From 6a96c0d7300f360959a02fa4e8025350e2e0d914 Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Thu, 10 Feb 2022 17:42:41 -0700 Subject: [PATCH 01/11] Add GitHub Action linting (Expect lint to *fail*) --- .github/workflows/validateGithubActions.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/validateGithubActions.yml b/.github/workflows/validateGithubActions.yml index 990763f30af0..cc0b38d79c40 100644 --- a/.github/workflows/validateGithubActions.yml +++ b/.github/workflows/validateGithubActions.yml @@ -40,3 +40,9 @@ jobs: - name: Validate actions and workflows run: npm run gh-actions-validate + + - name: Lint actions + run: | + bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) + ./actionlint -color -format '{{range $err := .}}::error file={{$err.Filepath}},line={{$err.Line}},col={{$err.Column}}::{{$err.Message}}%0A```%0A{{replace $err.Snippet "\\n" "%0A"}}%0A```\n{{end}}' -ignore 'SC2016:' + shell: bash From d497ec0dc3029776d0304a0c8e4348670e2c01d0 Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Thu, 10 Feb 2022 17:47:30 -0700 Subject: [PATCH 02/11] Try to not use format --- .github/workflows/validateGithubActions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validateGithubActions.yml b/.github/workflows/validateGithubActions.yml index cc0b38d79c40..4a30d28118cb 100644 --- a/.github/workflows/validateGithubActions.yml +++ b/.github/workflows/validateGithubActions.yml @@ -44,5 +44,5 @@ jobs: - name: Lint actions run: | bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) - ./actionlint -color -format '{{range $err := .}}::error file={{$err.Filepath}},line={{$err.Line}},col={{$err.Column}}::{{$err.Message}}%0A```%0A{{replace $err.Snippet "\\n" "%0A"}}%0A```\n{{end}}' -ignore 'SC2016:' + ./actionlint -color shell: bash From 5b984c997a70286358ab56a4392751689d56431c Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Thu, 10 Feb 2022 17:52:58 -0700 Subject: [PATCH 03/11] Add action matchers --- .github/workflows/actionlint-matcher.json | 17 +++++++++++++++++ .github/workflows/validateGithubActions.yml | 1 + 2 files changed, 18 insertions(+) create mode 100644 .github/workflows/actionlint-matcher.json diff --git a/.github/workflows/actionlint-matcher.json b/.github/workflows/actionlint-matcher.json new file mode 100644 index 000000000000..4613e1617bfe --- /dev/null +++ b/.github/workflows/actionlint-matcher.json @@ -0,0 +1,17 @@ +{ + "problemMatcher": [ + { + "owner": "actionlint", + "pattern": [ + { + "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$", + "file": 1, + "line": 2, + "column": 3, + "message": 4, + "code": 5 + } + ] + } + ] +} diff --git a/.github/workflows/validateGithubActions.yml b/.github/workflows/validateGithubActions.yml index 4a30d28118cb..da83fdf32ae8 100644 --- a/.github/workflows/validateGithubActions.yml +++ b/.github/workflows/validateGithubActions.yml @@ -43,6 +43,7 @@ jobs: - name: Lint actions run: | + echo "::add-matcher::.github/workflows/actionlint-matcher.json" bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) ./actionlint -color shell: bash From 24f266f09425508950b95c2f10c8dc1ecba35871 Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Fri, 11 Feb 2022 10:43:27 -0700 Subject: [PATCH 04/11] Move to shell script --- .github/scripts/validateActionsAndWorkflows.sh | 17 +++++++++++++++-- .github/workflows/actionlint-matcher.json | 17 ----------------- .github/workflows/validateGithubActions.yml | 7 ------- 3 files changed, 15 insertions(+), 26 deletions(-) delete mode 100644 .github/workflows/actionlint-matcher.json diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh index 0ff92289b524..c535eac8b4ad 100755 --- a/.github/scripts/validateActionsAndWorkflows.sh +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -1,6 +1,6 @@ #!/bin/bash -# -# Validates the Github Actions and workflows using the json schemas provided by https://www.schemastore.org/json/ + +echo 'Validates the Github Actions and workflows using the json schemas provided by (https://www.schemastore.org/json/)' # Track exit codes separately so we can run a full validation, report errors, and exit with the correct code declare EXIT_CODE=0 @@ -17,4 +17,17 @@ find ./workflows/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./temp # Cleanup after ourselves and delete the schemas rm -rf ./tempSchemas +echo 'Lint Github Actions via actionlint (https://github.com/rhysd/actionlint)' + +# If we are running this on a non-CI machine (e.g. locally), install shellcheck +if [[ -z "${CI}" ]]; then + brew install shellcheck +fi + +bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) +./actionlint -color + +# Cleanup after ourselves and delete the schemas and actionlint +rm -rf ./tempSchemas ./actionlint + exit $EXIT_CODE diff --git a/.github/workflows/actionlint-matcher.json b/.github/workflows/actionlint-matcher.json deleted file mode 100644 index 4613e1617bfe..000000000000 --- a/.github/workflows/actionlint-matcher.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "problemMatcher": [ - { - "owner": "actionlint", - "pattern": [ - { - "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$", - "file": 1, - "line": 2, - "column": 3, - "message": 4, - "code": 5 - } - ] - } - ] -} diff --git a/.github/workflows/validateGithubActions.yml b/.github/workflows/validateGithubActions.yml index da83fdf32ae8..990763f30af0 100644 --- a/.github/workflows/validateGithubActions.yml +++ b/.github/workflows/validateGithubActions.yml @@ -40,10 +40,3 @@ jobs: - name: Validate actions and workflows run: npm run gh-actions-validate - - - name: Lint actions - run: | - echo "::add-matcher::.github/workflows/actionlint-matcher.json" - bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) - ./actionlint -color - shell: bash From a222fc78d7ad899c2d8a1b6446c0007e681e3f74 Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Fri, 11 Feb 2022 10:55:31 -0700 Subject: [PATCH 05/11] Tweak exit code handling --- .github/scripts/validateActionsAndWorkflows.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh index c535eac8b4ad..dfda0436a44e 100755 --- a/.github/scripts/validateActionsAndWorkflows.sh +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -14,6 +14,10 @@ curl https://json.schemastore.org/github-workflow.json --output ./tempSchemas/gi find ./actions/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-action.json -d file --strict=false || EXIT_CODE=1 find ./workflows/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-workflow.json -d file --strict=false || EXIT_CODE=1 +if (( $EXIT_CODE == 1 )) then + exit $EXIT_CODE +fi + # Cleanup after ourselves and delete the schemas rm -rf ./tempSchemas @@ -25,9 +29,9 @@ if [[ -z "${CI}" ]]; then fi bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) -./actionlint -color +./actionlint -color || EXIT_CODE=1 -# Cleanup after ourselves and delete the schemas and actionlint -rm -rf ./tempSchemas ./actionlint +# Cleanup after ourselves and delete actionlint +rm -rf ./actionlint exit $EXIT_CODE From 6e3f70acdf981549e466f8d4315967edb0f5cffa Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Fri, 11 Feb 2022 11:02:10 -0700 Subject: [PATCH 06/11] Add ; --- .github/scripts/validateActionsAndWorkflows.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh index dfda0436a44e..4de528bc4c0f 100755 --- a/.github/scripts/validateActionsAndWorkflows.sh +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -14,7 +14,7 @@ curl https://json.schemastore.org/github-workflow.json --output ./tempSchemas/gi find ./actions/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-action.json -d file --strict=false || EXIT_CODE=1 find ./workflows/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-workflow.json -d file --strict=false || EXIT_CODE=1 -if (( $EXIT_CODE == 1 )) then +if (( $EXIT_CODE == 1 )); then exit $EXIT_CODE fi From 8ba1b6387e879dcebb4e456ddaf3f1ac6d7aa2ac Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Fri, 11 Feb 2022 11:40:53 -0700 Subject: [PATCH 07/11] Fix most lint errors --- .github/workflows/cherryPick.yml | 4 ++-- .github/workflows/createNewVersion.yml | 4 ++-- .github/workflows/deploy.yml | 8 ++++---- .github/workflows/deployBlocker.yml | 6 +++--- .github/workflows/finishReleaseCycle.yml | 2 +- .github/workflows/platformDeploy.yml | 4 ++-- .github/workflows/preDeploy.yml | 4 ++-- .github/workflows/updateProtectedBranch.yml | 14 +++++++------- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index c7f6101d5a4f..19d3ef49f185 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -100,10 +100,10 @@ jobs: - name: Save correct NEW_VERSION to env run: | if [ -z ${{ github.event.inputs.NEW_VERSION }} ]; then - echo "NEW_VERSION=${{ needs.createNewVersion.outputs.NEW_VERSION }}" >> $GITHUB_ENV + echo "NEW_VERSION=${{ needs.createNewVersion.outputs.NEW_VERSION }}" >> "$GITHUB_ENV" echo "New version is ${{ env.NEW_VERSION }}" else - echo "NEW_VERSION=${{ github.event.inputs.NEW_VERSION }}" >> $GITHUB_ENV + echo "NEW_VERSION=${{ github.event.inputs.NEW_VERSION }}" >> "$GITHUB_ENV" echo "New version is ${{ env.NEW_VERSION }}" fi; diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 98f42211840c..5e442002ea4e 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -24,7 +24,7 @@ jobs: poll-interval-seconds: 10 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - + - name: Decrypt GPG key run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg env: @@ -46,7 +46,7 @@ jobs: run: | git checkout -b version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }} git push --set-upstream origin version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }} - echo "VERSION_BRANCH=version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}" >> $GITHUB_ENV + echo "VERSION_BRANCH=version-${{ github.event.inputs.SEMVER_LEVEL }}-${{ github.sha }}" >> "$GITHUB_ENV" - name: Generate version id: bumpVersion diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f6ff6ab7ab0b..61ddc4d059e6 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -33,7 +33,7 @@ jobs: with: ref: staging token: ${{ secrets.OS_BOTIFY_TOKEN }} - + - name: Decrypt Botify GPG key run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg env: @@ -51,7 +51,7 @@ jobs: - name: Tag version - run: git tag $(npm run print-version --silent) + run: git tag "$(npm run print-version --silent)" - name: 🚀 Push tags to trigger staging deploy 🚀 run: git push --tags @@ -66,7 +66,7 @@ jobs: with: fetch-depth: 0 token: ${{ secrets.OS_BOTIFY_TOKEN }} - + - name: Decrypt Botify GPG key run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg env: @@ -87,7 +87,7 @@ jobs: run: git checkout production - name: Get current app version - run: echo "PRODUCTION_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV + run: echo "PRODUCTION_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV" - name: Get Release Pull Request List id: getReleasePRList diff --git a/.github/workflows/deployBlocker.yml b/.github/workflows/deployBlocker.yml index 46f54ac2ae60..9a7735ed8a01 100644 --- a/.github/workflows/deployBlocker.yml +++ b/.github/workflows/deployBlocker.yml @@ -19,9 +19,9 @@ jobs: - name: Get URL, title, & number of new deploy blocker (issue) if: ${{ github.event_name == 'issues' }} run: | - echo "DEPLOY_BLOCKER_URL=${{ github.event.issue.html_url }}" >> $GITHUB_ENV - echo "DEPLOY_BLOCKER_NUMBER=${{ github.event.issue.number }}" >> $GITHUB_ENV - echo "DEPLOY_BLOCKER_TITLE=$(sed -e "s/'/'\\\\''/g; s/\`/\\\\\`/g; 1s/^/'/; \$s/\$/'/" <<< "'${{ github.event.issue.title }}'")" >> $GITHUB_ENV + echo "DEPLOY_BLOCKER_URL=${{ github.event.issue.html_url }}" >> "$GITHUB_ENV" + echo "DEPLOY_BLOCKER_NUMBER=${{ github.event.issue.number }}" >> "$GITHUB_ENV" + echo "DEPLOY_BLOCKER_TITLE=$(sed -e "s/'/'\\\\''/g; s/\`/\\\\\`/g; 1s/^/'/; \$s/\$/'/" <<< "'${{ github.event.issue.title }}'")" >> "$GITHUB_ENV" - name: Update StagingDeployCash with new deploy blocker uses: Expensify/App/.github/actions/createOrUpdateStagingDeploy@main diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml index eb9b251a0504..fe0eb8aff88a 100644 --- a/.github/workflows/finishReleaseCycle.yml +++ b/.github/workflows/finishReleaseCycle.yml @@ -105,7 +105,7 @@ jobs: run: | git checkout staging git pull origin staging - echo "NEW_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV + echo "NEW_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV" echo "New version is ${{ env.NEW_VERSION }}" # Create a local git tag so that GitUtils.getPullRequestsMergedBetween can use `git log` to generate a diff --git a/.github/workflows/platformDeploy.yml b/.github/workflows/platformDeploy.yml index 598c8fe2e602..c64aca5ad3d4 100644 --- a/.github/workflows/platformDeploy.yml +++ b/.github/workflows/platformDeploy.yml @@ -77,7 +77,7 @@ jobs: LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - name: Set version in ENV - run: echo "VERSION_CODE=$(grep -o 'versionCode\s\+[0-9]\+' android/app/build.gradle | awk '{ print $2 }')" >> $GITHUB_ENV + run: echo "VERSION_CODE=$(grep -o 'versionCode\s\+[0-9]\+' android/app/build.gradle | awk '{ print $2 }')" >> "$GITHUB_ENV" - name: Run Fastlane beta if: ${{ !fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }} @@ -387,7 +387,7 @@ jobs: node-version: '14.x' - name: Set version - run: echo "VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV + run: echo "VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV" - name: Get Release Pull Request List id: getReleasePRList diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 12e1402b7e4d..8d5f1c1a5eb5 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -122,7 +122,7 @@ jobs: - name: Pull main to get the new version run: | git pull origin main - echo "NEW_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV + echo "NEW_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV" echo "New version is ${{ env.NEW_VERSION }}" - name: Update staging branch from main @@ -195,7 +195,7 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Get PR count for ${{ steps.getMergedPullRequest.outputs.author }} - run: echo "PR_COUNT=$(gh pr list --author ${{ steps.getMergedPullRequest.outputs.author }} --state any | grep -c '')" >> $GITHUB_ENV + run: echo "PR_COUNT=$(gh pr list --author ${{ steps.getMergedPullRequest.outputs.author }} --state any | grep -c '')" >> "$GITHUB_ENV" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/updateProtectedBranch.yml b/.github/workflows/updateProtectedBranch.yml index fb925c524fa2..61f5aeada49b 100644 --- a/.github/workflows/updateProtectedBranch.yml +++ b/.github/workflows/updateProtectedBranch.yml @@ -35,11 +35,11 @@ jobs: - name: Set source branch run: | if [[ ${{ github.event.inputs.TARGET_BRANCH }} == 'staging' ]]; then - echo "SOURCE_BRANCH=main" >> $GITHUB_ENV + echo "SOURCE_BRANCH=main" >> "$GITHUB_ENV" elif [[ ${{ github.event.inputs.TARGET_BRANCH }} == 'production' ]]; then - echo "SOURCE_BRANCH=staging" >> $GITHUB_ENV + echo "SOURCE_BRANCH=staging" >> "$GITHUB_ENV" else - echo "SOURCE_BRANCH=${{ github.event.inputs.SOURCE_BRANCH }}" >> $GITHUB_ENV + echo "SOURCE_BRANCH=${{ github.event.inputs.SOURCE_BRANCH }}" >> "$GITHUB_ENV" fi # Version: 2.3.4 @@ -52,7 +52,7 @@ jobs: run: git checkout ${{ env.SOURCE_BRANCH }} - name: Set New Version - run: echo "NEW_VERSION=$(npm run print-version --silent)" >> $GITHUB_ENV + run: echo "NEW_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV" - name: Decrypt OSBotify GPG key run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg @@ -77,7 +77,7 @@ jobs: git checkout -b update-${{ github.event.inputs.TARGET_BRANCH }}-from-${{ env.SOURCE_BRANCH }} git merge -Xtheirs ${{ env.SOURCE_BRANCH }} git push --set-upstream origin update-${{ github.event.inputs.TARGET_BRANCH }}-from-${{ env.SOURCE_BRANCH }} - echo "SOURCE_BRANCH=update-${{ github.event.inputs.TARGET_BRANCH }}-from-${{ env.SOURCE_BRANCH }}" >> $GITHUB_ENV + echo "SOURCE_BRANCH=update-${{ github.event.inputs.TARGET_BRANCH }}-from-${{ env.SOURCE_BRANCH }}" >> "$GITHUB_ENV" - name: Create Pull Request id: createPullRequest @@ -125,8 +125,8 @@ jobs: github_token: ${{ secrets.OS_BOTIFY_TOKEN }} number: ${{ steps.createPullRequest.outputs.pr_number }} body: | - :bell: @Expensify/mobile-deployers :bell: - The Update Protected Branch workflow has failed because this PR was not mergable. - If you are the deployer this week, please resolve the error and merge this PR to continue the deploy process. + :bell: @Expensify/mobile-deployers :bell: - The Update Protected Branch workflow has failed because this PR was not mergable. + If you are the deployer this week, please resolve the error and merge this PR to continue the deploy process. - name: Fail workflow if PR is not mergeable if: ${{ steps.isPullRequestMergeable.outputs.IS_MERGEABLE == 'false' }} From 6a33c657547f2a0b05afabce0ba6d9c9ee955d8d Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Fri, 11 Feb 2022 11:46:46 -0700 Subject: [PATCH 08/11] Fix all but three errors --- .github/workflows/lockDeploys.yml | 2 +- .github/workflows/platformDeploy.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lockDeploys.yml b/.github/workflows/lockDeploys.yml index 0ed24ced5589..f1b8d44d97fe 100644 --- a/.github/workflows/lockDeploys.yml +++ b/.github/workflows/lockDeploys.yml @@ -24,7 +24,7 @@ jobs: - name: Comment in StagingDeployCash to give Applause the 🟢 to begin QA run: | gh issue comment \ - $(gh issue list --label StagingDeployCash --json number --jq '.[0].number') \ + "$(gh issue list --label StagingDeployCash --json number --jq '.[0].number')" \ --body ":rocket: All staging deploys are complete, @Expensify/applauseleads please begin QA on version https://github.com/Expensify/App/releases/tag/$(< package.json jq -r .version) :rocket:" env: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} diff --git a/.github/workflows/platformDeploy.yml b/.github/workflows/platformDeploy.yml index c64aca5ad3d4..d5b66fecafb7 100644 --- a/.github/workflows/platformDeploy.yml +++ b/.github/workflows/platformDeploy.yml @@ -243,7 +243,7 @@ jobs: - name: Set iOS version in ENV if: ${{ fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }} - run: echo "IOS_VERSION=$(echo '${{ github.event.release.tag_name }}' | tr '-' '.')" >> $GITHUB_ENV + run: echo "IOS_VERSION=$(echo '${{ github.event.release.tag_name }}' | tr '-' '.')" >> "$GITHUB_ENV" - name: Run Fastlane for App Store release if: ${{ fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }} @@ -329,11 +329,11 @@ jobs: - name: Deploy production to S3 if: ${{ fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }} - run: aws s3 cp --recursive --acl public-read $GITHUB_WORKSPACE/dist s3://expensify-cash/ + run: aws s3 cp --recursive --acl public-read "$GITHUB_WORKSPACE"/dist s3://expensify-cash/ - name: Deploy staging to S3 if: ${{ !fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }} - run: aws s3 cp --recursive --acl public-read $GITHUB_WORKSPACE/dist s3://staging-expensify-cash/ + run: aws s3 cp --recursive --acl public-read "$GITHUB_WORKSPACE"/dist s3://staging-expensify-cash/ - name: Purge production Cloudflare cache if: ${{ fromJSON(env.SHOULD_DEPLOY_PRODUCTION) }} From 1a351d3701f49ebe45a4798861aeda6637219ce0 Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Fri, 11 Feb 2022 12:12:14 -0700 Subject: [PATCH 09/11] Fix all lint errors --- .github/scripts/validateActionsAndWorkflows.sh | 1 + .github/workflows/cherryPick.yml | 4 +++- .github/workflows/deployBlocker.yml | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh index 4de528bc4c0f..a6a3f3ffc640 100755 --- a/.github/scripts/validateActionsAndWorkflows.sh +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -21,6 +21,7 @@ fi # Cleanup after ourselves and delete the schemas rm -rf ./tempSchemas +echo echo 'Lint Github Actions via actionlint (https://github.com/rhysd/actionlint)' # If we are running this on a non-CI machine (e.g. locally), install shellcheck diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index 19d3ef49f185..c97eb147b95e 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -98,8 +98,10 @@ jobs: PULL_REQUEST_NUMBER: ${{ github.event.inputs.PULL_REQUEST_NUMBER }} - name: Save correct NEW_VERSION to env + env: + NEW_VERSION: ${{ github.event.inputs.NEW_VERSION }} run: | - if [ -z ${{ github.event.inputs.NEW_VERSION }} ]; then + if [ -z "$NEW_VERSION" ]; then echo "NEW_VERSION=${{ needs.createNewVersion.outputs.NEW_VERSION }}" >> "$GITHUB_ENV" echo "New version is ${{ env.NEW_VERSION }}" else diff --git a/.github/workflows/deployBlocker.yml b/.github/workflows/deployBlocker.yml index 9a7735ed8a01..9187905c3ddb 100644 --- a/.github/workflows/deployBlocker.yml +++ b/.github/workflows/deployBlocker.yml @@ -18,10 +18,10 @@ jobs: - name: Get URL, title, & number of new deploy blocker (issue) if: ${{ github.event_name == 'issues' }} + env: + TITLE: ${{ github.event.issue.title }} run: | - echo "DEPLOY_BLOCKER_URL=${{ github.event.issue.html_url }}" >> "$GITHUB_ENV" - echo "DEPLOY_BLOCKER_NUMBER=${{ github.event.issue.number }}" >> "$GITHUB_ENV" - echo "DEPLOY_BLOCKER_TITLE=$(sed -e "s/'/'\\\\''/g; s/\`/\\\\\`/g; 1s/^/'/; \$s/\$/'/" <<< "'${{ github.event.issue.title }}'")" >> "$GITHUB_ENV" + { echo "DEPLOY_BLOCKER_URL=${{ github.event.issue.html_url }}"; echo "DEPLOY_BLOCKER_NUMBER=${{ github.event.issue.number }}"; echo "DEPLOY_BLOCKER_TITLE=$(sed -e "s/'/'\\\\''/g; s/\`/\\\\\`/g; 1s/^/'/; \$s/\$/'/" <<< "$TITLE")";} >> "$GITHUB_ENV" - name: Update StagingDeployCash with new deploy blocker uses: Expensify/App/.github/actions/createOrUpdateStagingDeploy@main From a821505bc62e0b5989c7569c5507589c2c94c188 Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Mon, 14 Feb 2022 11:59:51 -0700 Subject: [PATCH 10/11] Update .github/scripts/validateActionsAndWorkflows.sh Co-authored-by: Rory Abraham <47436092+roryabraham@users.noreply.github.com> --- .github/scripts/validateActionsAndWorkflows.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh index a6a3f3ffc640..52e03e6a8e35 100755 --- a/.github/scripts/validateActionsAndWorkflows.sh +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -14,7 +14,7 @@ curl https://json.schemastore.org/github-workflow.json --output ./tempSchemas/gi find ./actions/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-action.json -d file --strict=false || EXIT_CODE=1 find ./workflows/ -type f -name "*.yml" -print0 | xargs -0 -I file ajv -s ./tempSchemas/github-workflow.json -d file --strict=false || EXIT_CODE=1 -if (( $EXIT_CODE == 1 )); then +if (( $EXIT_CODE != 0 )); then exit $EXIT_CODE fi From fb394122637e94f81e65fcb33e59e6ec4b322fbd Mon Sep 17 00:00:00 2001 From: Andrew Gable Date: Mon, 14 Feb 2022 14:34:46 -0700 Subject: [PATCH 11/11] Add newlines and tweak shellcheck check --- .github/scripts/validateActionsAndWorkflows.sh | 7 ++++++- .github/workflows/deployBlocker.yml | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh index 52e03e6a8e35..e22308c735fd 100755 --- a/.github/scripts/validateActionsAndWorkflows.sh +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -25,7 +25,12 @@ echo echo 'Lint Github Actions via actionlint (https://github.com/rhysd/actionlint)' # If we are running this on a non-CI machine (e.g. locally), install shellcheck -if [[ -z "${CI}" ]]; then +if [[ -z "${CI}" && -z "$(command -v shellcheck)" ]]; then + if [[ "$OSTYPE" != 'darwin'* || -z "$(command -v brew)" ]]; then + echo 'This script requires shellcheck to be installed. Please install it and try again' + exit 1 + fi + brew install shellcheck fi diff --git a/.github/workflows/deployBlocker.yml b/.github/workflows/deployBlocker.yml index 9187905c3ddb..015ed9a98007 100644 --- a/.github/workflows/deployBlocker.yml +++ b/.github/workflows/deployBlocker.yml @@ -21,7 +21,9 @@ jobs: env: TITLE: ${{ github.event.issue.title }} run: | - { echo "DEPLOY_BLOCKER_URL=${{ github.event.issue.html_url }}"; echo "DEPLOY_BLOCKER_NUMBER=${{ github.event.issue.number }}"; echo "DEPLOY_BLOCKER_TITLE=$(sed -e "s/'/'\\\\''/g; s/\`/\\\\\`/g; 1s/^/'/; \$s/\$/'/" <<< "$TITLE")";} >> "$GITHUB_ENV" + { echo "DEPLOY_BLOCKER_URL=${{ github.event.issue.html_url }}"; + echo "DEPLOY_BLOCKER_NUMBER=${{ github.event.issue.number }}"; + echo "DEPLOY_BLOCKER_TITLE=$(sed -e "s/'/'\\\\''/g; s/\`/\\\\\`/g; 1s/^/'/; \$s/\$/'/" <<< "$TITLE")";} >> "$GITHUB_ENV" - name: Update StagingDeployCash with new deploy blocker uses: Expensify/App/.github/actions/createOrUpdateStagingDeploy@main