mirror of
https://git.tuxpa.in/a/code-server.git
synced 2024-12-27 12:45:25 +00:00
705e821741
* fix(testing): revert change & fix playwright tests * fix(constants): add type to import statement * refactor(e2e): delete browser test This test was originally added to ensure playwright was working. At this point, we know it works so removing this test because it doesn't help with anything specific to code-server and only adds unnecessary code to the codebase plus increases the e2e test job duration. * chore(e2e): use 1 worker for e2e test I don't know if it's a resources issue, playwright, or code-server but it seems like the e2e tests choke when multiple workers are used. This change is okay because our CI runner only has 2 cores so it would only use 1 worker anyway, but by specifying it in our playwright config, we ensure more stability in our e2e tests working correctly. See these PRs: - https://github.com/cdr/code-server/pull/3263 - https://github.com/cdr/code-server/pull/4310 * revert(vscode): add missing route with redirect * chore(vscode): update to latest fork * Touch up compilation step. * Bump vendor. * Fix VS Code minification step * Move ClientConfiguration to common Common code must not import Node code as it is imported by the browser. * Ensure lib directory exists before curling cURL errors now because VS Code was moved and the directory does not exist. * Update incorrect e2e test help output Revert workers change as well; this can be overridden when desired. * Add back extension compilation step * Include missing resources in release This includes a favicon, for example. I opted to include the entire directory to make sure we do not miss anything. Some of the other stuff looks potentially useful (like completions). * Set quality property in product configuration When httpWebWorkerExtensionHostIframe.html is fetched it uses the web endpoint template (in which we do not include the commit) but if the quality is not set it prepends the commit to the web endpoint instead. The new static endpoint does not use/handle commits so this 404s. Long-term we might want to make the new static endpoint use commits like the old one but we will also need to update the various other static URLs to include the commit. For now I just fixed this by adding the quality since: 1. Probably faster than trying to find and update all static uses. 2. VS Code probably expects it anyway. 3. Gives us better control over the endpoint. * Update VS Code This fixes several build issues. * Bump vscode. * Bump. * Bump. * Use CLI directly. * Update tests to reflect new upstream behavior. * Move unit tests to after the build Our code has new dependencies on VS Code that are pulled in when the unit tests run. Because of this we need to build VS Code before running the unit tests (as it only pulls built code). * Upgrade proxy-agent dependencies This resolves a security report with one of its dependencies (vm2). * Symlink VS Code output directory before unit tests This is necessary now that we import from the out directory. * Fix issues surrounding persistent processes between tests. * Update VS Code cache directories These were renamed so the cached paths need to be updated. I changed the key as well to force a rebuild. * Move test symlink to script This way it works for local testing as well. I had to use out-build instead of out-vscode-server-min because Jest throws some obscure error about a handlebars haste map. * Fix listening on a socket * Update VS Code It contains fixes for missing files in the build. * Standardize disposals * Dispose HTTP server Shares code with the test HTTP server. For now it is a function but maybe we should make it a class that is extended by tests. * Dispose app on exit * Fix logging link errors Unfortunately the logger currently chokes when provided with error objects. Also for some reason the bracketed text was not displaying... * Update regex used by e2e to extract address The address was recently changed to use URL which seems to add a trailing slash when using toString, causing the regex match to fail. * Log browser console in e2e tests * Add base back to login page This is used to set cookies when using a base path. * Remove login page test The file this was testing no longer exists. * Use path.posix for static base Since this is a web path and not platform-dependent. * Add test for invalid password Co-authored-by: Teffen Ellis <teffen@nirri.us> Co-authored-by: Asher <ash@coder.com>
447 lines
14 KiB
YAML
447 lines
14 KiB
YAML
name: Build
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
|
|
# Note: if: success() is used in several jobs -
|
|
# this ensures that it only executes if all previous jobs succeeded.
|
|
|
|
# if: steps.cache-yarn.outputs.cache-hit != 'true'
|
|
# will skip running `yarn install` if it successfully fetched from cache
|
|
|
|
jobs:
|
|
prebuild:
|
|
name: Pre-build checks
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Install helm
|
|
uses: azure/setup-helm@v1.1
|
|
|
|
- name: Fetch dependencies from cache
|
|
id: cache-yarn
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: "**/node_modules"
|
|
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
|
|
restore-keys: |
|
|
yarn-build-
|
|
|
|
- name: Install dependencies
|
|
# if: steps.cache-yarn.outputs.cache-hit != 'true'
|
|
run: yarn --frozen-lockfile
|
|
|
|
- name: Run yarn fmt
|
|
run: yarn fmt
|
|
if: success()
|
|
|
|
- name: Run yarn lint
|
|
run: yarn lint
|
|
if: success()
|
|
|
|
audit-ci:
|
|
name: Run audit-ci
|
|
needs: prebuild
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 5
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Fetch dependencies from cache
|
|
id: cache-yarn
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: "**/node_modules"
|
|
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
|
|
restore-keys: |
|
|
yarn-build-
|
|
|
|
- name: Install dependencies
|
|
if: steps.cache-yarn.outputs.cache-hit != 'true'
|
|
run: yarn --frozen-lockfile
|
|
|
|
- name: Audit for vulnerabilities
|
|
run: yarn _audit
|
|
if: success()
|
|
|
|
build:
|
|
name: Build
|
|
needs: prebuild
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
env:
|
|
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
# TODO@Teffen investigate why this omits code-oss-dev/node_modules
|
|
# - name: Fetch dependencies from cache
|
|
# id: cache-yarn
|
|
# uses: actions/cache@v2
|
|
# with:
|
|
# path: |
|
|
# "**/node_modules"
|
|
# "**/vendor/modules"
|
|
# "**/vendor/modules/code-oss-dev/node_modules"
|
|
# key: yarn-build-${{ hashFiles('**/yarn.lock') }}-${{ hashFiles('**/vendor/yarn.lock') }}
|
|
# restore-keys: |
|
|
# yarn-build-
|
|
|
|
- name: Install dependencies
|
|
# if: steps.cache-yarn.outputs.cache-hit != 'true'
|
|
run: yarn --frozen-lockfile
|
|
|
|
- name: Build code-server
|
|
run: yarn build
|
|
|
|
# Parse the hash of the latest commit inside vendor/modules/code-oss-dev
|
|
# use this to avoid rebuilding it if nothing changed
|
|
# How it works: the `git log` command fetches the hash of the last commit
|
|
# that changed a file inside `vendor/modules/code-oss-dev`. If a commit changes any file in there,
|
|
# the hash returned will change, and we rebuild vscode. If the hash did not change,
|
|
# (for example, a change to `src/` or `docs/`), we reuse the same build as last time.
|
|
# This saves a lot of time in CI, as compiling VSCode can take anywhere from 5-10 minutes.
|
|
- name: Get latest vendor/modules/code-oss-dev rev
|
|
id: vscode-rev
|
|
run: echo "::set-output name=rev::$(jq -r '.devDependencies["code-oss-dev"]' vendor/package.json | sed -r 's|.*#(.*)$|\1|')"
|
|
|
|
- name: Attempt to fetch vscode build from cache
|
|
id: cache-vscode
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: |
|
|
vendor/modules/code-oss-dev/.build
|
|
vendor/modules/code-oss-dev/out-build
|
|
vendor/modules/code-oss-dev/out-vscode-server
|
|
vendor/modules/code-oss-dev/out-vscode-server-min
|
|
key: vscode-server-build-${{ steps.vscode-rev.outputs.rev }}
|
|
|
|
- name: Build vscode
|
|
if: steps.cache-vscode.outputs.cache-hit != 'true'
|
|
run: yarn build:vscode
|
|
|
|
# Our code imports code from VS Code's `out` directory meaning VS Code
|
|
# must be built before running these tests.
|
|
# TODO: Move to its own step?
|
|
- name: Run code-server unit tests
|
|
run: yarn test:unit
|
|
if: success()
|
|
|
|
- name: Upload coverage report to Codecov
|
|
run: yarn coverage
|
|
if: success()
|
|
|
|
# The release package does not contain any native modules
|
|
# and is neutral to architecture/os/libc version.
|
|
- name: Create release package
|
|
run: yarn release
|
|
if: success()
|
|
|
|
# https://github.com/actions/upload-artifact/issues/38
|
|
- name: Compress release package
|
|
run: tar -czf package.tar.gz release
|
|
|
|
- name: Upload npm package artifact
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: npm-package
|
|
path: ./package.tar.gz
|
|
|
|
# TODO: cache building yarn --production
|
|
# possibly 2m30s of savings(?)
|
|
# this requires refactoring our release scripts
|
|
package-linux-amd64:
|
|
name: x86-64 Linux build
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
container: "centos:7"
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Install development tools
|
|
run: |
|
|
yum install -y epel-release centos-release-scl
|
|
yum install -y devtoolset-9-{make,gcc,gcc-c++} jq rsync
|
|
|
|
- name: Install nfpm and envsubst
|
|
run: |
|
|
curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
|
|
curl -L https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
|
|
chmod +x envsubst
|
|
mv envsubst ~/.local/bin
|
|
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
|
|
- name: Install yarn
|
|
run: npm install -g yarn
|
|
|
|
- name: Download npm package
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: npm-package
|
|
|
|
- name: Decompress npm package
|
|
run: tar -xzf package.tar.gz
|
|
|
|
# NOTE: && here is deliberate - GitHub puts each line in its own `.sh`
|
|
# file when running inside a docker container.
|
|
- name: Build standalone release
|
|
run: source scl_source enable devtoolset-9 && yarn release:standalone
|
|
|
|
- name: Sanity test standalone release
|
|
run: yarn test:standalone-release
|
|
|
|
- name: Build packages with nfpm
|
|
run: yarn package
|
|
|
|
- name: Upload release artifacts
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: release-packages
|
|
path: ./release-packages
|
|
|
|
# NOTE@oxy:
|
|
# We use Ubuntu 16.04 here, so that our build is more compatible
|
|
# with older libc versions. We used to (Q1'20) use CentOS 7 here,
|
|
# but it has a full update EOL of Q4'20 and a 'critical security'
|
|
# update EOL of 2024. We're dropping full support a few years before
|
|
# the final EOL, but I don't believe CentOS 7 has a large arm64 userbase.
|
|
# It is not feasible to cross-compile with CentOS.
|
|
|
|
# Cross-compile notes: To compile native dependencies for arm64,
|
|
# we install the aarch64/armv7l cross toolchain and then set it as the default
|
|
# compiler/linker/etc. with the AR/CC/CXX/LINK environment variables.
|
|
# qemu-user-static on ubuntu-16.04 currently doesn't run Node correctly,
|
|
# so we just build with "native"/x86_64 node, then download arm64/armv7l node
|
|
# and then put it in our release. We can't smoke test the cross build this way,
|
|
# but this means we don't need to maintain a self-hosted runner!
|
|
|
|
# NOTE@jsjoeio:
|
|
# We used to use 16.04 until GitHub deprecated it on September 20, 2021
|
|
# See here: https://github.com/actions/virtual-environments/pull/3862/files
|
|
package-linux-cross:
|
|
name: Linux cross-compile builds
|
|
needs: build
|
|
runs-on: ubuntu-18.04
|
|
timeout-minutes: 15
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- prefix: aarch64-linux-gnu
|
|
arch: arm64
|
|
- prefix: arm-linux-gnueabihf
|
|
arch: armv7l
|
|
|
|
env:
|
|
AR: ${{ format('{0}-ar', matrix.prefix) }}
|
|
CC: ${{ format('{0}-gcc', matrix.prefix) }}
|
|
CXX: ${{ format('{0}-g++', matrix.prefix) }}
|
|
LINK: ${{ format('{0}-g++', matrix.prefix) }}
|
|
NPM_CONFIG_ARCH: ${{ matrix.arch }}
|
|
NODE_VERSION: v14.17.4
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Install nfpm
|
|
run: |
|
|
curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
|
|
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
|
|
- name: Install cross-compiler
|
|
run: sudo apt install $PACKAGE
|
|
env:
|
|
PACKAGE: ${{ format('g++-{0}', matrix.prefix) }}
|
|
|
|
- name: Download npm package
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: npm-package
|
|
|
|
- name: Decompress npm package
|
|
run: tar -xzf package.tar.gz
|
|
|
|
- name: Build standalone release
|
|
run: yarn release:standalone
|
|
|
|
- name: Replace node with cross-compile equivalent
|
|
run: |
|
|
wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz
|
|
tar -xf node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}/bin/node --strip-components=2
|
|
mv ./node ./release-standalone/lib/node
|
|
|
|
- name: Build packages with nfpm
|
|
run: yarn package ${NPM_CONFIG_ARCH}
|
|
|
|
- name: Upload release artifacts
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: release-packages
|
|
path: ./release-packages
|
|
|
|
package-macos-amd64:
|
|
name: x86-64 macOS build
|
|
needs: build
|
|
runs-on: macos-latest
|
|
timeout-minutes: 15
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Install nfpm
|
|
run: |
|
|
curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
|
|
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
|
|
- name: Download npm package
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: npm-package
|
|
|
|
- name: Decompress npm package
|
|
run: tar -xzf package.tar.gz
|
|
|
|
- name: Build standalone release
|
|
run: yarn release:standalone
|
|
|
|
- name: Sanity test standalone release
|
|
run: yarn test:standalone-release
|
|
|
|
- name: Build packages with nfpm
|
|
run: yarn package
|
|
|
|
- name: Upload release artifacts
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: release-packages
|
|
path: ./release-packages
|
|
|
|
test-e2e:
|
|
name: End-to-end tests
|
|
needs: package-linux-amd64
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
env:
|
|
# Since we build code-server we might as well run tests from the release
|
|
# since VS Code will load faster due to the bundling.
|
|
CODE_SERVER_TEST_ENTRY: "./release-packages/code-server-linux-amd64"
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Install playwright OS dependencies
|
|
run: npx playwright install-deps
|
|
|
|
- name: Fetch dependencies from cache
|
|
id: cache-yarn
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: "**/node_modules"
|
|
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
|
|
restore-keys: |
|
|
yarn-build-
|
|
|
|
- name: Download release packages
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: release-packages
|
|
path: ./release-packages
|
|
|
|
- name: Untar code-server release
|
|
run: |
|
|
cd release-packages
|
|
tar -xzf code-server*-linux-amd64.tar.gz
|
|
mv code-server*-linux-amd64 code-server-linux-amd64
|
|
|
|
- name: Install dependencies
|
|
if: steps.cache-yarn.outputs.cache-hit != 'true'
|
|
run: yarn --frozen-lockfile
|
|
|
|
# HACK: this shouldn't need to exist, but put it here anyway
|
|
# in an attempt to solve Playwright cache failures.
|
|
- name: Reinstall playwright
|
|
if: steps.cache-yarn.outputs.cache-hit == 'true'
|
|
run: |
|
|
cd test/
|
|
rm -r node_modules/playwright
|
|
yarn install --check-files
|
|
|
|
- name: Run end-to-end tests
|
|
run: yarn test:e2e
|
|
|
|
- name: Upload test artifacts
|
|
if: always()
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: failed-test-videos
|
|
path: ./test/test-results
|
|
|
|
- name: Remove release packages and test artifacts
|
|
run: rm -rf ./release-packages ./test/test-results
|
|
|
|
trivy-scan-repo:
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v2
|
|
- name: Run Trivy vulnerability scanner in repo mode
|
|
#Commit SHA for v0.0.17
|
|
uses: aquasecurity/trivy-action@8eccb5539730451af599c84f444c6d6cf0fc2bb0
|
|
with:
|
|
scan-type: "fs"
|
|
scan-ref: "."
|
|
ignore-unfixed: true
|
|
format: "template"
|
|
template: "@/contrib/sarif.tpl"
|
|
output: "trivy-repo-results.sarif"
|
|
severity: "HIGH,CRITICAL"
|
|
- name: Upload Trivy scan results to GitHub Security tab
|
|
uses: github/codeql-action/upload-sarif@v1
|
|
with:
|
|
sarif_file: "trivy-repo-results.sarif"
|