From 6ff91119334cea309677a915037d663a5e85d48e Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Wed, 20 Aug 2025 19:06:33 +0200 Subject: [PATCH 01/11] Set secrets scan into unit.yml to get results, and test logic --- .github/workflows/unit.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index 8409b80..f08e4de 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -6,6 +6,39 @@ on: pull_request: jobs: + secrets_scan: + name: Secrets scan + runs-on: squad-growth-ubuntu2204-x64-standard + permissions: write-all + timeout-minutes: 10 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Get the secrets from GSM + id: secrets_manager + uses: toptal/actions/gsm-secrets@v1.0.2 + with: + workload_identity_provider: projects/858873486241/locations/global/workloadIdentityPools/gha-pool/providers/github-com + service_account: gha-keycodes@toptal-ci.iam.gserviceaccount.com + secrets_name: |- + SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN + + - name: Parse secrets + id: parse_secrets + uses: toptal/actions/expose-json-outputs@v1.0.2 + with: + json: ${{ steps.secrets_manager.outputs.secrets }} + + - name: Secrets Scan + uses: toptal/actions/secret-scanning-action@main + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + full-scan: true + slack-channel: -marketing-tools-2-releases + slack-token: ${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }} + unit_tests: name: Unit tests runs-on: ubuntu-latest From 46d57c3599ec384f18b74a5ae263f6c1037b74ee Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Wed, 20 Aug 2025 19:16:30 +0200 Subject: [PATCH 02/11] Updated deprecated versions of actions/upload-artifact --- .github/workflows/coverage.yml | 2 +- .github/workflows/e2e.yml | 6 +++--- .github/workflows/unit.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 47acbc5..60c51d6 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -46,7 +46,7 @@ jobs: yarn nyc report --temp-dir test-coverage/temp --reporter html --report-dir test-coverage/coverage-report-all - name: Save combined coverage report - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: coverage-report-all path: test-coverage/coverage-report-all diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 4f47922..590f616 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -37,7 +37,7 @@ jobs: - name: Upload Playwright HTML report if: failure() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: playwright-e2e-tests-report path: reports/index.html @@ -45,14 +45,14 @@ jobs: - name: Upload Playwright failure screenshots if: failure() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: e2e-tests-failure-screenshots path: screenshots retention-days: 1 - name: Upload test coverage HTML report - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: e2e-coverage-report path: test-coverage/e2e diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index f08e4de..f946dd7 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -59,14 +59,14 @@ jobs: - name: Upload Jest HTML report if: failure() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: jest-unit-tests-report path: reports/jest-report-unit.html retention-days: 1 - name: Upload unit tests coverage report - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: jest-unit-coverage-report path: test-coverage/unit From 0daedc3137c0251bffafef9d518cfd03535cb785 Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Thu, 21 Aug 2025 16:28:43 +0200 Subject: [PATCH 03/11] Set small runner for secrets scan --- .github/workflows/secrets-scan.yml | 38 ++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/secrets-scan.yml diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml new file mode 100644 index 0000000..7f332a2 --- /dev/null +++ b/.github/workflows/secrets-scan.yml @@ -0,0 +1,38 @@ +name: Secrets Scan + +on: + workflow_call: + +jobs: + specs: + name: Secrets scan + runs-on: squad-growth-ubuntu2204-x64-xsmall + permissions: write-all + timeout-minutes: 10 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Get the secrets from GSM + id: secrets_manager + uses: toptal/actions/gsm-secrets@v1.0.2 + with: + workload_identity_provider: projects/858873486241/locations/global/workloadIdentityPools/gha-pool/providers/github-com + service_account: gha-keycodes@toptal-ci.iam.gserviceaccount.com + secrets_name: |- + SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN + + - name: Parse secrets + id: parse_secrets + uses: toptal/actions/expose-json-outputs@v1.0.2 + with: + json: ${{ steps.secrets_manager.outputs.secrets }} + + - name: Secrets Scan + uses: toptal/actions/secret-scanning-action@main + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + full-scan: true + slack-channel: -marketing-tools-2-releases + slack-token: ${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }} From 52f065517d9f9c682b5fe34eae8bc2c124ffa766 Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Thu, 21 Aug 2025 16:37:41 +0200 Subject: [PATCH 04/11] Debug-set small runer for secret scan --- .github/workflows/unit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index f946dd7..d781ca5 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -8,7 +8,7 @@ on: jobs: secrets_scan: name: Secrets scan - runs-on: squad-growth-ubuntu2204-x64-standard + runs-on: squad-growth-ubuntu2204-x64-xsmall permissions: write-all timeout-minutes: 10 steps: From 9033776c9b29ecc5f3c1eb63279422235e695866 Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Thu, 21 Aug 2025 16:42:15 +0200 Subject: [PATCH 05/11] Debug-commented out unit tests --- .github/workflows/unit.yml | 54 +++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index d781ca5..375bb89 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -39,35 +39,35 @@ jobs: slack-channel: -marketing-tools-2-releases slack-token: ${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }} - unit_tests: - name: Unit tests - runs-on: ubuntu-latest - timeout-minutes: 5 - steps: - - name: Cancel previous runs - uses: styfle/cancel-workflow-action@0.11.0 - with: - access_token: ${{ github.token }} + # unit_tests: + # name: Unit tests + # runs-on: ubuntu-latest + # timeout-minutes: 5 + # steps: + # - name: Cancel previous runs + # uses: styfle/cancel-workflow-action@0.11.0 + # with: + # access_token: ${{ github.token }} - - uses: actions/checkout@v3 + # - uses: actions/checkout@v3 - - name: Set up steps - uses: ./.github/actions/setup-steps + # - name: Set up steps + # uses: ./.github/actions/setup-steps - - name: Unit tests - run: yarn test:unit:coverage + # - name: Unit tests + # run: yarn test:unit:coverage - - name: Upload Jest HTML report - if: failure() - uses: actions/upload-artifact@v4 - with: - name: jest-unit-tests-report - path: reports/jest-report-unit.html - retention-days: 1 + # - name: Upload Jest HTML report + # if: failure() + # uses: actions/upload-artifact@v4 + # with: + # name: jest-unit-tests-report + # path: reports/jest-report-unit.html + # retention-days: 1 - - name: Upload unit tests coverage report - uses: actions/upload-artifact@v4 - with: - name: jest-unit-coverage-report - path: test-coverage/unit - retention-days: 1 + # - name: Upload unit tests coverage report + # uses: actions/upload-artifact@v4 + # with: + # name: jest-unit-coverage-report + # path: test-coverage/unit + # retention-days: 1 From 2734354f1e00b15bf6f8dd5ccac9813f124d3442 Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Fri, 22 Aug 2025 14:44:10 +0200 Subject: [PATCH 06/11] Set runner to be ubuntu-latest --- .github/workflows/secrets-scan.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml index 7f332a2..38bcbba 100644 --- a/.github/workflows/secrets-scan.yml +++ b/.github/workflows/secrets-scan.yml @@ -6,7 +6,7 @@ on: jobs: specs: name: Secrets scan - runs-on: squad-growth-ubuntu2204-x64-xsmall + runs-on: ubuntu-latest permissions: write-all timeout-minutes: 10 steps: @@ -36,3 +36,4 @@ jobs: full-scan: true slack-channel: -marketing-tools-2-releases slack-token: ${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }} + From 873507bda950de896ec1600c883d549955812ef5 Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Fri, 22 Aug 2025 14:51:26 +0200 Subject: [PATCH 07/11] Set runner to be ubuntu-latest --- .github/workflows/unit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index 375bb89..cedf1c2 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -8,7 +8,7 @@ on: jobs: secrets_scan: name: Secrets scan - runs-on: squad-growth-ubuntu2204-x64-xsmall + runs-on: ubuntu-latest permissions: write-all timeout-minutes: 10 steps: From 7768039f73cb304081cf8ba5ea2f8bf03e78e8cf Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Sat, 23 Aug 2025 01:39:55 +0200 Subject: [PATCH 08/11] Updated actions/checkout version --- .github/workflows/coverage.yml | 2 +- .github/workflows/e2e.yml | 2 +- .github/workflows/lint-typescript.yml | 2 +- .github/workflows/unit.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 60c51d6..eedeb58 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up steps uses: ./.github/actions/setup-steps diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 590f616..d84af33 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -19,7 +19,7 @@ jobs: with: access_token: ${{ github.token }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up steps uses: ./.github/actions/setup-steps diff --git a/.github/workflows/lint-typescript.yml b/.github/workflows/lint-typescript.yml index f7cfdf4..fa25dca 100644 --- a/.github/workflows/lint-typescript.yml +++ b/.github/workflows/lint-typescript.yml @@ -16,7 +16,7 @@ jobs: with: access_token: ${{ github.token }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up steps uses: ./.github/actions/setup-steps diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index cedf1c2..c68dda5 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -8,7 +8,7 @@ on: jobs: secrets_scan: name: Secrets scan - runs-on: ubuntu-latest + runs-on: squad-growth-ubuntu2204-x64-standard permissions: write-all timeout-minutes: 10 steps: From 562d4f65fffa82b85ac94a4b0cb4b803e109514e Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Mon, 8 Sep 2025 14:23:38 +0200 Subject: [PATCH 09/11] Centralize workflows in ci.yml, fix runner config --- .github/workflows/ci.yml | 104 ++++++++++++++++++++++++++ .github/workflows/e2e.yml | 2 +- .github/workflows/lint-typescript.yml | 2 +- .github/workflows/secrets-scan.yml | 2 +- .github/workflows/unit.yml | 85 +++++++-------------- 5 files changed, 133 insertions(+), 62 deletions(-) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..2712b06 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,104 @@ +name: CI + +on: + push: + branches: [master] + pull_request: + +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + lint_typescript: + name: Lint and Typescript checks + uses: ./.github/workflows/lint-typescript.yml + secrets: inherit + + unit_tests: + name: Unit tests + uses: ./.github/workflows/unit.yml + secrets: inherit + + e2e_tests: + name: End-to-end tests + uses: ./.github/workflows/e2e.yml + secrets: inherit + + secrets_scan: + name: Secrets scan + uses: ./.github/workflows/secrets-scan.yml + secrets: inherit + + notify_slack_success: + name: Notify success status to Slack + runs-on: ubuntu-latest + if: success() && github.ref == 'refs/heads/master' && github.event_name == 'push' + needs: [lint_typescript, unit_tests, e2e_tests, secrets_scan] + permissions: + actions: read + contents: read + id-token: write + steps: + - name: GSM Secrets + id: secrets_manager + uses: toptal/actions/gsm-secrets@main + with: + workload_identity_provider: projects/858873486241/locations/global/workloadIdentityPools/gha-pool/providers/github-com + service_account: gha-keycodes@toptal-ci.iam.gserviceaccount.com + secrets_name: |- + SLACK_MARKETING_TOOLS_2_RELEASES_WEBHOOK:toptal-ci/SLACK_MARKETING_TOOLS_2_RELEASES_WEBHOOK + SLACK_TEST_PUB_BOT_WEBHOOK:toptal-ci/SLACK_TEST_PUB_BOT_WEBHOOK + + - name: Parse secrets + id: parse_secrets + uses: toptal/actions/expose-json-outputs@main + with: + json: ${{ steps.secrets_manager.outputs.secrets }} + + - uses: toptal/slack-workflow-status@master + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + slack_webhook_url: ${{ steps.parse_secrets.outputs.SLACK_MARKETING_TOOLS_2_RELEASES_WEBHOOK }} + name: gha-bot + icon_url: https://avatars.slack-edge.com/2021-05-17/2068859221653_526c61e414df90dd67f7_192.png + include_jobs: on-failure + display_only_failed: true + include_commit_message: true + + notify_slack_failure: + name: Notify failure status to Slack + runs-on: ubuntu-latest + if: (failure() || cancelled()) && github.ref == 'refs/heads/master' && github.event_name == 'push' + needs: [lint_typescript, unit_tests, e2e_tests, secrets_scan] + permissions: + actions: read + contents: read + id-token: write + steps: + - name: GSM Secrets + id: secrets_manager + uses: toptal/actions/gsm-secrets@main + with: + workload_identity_provider: projects/858873486241/locations/global/workloadIdentityPools/gha-pool/providers/github-com + service_account: gha-keycodes@toptal-ci.iam.gserviceaccount.com + secrets_name: |- + SLACK_MARKETING_TOOLS_2_BULLHORN_WEBHOOK:toptal-ci/SLACK_MARKETING_TOOLS_2_BULLHORN_WEBHOOK + SLACK_TEST_PUB_BOT_WEBHOOK:toptal-ci/SLACK_TEST_PUB_BOT_WEBHOOK + + - name: Parse secrets + id: parse_secrets + uses: toptal/actions/expose-json-outputs@main + with: + json: ${{ steps.secrets_manager.outputs.secrets }} + + - uses: toptal/slack-workflow-status@master + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + slack_webhook_url: ${{ steps.parse_secrets.outputs.SLACK_MARKETING_TOOLS_2_BULLHORN_WEBHOOK }} + name: gha-bot + icon_url: https://avatars.slack-edge.com/2021-05-17/2068859221653_526c61e414df90dd67f7_192.png + include_jobs: on-failure + display_only_failed: true + include_commit_message: true + diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index d84af33..0c2be08 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -3,7 +3,7 @@ name: End-to-end tests on: push: branches: [main] - pull_request: + workflow_call: jobs: e2e_tests: diff --git a/.github/workflows/lint-typescript.yml b/.github/workflows/lint-typescript.yml index fa25dca..d44dde4 100644 --- a/.github/workflows/lint-typescript.yml +++ b/.github/workflows/lint-typescript.yml @@ -3,7 +3,7 @@ name: Lint and Typescript on: push: branches: [main] - pull_request: + workflow_call: jobs: lint_typescript: diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml index 38bcbba..8a16b7e 100644 --- a/.github/workflows/secrets-scan.yml +++ b/.github/workflows/secrets-scan.yml @@ -6,7 +6,7 @@ on: jobs: specs: name: Secrets scan - runs-on: ubuntu-latest + runs-on: squad-growth-ubuntu2204-x64-xsmall permissions: write-all timeout-minutes: 10 steps: diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index c68dda5..f02b9b7 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -3,71 +3,38 @@ name: Unit tests on: push: branches: [main] - pull_request: + workflow_call: jobs: - secrets_scan: - name: Secrets scan - runs-on: squad-growth-ubuntu2204-x64-standard - permissions: write-all - timeout-minutes: 10 + unit_tests: + name: Unit tests + runs-on: ubuntu-latest + timeout-minutes: 5 steps: - - uses: actions/checkout@v4 + - name: Cancel previous runs + uses: styfle/cancel-workflow-action@0.11.0 with: - fetch-depth: 0 + access_token: ${{ github.token }} - - name: Get the secrets from GSM - id: secrets_manager - uses: toptal/actions/gsm-secrets@v1.0.2 - with: - workload_identity_provider: projects/858873486241/locations/global/workloadIdentityPools/gha-pool/providers/github-com - service_account: gha-keycodes@toptal-ci.iam.gserviceaccount.com - secrets_name: |- - SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN - - - name: Parse secrets - id: parse_secrets - uses: toptal/actions/expose-json-outputs@v1.0.2 - with: - json: ${{ steps.secrets_manager.outputs.secrets }} - - - name: Secrets Scan - uses: toptal/actions/secret-scanning-action@main - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - full-scan: true - slack-channel: -marketing-tools-2-releases - slack-token: ${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }} + - uses: actions/checkout@v3 - # unit_tests: - # name: Unit tests - # runs-on: ubuntu-latest - # timeout-minutes: 5 - # steps: - # - name: Cancel previous runs - # uses: styfle/cancel-workflow-action@0.11.0 - # with: - # access_token: ${{ github.token }} + - name: Set up steps + uses: ./.github/actions/setup-steps - # - uses: actions/checkout@v3 + - name: Unit tests + run: yarn test:unit:coverage - # - name: Set up steps - # uses: ./.github/actions/setup-steps - - # - name: Unit tests - # run: yarn test:unit:coverage - - # - name: Upload Jest HTML report - # if: failure() - # uses: actions/upload-artifact@v4 - # with: - # name: jest-unit-tests-report - # path: reports/jest-report-unit.html - # retention-days: 1 + - name: Upload Jest HTML report + if: failure() + uses: actions/upload-artifact@v4 + with: + name: jest-unit-tests-report + path: reports/jest-report-unit.html + retention-days: 1 - # - name: Upload unit tests coverage report - # uses: actions/upload-artifact@v4 - # with: - # name: jest-unit-coverage-report - # path: test-coverage/unit - # retention-days: 1 + - name: Upload unit tests coverage report + uses: actions/upload-artifact@v4 + with: + name: jest-unit-coverage-report + path: test-coverage/unit + retention-days: 1 From 277f4a759a9c3c89f86c907951c50a499a9b387f Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Mon, 8 Sep 2025 14:58:58 +0200 Subject: [PATCH 10/11] Change secret scan runner to ubuntu-latest --- .github/workflows/secrets-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml index 8a16b7e..38bcbba 100644 --- a/.github/workflows/secrets-scan.yml +++ b/.github/workflows/secrets-scan.yml @@ -6,7 +6,7 @@ on: jobs: specs: name: Secrets scan - runs-on: squad-growth-ubuntu2204-x64-xsmall + runs-on: ubuntu-latest permissions: write-all timeout-minutes: 10 steps: From bf06a2583aed3134636c5364cfe17bbb55aeb4d8 Mon Sep 17 00:00:00 2001 From: KartalJelena Date: Mon, 8 Sep 2025 15:02:08 +0200 Subject: [PATCH 11/11] Use standard runner for secret scan --- .github/workflows/secrets-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml index 38bcbba..b42f5b0 100644 --- a/.github/workflows/secrets-scan.yml +++ b/.github/workflows/secrets-scan.yml @@ -6,7 +6,7 @@ on: jobs: specs: name: Secrets scan - runs-on: ubuntu-latest + runs-on: squad-growth-ubuntu2204-x64-standard permissions: write-all timeout-minutes: 10 steps: