AZDO_PROJECT }} --detect false --output json) - STATUS=$(echo "$OUTPUT" | jq -r '.status') - - if [ -z "$STATUS" ] || [ "$STATUS" = "null" ]; then - echo "Failed to extract status from output" - exit 1 - fi - - echo "Current status: $STATUS (elapsed: ${ELAPSED}s)" - - # Check for terminal states - if [ "$STATUS" = "completed" ]; then - echo "Pipeline completed!" - RESULT=$(echo "$OUTPUT" | jq -r '.result') - echo "Result: $RESULT" - - if [ "$RESULT" != "succeeded" ]; then - echo "Pipeline failed with result: $RESULT" - exit 1 - fi - - echo "Pipeline succeeded!" - exit 0 - elif [ "$STATUS" = "canceling" ] || [ "$STATUS" = "canceled" ]; then - echo "Pipeline was canceled" - exit 1 - fi - - sleep $INTERVAL - ELAPSED=$((ELAPSED + INTERVAL)) - done - - echo "Timeout reached after ${TIMEOUT} seconds for run ID: $RUN_ID" - exit 1 - - download-pipeline-artifact: - environment: - name: azure-devops - name: Download pipeline artifact - needs: - - run-pipeline - - wait-for-run-completion - outputs: - version: ${{ steps.get-version.outputs.version }} - version-type: ${{ steps.get-version.outputs.version-type }} - permissions: - id-token: write - runs-on: ubuntu-latest - - steps: - - uses: azure/login@v2 - with: - allow-no-subscriptions: true - client-id: ${{ env.AZURE_CLIENT_ID }} - tenant-id: ${{ env.AZURE_TENANT_ID }} - - - name: Download artifact from Azure DevOps - uses: azure/cli@v2 - with: - inlineScript: | - set -e -o pipefail - - tdnf install -y icu - tdnf install -y jq - az extension add --name azure-devops --only-show-errors - - RUN_ID="${{ needs.run-pipeline.outputs.run-id }}" - echo "Downloading artifact 'drop_build_main' from run ID: $RUN_ID" - - # Create directory for artifact - mkdir -p ./artifact-download/ - - # Download the artifact - az pipelines runs artifact download \ - --artifact-name "drop_build_main" \ - --detect false \ - --org ${{ env.AZDO_ORG }} \ - --path "$GITHUB_WORKSPACE/artifact-download/" \ - --project ${{ env.AZDO_PROJECT }} \ - --run-id "$RUN_ID" - - # Verify artifact was downloaded - if [ -z "$(ls -A artifact-download)" ]; then - echo "Artifact directory is empty after download" - exit 1 - fi - - echo "Artifact downloaded successfully" - - - name: Upload artifact - uses: actions/upload-artifact@v6 - with: - name: drop_build_main - path: ./artifact-download/ - - - id: get-version - name: Get version - run: | - VERSION=$(tar -xzOf botframework-webchat-core-*.tgz package/package.json) - - echo version=$VERSION | tee --append $GITHUB_OUTPUT - - if [[ "$VERSION" == *-0 ]]; then echo version-type=prerelease | tee --append $GITHUB_OUTPUT; else echo version-type=production | tee --append $GITHUB_OUTPUT; fi - working-directory: ./artifact-download/tgzfiles - - # prepare-release: - # name: Prepare release - # needs: - # - upload-pipeline-artifact - # outputs: - # prerelease: ${{ steps.save-version.outputs.prerelease }} - # version: ${{ steps.save-version.outputs.version }} - # permissions: - # actions: read - # contents: read - # id-token: write - # runs-on: ubuntu-latest - - # steps: - # - uses: actions/checkout@v6 - # - uses: actions/setup-node@v6 - - # - name: Download build artifact - # uses: actions/download-artifact@v7 - # with: - # name: drop_build_main - # path: ./azdo-artifact/ - - # - name: Prepare CDN artifact - # run: | - # mkdir -p ./github-artifact/cdn/ - # cd ./github-artifact/cdn/ - # unzip ../../azdo-artifact/cdn_files/CdnFilesUpload.zip - - # - name: Upload CDN artifact - # uses: actions/upload-artifact@v6 - # with: - # name: asset-cdn - # path: ./github-artifact/cdn/ - - # - name: Prepare tarball artifact - # run: | - # mkdir -p ./github-artifact/tarball/ - # cd ./github-artifact/tarball/ - # cp ../../azdo-artifact/tgzfiles/* . - - # - name: Upload tarball artifact - # uses: actions/upload-artifact@v6 - # with: - # name: asset-tarball - # path: ./github-artifact/tarball/ - - # - id: save-version - # name: Save version - # run: | - # version=$(cat version.txt) - - # prerelease=$([[ "$version" == *-* ]] && echo true || echo false) - - # echo prerelease="$prerelease" | tee --append $GITHUB_OUTPUT - # echo version="$version" | tee --append $GITHUB_OUTPUT - # working-directory: ./azdo-artifact/version/ - - # - name: Prepare release notes - # run: | - # cp ./.github/release_notes_template.md ./release_notes.md - - # node \ - # --eval "import fs from 'node:fs'; fs.writeFileSync(process.argv[1], fs.readFileSync(process.argv[1], 'utf8').replaceAll(process.argv[2], process.argv[3]));" \ - # --input-type=module \ - # -- \ - # ./release_notes.md \ - # {{webchat-js-integrity}} \ - # "sha384-$(openssl dgst -sha384 -binary ./github-artifact/cdn/webchat.js | openssl base64 -A)" - - # node \ - # --eval "import fs from 'node:fs'; fs.writeFileSync(process.argv[1], fs.readFileSync(process.argv[1], 'utf8').replaceAll(process.argv[2], process.argv[3]));" \ - # --input-type=module \ - # -- \ - # ./release_notes.md \ - # {{webchat-minimal-js-integrity}} \ - # "sha384-$(openssl dgst -sha384 -binary ./github-artifact/cdn/webchat-minimal.js | openssl base64 -A)" - - # node \ - # --eval "import fs from 'node:fs'; fs.writeFileSync(process.argv[1], fs.readFileSync(process.argv[1], 'utf8').replaceAll(process.argv[2], process.argv[3]));" \ - # --input-type=module \ - # -- \ - # ./release_notes.md \ - # {{version}} \ - # "${{ steps.save-version.outputs.version }}" - - # cat ./release_notes.md - - # - name: Upload release notes - # uses: actions/upload-artifact@v6 - # with: - # name: release-notes - # path: ./release_notes.md - - # create-release: - # name: Create release - # needs: - # - prepare-release - # outputs: - # release-tag: ${{ steps.create-release.outputs.release-tag }} - # permissions: - # contents: write - # runs-on: ubuntu-latest - - # steps: - # - name: Download release notes - # uses: actions/download-artifact@v7 - # with: - # name: release-notes - # path: release-notes - - # - env: - # GH_TOKEN: ${{ github.token }} - # id: create-release - # name: Create release - # run: | - # if [[ "${{ needs.prepare-release.outputs.prerelease }}" == "true" ]]; then prerelease=1; fi - - # release_tag=v${{ needs.prepare-release.outputs.version }} - - # gh release create $release_tag \ - # --draft \ - # --notes-file ./release-notes/release_notes.md \ - # ${prerelease:+--prerelease} \ - # --repo ${{ github.repository }} \ - # --target ${{ github.ref }} - - # echo release-tag=$release_tag | tee --append $GITHUB_OUTPUT - - # upload-release-asset: - # name: Upload release asset - # needs: - # - create-release - # permissions: - # contents: write - # runs-on: ubuntu-latest - - # steps: - # - name: Download asset artifact - # uses: actions/download-artifact@v7 - # with: - # merge-multiple: true - # path: ./asset/ - # pattern: asset-* - - # - env: - # GH_TOKEN: ${{ github.token }} - # name: Upload assets - # run: | - # gh release upload ${{ needs.create-release.outputs.release-tag }} \ - # ./asset/* \ - # --repo ${{ github.repository }} - - # - env: - # GH_TOKEN: ${{ github.token }} - # name: Publish release - # run: | - # gh release edit ${{ needs.create-release.outputs.release-tag }} \ - # --draft=false \ - # --repo ${{ github.repository }} From a6f16724d6ef83dce74996b1189e9c22ab812c2e Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 13:55:16 -0700 Subject: [PATCH 30/59] Use steps instead of needs --- .github/actions/azdo-build/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index c383069370..29aad8b311 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -101,7 +101,7 @@ runs: az extension add --name azure-devops --only-show-errors - RUN_ID="${{ needs.run-pipeline.outputs.run-id }}" + RUN_ID="${{ steps.run-pipeline.outputs.run-id }}" echo "Waiting for run ID: $RUN_ID to complete..." # Timeout after 45 minutes (2700 seconds) @@ -155,7 +155,7 @@ runs: tdnf install -y jq az extension add --name azure-devops --only-show-errors - RUN_ID="${{ needs.run-pipeline.outputs.run-id }}" + RUN_ID="${{ steps.run-pipeline.outputs.run-id }}" echo "Downloading artifact 'drop_build_main' from run ID: $RUN_ID" # Create directory for artifact From 87e900c13972a346525e2e47cfdbafb42033923a Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 13:56:22 -0700 Subject: [PATCH 31/59] Fix outputs --- .github/actions/azdo-build/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 29aad8b311..767ad54f16 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -24,11 +24,11 @@ inputs: outputs: version: description: Version - value: ${{ jobs.download-pipeline-artifact.outputs.version }} + value: ${{ steps.get-version.outputs.version }} version-type: description: Version - value: ${{ jobs.download-pipeline-artifact.outputs.version-type }} + value: ${{ steps.get-version.outputs.version-type }} defaults: run: From c51248f4de589703cf8d77f5658f16936afc4e75 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:02:08 -0700 Subject: [PATCH 32/59] Use inputs instead of vars --- .github/actions/azdo-build/action.yml | 42 +++++++++++++++++++++++---- .github/workflows/create-release.yml | 6 ++++ 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 767ad54f16..0361f7d974 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -11,6 +11,36 @@ inputs: default: main type: string + azdo-org: + description: AzDO org URL + required: true + type: string + + azdo-pipeline-name: + description: AzDO pipeline name + required: true + type: string + + azdo-project: + description: AzDO project name + required: true + type: string + + azure-client-id: + description: Azure client ID + required: true + type: string + + azure-subscription-id: + description: Azure subscription ID + required: true + type: string + + azure-tenant-id: + description: Azure tenant ID + required: true + type: string + # dist-tag: # description: Dist-tag # default: main @@ -35,12 +65,12 @@ defaults: shell: bash env: - AZDO_ORG: ${{ vars.AZDO_ORG }} - AZDO_PIPELINE_NAME: ${{ vars.AZDO_PIPELINE_NAME }} - AZDO_PROJECT: ${{ vars.AZDO_PROJECT }} - AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} - AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} - AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + AZDO_ORG: ${{ inputs.azdo-org }} + AZDO_PIPELINE_NAME: ${{ inputs.azdo-pipeline-name }} + AZDO_PROJECT: ${{ inputs.azdo-project }} + AZURE_CLIENT_ID: ${{ inputs.azure-client-id }} + AZURE_SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} + AZURE_TENANT_ID: ${{ inputs.azure-tenant-id }} runs: using: composite diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 76fce5fffc..d99d01e32f 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -155,6 +155,12 @@ jobs: uses: ./.github/actions/azdo-build with: artifact-name: azdo-artifact + azdo-org: ${{ vars.AZDO_ORG }} + azdo-pipeline-name: ${{ vars.AZDO_PIPELINE_NAME }} + azdo-project: ${{ vars.AZDO_PROJECT }} + azure-client-id: ${{ vars.AZURE_CLIENT_ID }} + azure-subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} + azure-tenant-id: ${{ vars.AZURE_TENANT_ID }} branch-name: ${{ steps.get-branch-name.outputs.branch-name }} - name: Extract artifact (bundle) From 101c0803ad02d1fbc8a7f91b5066b54ec0125d3e Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:03:52 -0700 Subject: [PATCH 33/59] Add shell --- .github/actions/azdo-build/action.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 0361f7d974..a0c3d3a25b 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -60,10 +60,6 @@ outputs: description: Version value: ${{ steps.get-version.outputs.version-type }} -defaults: - run: - shell: bash - env: AZDO_ORG: ${{ inputs.azdo-org }} AZDO_PIPELINE_NAME: ${{ inputs.azdo-pipeline-name }} @@ -122,6 +118,7 @@ runs: run: | echo run-id=422059 | tee --append $GITHUB_OUTPUT echo url=https://fuselabs.visualstudio.com/531382a8-71ae-46c8-99eb-9512ccb91a43/_apis/build/Builds/422059 | tee --append $GITHUB_OUTPUT + shell: bash - name: Wait for pipeline completion uses: azure/cli@v2 @@ -222,6 +219,7 @@ runs: echo version=$VERSION | tee --append $GITHUB_OUTPUT if [[ "$VERSION" == *-0 ]]; then echo version-type=prerelease | tee --append $GITHUB_OUTPUT; else echo version-type=production | tee --append $GITHUB_OUTPUT; fi + shell: bash working-directory: ./artifact-download/tgzfiles # prepare-release: From 6d7719e1136b8b1f46329bfcd13b8359c9c05bce Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:07:50 -0700 Subject: [PATCH 34/59] Use inputs instead of env --- .github/actions/azdo-build/action.yml | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index a0c3d3a25b..bf53fdd3d8 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -60,22 +60,14 @@ outputs: description: Version value: ${{ steps.get-version.outputs.version-type }} -env: - AZDO_ORG: ${{ inputs.azdo-org }} - AZDO_PIPELINE_NAME: ${{ inputs.azdo-pipeline-name }} - AZDO_PROJECT: ${{ inputs.azdo-project }} - AZURE_CLIENT_ID: ${{ inputs.azure-client-id }} - AZURE_SUBSCRIPTION_ID: ${{ inputs.azure-subscription-id }} - AZURE_TENANT_ID: ${{ inputs.azure-tenant-id }} - runs: using: composite steps: - uses: azure/login@v2 with: allow-no-subscriptions: true - client-id: ${{ env.AZURE_CLIENT_ID }} - tenant-id: ${{ env.AZURE_TENANT_ID }} + client-id: ${{ inputs.azure-client-id }} + tenant-id: ${{ inputs.azure-tenant-id }} # - id: run-pipeline # uses: azure/cli@v2 @@ -137,7 +129,14 @@ runs: INTERVAL=5 while [ $ELAPSED -lt $TIMEOUT ]; do - OUTPUT=$(az pipelines runs show --id "$RUN_ID" --org ${{ env.AZDO_ORG }} --project ${{ env.AZDO_PROJECT }} --detect false --output json) + OUTPUT=$( + az pipelines runs show \ + --id "$RUN_ID" \ + --org ${{ inputs.azdo-org }} \ + --project ${{ inputs.azdo-project }} \ + --detect false \ + --output json + ) STATUS=$(echo "$OUTPUT" | jq -r '.status') if [ -z "$STATUS" ] || [ "$STATUS" = "null" ]; then @@ -192,9 +191,9 @@ runs: az pipelines runs artifact download \ --artifact-name "drop_build_main" \ --detect false \ - --org ${{ env.AZDO_ORG }} \ + --org ${{ inputs.azdo-org }} \ --path "$GITHUB_WORKSPACE/artifact-download/" \ - --project ${{ env.AZDO_PROJECT }} \ + --project ${{ inputs.azdo-project }} \ --run-id "$RUN_ID" # Verify artifact was downloaded From fc9f66868d773c0dbff053302e79374c53b61855 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:12:50 -0700 Subject: [PATCH 35/59] Add environment --- .github/workflows/create-release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index d99d01e32f..0934a92bba 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -133,6 +133,7 @@ jobs: # # path: ./sbom.spdx.json build: + environment: azure-devops name: Build outputs: version: ${{ steps.azdo-build.outputs.version }} From d39b0889004dbd4971356b310f13d5766fb0ddec Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:15:46 -0700 Subject: [PATCH 36/59] Add id-token: write --- .github/workflows/create-release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 0934a92bba..65c0269f2e 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -140,6 +140,7 @@ jobs: version-type: ${{ steps.azdo-build.outputs.version-type }} permissions: contents: read + id-token: write runs-on: ubuntu-slim steps: From ecaed225fb0bfa23069bad39428f80ee8680463a Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:21:44 -0700 Subject: [PATCH 37/59] Run setup-docker-action --- .github/actions/azdo-build/action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index bf53fdd3d8..c010f2a44a 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -63,6 +63,9 @@ outputs: runs: using: composite steps: + # Docker is required for azure/cli + - uses: actions/setup-docker-action@v5 + - uses: azure/login@v2 with: allow-no-subscriptions: true From 15c56c246dc1e03e80a3b4306ec712e5b06f9543 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:23:34 -0700 Subject: [PATCH 38/59] Fix setup-docker-action --- .github/actions/azdo-build/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index c010f2a44a..b2d169226f 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -64,7 +64,7 @@ runs: using: composite steps: # Docker is required for azure/cli - - uses: actions/setup-docker-action@v5 + - uses: docker/setup-docker-action@v5 - uses: azure/login@v2 with: From eee10faaf4d6ecaedf337cd0b1d2737370016e24 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:31:47 -0700 Subject: [PATCH 39/59] Install AZ CLI instead of using GitHub Actions --- .github/actions/azdo-build/action.yml | 171 ++++++++++++++------------ 1 file changed, 91 insertions(+), 80 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index b2d169226f..72a7fc2f3e 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -1,4 +1,5 @@ name: 'Build via AzDO' +description: Run a build pipeline via Azure DevOps and download the build artifact inputs: artifact-name: @@ -66,6 +67,18 @@ runs: # Docker is required for azure/cli - uses: docker/setup-docker-action@v5 + - name: Install AZ CLI + run: | + if ! command -v az > /dev/null; then + curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash + fi + + if ! command -v jq > /dev/null; then + sudo apt-get update + sudo apt-get install -y jq + fi + shell: bash + - uses: azure/login@v2 with: allow-no-subscriptions: true @@ -116,96 +129,94 @@ runs: shell: bash - name: Wait for pipeline completion - uses: azure/cli@v2 - with: - inlineScript: | - set -e -o pipefail - - az extension add --name azure-devops --only-show-errors - - RUN_ID="${{ steps.run-pipeline.outputs.run-id }}" - echo "Waiting for run ID: $RUN_ID to complete..." - - # Timeout after 45 minutes (2700 seconds) - TIMEOUT=2700 - ELAPSED=0 - INTERVAL=5 - - while [ $ELAPSED -lt $TIMEOUT ]; do - OUTPUT=$( - az pipelines runs show \ - --id "$RUN_ID" \ - --org ${{ inputs.azdo-org }} \ - --project ${{ inputs.azdo-project }} \ - --detect false \ - --output json - ) - STATUS=$(echo "$OUTPUT" | jq -r '.status') - - if [ -z "$STATUS" ] || [ "$STATUS" = "null" ]; then - echo "Failed to extract status from output" - exit 1 - fi - - echo "Current status: $STATUS (elapsed: ${ELAPSED}s)" + run: | + set -e -o pipefail + + az extension add --name azure-devops --only-show-errors + + RUN_ID="${{ steps.run-pipeline.outputs.run-id }}" + echo "Waiting for run ID: $RUN_ID to complete..." + + # Timeout after 45 minutes (2700 seconds) + TIMEOUT=2700 + ELAPSED=0 + INTERVAL=5 + + while [ $ELAPSED -lt $TIMEOUT ]; do + OUTPUT=$( + az pipelines runs show \ + --id "$RUN_ID" \ + --org ${{ inputs.azdo-org }} \ + --project ${{ inputs.azdo-project }} \ + --detect false \ + --output json + ) + STATUS=$(echo "$OUTPUT" | jq -r '.status') + + if [ -z "$STATUS" ] || [ "$STATUS" = "null" ]; then + echo "Failed to extract status from output" + exit 1 + fi - # Check for terminal states - if [ "$STATUS" = "completed" ]; then - echo "Pipeline completed!" - RESULT=$(echo "$OUTPUT" | jq -r '.result') - echo "Result: $RESULT" + echo "Current status: $STATUS (elapsed: ${ELAPSED}s)" - if [ "$RESULT" != "succeeded" ]; then - echo "Pipeline failed with result: $RESULT" - exit 1 - fi + # Check for terminal states + if [ "$STATUS" = "completed" ]; then + echo "Pipeline completed!" + RESULT=$(echo "$OUTPUT" | jq -r '.result') + echo "Result: $RESULT" - echo "Pipeline succeeded!" - exit 0 - elif [ "$STATUS" = "canceling" ] || [ "$STATUS" = "canceled" ]; then - echo "Pipeline was canceled" + if [ "$RESULT" != "succeeded" ]; then + echo "Pipeline failed with result: $RESULT" exit 1 fi - sleep $INTERVAL - ELAPSED=$((ELAPSED + INTERVAL)) - done + echo "Pipeline succeeded!" + exit 0 + elif [ "$STATUS" = "canceling" ] || [ "$STATUS" = "canceled" ]; then + echo "Pipeline was canceled" + exit 1 + fi - echo "Timeout reached after ${TIMEOUT} seconds for run ID: $RUN_ID" - exit 1 + sleep $INTERVAL + ELAPSED=$((ELAPSED + INTERVAL)) + done + + echo "Timeout reached after ${TIMEOUT} seconds for run ID: $RUN_ID" + exit 1 + shell: bash - name: Download artifact from Azure DevOps - uses: azure/cli@v2 - with: - inlineScript: | - set -e -o pipefail - - tdnf install -y icu - tdnf install -y jq - az extension add --name azure-devops --only-show-errors - - RUN_ID="${{ steps.run-pipeline.outputs.run-id }}" - echo "Downloading artifact 'drop_build_main' from run ID: $RUN_ID" - - # Create directory for artifact - mkdir -p ./artifact-download/ - - # Download the artifact - az pipelines runs artifact download \ - --artifact-name "drop_build_main" \ - --detect false \ - --org ${{ inputs.azdo-org }} \ - --path "$GITHUB_WORKSPACE/artifact-download/" \ - --project ${{ inputs.azdo-project }} \ - --run-id "$RUN_ID" - - # Verify artifact was downloaded - if [ -z "$(ls -A artifact-download)" ]; then - echo "Artifact directory is empty after download" - exit 1 - fi + run: | + set -e -o pipefail + + tdnf install -y icu + tdnf install -y jq + az extension add --name azure-devops --only-show-errors + + RUN_ID="${{ steps.run-pipeline.outputs.run-id }}" + echo "Downloading artifact 'drop_build_main' from run ID: $RUN_ID" + + # Create directory for artifact + mkdir -p ./artifact-download/ + + # Download the artifact + az pipelines runs artifact download \ + --artifact-name "drop_build_main" \ + --detect false \ + --org ${{ inputs.azdo-org }} \ + --path "$GITHUB_WORKSPACE/artifact-download/" \ + --project ${{ inputs.azdo-project }} \ + --run-id "$RUN_ID" + + # Verify artifact was downloaded + if [ -z "$(ls -A artifact-download)" ]; then + echo "Artifact directory is empty after download" + exit 1 + fi - echo "Artifact downloaded successfully" + echo "Artifact downloaded successfully" + shell: bash - name: Upload artifact uses: actions/upload-artifact@v6 From ee470789cc40b6e89cbc0eceefa3d3c48264940d Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:32:00 -0700 Subject: [PATCH 40/59] Remove Docker --- .github/actions/azdo-build/action.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 72a7fc2f3e..bf5103e511 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -64,9 +64,6 @@ outputs: runs: using: composite steps: - # Docker is required for azure/cli - - uses: docker/setup-docker-action@v5 - - name: Install AZ CLI run: | if ! command -v az > /dev/null; then From 483f1e4cc348d879427dbde1d69bd03500ab5b92 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:34:38 -0700 Subject: [PATCH 41/59] Use another build --- .github/actions/azdo-build/action.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index bf5103e511..87957a7770 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -64,7 +64,10 @@ outputs: runs: using: composite steps: - - name: Install AZ CLI + # Docker is required for azure/cli + - uses: docker/setup-docker-action@v5 + + - name: Install Azure CLI run: | if ! command -v az > /dev/null; then curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash @@ -121,8 +124,8 @@ runs: - id: run-pipeline name: Run pipeline run: | - echo run-id=422059 | tee --append $GITHUB_OUTPUT - echo url=https://fuselabs.visualstudio.com/531382a8-71ae-46c8-99eb-9512ccb91a43/_apis/build/Builds/422059 | tee --append $GITHUB_OUTPUT + echo run-id=424951 | tee --append $GITHUB_OUTPUT + echo url=https://fuselabs.visualstudio.com/531382a8-71ae-46c8-99eb-9512ccb91a43/_apis/build/Builds/424951 | tee --append $GITHUB_OUTPUT shell: bash - name: Wait for pipeline completion From 372410ed781b113b0364fbf7afff9e0b3ac86c72 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:41:13 -0700 Subject: [PATCH 42/59] Add PowerShell support for azure/login --- .github/actions/azdo-build/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 87957a7770..d6cdc9abb0 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -83,6 +83,7 @@ runs: with: allow-no-subscriptions: true client-id: ${{ inputs.azure-client-id }} + enable-AzPSSession: true tenant-id: ${{ inputs.azure-tenant-id }} # - id: run-pipeline From dd3dfb197d0229e27489cb36382eccaf0435112a Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:48:58 -0700 Subject: [PATCH 43/59] Remove Docker --- .github/actions/azdo-build/action.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index d6cdc9abb0..208efe359d 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -64,9 +64,6 @@ outputs: runs: using: composite steps: - # Docker is required for azure/cli - - uses: docker/setup-docker-action@v5 - - name: Install Azure CLI run: | if ! command -v az > /dev/null; then From a2e55e6204aebbf617a1a394e718ea9cb2da9254 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:53:02 -0700 Subject: [PATCH 44/59] Use az login --- .github/actions/azdo-build/action.yml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 208efe359d..7ca61a6015 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -76,12 +76,22 @@ runs: fi shell: bash - - uses: azure/login@v2 - with: - allow-no-subscriptions: true - client-id: ${{ inputs.azure-client-id }} - enable-AzPSSession: true - tenant-id: ${{ inputs.azure-tenant-id }} + - name: Azure login + run: | + az login \ + --client-id ${{ inputs.azure-client-id }} \ + --federated-token ${{ github.token }} \ + --identity \ + --subscription ${{ inputs.azure-subscription-id }} \ + --tenant ${{ inputs.azure-tenant-id }} + shell: bash + + # - uses: azure/login@v2 + # with: + # allow-no-subscriptions: true + # client-id: ${{ inputs.azure-client-id }} + # enable-AzPSSession: true + # tenant-id: ${{ inputs.azure-tenant-id }} # - id: run-pipeline # uses: azure/cli@v2 From 0561ce8a5b0ad4f56326e8629daf181370a8e9f7 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:56:37 -0700 Subject: [PATCH 45/59] No --subscription --- .github/actions/azdo-build/action.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 7ca61a6015..39dd611c50 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -78,11 +78,17 @@ runs: - name: Azure login run: | + # az login \ + # --client-id ${{ inputs.azure-client-id }} \ + # --federated-token ${{ github.token }} \ + # --identity \ + # --subscription ${{ inputs.azure-subscription-id }} \ + # --tenant ${{ inputs.azure-tenant-id }} + az login \ + --allow-no-subscription \ --client-id ${{ inputs.azure-client-id }} \ --federated-token ${{ github.token }} \ - --identity \ - --subscription ${{ inputs.azure-subscription-id }} \ --tenant ${{ inputs.azure-tenant-id }} shell: bash @@ -403,3 +409,8 @@ runs: # gh release edit ${{ needs.create-release.outputs.release-tag }} \ # --draft=false \ # --repo ${{ github.repository }} + + - if: ${{ always() }} + name: Azure logout + run: az logout + shell: bash From 4ed23ea32a1e1098ffd72a8f4a417accf63ce70b Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:57:49 -0700 Subject: [PATCH 46/59] Add --service-principal --- .github/actions/azdo-build/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 39dd611c50..8e11520227 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -89,6 +89,7 @@ runs: --allow-no-subscription \ --client-id ${{ inputs.azure-client-id }} \ --federated-token ${{ github.token }} \ + --service-principal \ --tenant ${{ inputs.azure-tenant-id }} shell: bash From ca282e2750971fea97c9bf3e07a3a4b6418e129b Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 14:59:15 -0700 Subject: [PATCH 47/59] Use --username --- .github/actions/azdo-build/action.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 8e11520227..6daf96c4c2 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -87,10 +87,10 @@ runs: az login \ --allow-no-subscription \ - --client-id ${{ inputs.azure-client-id }} \ --federated-token ${{ github.token }} \ --service-principal \ - --tenant ${{ inputs.azure-tenant-id }} + --tenant ${{ inputs.azure-tenant-id }} \ + --username ${{ inputs.azure-client-id }} shell: bash # - uses: azure/login@v2 @@ -411,7 +411,8 @@ runs: # --draft=false \ # --repo ${{ github.repository }} - - if: ${{ always() }} + - continue-on-error: true + if: ${{ always() }} name: Azure logout run: az logout shell: bash From 8064f473f6d74aed1a4dcdd80c2b6777e7b1f1e3 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 15:02:33 -0700 Subject: [PATCH 48/59] Use azure/login --- .github/actions/azdo-build/action.yml | 45 +++++++++++++-------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 6daf96c4c2..c575980e14 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -76,29 +76,28 @@ runs: fi shell: bash - - name: Azure login - run: | - # az login \ - # --client-id ${{ inputs.azure-client-id }} \ - # --federated-token ${{ github.token }} \ - # --identity \ - # --subscription ${{ inputs.azure-subscription-id }} \ - # --tenant ${{ inputs.azure-tenant-id }} - - az login \ - --allow-no-subscription \ - --federated-token ${{ github.token }} \ - --service-principal \ - --tenant ${{ inputs.azure-tenant-id }} \ - --username ${{ inputs.azure-client-id }} - shell: bash - - # - uses: azure/login@v2 - # with: - # allow-no-subscriptions: true - # client-id: ${{ inputs.azure-client-id }} - # enable-AzPSSession: true - # tenant-id: ${{ inputs.azure-tenant-id }} + # - name: Azure login + # run: | + # # az login \ + # # --client-id ${{ inputs.azure-client-id }} \ + # # --federated-token ${{ github.token }} \ + # # --identity \ + # # --subscription ${{ inputs.azure-subscription-id }} \ + # # --tenant ${{ inputs.azure-tenant-id }} + + # az login \ + # --allow-no-subscription \ + # --federated-token ${{ github.token }} \ + # --service-principal \ + # --tenant ${{ inputs.azure-tenant-id }} \ + # --username ${{ inputs.azure-client-id }} + # shell: bash + + - uses: azure/login@v2 + with: + allow-no-subscriptions: true + client-id: ${{ inputs.azure-client-id }} + tenant-id: ${{ inputs.azure-tenant-id }} # - id: run-pipeline # uses: azure/cli@v2 From 934051525baffd6bcd7f7780aed4d23b45f4aca3 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 15:04:35 -0700 Subject: [PATCH 49/59] Use apt to install icu --- .github/actions/azdo-build/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index c575980e14..807e38deb6 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -72,7 +72,7 @@ runs: if ! command -v jq > /dev/null; then sudo apt-get update - sudo apt-get install -y jq + sudo apt-get install -y icu jq fi shell: bash @@ -204,8 +204,8 @@ runs: run: | set -e -o pipefail - tdnf install -y icu - tdnf install -y jq + # tdnf install -y icu + # tdnf install -y jq az extension add --name azure-devops --only-show-errors RUN_ID="${{ steps.run-pipeline.outputs.run-id }}" From aa7e2f35dd71cbc1ef9bfd458b843b4ffe123128 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 15:08:13 -0700 Subject: [PATCH 50/59] Fix version output --- .github/actions/azdo-build/action.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 807e38deb6..c945a8931c 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -204,8 +204,6 @@ runs: run: | set -e -o pipefail - # tdnf install -y icu - # tdnf install -y jq az extension add --name azure-devops --only-show-errors RUN_ID="${{ steps.run-pipeline.outputs.run-id }}" @@ -241,7 +239,7 @@ runs: - id: get-version name: Get version run: | - VERSION=$(tar -xzOf botframework-webchat-core-*.tgz package/package.json) + VERSION=$(tar -xzOf botframework-webchat-core-*.tgz package/package.json | jq -r '.version') echo version=$VERSION | tee --append $GITHUB_OUTPUT @@ -410,8 +408,8 @@ runs: # --draft=false \ # --repo ${{ github.repository }} - - continue-on-error: true - if: ${{ always() }} - name: Azure logout - run: az logout - shell: bash + # - continue-on-error: true + # if: ${{ always() }} + # name: Azure logout + # run: az logout + # shell: bash From da99645c644705cd0a750fd0e0f1bf3f394e4f22 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 15:11:13 -0700 Subject: [PATCH 51/59] Download AzDO artifact --- .github/actions/azdo-build/action.yml | 3 ++- .github/workflows/create-release.yml | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index c945a8931c..8af0fd549b 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -72,7 +72,8 @@ runs: if ! command -v jq > /dev/null; then sudo apt-get update - sudo apt-get install -y icu jq + # sudo apt-get install -y icu jq + sudo apt-get install -y jq fi shell: bash diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 65c0269f2e..b2ff60322a 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -165,6 +165,11 @@ jobs: azure-tenant-id: ${{ vars.AZURE_TENANT_ID }} branch-name: ${{ steps.get-branch-name.outputs.branch-name }} + - name: Download AzDO build artifact + uses: actions/download-artifact@v8 + with: + name: azdo-artifact + - name: Extract artifact (bundle) run: | mkdir -p ./bundle/ From 615579b9f51c621730e06736a28d79b8f4ff2f5e Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 15:13:57 -0700 Subject: [PATCH 52/59] Use artifact name --- .github/actions/azdo-build/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 8af0fd549b..cfe86d0723 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -215,7 +215,7 @@ runs: # Download the artifact az pipelines runs artifact download \ - --artifact-name "drop_build_main" \ + --artifact-name "${{ inputs.artifact-name }}" \ --detect false \ --org ${{ inputs.azdo-org }} \ --path "$GITHUB_WORKSPACE/artifact-download/" \ From 42354e5ebc7890072114f31fcd88a177e97623c3 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 15:16:02 -0700 Subject: [PATCH 53/59] Set upload artifact name --- .github/actions/azdo-build/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index cfe86d0723..e2faf3a2ce 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -215,7 +215,7 @@ runs: # Download the artifact az pipelines runs artifact download \ - --artifact-name "${{ inputs.artifact-name }}" \ + --artifact-name "drop_build_main" \ --detect false \ --org ${{ inputs.azdo-org }} \ --path "$GITHUB_WORKSPACE/artifact-download/" \ @@ -234,7 +234,7 @@ runs: - name: Upload artifact uses: actions/upload-artifact@v6 with: - name: drop_build_main + name: ${{ inputs.artifact-name }} path: ./artifact-download/ - id: get-version From e1d79aaabe673ece8e5a9b5bae3adeaa3430dad2 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 15:20:51 -0700 Subject: [PATCH 54/59] Fix extract tar path --- .github/workflows/create-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index b2ff60322a..4dd077d7d5 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -177,7 +177,7 @@ jobs: tar \ --extract \ - --file=botframework-webchat-${{ steps.azdo-build.outputs.version }}.tgz \ + --file=./tgzfiles/botframework-webchat-${{ steps.azdo-build.outputs.version }}.tgz \ --strip-component=1 \ package/dist/ \ package/static/ @@ -189,7 +189,7 @@ jobs: tar \ --extract \ - --file=botframework-webchat-fluent-theme-${{ steps.azdo-build.outputs.version }}.tgz \ + --file=./tgzfiles/botframework-webchat-fluent-theme-${{ steps.azdo-build.outputs.version }}.tgz \ --strip-component=1 \ package/dist/ \ package/static/ From 2e7c96d2a421e0ab943596ea28e0d5bd1479d587 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 15:26:55 -0700 Subject: [PATCH 55/59] Fix path --- .github/actions/azdo-build/action.yml | 22 ++++++++++++++++------ .github/workflows/create-release.yml | 6 ++++-- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index e2faf3a2ce..f1208ee0d7 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -7,11 +7,6 @@ inputs: default: azdo-artifact type: string - branch-name: - description: Branch name - default: main - type: string - azdo-org: description: AzDO org URL required: true @@ -42,6 +37,21 @@ inputs: required: true type: string + branch-name: + description: Branch name + default: main + type: string + + download-artifact-name: + description: Name of AzDO artifact to download + required: true + type: string + + pipeline-variable: + description: Pipeline variable + required: true + type: string + # dist-tag: # description: Dist-tag # default: main @@ -114,7 +124,7 @@ runs: # --name ${{ env.AZDO_PIPELINE_NAME }} \ # --org ${{ env.AZDO_ORG }} \ # --project ${{ env.AZDO_PROJECT }} \ - # --variable ProjectBranch=${{ inputs.branch-name }} + # --variable ${{ inputs.pipeline-variable }} # ) # RUN_ID=$(echo "$OUTPUT" | jq -r '.id') diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 4dd077d7d5..650629f9f4 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -164,6 +164,8 @@ jobs: azure-subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} azure-tenant-id: ${{ vars.AZURE_TENANT_ID }} branch-name: ${{ steps.get-branch-name.outputs.branch-name }} + download-artifact-name: drop_build_main + pipeline-variable: ProjectBranch=${{ inputs.branch-name }} - name: Download AzDO build artifact uses: actions/download-artifact@v8 @@ -177,7 +179,7 @@ jobs: tar \ --extract \ - --file=./tgzfiles/botframework-webchat-${{ steps.azdo-build.outputs.version }}.tgz \ + --file=../tgzfiles/botframework-webchat-${{ steps.azdo-build.outputs.version }}.tgz \ --strip-component=1 \ package/dist/ \ package/static/ @@ -189,7 +191,7 @@ jobs: tar \ --extract \ - --file=./tgzfiles/botframework-webchat-fluent-theme-${{ steps.azdo-build.outputs.version }}.tgz \ + --file=../tgzfiles/botframework-webchat-fluent-theme-${{ steps.azdo-build.outputs.version }}.tgz \ --strip-component=1 \ package/dist/ \ package/static/ From cdccbd4af830105e858471d1d1056900bf64a1d7 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 15:30:35 -0700 Subject: [PATCH 56/59] Upload sbom --- .github/workflows/create-release.yml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 650629f9f4..c6ccbaa689 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -226,6 +226,12 @@ jobs: name: fluent-theme-esm path: ./fluent-theme/static/ + - name: Upload artifact (sbom) + uses: actions/upload-artifact@v7 + with: + name: sbom + path: ./_manifest/spdx_2.2/manifest.spdx.json + upload-changelog: name: Upload changelog needs: build @@ -286,11 +292,11 @@ jobs: name: changelog path: ./ - # - name: Download artifact (sbom) - # uses: actions/download-artifact@v8 - # with: - # name: sbom - # path: ./asset + - name: Download artifact (sbom) + uses: actions/download-artifact@v8 + with: + name: sbom + path: ./asset - id: compute-hash name: Compute build metadata @@ -361,5 +367,5 @@ jobs: gh release upload ${{ steps.release.outputs.tag }} \ --repo ${{ github.repository }} \ ./asset/*.js \ - ./asset/*.tgz - # ./aseet/sbom.spdx.json + ./asset/*.tgz \ + ./aseet/manifest.spdx.json From 07f8a6322ca1b4b785f78567d4cddd2eb9061ac7 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 15:37:11 -0700 Subject: [PATCH 57/59] Fix path --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index c6ccbaa689..baac1d1a02 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -368,4 +368,4 @@ jobs: --repo ${{ github.repository }} \ ./asset/*.js \ ./asset/*.tgz \ - ./aseet/manifest.spdx.json + ./asset/manifest.spdx.json From e2446cdf9073f4562adbe6a76020aebd4d29be16 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 16:38:53 -0700 Subject: [PATCH 58/59] Kickoff AzDO pipeline --- .github/actions/azdo-build/action.yml | 77 +++++++++++++-------------- .github/workflows/create-release.yml | 3 ++ 2 files changed, 41 insertions(+), 39 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index f1208ee0d7..055716595d 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -110,49 +110,48 @@ runs: client-id: ${{ inputs.azure-client-id }} tenant-id: ${{ inputs.azure-tenant-id }} - # - id: run-pipeline - # uses: azure/cli@v2 - # with: - # inlineScript: | - # set -e -o pipefail - - # az extension add --name azure-devops --only-show-errors - # # az pipelines list --org ${{ env.AZDO_ORG }} --project ${{ env.AZDO_PROJECT }} - # OUTPUT=$( - # az pipelines run \ - # --detect false --output json) \ - # --name ${{ env.AZDO_PIPELINE_NAME }} \ - # --org ${{ env.AZDO_ORG }} \ - # --project ${{ env.AZDO_PROJECT }} \ - # --variable ${{ inputs.pipeline-variable }} - # ) - - # RUN_ID=$(echo "$OUTPUT" | jq -r '.id') - # RUN_URL=$(echo "$OUTPUT" | jq -r '.url') - - # if [ -z "$RUN_ID" ] || [ "$RUN_ID" = "null" ]; then - # echo "$OUTPUT" - # echo "Failed to extract run ID from output" - # exit 1 - # fi - - # if [ -z "$RUN_URL" ] || [ "$RUN_URL" = "null" ]; then - # echo "$OUTPUT" - # echo "Failed to extract run URL from output" - # exit 1 - # fi - - # echo "run-id=$RUN_ID" | tee --append $GITHUB_OUTPUT - # echo "url=$RUN_URL" | tee --append $GITHUB_OUTPUT - - # Temporarily not running pipeline but getting from existing result - id: run-pipeline - name: Run pipeline run: | - echo run-id=424951 | tee --append $GITHUB_OUTPUT - echo url=https://fuselabs.visualstudio.com/531382a8-71ae-46c8-99eb-9512ccb91a43/_apis/build/Builds/424951 | tee --append $GITHUB_OUTPUT + set -e -o pipefail + + az extension add --name azure-devops --only-show-errors + # az pipelines list --org ${{ vars.azdo-org }} --project ${{ vars.azdo-project }} + OUTPUT=$( + az pipelines run \ + --detect false --output json) \ + --name ${{ vars.azdo-pipeline-name }} \ + --org ${{ vars.azdo-org }} \ + --project ${{ vars.azdo-project }} \ + --variable ${{ inputs.pipeline-variable }} + ) + + RUN_ID=$(echo "$OUTPUT" | jq -r '.id') + RUN_URL=$(echo "$OUTPUT" | jq -r '.url') + + if [ -z "$RUN_ID" ] || [ "$RUN_ID" = "null" ]; then + echo "$OUTPUT" + echo "Failed to extract run ID from output" + exit 1 + fi + + if [ -z "$RUN_URL" ] || [ "$RUN_URL" = "null" ]; then + echo "$OUTPUT" + echo "Failed to extract run URL from output" + exit 1 + fi + + echo "run-id=$RUN_ID" | tee --append $GITHUB_OUTPUT + echo "url=$RUN_URL" | tee --append $GITHUB_OUTPUT shell: bash + # Temporarily not running pipeline but getting from existing result + # - id: run-pipeline + # name: Run pipeline + # run: | + # echo run-id=424951 | tee --append $GITHUB_OUTPUT + # echo url=https://fuselabs.visualstudio.com/531382a8-71ae-46c8-99eb-9512ccb91a43/_apis/build/Builds/424951 | tee --append $GITHUB_OUTPUT + # shell: bash + - name: Wait for pipeline completion run: | set -e -o pipefail diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index baac1d1a02..3cf59bb299 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -265,6 +265,9 @@ jobs: path: ./CHANGELOG.latest.md release: + environment: + name: github-release + url: ${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ steps.release.outputs.tag }} name: Release needs: - build From 8e52c05706ccfe447ea2d640c2b3da4ab21cf7a5 Mon Sep 17 00:00:00 2001 From: William Wong Date: Fri, 27 Mar 2026 16:42:37 -0700 Subject: [PATCH 59/59] Rename vars to inputs --- .github/actions/azdo-build/action.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/azdo-build/action.yml b/.github/actions/azdo-build/action.yml index 055716595d..27dfedf95d 100644 --- a/.github/actions/azdo-build/action.yml +++ b/.github/actions/azdo-build/action.yml @@ -115,13 +115,13 @@ runs: set -e -o pipefail az extension add --name azure-devops --only-show-errors - # az pipelines list --org ${{ vars.azdo-org }} --project ${{ vars.azdo-project }} + # az pipelines list --org ${{ inputs.azdo-org }} --project ${{ inputs.azdo-project }} OUTPUT=$( az pipelines run \ --detect false --output json) \ - --name ${{ vars.azdo-pipeline-name }} \ - --org ${{ vars.azdo-org }} \ - --project ${{ vars.azdo-project }} \ + --name ${{ inputs.azdo-pipeline-name }} \ + --org ${{ inputs.azdo-org }} \ + --project ${{ inputs.azdo-project }} \ --variable ${{ inputs.pipeline-variable }} )