From bcf884ccfa0d5c065f52d06d4dcfcc763254e113 Mon Sep 17 00:00:00 2001 From: "Joshua M. Boniface" Date: Sat, 25 May 2024 11:55:48 -0400 Subject: [PATCH] Update GitHub workflows from Master Backport fixes from: - #11780 - #11779 - #11769 - #11733 - #11515 --- .github/workflows/ci-codeql-analysis.yml | 8 +- .github/workflows/ci-openapi.yml | 108 ++++++++++++++++---- .github/workflows/ci-tests.yml | 4 +- .github/workflows/commands.yml | 6 +- .github/workflows/issue-template-check.yml | 2 +- .github/workflows/pull-request-conflict.yml | 2 +- .github/workflows/release-bump-version.yaml | 4 +- 7 files changed, 101 insertions(+), 33 deletions(-) diff --git a/.github/workflows/ci-codeql-analysis.yml b/.github/workflows/ci-codeql-analysis.yml index 96c06019b7..0ccc3307c0 100644 --- a/.github/workflows/ci-codeql-analysis.yml +++ b/.github/workflows/ci-codeql-analysis.yml @@ -20,18 +20,18 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup .NET uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 with: dotnet-version: '8.0.x' - name: Initialize CodeQL - uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: languages: ${{ matrix.language }} queries: +security-extended - name: Autobuild - uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 diff --git a/.github/workflows/ci-openapi.yml b/.github/workflows/ci-openapi.yml index 273aa9f3e0..edfd74f87b 100644 --- a/.github/workflows/ci-openapi.yml +++ b/.github/workflows/ci-openapi.yml @@ -3,6 +3,8 @@ on: push: branches: - master + tags: + - 'v*' pull_request_target: permissions: {} @@ -14,7 +16,7 @@ jobs: permissions: read-all steps: - name: Checkout repository - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -39,7 +41,7 @@ jobs: permissions: read-all steps: - name: Checkout repository - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -99,11 +101,24 @@ jobs: - id: read-diff name: Read openapi-diff output run: | + # Read and fix markdown body=$(cat openapi-changes.md) - body="${body//'%'/'%25'}" - body="${body//$'\n'/'%0A'}" - body="${body//$'\r'/'%0D'}" - echo ::set-output name=body::$body + # Write to workflow summary + echo "$body" >> $GITHUB_STEP_SUMMARY + # Set ApiChanged var + if [ "$body" != '' ]; then + echo "ApiChanged=1" >> "$GITHUB_OUTPUT" + else + echo "ApiChanged=0" >> "$GITHUB_OUTPUT" + fi + # Add header/footer for diff comment + echo '' > openapi-changes-reply.md + echo "
" >> openapi-changes-reply.md + echo "Changes in OpenAPI specification found. Expand to see details." >> openapi-changes-reply.md + echo "" >> openapi-changes-reply.md + echo "$body" >> openapi-changes-reply.md + echo "" >> openapi-changes-reply.md + echo "
" >> openapi-changes-reply.md - name: Find difference comment uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 id: find-comment @@ -113,22 +128,15 @@ jobs: body-includes: openapi-diff-workflow-comment - name: Reply or edit difference comment (changed) uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - if: ${{ steps.read-diff.outputs.body != '' }} + if: ${{ steps.read-diff.outputs.ApiChanged == '1' }} with: issue-number: ${{ github.event.pull_request.number }} comment-id: ${{ steps.find-comment.outputs.comment-id }} edit-mode: replace - body: | - -
- Changes in OpenAPI specification found. Expand to see details. - - ${{ steps.read-diff.outputs.body }} - -
+ body-path: openapi-changes-reply.md - name: Edit difference comment (unchanged) uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - if: ${{ steps.read-diff.outputs.body == '' && steps.find-comment.outputs.comment-id != '' }} + if: ${{ steps.read-diff.outputs.ApiChanged == '0' && steps.find-comment.outputs.comment-id != '' }} with: issue-number: ${{ github.event.pull_request.number }} comment-id: ${{ steps.find-comment.outputs.comment-id }} @@ -138,11 +146,9 @@ jobs: No changes to OpenAPI specification found. See history of this comment for previous changes. - publish: + publish-unstable: name: OpenAPI - Publish Unstable Spec - if: | - github.event_name != 'pull_request_target' && - contains(github.repository_owner, 'jellyfin') + if: ${{ github.event_name != 'pull_request_target' && !startsWith(github.ref, 'refs/tags/v') && contains(github.repository_owner, 'jellyfin') }} runs-on: ubuntu-latest needs: - openapi-head @@ -201,3 +207,65 @@ jobs: sudo ln -s unstable/${LAST_SPEC} ${TGT_DIR}/jellyfin-openapi-unstable_previous.json fi ) 200>/run/workflows/openapi-unstable.lock + + publish-stable: + name: OpenAPI - Publish Stable Spec + if: ${{ startsWith(github.ref, 'refs/tags/v') && contains(github.repository_owner, 'jellyfin') }} + runs-on: ubuntu-latest + needs: + - openapi-head + steps: + - name: Set version number + id: version + run: |- + echo "JELLYFIN_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV + - name: Download openapi-head + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + with: + name: openapi-head + path: openapi-head + - name: Upload openapi.json (stable) to repository server + uses: appleboy/scp-action@917f8b81dfc1ccd331fef9e2d61bdc6c8be94634 # v0.1.7 + with: + host: "${{ secrets.REPO_HOST }}" + username: "${{ secrets.REPO_USER }}" + key: "${{ secrets.REPO_KEY }}" + source: openapi-head/openapi.json + strip_components: 1 + target: "/srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}" + - name: Move openapi.json (stable) into place + uses: appleboy/ssh-action@029f5b4aeeeb58fdfe1410a5d17f967dacf36262 # v1.0.3 + with: + host: "${{ secrets.REPO_HOST }}" + username: "${{ secrets.REPO_USER }}" + key: "${{ secrets.REPO_KEY }}" + debug: false + script_stop: false + script: | + if ! test -d /run/workflows; then + sudo mkdir -p /run/workflows + sudo chown ${{ secrets.REPO_USER }} /run/workflows + fi + ( + flock -x -w 300 200 || exit 1 + TGT_DIR="/srv/repository/main/openapi" + LAST_SPEC="$( ls -lt ${TGT_DIR}/stable/ | grep 'jellyfin-openapi' | head -1 | awk '{ print $NF }' )" + # If new and previous spec don't differ (diff retcode 0), remove incoming and finish + if diff /srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}/openapi.json ${TGT_DIR}/stable/${LAST_SPEC} &>/dev/null; then + rm -r /srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }} + exit 0 + fi + # Move new spec into place + sudo mv /srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}/openapi.json ${TGT_DIR}/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}.json + # Delete previous jellyfin-openapi-stable_previous.json + sudo rm ${TGT_DIR}/jellyfin-openapi-stable_previous.json + # Move current jellyfin-openapi-stable.json symlink to jellyfin-openapi-stable_previous.json + sudo mv ${TGT_DIR}/jellyfin-openapi-stable.json ${TGT_DIR}/jellyfin-openapi-stable_previous.json + # Create new jellyfin-openapi-stable.json symlink + sudo ln -s stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}.json ${TGT_DIR}/jellyfin-openapi-stable.json + # Check that the previous openapi stable spec link is correct + if [[ "$( readlink ${TGT_DIR}/jellyfin-openapi-stable_previous.json )" != "stable/${LAST_SPEC}" ]]; then + sudo rm ${TGT_DIR}/jellyfin-openapi-stable_previous.json + sudo ln -s stable/${LAST_SPEC} ${TGT_DIR}/jellyfin-openapi-stable_previous.json + fi + ) 200>/run/workflows/openapi-stable.lock diff --git a/.github/workflows/ci-tests.yml b/.github/workflows/ci-tests.yml index 795ba550d6..c0fc5a3521 100644 --- a/.github/workflows/ci-tests.yml +++ b/.github/workflows/ci-tests.yml @@ -19,7 +19,7 @@ jobs: runs-on: "${{ matrix.os }}" steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 with: @@ -34,7 +34,7 @@ jobs: --verbosity minimal - name: Merge code coverage results - uses: danielpalme/ReportGenerator-GitHub-Action@2a2d60ea1c7e811f54684179af6ac1ae8c1ce69a # 5.2.5 + uses: danielpalme/ReportGenerator-GitHub-Action@6b06171d1a131e7fd85121120a1c00c1ed03e033 # 5.3.0 with: reports: "**/coverage.cobertura.xml" targetdir: "merged/" diff --git a/.github/workflows/commands.yml b/.github/workflows/commands.yml index d26e8e877d..cbaea507fd 100644 --- a/.github/workflows/commands.yml +++ b/.github/workflows/commands.yml @@ -24,7 +24,7 @@ jobs: reactions: '+1' - name: Checkout the latest code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: token: ${{ secrets.JF_BOT_TOKEN }} fetch-depth: 0 @@ -51,7 +51,7 @@ jobs: reactions: eyes - name: Checkout the latest code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: token: ${{ secrets.JF_BOT_TOKEN }} fetch-depth: 0 @@ -128,7 +128,7 @@ jobs: runs-on: ubuntu-latest steps: - name: pull in script - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: jellyfin/jellyfin-triage-script - name: install python diff --git a/.github/workflows/issue-template-check.yml b/.github/workflows/issue-template-check.yml index 65a7eb4aee..4a0b4f883b 100644 --- a/.github/workflows/issue-template-check.yml +++ b/.github/workflows/issue-template-check.yml @@ -10,7 +10,7 @@ jobs: issues: write steps: - name: pull in script - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: jellyfin/jellyfin-triage-script - name: install python diff --git a/.github/workflows/pull-request-conflict.yml b/.github/workflows/pull-request-conflict.yml index 1c3fac3c6e..5823c309cf 100644 --- a/.github/workflows/pull-request-conflict.yml +++ b/.github/workflows/pull-request-conflict.yml @@ -15,7 +15,7 @@ jobs: if: ${{ github.repository == 'jellyfin/jellyfin' }} steps: - name: Apply label - uses: eps1lon/actions-label-merge-conflict@e62d7a53ff8be8b97684bffb6cfbbf3fc1115e2e # v3.0.0 + uses: eps1lon/actions-label-merge-conflict@6d74047dcef155976a15e4a124dde2c7fe0c5522 # v3.0.1 if: ${{ github.event_name == 'push' || github.event_name == 'pull_request_target'}} with: dirtyLabel: 'merge conflict' diff --git a/.github/workflows/release-bump-version.yaml b/.github/workflows/release-bump-version.yaml index d0aac5464b..f471572e52 100644 --- a/.github/workflows/release-bump-version.yaml +++ b/.github/workflows/release-bump-version.yaml @@ -33,7 +33,7 @@ jobs: yq-version: v4.9.8 - name: Checkout Repository - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ env.TAG_BRANCH }} @@ -66,7 +66,7 @@ jobs: NEXT_VERSION: ${{ github.event.inputs.NEXT_VERSION }} steps: - name: Checkout Repository - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ env.TAG_BRANCH }}