Merge remote-tracking branch 'origin/master' into chore/update-env-va…

…riables
ParabolInc · Nov 17, 2023 · e7ca0b4 · e7ca0b4
2 parents f9a8a26 + 0fdef2d
commit e7ca0b4
Show file tree

Hide file tree

Showing 308 changed files with 5,195 additions and 2,414 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.github/ISSUE_TEMPLATE/release_test.md b/.github/ISSUE_TEMPLATE/release_test.md
@@ -16,7 +16,7 @@ Run through this list at least once at [staging](https://action.parabol.fun):
 - [ ] Smoke tested the [Demo](https://action.parabol.fun/retrospective-demo), unauthenticated
 - [ ] Created an account
 - [ ] Verified invite via mass link works (Team > Invite Button > Invite Link, visit URL in an incognito window)
-- [ ] Verified invite via email works
+- [ ] Verified invite via email works. It will show as [logs in Datadog](https://app.datadoghq.com/logs?query=kube_namespace%3Aparabol%20env%3Astaging%20&cols=host%2Cservice&index=%2A&messageDisplay=inline&refresh_mode=sliding&storage=hot&stream_sort=desc&viz=stream&from_ts=1699266779323&to_ts=1699267679323&live=true).
 - [ ] Added Slack, verified meeting notifications (use `#t_product_actiontime`)
 - [ ] Added Mattermost, verified meeting notifications (check the test webhook in [Parabol Mattermost](https://mattermost.parabol.co/product/integrations/incoming_webhooks))
 - [ ] Added GitHub, verified issue created (use `ParabolInc/publictestrepo`)

diff --git a/.github/reviewers.yml b/.github/reviewers.yml
@@ -35,12 +35,13 @@ reviewers:
     - developers
 
 files:
-  '**/migrations/**':
+  "**/migrations/**":
     - data
-  '**/analytics/**':
+  "**/analytics/**":
     - data
 options:
   ignore_draft: true
   ignored_keywords:
     - WIP
+    - chore(release)
   number_of_reviewers: 1
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,6 +1,15 @@
 name: Build
-
-on: [push]
+on:
+  pull_request:
+    types: [opened]
+    branches:
+      - "release-please--**"
+  push:
+    branches:
+      - "release-please--**"
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
 env:
   PARABOL_DOCKERFILE: ./docker/parabol-ubi/docker-build/dockerfiles/pipeline.dockerfile
   PARABOL_BUILD_ENV_PATH: docker/parabol-ubi/docker-build/environments/pipeline
@@ -12,7 +21,7 @@ jobs:
       id-token: "write"
     services:
       postgres:
-        image: postgres:12.15-alpine
+        image: postgres:15.4
         # This env variables must be the same in the file PARABOL_BUILD_ENV_PATH
         env:
           POSTGRES_PASSWORD: "temppassword"
@@ -36,24 +45,12 @@ jobs:
 
       - name: Setup environment variables
         run: |
-          IS_RELEASE=${{ startsWith(github.event.head_commit.message, 'chore(release): release') }}
-          IS_MANUAL_BUILD=${{ startsWith(github.event.head_commit.message, 'dockerize') }}
-
-          DOCKER_REPOSITORY_FOR_REF=${{ secrets.GCP_AR_PARABOL_DEV }}
-          DOCKERIZE=false
-          if [ $IS_RELEASE = true ]; then
-            echo "DOCKER_REPOSITORY_FOR_REF=${{ secrets.GCP_AR_PARABOL}}" >> $GITHUB_ENV
-            DOCKERIZE=true
-          elif [ $IS_MANUAL_BUILD = true ]; then
-            DOCKERIZE=true
-          fi
-
           ACTION_VERSION=$(grep '"version":' package.json | cut -d\" -f4)
-
           echo "ACTION_VERSION=${ACTION_VERSION}" >> $GITHUB_ENV
-          echo "DOCKER_REPOSITORY_FOR_REF=${DOCKER_REPOSITORY_FOR_REF}" >> $GITHUB_ENV
-          echo "IS_RELEASE=${IS_RELEASE}" >> $GITHUB_ENV
-          echo "DOCKERIZE=${DOCKERIZE}" >> $GITHUB_ENV
+          echo "NODE_VERSION=$(jq -r -j '.engines.node|ltrimstr("^")' package.json)" >> $GITHUB_ENV
+
+          DOCKER_REPOSITORY_FOR_REF=${{ secrets.GCP_AR_PARABOL_DEV }}
+          echo "DOCKER_REPOSITORY_FOR_REF=${{ secrets.GCP_AR_PARABOL_DEV }}" >> $GITHUB_ENV
 
       - name: Setup Node
         uses: actions/setup-node@v3
@@ -82,99 +79,31 @@ jobs:
           yarn pg:build
           yarn pg:generate
 
-      - name: Build for testing
-        if: env.DOCKERIZE != 'true'
-        run: yarn build
-
-      - name: Build for deploying
-        if: env.DOCKERIZE == 'true'
+      - name: Build for release
         env:
           NODE_OPTIONS: "--max_old_space_size=8192"
         run: yarn build --no-deps
 
-      - name: Verify source is clean
-        run: git diff --quiet HEAD || (echo "Changes in generated files detected"; git diff; exit 1)
-
-      - name: Check Code Quality
-        run: yarn codecheck
-
-      - name: Run Predeploy for Testing
-        run: yarn predeploy
-
-      - name: Start testing server in background
-        run: |
-          yarn start &
-
-      - name: Wait for testing server to be healthy
-        run: curl -4 --retry 30 --retry-connrefused --retry-delay 10 http://localhost:3000/graphql
-
-      - name: Run server tests
-        run: yarn test:server -- --reporters=default --reporters=jest-junit
-        env:
-          JEST_JUNIT_OUTPUT_DIR: ./test-results/junit/server
-
-      - name: Run client tests
-        run: yarn test:client -- --reporters=default --reporters=jest-junit
-        env:
-          JEST_JUNIT_OUTPUT_DIR: ./test-results/junit/client
-
-      - name: Store Playwright Version
-        run: |
-          PLAYWRIGHT_VERSION=$(npm ls @playwright/test | grep @playwright | sed 's/.*@//')
-          echo "PLAYWRIGHT_VERSION=$PLAYWRIGHT_VERSION" >> $GITHUB_ENV
-
-      - name: Cache Playwright Browsers
-        id: cache-playwright-browsers
-        uses: actions/cache@v3
-        with:
-          path: ~/.cache/ms-playwright
-          key: playwright-${{ runner.arch }}-${{ env.PLAYWRIGHT_VERSION }}
-
-      - name: Setup Playwright
-        if: steps.cache-playwright-browsers.outputs.cache-hit != 'true'
-        run: npx playwright install --with-deps
-
-      - name: Run Playwright Tests
-        run: yarn workspace integration-tests test --reporter list,junit
-        env:
-          PLAYWRIGHT_JUNIT_OUTPUT_NAME: ./test-results/junit/junit.xml
-
-      - name: Store Artifacts from Failed Tests
-        if: failure()
-        uses: actions/upload-artifact@v2
-        with:
-          name: test-results
-          path: test-results/
-          retention-days: 7
-
-      - name: Cleanup Predeploy for Docker Image
-        if: env.DOCKERIZE == 'true'
-        run: rm build/index.html build/sw.js build/manifest.json
-
       - name: Set up Docker Buildx
-        if: env.DOCKERIZE == 'true'
         uses: docker/setup-buildx-action@v2
         with:
           buildkitd-flags: "--allow-insecure-entitlement network.host"
           driver-opts: network=host
 
       - id: "auth"
         name: "Authenticate to Google Cloud"
-        if: env.DOCKERIZE == 'true'
         uses: "google-github-actions/auth@v1"
         with:
           token_format: "access_token"
           workload_identity_provider: ${{ secrets.GCP_WI_PROVIDER_NAME }}
           service_account: ${{ secrets.GCP_SA_EMAIL }}
 
       - uses: "docker/login-action@v2"
-        if: env.DOCKERIZE == 'true'
         with:
           registry: ${{ secrets.GCP_DOCKER_REGISTRY }}
           username: "oauth2accesstoken"
           password: "${{ steps.auth.outputs.access_token }}"
-      - name: Build and push
-        if: env.DOCKERIZE == 'true'
+      - name: Push build to dev
         uses: docker/build-push-action@v4
         with:
           network: host
@@ -188,9 +117,8 @@ jobs:
           push: true
           tags: |
             "${{ secrets.GCP_AR_PARABOL_DEV }}:${{github.sha}}"
-            "${{ env.DOCKER_REPOSITORY_FOR_REF }}:v${{ env.ACTION_VERSION }}"
+
       - name: Push Artifacts to Sentry
-        if: env.IS_RELEASE == 'true'
         uses: getsentry/action-release@v1
         env:
           SENTRY_AUTH_TOKEN: "${{secrets.SENTRY_AUTH_TOKEN}}"
@@ -201,12 +129,10 @@ jobs:
           sourcemaps: "./build"
           version: ${{env.ACTION_VERSION}}
       - name: Push Artifacts to Datadog
-        if: env.IS_RELEASE == 'true'
         env:
           DATADOG_API_KEY: "${{secrets.DATADOG_API_KEY}}"
           CDN_BUILD_URL: "https://action-files.parabol.co/production/build/"
         run: |
-          yarn add @datadog/datadog-ci -W
           yarn datadog-ci sourcemaps upload ./build \
             --service=parabol-saas-production \
             --release-version=${{env.ACTION_VERSION}} \

diff --git a/.github/workflows/ironbank.yml b/.github/workflows/ironbank.yml
@@ -0,0 +1,66 @@
+name: Ironbank S3 Upload
+
+on:
+  workflow_dispatch:
+    inputs:
+      version_number:
+        description: "Version number of the Parabol image to process"
+        required: true
+
+jobs:
+  pull-and-upload:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: "read"
+      id-token: "write"
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup environment variables
+        run: |
+          DOCKER_REPOSITORY_FOR_REF=${{ secrets.GCP_AR_PARABOL}}
+          echo "DOCKER_REPOSITORY_FOR_REF=${DOCKER_REPOSITORY_FOR_REF}" >> $GITHUB_ENV
+
+      - name: Set up Docker
+        uses: docker/setup-buildx-action@v3
+
+      - id: "auth"
+        name: "Authenticate to Google Cloud"
+        uses: "google-github-actions/auth@v1"
+        with:
+          token_format: "access_token"
+          workload_identity_provider: ${{ secrets.GCP_WI_PROVIDER_NAME }}
+          service_account: ${{ secrets.GCP_SA_EMAIL }}
+
+      - uses: "docker/login-action@v2"
+        with:
+          registry: ${{ secrets.GCP_DOCKER_REGISTRY }}
+          username: "oauth2accesstoken"
+          password: "${{ steps.auth.outputs.access_token }}"
+
+      - name: Pull Docker image from GCP
+        run: docker pull ${{ env.DOCKER_REPOSITORY_FOR_REF }}:v${{ github.event.inputs.version_number }}
+
+      - name: Create temporary container
+        run: |
+          docker create --name temp-container ${{ env.DOCKER_REPOSITORY_FOR_REF }}:v${{ github.event.inputs.version_number }}
+
+      - name: Copy files from container
+        run: |
+          docker cp temp-container:/home/node/parabol/dist ./dist
+          docker cp temp-container:/home/node/parabol/build ./build
+
+      - name: Zip the files
+        run: zip -r ${{ github.event.inputs.version_number }}.zip dist build
+
+      - name: Set up AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.IRONBANK_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.IRONBANK_AWS_SECRET_ACCESS_KEY }}
+          aws-region: "us-east-1"
+
+      - name: Upload to S3
+        run: |
+          aws s3 cp ${{ github.event.inputs.version_number }}.zip s3://ironbank-proving-ground-action-files.parabol.co/${{ github.event.inputs.version_number }}.zip
diff --git a/.github/workflows/migration-order.yml b/.github/workflows/migration-order.yml
@@ -0,0 +1,39 @@
+name: Migration Order
+on:
+  pull_request:
+    paths:
+      - packages/server/postgres/migrations/*.ts
+jobs:
+  migration-order:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout master
+        uses: actions/checkout@v3
+        with:
+          ref: master
+
+      - name: Get newest migration on master
+        run: |
+          MAX_OLD_MIGRATION=$(ls packages/server/postgres/migrations | tail -n 1)
+          echo MAX_OLD_MIGRATION=$MAX_OLD_MIGRATION >> $GITHUB_ENV
+
+      - name: Checkout PR
+        uses: actions/checkout@v3
+
+      - name: Get new migrations
+        id: new-migrations
+        uses: tj-actions/changed-files@v40
+        with:
+          files: packages/server/postgres/migrations/*.ts
+
+      - name: Check migration conflicts
+        run: |
+          for file in ${{ steps.new-migrations.outputs.added_files }}; do
+            FILE_NAME=$(basename $file)
+            if [[ "$FILE_NAME" < "${{ env.MAX_OLD_MIGRATION }}" ]]; then
+              echo "$FILE_NAME predates ${{ env.MAX_OLD_MIGRATION}}. Please rename it"
+              exit 1
+            else
+              echo "$FILE_NAME does not conflict with existing migrations on master"
+            fi
+          done
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -1,14 +1,22 @@
 on:
   push:
     branches:
-      - release
+      - master
+      - hotfix-*
 name: release-please
 jobs:
   release-please:
     runs-on: ubuntu-latest
     steps:
+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.RELEASE_BOT_APP_ID }}
+          private-key: ${{ secrets.RELEASE_BOT_PRIVATE_KEY }}
       - uses: google-github-actions/release-please-action@v3
         with:
           command: manifest
-          default-branch: release
+          default-branch: ${{ github.ref_name}}
           release-type: node
+          token: ${{ steps.generate_token.outputs.token }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,52 @@
+name: Release
+on:
+  pull_request:
+    branches:
+      - master
+      - hotfix-*
+    types: [closed]
+jobs:
+  release:
+    if: ${{ github.event.pull_request.merged == true && startsWith(github.head_ref, 'release-please--') }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: "read"
+      id-token: "write"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup environment variables
+        run: |
+          ACTION_VERSION=$(grep '"version":' package.json | cut -d\" -f4)
+          echo "ACTION_VERSION=${ACTION_VERSION}" >> $GITHUB_ENV
+
+      - id: "auth"
+        name: "Authenticate to Google Cloud"
+        uses: "google-github-actions/auth@v1"
+        with:
+          token_format: "access_token"
+          workload_identity_provider: ${{ secrets.GCP_WI_PROVIDER_NAME }}
+          service_account: ${{ secrets.GCP_SA_EMAIL }}
+      - name: "Set up Cloud SDK"
+        uses: "google-github-actions/setup-gcloud@v1"
+      - name: "Tag image with production version"
+        run: |-
+          gcloud container images add-tag -q \
+          ${{ secrets.GCP_AR_PARABOL_DEV }}:${{github.event.pull_request.head.sha}} \
+          ${{ secrets.GCP_AR_PARABOL }}:v${{ env.ACTION_VERSION }}
+      - name: Bump version in GitLab
+        run: |
+          curl  "https://gitlab.com/api/v4/projects/${{ vars.GITLAB_PROJECT_ID }}/repository/commits" \
+            --request POST \
+            --header 'PRIVATE-TOKEN: ${{ secrets.GITLAB_API_TOKEN }}' \
+            --form "branch=main" \
+            --form "commit_message=release v${{ env.ACTION_VERSION }}" \
+            --form "actions[][action]=update" \
+            --form "actions[][file_path]=version.yaml" \
+            --form "actions[][content]=
+          # Change it to use a valid docker tag, which are the same of the GitHub tags. Ex: v6.110.0
+          applicationVersion: &applicationVersion v${{ env.ACTION_VERSION }}
+
+          global:
+            image:
+              tag: *applicationVersion"