Skip to content

[FIX] Security imported fixes #35983

[FIX] Security imported fixes

[FIX] Security imported fixes #35983

name: Build and Test
on:
release:
types: [published]
pull_request:
branches: '**'
push:
branches:
- develop
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
CI: true
MONGO_URL: mongodb://localhost:27017/rocketchat?replicaSet=rs0&directConnection=true
MONGO_OPLOG_URL: mongodb://mongodb:27017/local?replicaSet=rs0&directConnection=true
TOOL_NODE_FLAGS: --max_old_space_size=4096
TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
jobs:
release-versions:
runs-on: ubuntu-latest
outputs:
release: ${{ steps.by-tag.outputs.release }}
latest-release: ${{ steps.latest.outputs.latest-release }}
docker-tag: ${{ steps.docker.outputs.docker-tag }}
gh-docker-tag: ${{ steps.docker.outputs.gh-docker-tag }}
steps:
- id: by-tag
run: |
if echo "$GITHUB_REF_NAME" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+$' ; then
RELEASE="latest"
elif echo "$GITHUB_REF_NAME" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$' ; then
RELEASE="release-candidate"
fi
echo "RELEASE: ${RELEASE}"
echo "::set-output name=release::${RELEASE}"
- id: latest
run: |
LATEST_RELEASE="$(
git -c 'versionsort.suffix=-' ls-remote -t --exit-code --refs --sort=-v:refname "https://github.com/$GITHUB_REPOSITORY" '*' |
awk -F/ '$NF !~ /rc|beta/ { print $NF; exit }'
)"
echo "LATEST_RELEASE: ${LATEST_RELEASE}"
echo "::set-output name=latest-release::${LATEST_RELEASE}"
- id: docker
run: |
if [[ '${{ github.event_name }}' == 'pull_request' ]]; then
DOCKER_TAG="pr-${{ github.event.number }}"
else
DOCKER_TAG="gh-${{ github.run_id }}"
fi
echo "DOCKER_TAG: ${DOCKER_TAG}"
echo "::set-output name=gh-docker-tag::${DOCKER_TAG}"
build:
runs-on: ubuntu-20.04
steps:
- name: Github Info
run: |
echo "GITHUB_ACTION: $GITHUB_ACTION"
echo "GITHUB_ACTOR: $GITHUB_ACTOR"
echo "GITHUB_REF: $GITHUB_REF"
echo "GITHUB_HEAD_REF: $GITHUB_HEAD_REF"
echo "GITHUB_BASE_REF: $GITHUB_BASE_REF"
echo "github.event_name: ${{ github.event_name }}"
cat $GITHUB_EVENT_PATH
- name: Set Swap Space
uses: pierotofy/set-swap-space@master
with:
swap-size-gb: 4
- uses: actions/checkout@v3
- name: Use Node.js 14.19.3
uses: actions/setup-node@v3
with:
node-version: '14.19.3'
cache: 'yarn'
- name: Free disk space
run: |
sudo apt clean
docker rmi $(docker image ls -aq)
df -h
- name: Cache meteor local
uses: actions/cache@v3
with:
path: ./apps/meteor/.meteor/local
key: meteor-local-cache-${{ runner.OS }}-${{ hashFiles('apps/meteor/.meteor/versions') }}
restore-keys: |
meteor-local-cache-${{ runner.os }}-
- name: Cache meteor
uses: actions/cache@v3
with:
path: ~/.meteor
key: meteor-cache-${{ runner.OS }}-${{ hashFiles('apps/meteor/.meteor/release') }}
restore-keys: |
meteor-cache-${{ runner.os }}-
- name: Install Meteor
run: |
# Restore bin from cache
set +e
METEOR_SYMLINK_TARGET=$(readlink ~/.meteor/meteor)
METEOR_TOOL_DIRECTORY=$(dirname "$METEOR_SYMLINK_TARGET")
set -e
LAUNCHER=$HOME/.meteor/$METEOR_TOOL_DIRECTORY/scripts/admin/launch-meteor
if [ -e $LAUNCHER ]
then
echo "Cached Meteor bin found, restoring it"
sudo cp "$LAUNCHER" "/usr/local/bin/meteor"
else
echo "No cached Meteor bin found."
fi
# only install meteor if bin isn't found
command -v meteor >/dev/null 2>&1 || curl https://install.meteor.com | sed s/--progress-bar/-sL/g | /bin/sh
- name: Versions
run: |
npm --versions
yarn -v
node -v
meteor --version
meteor npm --versions
meteor node -v
git version
- name: yarn install
run: yarn
- name: TurboRepo local server
uses: felixmosh/turborepo-gh-artifacts@v2
if: "${{ env.TURBO_TEAM != '' }}"
with:
repo-token: ${{ secrets.RC_TURBO_GH_TOKEN }}
server-token: ${{ secrets.TURBO_SERVER_TOKEN }}
- name: Lint
run: yarn lint --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team='rc'
- name: Translation check
run: yarn turbo run translation-check --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team='rc'
- name: TS typecheck
run: yarn turbo run typecheck --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team='rc'
- name: Reset Meteor
if: startsWith(github.ref, 'refs/tags/') == 'true' || github.ref == 'refs/heads/develop'
working-directory: ./apps/meteor
run: meteor reset
- name: Build Rocket.Chat From Pull Request
if: startsWith(github.ref, 'refs/pull/') == true
env:
METEOR_PROFILE: 1000
run: yarn build:ci --api="http://127.0.0.1:9080" -- --debug --directory dist
- name: Build Rocket.Chat
if: startsWith(github.ref, 'refs/pull/') != true
run: yarn build:ci --api="http://127.0.0.1:9080" -- --directory dist
- name: Prepare build
run: |
cd apps/meteor/dist
tar czf /tmp/Rocket.Chat.tar.gz bundle
- name: Store build
uses: actions/upload-artifact@v3
with:
name: build
path: /tmp/Rocket.Chat.tar.gz
build-docker-preview:
runs-on: ubuntu-20.04
needs: [build, release-versions]
if: github.event_name == 'release' || github.ref == 'refs/heads/develop'
steps:
- uses: actions/checkout@v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: Restore build
uses: actions/download-artifact@v2
with:
name: build
path: /tmp/build
- name: Unpack build
run: |
cd /tmp/build
tar xzf Rocket.Chat.tar.gz
rm Rocket.Chat.tar.gz
- name: Build Docker image
id: build-docker-image-preview
uses: ./.github/actions/build-docker-image
with:
root-dir: /tmp/build
docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }}
release: preview
username: ${{ secrets.CR_USER }}
password: ${{ secrets.CR_PAT }}
test:
runs-on: ubuntu-20.04
needs: [build, release-versions]
strategy:
matrix:
node-version: ['14.19.3']
mongodb-version: ['4.2', '4.4', '5.0']
steps:
- name: Launch MongoDB
uses: supercharge/mongodb-github-action@1.7.0
with:
mongodb-version: ${{ matrix.mongodb-version }}
mongodb-replica-set: rs0
- name: Docker env vars
id: docker-env
run: |
LOWERCASE_REPOSITORY=$(echo "${{ github.repository_owner }}" | tr "[:upper:]" "[:lower:]")
echo "LOWERCASE_REPOSITORY: ${LOWERCASE_REPOSITORY}"
echo "::set-output name=lowercase-repo::${LOWERCASE_REPOSITORY}"
# test alpine image on mongo 5.0 (no special reason to be mongo 5.0 but we need to test alpine at least once)
if [[ '${{ matrix.mongodb-version }}' = '5.0' ]]; then
RC_DOCKERFILE="${{ github.workspace }}/apps/meteor/.docker/Dockerfile.alpine"
RC_DOCKER_TAG="${{ needs.release-versions.outputs.gh-docker-tag }}.alpine"
else
RC_DOCKERFILE="${{ github.workspace }}/apps/meteor/.docker/Dockerfile"
RC_DOCKER_TAG="${{ needs.release-versions.outputs.gh-docker-tag }}.official"
fi;
echo "RC_DOCKERFILE: ${RC_DOCKERFILE}"
echo "::set-output name=rc-dockerfile::${RC_DOCKERFILE}"
echo "RC_DOCKER_TAG: ${RC_DOCKER_TAG}"
echo "::set-output name=rc-docker-tag::${RC_DOCKER_TAG}"
- uses: actions/checkout@v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: yarn install
run: yarn
- name: TurboRepo local server
uses: felixmosh/turborepo-gh-artifacts@v2
if: "${{ env.TURBO_TEAM != '' }}"
with:
repo-token: ${{ secrets.RC_TURBO_GH_TOKEN }}
server-token: ${{ secrets.TURBO_SERVER_TOKEN }}
- name: Unit Test
run: yarn testunit --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team='rc'
- name: Restore build
uses: actions/download-artifact@v2
with:
name: build
path: /tmp/build
- name: Unpack build
run: |
cd /tmp/build
tar xzf Rocket.Chat.tar.gz
rm Rocket.Chat.tar.gz
- name: Start containers
env:
MONGO_URL: 'mongodb://host.docker.internal:27017/rocketchat?replicaSet=rs0&directConnection=true'
MONGO_OPLOG_URL: 'mongodb://mongodb:27017/local?replicaSet=rs0&directConnection=true'
LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }}
RC_DOCKERFILE: ${{ steps.docker-env.outputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ steps.docker-env.outputs.rc-docker-tag }}
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
run: |
docker compose -f docker-compose-ci.yml up -d --build rocketchat
- name: Login to GitHub Container Registry
if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'release' || github.ref == 'refs/heads/develop'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.CR_USER }}
password: ${{ secrets.CR_PAT }}
- name: Publish Docker images to GitHub Container Registry
env:
LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }}
RC_DOCKERFILE: ${{ steps.docker-env.outputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ steps.docker-env.outputs.rc-docker-tag }}
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'release' || github.ref == 'refs/heads/develop'
run: |
docker compose -f docker-compose-ci.yml push rocketchat
if [[ '${{ matrix.mongodb-version }}' = '4.4' ]]; then
IMAGE_NAME_BASE="ghcr.io/${LOWERCASE_REPOSITORY}/rocket.chat:${{ needs.release-versions.outputs.gh-docker-tag }}"
echo "Push Docker image: ${IMAGE_NAME_BASE}"
docker tag ${IMAGE_NAME_BASE}.official $IMAGE_NAME_BASE
docker push $IMAGE_NAME_BASE
fi;
- name: Wait for Rocket.Chat to start up
env:
LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }}
RC_DOCKERFILE: ${{ steps.docker-env.outputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ steps.docker-env.outputs.rc-docker-tag }}
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
run: |
docker ps
until echo "$(docker compose -f docker-compose-ci.yml logs rocketchat)" | grep -q "SERVER RUNNING"; do
echo "Waiting Rocket.Chat to start up"
((c++)) && ((c==10)) && docker compose -f docker-compose-ci.yml logs rocketchat && exit 1
sleep 10
done;
- name: E2E Test API
env:
LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }}
RC_DOCKERFILE: ${{ steps.docker-env.outputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ steps.docker-env.outputs.rc-docker-tag }}
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
working-directory: ./apps/meteor
run: |
for i in $(seq 1 5); do
npm run testapi && s=0 && break || s=$?
docker compose -f ../../docker-compose-ci.yml logs rocketchat --tail=100
docker compose -f ../../docker-compose-ci.yml stop rocketchat
docker exec mongodb mongo rocketchat --eval 'db.dropDatabase()'
NOW=$(date "+%Y-%m-%dT%H:%M:%S.000Z")
docker compose -f ../../docker-compose-ci.yml restart rocketchat
until echo "$(docker compose -f ../../docker-compose-ci.yml logs rocketchat --since $NOW)" | grep -q "SERVER RUNNING"; do
echo "Waiting Rocket.Chat to start up"
((c++)) && ((c==10)) && exit 1
sleep 10
done;
done;
exit $s
- name: Cache Playwright binaries
uses: actions/cache@v3
id: cache-playwright
with:
path: |
~/.cache/ms-playwright
# This is the version of Playwright that we are using, if you are willing to upgrade, you should update this.
key: playwright-1.23.1
- name: Install Playwright
if: steps.cache-playwright.outputs.cache-hit != 'true'
working-directory: ./apps/meteor
run: npx playwright install --with-deps
- name: Reset containers
env:
LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }}
RC_DOCKERFILE: ${{ steps.docker-env.outputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ steps.docker-env.outputs.rc-docker-tag }}
run: |
docker ps
docker compose -f docker-compose-ci.yml stop rocketchat
docker exec mongodb mongo rocketchat --eval 'db.dropDatabase()'
NOW=$(date "+%Y-%m-%dT%H:%M:%S.000Z")
docker compose -f docker-compose-ci.yml restart rocketchat
until echo "$(docker compose -f docker-compose-ci.yml logs rocketchat --since $NOW)" | grep -q "SERVER RUNNING"; do
echo "Waiting Rocket.Chat to start up"
((c++)) && ((c==10)) && exit 1
sleep 10
done;
- name: E2E Test UI
working-directory: ./apps/meteor
run: yarn test:e2e
- name: Store playwright test trace
uses: actions/upload-artifact@v3
if: always()
with:
name: playwright-test-trace
path: ./apps/meteor/tests/e2e/.playwright*
test-ee:
runs-on: ubuntu-20.04
needs: [build, release-versions]
strategy:
matrix:
node-version: ['14.19.3']
mongodb-version-ee: ['4.4']
steps:
- name: Launch MongoDB
uses: supercharge/mongodb-github-action@1.7.0
with:
mongodb-version: ${{ matrix.mongodb-version-ee }}
mongodb-replica-set: rs0
- uses: actions/checkout@v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: TurboRepo local server
uses: felixmosh/turborepo-gh-artifacts@v2
if: "${{ env.TURBO_TEAM != '' }}"
with:
repo-token: ${{ secrets.RC_TURBO_GH_TOKEN }}
server-token: ${{ secrets.TURBO_SERVER_TOKEN }}
- name: yarn install
run: yarn
- name: yarn build
run: yarn build
- name: Unit Test
run: yarn testunit --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team='rc'
- name: Restore build
uses: actions/download-artifact@v2
with:
name: build
path: /tmp/build
- name: Unpack build
run: |
cd /tmp/build
tar xzf Rocket.Chat.tar.gz
rm Rocket.Chat.tar.gz
- name: Docker env vars
id: docker-env
run: |
LOWERCASE_REPOSITORY=$(echo "${{ github.repository_owner }}" | tr "[:upper:]" "[:lower:]")
echo "LOWERCASE_REPOSITORY: ${LOWERCASE_REPOSITORY}"
echo "::set-output name=lowercase-repo::${LOWERCASE_REPOSITORY}"
- name: Start containers
env:
MONGO_URL: 'mongodb://host.docker.internal:27017/rocketchat?replicaSet=rs0&directConnection=true'
LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }}
RC_DOCKERFILE: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile'
RC_DOCKER_TAG: '${{ needs.release-versions.outputs.gh-docker-tag }}.official'
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
TRANSPORTER: nats://nats:4222
# this is 100% intentional, secrets are not available at forks, so ee-tests will always fail
# to avoid this, we are using a dummy license, expiring at 2025-06-31
enterprise-license: X/XumwIkgwQuld0alWKt37lVA90XjKOrfiMvMZ0/RtqsMtrdL9GoAk+4jXnaY1b2ePoG7XSzGhuxEDxFKIWJK3hIKGNTvrd980LgH5sM5+1T4P42ivSpd8UZi0bwjJkCFLIu9RozzYwslGG0IehMxe0S6VjcO0UYlUJtbMCBHuR2WmTAmO6YVU3ln+pZCbrPFaTPSS1RovhKaNCNkZwIx/CLWW8UTXUuFV/ML4PbKKVoa5nvvJwPeatgL7UCnlSD90lfCiiuikpzj/Y/JLkIL6velFbwNxsrxg9iRJ2k0sKheMMSmlTiGzSvZUm+na5WQq91aKGncih+DmaEZA7QGrjp4eoA0dqTk6OmItsy0fHmQhvZIOKNMeO7vNQiLbaSV6rqibrzu7WPpeIvsvL57T1h37USoCSB6+jDqkzdfoqIpz8BxTiJDj1d8xGPJFVrgxoqQqkj9qIP/gCaEz5DF39QFv5sovk4yK2O8fEQYod2d14V9yECYl4szZPMk1IBfCAC2w7czWGHHFonhL+CQGT403y5wmDmnsnjlCqMKF72odqfTPTI8XnCvJDriPMWohnQEAGtTTyciAhNokx/mjAVJ4NeZPcsbm4BjhvJvnjxx/BhYhBBTNWPaCSZzocfrGUj9Z+ZA7BEz+xAFQyGDx3xRzqIXfT0G7w8fvgYJMU=
run: |
docker compose -f docker-compose-ci.yml up -d --build
- name: Login to GitHub Container Registry
if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'release' || github.ref == 'refs/heads/develop'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.CR_USER }}
password: ${{ secrets.CR_PAT }}
- name: Publish Docker images to GitHub Container Registry
if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'release' || github.ref == 'refs/heads/develop'
env:
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }}
run: |
docker compose -f docker-compose-ci.yml push \
authorization-service \
account-service \
ddp-streamer-service \
presence-service \
stream-hub-service
- name: Wait services to start up
env:
LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }}
RC_DOCKERFILE: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile'
RC_DOCKER_TAG: '${{ needs.release-versions.outputs.gh-docker-tag }}.official'
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
run: |
docker ps
until echo "$(docker compose -f docker-compose-ci.yml logs ddp-streamer-service)" | grep -q "NetworkBroker started successfully"; do
echo "Waiting 'ddp-streamer' to start up"
((c++)) && ((c==10)) && docker compose -f docker-compose-ci.yml logs ddp-streamer-service && exit 1
sleep 10
done;
until echo "$(docker compose -f docker-compose-ci.yml logs rocketchat)" | grep -q "SERVER RUNNING"; do
echo "Waiting Rocket.Chat to start up"
((c++)) && ((c==10)) && docker compose -f docker-compose-ci.yml logs rocketchat && exit 1
sleep 10
done;
- name: E2E Test API
env:
LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }}
RC_DOCKERFILE: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile'
RC_DOCKER_TAG: '${{ needs.release-versions.outputs.gh-docker-tag }}.official'
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
working-directory: ./apps/meteor
run: |
for i in $(seq 1 5); do
IS_EE=true npm run testapi && s=0 && break || s=$?
docker compose -f ../../docker-compose-ci.yml logs --tail=100
docker compose -f ../../docker-compose-ci.yml stop
docker exec mongodb mongo rocketchat --eval 'db.dropDatabase()'
NOW=$(date "+%Y-%m-%dT%H:%M:%S.000Z")
docker compose -f ../../docker-compose-ci.yml restart
until echo "$(docker compose -f ../../docker-compose-ci.yml logs rocketchat --since $NOW)" | grep -q "SERVER RUNNING"; do
echo "Waiting Rocket.Chat to start up"
((c++)) && ((c==10)) && exit 1
sleep 10
done;
done;
exit $s
- name: Reset containers
env:
LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }}
RC_DOCKERFILE: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile'
RC_DOCKER_TAG: '${{ needs.release-versions.outputs.gh-docker-tag }}.official'
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
run: |
docker compose -f docker-compose-ci.yml stop
docker exec mongodb mongo rocketchat --eval 'db.dropDatabase()'
NOW=$(date "+%Y-%m-%dT%H:%M:%S.000Z")
docker compose -f docker-compose-ci.yml restart
until echo "$(docker compose -f docker-compose-ci.yml logs ddp-streamer-service)" | grep -q "NetworkBroker started successfully"; do
echo "Waiting 'ddp-streamer' to start up"
((c++)) && ((c==10)) && docker compose -f docker-compose-ci.yml logs ddp-streamer-service && exit 1
sleep 10
done;
until echo "$(docker compose -f docker-compose-ci.yml logs rocketchat)" | grep -q "SERVER RUNNING"; do
echo "Waiting Rocket.Chat to start up"
((c++)) && ((c==10)) && docker compose -f docker-compose-ci.yml logs rocketchat && exit 1
sleep 10
done;
- name: Cache Playwright binaries
uses: actions/cache@v3
id: cache-playwright
with:
path: |
~/.cache/ms-playwright
# This is the version of Playwright that we are using, if you are willing to upgrade, you should update this.
key: playwright-1.23.1
- name: Install Playwright
working-directory: ./apps/meteor
run: npx playwright install --with-deps
- name: E2E Test UI
working-directory: ./apps/meteor
run: E2E_COVERAGE=true IS_EE=true yarn test:e2e
- name: Store playwright test trace
uses: actions/upload-artifact@v3
if: always()
with:
name: e2e-ee-testtrace
path: ./apps/meteor/tests/e2e/.playwright*
- name: Extract e2e:ee:coverage
working-directory: ./apps/meteor
run: yarn test:e2e:nyc
- uses: codecov/codecov-action@v3
with:
directory: ./apps/meteor
flags: e2e
verbose: true
- name: Store e2e-ee-coverage
uses: actions/upload-artifact@v3
with:
name: e2e-ee-coverage
path: ./apps/meteor/coverage*
deploy:
runs-on: ubuntu-20.04
if: github.event_name == 'release' || github.ref == 'refs/heads/develop'
needs: [test, test-ee, release-versions]
steps:
- uses: actions/checkout@v3
- name: Restore build
uses: actions/download-artifact@v2
with:
name: build
path: /tmp/build
- name: Publish assets
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: 'us-east-1'
GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
REDHAT_REGISTRY_PID: ${{ secrets.REDHAT_REGISTRY_PID }}
REDHAT_REGISTRY_KEY: ${{ secrets.REDHAT_REGISTRY_KEY }}
UPDATE_TOKEN: ${{ secrets.UPDATE_TOKEN }}
run: |
REPO_VERSION=$(node -p "require('./package.json').version")
if [[ '${{ github.event_name }}' = 'release' ]]; then
GIT_TAG="${GITHUB_REF#*tags/}"
GIT_BRANCH=""
ARTIFACT_NAME="${REPO_VERSION}"
RC_VERSION=$GIT_TAG
if [[ '${{ needs.release-versions.outputs.release }}' = 'release-candidate' ]]; then
SNAP_CHANNEL=candidate
RC_RELEASE=candidate
elif [[ '${{ needs.release-versions.outputs.release }}' = 'latest' ]]; then
SNAP_CHANNEL=stable
RC_RELEASE=stable
fi
else
GIT_TAG=""
GIT_BRANCH="${GITHUB_REF#*heads/}"
ARTIFACT_NAME="${REPO_VERSION}.$GITHUB_SHA"
RC_VERSION="${REPO_VERSION}"
SNAP_CHANNEL=edge
RC_RELEASE=develop
fi;
ROCKET_DEPLOY_DIR="/tmp/deploy"
FILENAME="$ROCKET_DEPLOY_DIR/rocket.chat-$ARTIFACT_NAME.tgz";
aws s3 cp s3://rocketchat/sign.key.gpg .github/sign.key.gpg
mkdir -p $ROCKET_DEPLOY_DIR
cp .github/sign.key.gpg /tmp
gpg --yes --batch --passphrase=$GPG_PASSWORD /tmp/sign.key.gpg
gpg --allow-secret-key-import --import /tmp/sign.key
rm /tmp/sign.key
ln -s /tmp/build/Rocket.Chat.tar.gz "$FILENAME"
gpg --armor --detach-sign "$FILENAME"
aws s3 cp $ROCKET_DEPLOY_DIR/ s3://download.rocket.chat/build/ --recursive
curl -H "Content-Type: application/json" -H "X-Update-Token: $UPDATE_TOKEN" -d \
"{\"nodeVersion\": \"14.19.3\", \"compatibleMongoVersions\": [\"4.2\", \"4.4\", \"5.0\"], \"commit\": \"$GITHUB_SHA\", \"tag\": \"$RC_VERSION\", \"branch\": \"$GIT_BRANCH\", \"artifactName\": \"$ARTIFACT_NAME\", \"releaseType\": \"$RC_RELEASE\"}" \
https://releases.rocket.chat/update
# Makes build fail if the release isn't there
curl --fail https://releases.rocket.chat/$RC_VERSION/info
if [[ $GIT_TAG ]]; then
curl -X POST \
https://connect.redhat.com/api/v2/projects/$REDHAT_REGISTRY_PID/build \
-H "Authorization: Bearer $REDHAT_REGISTRY_KEY" \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/json' \
-d '{"tag":"'$GIT_TAG'"}'
fi
docker-image-publish:
runs-on: ubuntu-20.04
needs: [deploy, build-docker-preview, release-versions]
strategy:
matrix:
# this is currently a mix of variants and different images
release: ['official', 'preview', 'alpine']
env:
IMAGE_NAME: 'rocketchat/rocket.chat'
steps:
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASS }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.CR_USER }}
password: ${{ secrets.CR_PAT }}
- name: Get Docker image name
id: gh-docker
run: |
LOWERCASE_REPOSITORY=$(echo "${{ github.repository_owner }}" | tr "[:upper:]" "[:lower:]")
GH_IMAGE_NAME="ghcr.io/${LOWERCASE_REPOSITORY}/rocket.chat:${{ needs.release-versions.outputs.gh-docker-tag }}.${{ matrix.release }}"
echo "GH_IMAGE_NAME: $GH_IMAGE_NAME"
echo "::set-output name=gh-image-name::${GH_IMAGE_NAME}"
- name: Pull Docker image
run: docker pull ${{ steps.gh-docker.outputs.gh-image-name }}
- name: Publish Docker image
run: |
if [[ '${{ matrix.release }}' = 'preview' ]]; then
IMAGE_NAME="${IMAGE_NAME}.preview"
fi;
# 'develop' or 'tag'
DOCKER_TAG=$GITHUB_REF_NAME
# append the variant name to docker tag
if [[ '${{ matrix.release }}' = 'alpine' ]]; then
DOCKER_TAG="${DOCKER_TAG}-${{ matrix.release }}"
fi;
echo "IMAGE_NAME: $IMAGE_NAME"
echo "DOCKER_TAG: $DOCKER_TAG"
# tag and push the specific tag version
docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $IMAGE_NAME:$DOCKER_TAG
docker push $IMAGE_NAME:$DOCKER_TAG
if [[ $GITHUB_REF == refs/tags/* ]]; then
RELEASE="${{ needs.release-versions.outputs.release }}"
if [[ '${{ matrix.release }}' = 'alpine' ]]; then
RELEASE="${RELEASE}-${{ matrix.release }}"
fi;
echo "RELEASE: $RELEASE"
if [[ $RELEASE == 'latest' ]]; then
if [[ '${{ needs.release-versions.outputs.latest-release }}' == $GITHUB_REF_NAME ]]; then
docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $IMAGE_NAME:$RELEASE
docker push $IMAGE_NAME:$RELEASE
fi
else
docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $IMAGE_NAME:$RELEASE
docker push $IMAGE_NAME:$RELEASE
fi
fi
services-docker-image-publish:
runs-on: ubuntu-20.04
needs: [deploy, release-versions]
strategy:
matrix:
service: ['account', 'authorization', 'ddp-streamer', 'presence', 'stream-hub']
steps:
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASS }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.CR_USER }}
password: ${{ secrets.CR_PAT }}
- name: Get Docker image name
id: gh-docker
run: |
LOWERCASE_REPOSITORY=$(echo "${{ github.repository_owner }}" | tr "[:upper:]" "[:lower:]")
GH_IMAGE_NAME="ghcr.io/${LOWERCASE_REPOSITORY}/${{ matrix.service }}-service:${{ needs.release-versions.outputs.gh-docker-tag }}"
echo "GH_IMAGE_NAME: $GH_IMAGE_NAME"
echo "::set-output name=gh-image-name::${GH_IMAGE_NAME}"
- name: Pull Docker image
run: docker pull ${{ steps.gh-docker.outputs.gh-image-name }}
- name: Publish Docker images
run: |
DH_IMAGE_NAME="rocketchat/${{ matrix.service }}-service"
# 'develop' or 'tag'
DOCKER_TAG=$GITHUB_REF_NAME
echo "DH_IMAGE_NAME: $DH_IMAGE_NAME"
echo "DOCKER_TAG: $DOCKER_TAG"
# tag and push the specific tag version
docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $DH_IMAGE_NAME:$DOCKER_TAG
docker push $DH_IMAGE_NAME:$DOCKER_TAG
if [[ $GITHUB_REF == refs/tags/* ]]; then
RELEASE="${{ needs.release-versions.outputs.release }}"
echo "RELEASE: $RELEASE"
if [[ $RELEASE == 'latest' ]]; then
if [[ '${{ needs.release-versions.outputs.latest-release }}' == $GITHUB_REF_NAME ]]; then
docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $DH_IMAGE_NAME:$RELEASE
docker push $DH_IMAGE_NAME:$RELEASE
fi
else
docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $DH_IMAGE_NAME:$RELEASE
docker push $DH_IMAGE_NAME:$RELEASE
fi
fi