[FIX] Security imported fixes #35984
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test | |
| on: | |
| release: | |
| types: [published] | |
| pull_request: | |
| branches: '**' | |
| push: | |
| branches: | |
| - develop | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| env: | |
| CI: true | |
| MONGO_URL: mongodb://localhost:27017/rocketchat?replicaSet=rs0&directConnection=true | |
| MONGO_OPLOG_URL: mongodb://mongodb:27017/local?replicaSet=rs0&directConnection=true | |
| TOOL_NODE_FLAGS: --max_old_space_size=4096 | |
| TURBO_TEAM: ${{ secrets.TURBO_TEAM }} | |
| jobs: | |
| release-versions: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release: ${{ steps.by-tag.outputs.release }} | |
| latest-release: ${{ steps.latest.outputs.latest-release }} | |
| docker-tag: ${{ steps.docker.outputs.docker-tag }} | |
| gh-docker-tag: ${{ steps.docker.outputs.gh-docker-tag }} | |
| steps: | |
| - id: by-tag | |
| run: | | |
| if echo "$GITHUB_REF_NAME" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+$' ; then | |
| RELEASE="latest" | |
| elif echo "$GITHUB_REF_NAME" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$' ; then | |
| RELEASE="release-candidate" | |
| fi | |
| echo "RELEASE: ${RELEASE}" | |
| echo "::set-output name=release::${RELEASE}" | |
| - id: latest | |
| run: | | |
| LATEST_RELEASE="$( | |
| git -c 'versionsort.suffix=-' ls-remote -t --exit-code --refs --sort=-v:refname "https://github.com/$GITHUB_REPOSITORY" '*' | | |
| awk -F/ '$NF !~ /rc|beta/ { print $NF; exit }' | |
| )" | |
| echo "LATEST_RELEASE: ${LATEST_RELEASE}" | |
| echo "::set-output name=latest-release::${LATEST_RELEASE}" | |
| - id: docker | |
| run: | | |
| if [[ '${{ github.event_name }}' == 'pull_request' ]]; then | |
| DOCKER_TAG="pr-${{ github.event.number }}" | |
| else | |
| DOCKER_TAG="gh-${{ github.run_id }}" | |
| fi | |
| echo "DOCKER_TAG: ${DOCKER_TAG}" | |
| echo "::set-output name=gh-docker-tag::${DOCKER_TAG}" | |
| build: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Github Info | |
| run: | | |
| echo "GITHUB_ACTION: $GITHUB_ACTION" | |
| echo "GITHUB_ACTOR: $GITHUB_ACTOR" | |
| echo "GITHUB_REF: $GITHUB_REF" | |
| echo "GITHUB_HEAD_REF: $GITHUB_HEAD_REF" | |
| echo "GITHUB_BASE_REF: $GITHUB_BASE_REF" | |
| echo "github.event_name: ${{ github.event_name }}" | |
| cat $GITHUB_EVENT_PATH | |
| - name: Set Swap Space | |
| uses: pierotofy/set-swap-space@master | |
| with: | |
| swap-size-gb: 4 | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js 14.19.3 | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '14.19.3' | |
| cache: 'yarn' | |
| - name: Free disk space | |
| run: | | |
| sudo apt clean | |
| docker rmi $(docker image ls -aq) | |
| df -h | |
| - name: Cache meteor local | |
| uses: actions/cache@v3 | |
| with: | |
| path: ./apps/meteor/.meteor/local | |
| key: meteor-local-cache-${{ runner.OS }}-${{ hashFiles('apps/meteor/.meteor/versions') }} | |
| restore-keys: | | |
| meteor-local-cache-${{ runner.os }}- | |
| - name: Cache meteor | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.meteor | |
| key: meteor-cache-${{ runner.OS }}-${{ hashFiles('apps/meteor/.meteor/release') }} | |
| restore-keys: | | |
| meteor-cache-${{ runner.os }}- | |
| - name: Install Meteor | |
| run: | | |
| # Restore bin from cache | |
| set +e | |
| METEOR_SYMLINK_TARGET=$(readlink ~/.meteor/meteor) | |
| METEOR_TOOL_DIRECTORY=$(dirname "$METEOR_SYMLINK_TARGET") | |
| set -e | |
| LAUNCHER=$HOME/.meteor/$METEOR_TOOL_DIRECTORY/scripts/admin/launch-meteor | |
| if [ -e $LAUNCHER ] | |
| then | |
| echo "Cached Meteor bin found, restoring it" | |
| sudo cp "$LAUNCHER" "/usr/local/bin/meteor" | |
| else | |
| echo "No cached Meteor bin found." | |
| fi | |
| # only install meteor if bin isn't found | |
| command -v meteor >/dev/null 2>&1 || curl https://install.meteor.com | sed s/--progress-bar/-sL/g | /bin/sh | |
| - name: Versions | |
| run: | | |
| npm --versions | |
| yarn -v | |
| node -v | |
| meteor --version | |
| meteor npm --versions | |
| meteor node -v | |
| git version | |
| - name: yarn install | |
| run: yarn | |
| - name: TurboRepo local server | |
| uses: felixmosh/turborepo-gh-artifacts@v2 | |
| if: "${{ env.TURBO_TEAM != '' }}" | |
| with: | |
| repo-token: ${{ secrets.RC_TURBO_GH_TOKEN }} | |
| server-token: ${{ secrets.TURBO_SERVER_TOKEN }} | |
| - name: Lint | |
| run: yarn lint --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team='rc' | |
| - name: Translation check | |
| run: yarn turbo run translation-check --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team='rc' | |
| - name: TS typecheck | |
| run: yarn turbo run typecheck --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team='rc' | |
| - name: Reset Meteor | |
| if: startsWith(github.ref, 'refs/tags/') == 'true' || github.ref == 'refs/heads/develop' | |
| working-directory: ./apps/meteor | |
| run: meteor reset | |
| - name: Build Rocket.Chat From Pull Request | |
| if: startsWith(github.ref, 'refs/pull/') == true | |
| env: | |
| METEOR_PROFILE: 1000 | |
| run: yarn build:ci --api="http://127.0.0.1:9080" -- --debug --directory dist | |
| - name: Build Rocket.Chat | |
| if: startsWith(github.ref, 'refs/pull/') != true | |
| run: yarn build:ci --api="http://127.0.0.1:9080" -- --directory dist | |
| - name: Prepare build | |
| run: | | |
| cd apps/meteor/dist | |
| tar czf /tmp/Rocket.Chat.tar.gz bundle | |
| - name: Store build | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: build | |
| path: /tmp/Rocket.Chat.tar.gz | |
| build-docker-preview: | |
| runs-on: ubuntu-20.04 | |
| needs: [build, release-versions] | |
| if: github.event_name == 'release' || github.ref == 'refs/heads/develop' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'yarn' | |
| - name: Restore build | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: build | |
| path: /tmp/build | |
| - name: Unpack build | |
| run: | | |
| cd /tmp/build | |
| tar xzf Rocket.Chat.tar.gz | |
| rm Rocket.Chat.tar.gz | |
| - name: Build Docker image | |
| id: build-docker-image-preview | |
| uses: ./.github/actions/build-docker-image | |
| with: | |
| root-dir: /tmp/build | |
| docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }} | |
| release: preview | |
| username: ${{ secrets.CR_USER }} | |
| password: ${{ secrets.CR_PAT }} | |
| test: | |
| runs-on: ubuntu-20.04 | |
| needs: [build, release-versions] | |
| strategy: | |
| matrix: | |
| node-version: ['14.19.3'] | |
| mongodb-version: ['4.2', '4.4', '5.0'] | |
| steps: | |
| - name: Launch MongoDB | |
| uses: supercharge/mongodb-github-action@1.7.0 | |
| with: | |
| mongodb-version: ${{ matrix.mongodb-version }} | |
| mongodb-replica-set: rs0 | |
| - name: Docker env vars | |
| id: docker-env | |
| run: | | |
| LOWERCASE_REPOSITORY=$(echo "${{ github.repository_owner }}" | tr "[:upper:]" "[:lower:]") | |
| echo "LOWERCASE_REPOSITORY: ${LOWERCASE_REPOSITORY}" | |
| echo "::set-output name=lowercase-repo::${LOWERCASE_REPOSITORY}" | |
| # test alpine image on mongo 5.0 (no special reason to be mongo 5.0 but we need to test alpine at least once) | |
| if [[ '${{ matrix.mongodb-version }}' = '5.0' ]]; then | |
| RC_DOCKERFILE="${{ github.workspace }}/apps/meteor/.docker/Dockerfile.alpine" | |
| RC_DOCKER_TAG="${{ needs.release-versions.outputs.gh-docker-tag }}.alpine" | |
| else | |
| RC_DOCKERFILE="${{ github.workspace }}/apps/meteor/.docker/Dockerfile" | |
| RC_DOCKER_TAG="${{ needs.release-versions.outputs.gh-docker-tag }}.official" | |
| fi; | |
| echo "RC_DOCKERFILE: ${RC_DOCKERFILE}" | |
| echo "::set-output name=rc-dockerfile::${RC_DOCKERFILE}" | |
| echo "RC_DOCKER_TAG: ${RC_DOCKER_TAG}" | |
| echo "::set-output name=rc-docker-tag::${RC_DOCKER_TAG}" | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'yarn' | |
| - name: yarn install | |
| run: yarn | |
| - name: TurboRepo local server | |
| uses: felixmosh/turborepo-gh-artifacts@v2 | |
| if: "${{ env.TURBO_TEAM != '' }}" | |
| with: | |
| repo-token: ${{ secrets.RC_TURBO_GH_TOKEN }} | |
| server-token: ${{ secrets.TURBO_SERVER_TOKEN }} | |
| - name: Unit Test | |
| run: yarn testunit --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team='rc' | |
| - name: Restore build | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: build | |
| path: /tmp/build | |
| - name: Unpack build | |
| run: | | |
| cd /tmp/build | |
| tar xzf Rocket.Chat.tar.gz | |
| rm Rocket.Chat.tar.gz | |
| - name: Start containers | |
| env: | |
| MONGO_URL: 'mongodb://host.docker.internal:27017/rocketchat?replicaSet=rs0&directConnection=true' | |
| MONGO_OPLOG_URL: 'mongodb://mongodb:27017/local?replicaSet=rs0&directConnection=true' | |
| LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }} | |
| RC_DOCKERFILE: ${{ steps.docker-env.outputs.rc-dockerfile }} | |
| RC_DOCKER_TAG: ${{ steps.docker-env.outputs.rc-docker-tag }} | |
| DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} | |
| run: | | |
| docker compose -f docker-compose-ci.yml up -d --build rocketchat | |
| - name: Login to GitHub Container Registry | |
| if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'release' || github.ref == 'refs/heads/develop' | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.CR_USER }} | |
| password: ${{ secrets.CR_PAT }} | |
| - name: Publish Docker images to GitHub Container Registry | |
| env: | |
| LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }} | |
| RC_DOCKERFILE: ${{ steps.docker-env.outputs.rc-dockerfile }} | |
| RC_DOCKER_TAG: ${{ steps.docker-env.outputs.rc-docker-tag }} | |
| DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} | |
| if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'release' || github.ref == 'refs/heads/develop' | |
| run: | | |
| docker compose -f docker-compose-ci.yml push rocketchat | |
| if [[ '${{ matrix.mongodb-version }}' = '4.4' ]]; then | |
| IMAGE_NAME_BASE="ghcr.io/${LOWERCASE_REPOSITORY}/rocket.chat:${{ needs.release-versions.outputs.gh-docker-tag }}" | |
| echo "Push Docker image: ${IMAGE_NAME_BASE}" | |
| docker tag ${IMAGE_NAME_BASE}.official $IMAGE_NAME_BASE | |
| docker push $IMAGE_NAME_BASE | |
| fi; | |
| - name: Wait for Rocket.Chat to start up | |
| env: | |
| LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }} | |
| RC_DOCKERFILE: ${{ steps.docker-env.outputs.rc-dockerfile }} | |
| RC_DOCKER_TAG: ${{ steps.docker-env.outputs.rc-docker-tag }} | |
| DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} | |
| run: | | |
| docker ps | |
| until echo "$(docker compose -f docker-compose-ci.yml logs rocketchat)" | grep -q "SERVER RUNNING"; do | |
| echo "Waiting Rocket.Chat to start up" | |
| ((c++)) && ((c==10)) && docker compose -f docker-compose-ci.yml logs rocketchat && exit 1 | |
| sleep 10 | |
| done; | |
| - name: E2E Test API | |
| env: | |
| LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }} | |
| RC_DOCKERFILE: ${{ steps.docker-env.outputs.rc-dockerfile }} | |
| RC_DOCKER_TAG: ${{ steps.docker-env.outputs.rc-docker-tag }} | |
| DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} | |
| working-directory: ./apps/meteor | |
| run: | | |
| for i in $(seq 1 5); do | |
| npm run testapi && s=0 && break || s=$? | |
| docker compose -f ../../docker-compose-ci.yml logs rocketchat --tail=100 | |
| docker compose -f ../../docker-compose-ci.yml stop rocketchat | |
| docker exec mongodb mongo rocketchat --eval 'db.dropDatabase()' | |
| NOW=$(date "+%Y-%m-%dT%H:%M:%S.000Z") | |
| docker compose -f ../../docker-compose-ci.yml restart rocketchat | |
| until echo "$(docker compose -f ../../docker-compose-ci.yml logs rocketchat --since $NOW)" | grep -q "SERVER RUNNING"; do | |
| echo "Waiting Rocket.Chat to start up" | |
| ((c++)) && ((c==10)) && exit 1 | |
| sleep 10 | |
| done; | |
| done; | |
| exit $s | |
| - name: Cache Playwright binaries | |
| uses: actions/cache@v3 | |
| id: cache-playwright | |
| with: | |
| path: | | |
| ~/.cache/ms-playwright | |
| # This is the version of Playwright that we are using, if you are willing to upgrade, you should update this. | |
| key: playwright-1.23.1 | |
| - name: Install Playwright | |
| if: steps.cache-playwright.outputs.cache-hit != 'true' | |
| working-directory: ./apps/meteor | |
| run: npx playwright install --with-deps | |
| - name: Reset containers | |
| env: | |
| LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }} | |
| RC_DOCKERFILE: ${{ steps.docker-env.outputs.rc-dockerfile }} | |
| RC_DOCKER_TAG: ${{ steps.docker-env.outputs.rc-docker-tag }} | |
| run: | | |
| docker ps | |
| docker compose -f docker-compose-ci.yml stop rocketchat | |
| docker exec mongodb mongo rocketchat --eval 'db.dropDatabase()' | |
| NOW=$(date "+%Y-%m-%dT%H:%M:%S.000Z") | |
| docker compose -f docker-compose-ci.yml restart rocketchat | |
| until echo "$(docker compose -f docker-compose-ci.yml logs rocketchat --since $NOW)" | grep -q "SERVER RUNNING"; do | |
| echo "Waiting Rocket.Chat to start up" | |
| ((c++)) && ((c==10)) && exit 1 | |
| sleep 10 | |
| done; | |
| - name: E2E Test UI | |
| working-directory: ./apps/meteor | |
| run: yarn test:e2e | |
| - name: Store playwright test trace | |
| uses: actions/upload-artifact@v3 | |
| if: always() | |
| with: | |
| name: playwright-test-trace | |
| path: ./apps/meteor/tests/e2e/.playwright* | |
| test-ee: | |
| runs-on: ubuntu-20.04 | |
| needs: [build, release-versions] | |
| strategy: | |
| matrix: | |
| node-version: ['14.19.3'] | |
| mongodb-version-ee: ['4.4'] | |
| steps: | |
| - name: Launch MongoDB | |
| uses: supercharge/mongodb-github-action@1.7.0 | |
| with: | |
| mongodb-version: ${{ matrix.mongodb-version-ee }} | |
| mongodb-replica-set: rs0 | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'yarn' | |
| - name: TurboRepo local server | |
| uses: felixmosh/turborepo-gh-artifacts@v2 | |
| if: "${{ env.TURBO_TEAM != '' }}" | |
| with: | |
| repo-token: ${{ secrets.RC_TURBO_GH_TOKEN }} | |
| server-token: ${{ secrets.TURBO_SERVER_TOKEN }} | |
| - name: yarn install | |
| run: yarn | |
| - name: yarn build | |
| run: yarn build | |
| - name: Unit Test | |
| run: yarn testunit --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team='rc' | |
| - name: Restore build | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: build | |
| path: /tmp/build | |
| - name: Unpack build | |
| run: | | |
| cd /tmp/build | |
| tar xzf Rocket.Chat.tar.gz | |
| rm Rocket.Chat.tar.gz | |
| - name: Docker env vars | |
| id: docker-env | |
| run: | | |
| LOWERCASE_REPOSITORY=$(echo "${{ github.repository_owner }}" | tr "[:upper:]" "[:lower:]") | |
| echo "LOWERCASE_REPOSITORY: ${LOWERCASE_REPOSITORY}" | |
| echo "::set-output name=lowercase-repo::${LOWERCASE_REPOSITORY}" | |
| - name: Start containers | |
| env: | |
| MONGO_URL: 'mongodb://host.docker.internal:27017/rocketchat?replicaSet=rs0&directConnection=true' | |
| LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }} | |
| RC_DOCKERFILE: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile' | |
| RC_DOCKER_TAG: '${{ needs.release-versions.outputs.gh-docker-tag }}.official' | |
| DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} | |
| TRANSPORTER: nats://nats:4222 | |
| # this is 100% intentional, secrets are not available at forks, so ee-tests will always fail | |
| # to avoid this, we are using a dummy license, expiring at 2025-06-31 | |
| enterprise-license: X/XumwIkgwQuld0alWKt37lVA90XjKOrfiMvMZ0/RtqsMtrdL9GoAk+4jXnaY1b2ePoG7XSzGhuxEDxFKIWJK3hIKGNTvrd980LgH5sM5+1T4P42ivSpd8UZi0bwjJkCFLIu9RozzYwslGG0IehMxe0S6VjcO0UYlUJtbMCBHuR2WmTAmO6YVU3ln+pZCbrPFaTPSS1RovhKaNCNkZwIx/CLWW8UTXUuFV/ML4PbKKVoa5nvvJwPeatgL7UCnlSD90lfCiiuikpzj/Y/JLkIL6velFbwNxsrxg9iRJ2k0sKheMMSmlTiGzSvZUm+na5WQq91aKGncih+DmaEZA7QGrjp4eoA0dqTk6OmItsy0fHmQhvZIOKNMeO7vNQiLbaSV6rqibrzu7WPpeIvsvL57T1h37USoCSB6+jDqkzdfoqIpz8BxTiJDj1d8xGPJFVrgxoqQqkj9qIP/gCaEz5DF39QFv5sovk4yK2O8fEQYod2d14V9yECYl4szZPMk1IBfCAC2w7czWGHHFonhL+CQGT403y5wmDmnsnjlCqMKF72odqfTPTI8XnCvJDriPMWohnQEAGtTTyciAhNokx/mjAVJ4NeZPcsbm4BjhvJvnjxx/BhYhBBTNWPaCSZzocfrGUj9Z+ZA7BEz+xAFQyGDx3xRzqIXfT0G7w8fvgYJMU= | |
| run: | | |
| docker compose -f docker-compose-ci.yml up -d --build | |
| - name: Login to GitHub Container Registry | |
| if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'release' || github.ref == 'refs/heads/develop' | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.CR_USER }} | |
| password: ${{ secrets.CR_PAT }} | |
| - name: Publish Docker images to GitHub Container Registry | |
| if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'release' || github.ref == 'refs/heads/develop' | |
| env: | |
| DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} | |
| LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }} | |
| run: | | |
| docker compose -f docker-compose-ci.yml push \ | |
| authorization-service \ | |
| account-service \ | |
| ddp-streamer-service \ | |
| presence-service \ | |
| stream-hub-service | |
| - name: Wait services to start up | |
| env: | |
| LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }} | |
| RC_DOCKERFILE: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile' | |
| RC_DOCKER_TAG: '${{ needs.release-versions.outputs.gh-docker-tag }}.official' | |
| DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} | |
| run: | | |
| docker ps | |
| until echo "$(docker compose -f docker-compose-ci.yml logs ddp-streamer-service)" | grep -q "NetworkBroker started successfully"; do | |
| echo "Waiting 'ddp-streamer' to start up" | |
| ((c++)) && ((c==10)) && docker compose -f docker-compose-ci.yml logs ddp-streamer-service && exit 1 | |
| sleep 10 | |
| done; | |
| until echo "$(docker compose -f docker-compose-ci.yml logs rocketchat)" | grep -q "SERVER RUNNING"; do | |
| echo "Waiting Rocket.Chat to start up" | |
| ((c++)) && ((c==10)) && docker compose -f docker-compose-ci.yml logs rocketchat && exit 1 | |
| sleep 10 | |
| done; | |
| - name: E2E Test API | |
| env: | |
| LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }} | |
| RC_DOCKERFILE: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile' | |
| RC_DOCKER_TAG: '${{ needs.release-versions.outputs.gh-docker-tag }}.official' | |
| DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} | |
| working-directory: ./apps/meteor | |
| run: | | |
| for i in $(seq 1 5); do | |
| IS_EE=true npm run testapi && s=0 && break || s=$? | |
| docker compose -f ../../docker-compose-ci.yml logs --tail=100 | |
| docker compose -f ../../docker-compose-ci.yml stop | |
| docker exec mongodb mongo rocketchat --eval 'db.dropDatabase()' | |
| NOW=$(date "+%Y-%m-%dT%H:%M:%S.000Z") | |
| docker compose -f ../../docker-compose-ci.yml restart | |
| until echo "$(docker compose -f ../../docker-compose-ci.yml logs rocketchat --since $NOW)" | grep -q "SERVER RUNNING"; do | |
| echo "Waiting Rocket.Chat to start up" | |
| ((c++)) && ((c==10)) && exit 1 | |
| sleep 10 | |
| done; | |
| done; | |
| exit $s | |
| - name: Reset containers | |
| env: | |
| LOWERCASE_REPOSITORY: ${{ steps.docker-env.outputs.lowercase-repo }} | |
| RC_DOCKERFILE: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile' | |
| RC_DOCKER_TAG: '${{ needs.release-versions.outputs.gh-docker-tag }}.official' | |
| DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} | |
| run: | | |
| docker compose -f docker-compose-ci.yml stop | |
| docker exec mongodb mongo rocketchat --eval 'db.dropDatabase()' | |
| NOW=$(date "+%Y-%m-%dT%H:%M:%S.000Z") | |
| docker compose -f docker-compose-ci.yml restart | |
| until echo "$(docker compose -f docker-compose-ci.yml logs ddp-streamer-service)" | grep -q "NetworkBroker started successfully"; do | |
| echo "Waiting 'ddp-streamer' to start up" | |
| ((c++)) && ((c==10)) && docker compose -f docker-compose-ci.yml logs ddp-streamer-service && exit 1 | |
| sleep 10 | |
| done; | |
| until echo "$(docker compose -f docker-compose-ci.yml logs rocketchat)" | grep -q "SERVER RUNNING"; do | |
| echo "Waiting Rocket.Chat to start up" | |
| ((c++)) && ((c==10)) && docker compose -f docker-compose-ci.yml logs rocketchat && exit 1 | |
| sleep 10 | |
| done; | |
| - name: Cache Playwright binaries | |
| uses: actions/cache@v3 | |
| id: cache-playwright | |
| with: | |
| path: | | |
| ~/.cache/ms-playwright | |
| # This is the version of Playwright that we are using, if you are willing to upgrade, you should update this. | |
| key: playwright-1.23.1 | |
| - name: Install Playwright | |
| working-directory: ./apps/meteor | |
| run: npx playwright install --with-deps | |
| - name: E2E Test UI | |
| working-directory: ./apps/meteor | |
| run: E2E_COVERAGE=true IS_EE=true yarn test:e2e | |
| - name: Store playwright test trace | |
| uses: actions/upload-artifact@v3 | |
| if: always() | |
| with: | |
| name: e2e-ee-testtrace | |
| path: ./apps/meteor/tests/e2e/.playwright* | |
| - name: Extract e2e:ee:coverage | |
| working-directory: ./apps/meteor | |
| run: yarn test:e2e:nyc | |
| - uses: codecov/codecov-action@v3 | |
| with: | |
| directory: ./apps/meteor | |
| flags: e2e | |
| verbose: true | |
| - name: Store e2e-ee-coverage | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: e2e-ee-coverage | |
| path: ./apps/meteor/coverage* | |
| deploy: | |
| runs-on: ubuntu-20.04 | |
| if: github.event_name == 'release' || github.ref == 'refs/heads/develop' | |
| needs: [test, test-ee, release-versions] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Restore build | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: build | |
| path: /tmp/build | |
| - name: Publish assets | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: 'us-east-1' | |
| GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }} | |
| REDHAT_REGISTRY_PID: ${{ secrets.REDHAT_REGISTRY_PID }} | |
| REDHAT_REGISTRY_KEY: ${{ secrets.REDHAT_REGISTRY_KEY }} | |
| UPDATE_TOKEN: ${{ secrets.UPDATE_TOKEN }} | |
| run: | | |
| REPO_VERSION=$(node -p "require('./package.json').version") | |
| if [[ '${{ github.event_name }}' = 'release' ]]; then | |
| GIT_TAG="${GITHUB_REF#*tags/}" | |
| GIT_BRANCH="" | |
| ARTIFACT_NAME="${REPO_VERSION}" | |
| RC_VERSION=$GIT_TAG | |
| if [[ '${{ needs.release-versions.outputs.release }}' = 'release-candidate' ]]; then | |
| SNAP_CHANNEL=candidate | |
| RC_RELEASE=candidate | |
| elif [[ '${{ needs.release-versions.outputs.release }}' = 'latest' ]]; then | |
| SNAP_CHANNEL=stable | |
| RC_RELEASE=stable | |
| fi | |
| else | |
| GIT_TAG="" | |
| GIT_BRANCH="${GITHUB_REF#*heads/}" | |
| ARTIFACT_NAME="${REPO_VERSION}.$GITHUB_SHA" | |
| RC_VERSION="${REPO_VERSION}" | |
| SNAP_CHANNEL=edge | |
| RC_RELEASE=develop | |
| fi; | |
| ROCKET_DEPLOY_DIR="/tmp/deploy" | |
| FILENAME="$ROCKET_DEPLOY_DIR/rocket.chat-$ARTIFACT_NAME.tgz"; | |
| aws s3 cp s3://rocketchat/sign.key.gpg .github/sign.key.gpg | |
| mkdir -p $ROCKET_DEPLOY_DIR | |
| cp .github/sign.key.gpg /tmp | |
| gpg --yes --batch --passphrase=$GPG_PASSWORD /tmp/sign.key.gpg | |
| gpg --allow-secret-key-import --import /tmp/sign.key | |
| rm /tmp/sign.key | |
| ln -s /tmp/build/Rocket.Chat.tar.gz "$FILENAME" | |
| gpg --armor --detach-sign "$FILENAME" | |
| aws s3 cp $ROCKET_DEPLOY_DIR/ s3://download.rocket.chat/build/ --recursive | |
| curl -H "Content-Type: application/json" -H "X-Update-Token: $UPDATE_TOKEN" -d \ | |
| "{\"nodeVersion\": \"14.19.3\", \"compatibleMongoVersions\": [\"4.2\", \"4.4\", \"5.0\"], \"commit\": \"$GITHUB_SHA\", \"tag\": \"$RC_VERSION\", \"branch\": \"$GIT_BRANCH\", \"artifactName\": \"$ARTIFACT_NAME\", \"releaseType\": \"$RC_RELEASE\"}" \ | |
| https://releases.rocket.chat/update | |
| # Makes build fail if the release isn't there | |
| curl --fail https://releases.rocket.chat/$RC_VERSION/info | |
| if [[ $GIT_TAG ]]; then | |
| curl -X POST \ | |
| https://connect.redhat.com/api/v2/projects/$REDHAT_REGISTRY_PID/build \ | |
| -H "Authorization: Bearer $REDHAT_REGISTRY_KEY" \ | |
| -H 'Cache-Control: no-cache' \ | |
| -H 'Content-Type: application/json' \ | |
| -d '{"tag":"'$GIT_TAG'"}' | |
| fi | |
| docker-image-publish: | |
| runs-on: ubuntu-20.04 | |
| needs: [deploy, build-docker-preview, release-versions] | |
| strategy: | |
| matrix: | |
| # this is currently a mix of variants and different images | |
| release: ['official', 'preview', 'alpine'] | |
| env: | |
| IMAGE_NAME: 'rocketchat/rocket.chat' | |
| steps: | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_PASS }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.CR_USER }} | |
| password: ${{ secrets.CR_PAT }} | |
| - name: Get Docker image name | |
| id: gh-docker | |
| run: | | |
| LOWERCASE_REPOSITORY=$(echo "${{ github.repository_owner }}" | tr "[:upper:]" "[:lower:]") | |
| GH_IMAGE_NAME="ghcr.io/${LOWERCASE_REPOSITORY}/rocket.chat:${{ needs.release-versions.outputs.gh-docker-tag }}.${{ matrix.release }}" | |
| echo "GH_IMAGE_NAME: $GH_IMAGE_NAME" | |
| echo "::set-output name=gh-image-name::${GH_IMAGE_NAME}" | |
| - name: Pull Docker image | |
| run: docker pull ${{ steps.gh-docker.outputs.gh-image-name }} | |
| - name: Publish Docker image | |
| run: | | |
| if [[ '${{ matrix.release }}' = 'preview' ]]; then | |
| IMAGE_NAME="${IMAGE_NAME}.preview" | |
| fi; | |
| # 'develop' or 'tag' | |
| DOCKER_TAG=$GITHUB_REF_NAME | |
| # append the variant name to docker tag | |
| if [[ '${{ matrix.release }}' = 'alpine' ]]; then | |
| DOCKER_TAG="${DOCKER_TAG}-${{ matrix.release }}" | |
| fi; | |
| echo "IMAGE_NAME: $IMAGE_NAME" | |
| echo "DOCKER_TAG: $DOCKER_TAG" | |
| # tag and push the specific tag version | |
| docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $IMAGE_NAME:$DOCKER_TAG | |
| docker push $IMAGE_NAME:$DOCKER_TAG | |
| if [[ $GITHUB_REF == refs/tags/* ]]; then | |
| RELEASE="${{ needs.release-versions.outputs.release }}" | |
| if [[ '${{ matrix.release }}' = 'alpine' ]]; then | |
| RELEASE="${RELEASE}-${{ matrix.release }}" | |
| fi; | |
| echo "RELEASE: $RELEASE" | |
| if [[ $RELEASE == 'latest' ]]; then | |
| if [[ '${{ needs.release-versions.outputs.latest-release }}' == $GITHUB_REF_NAME ]]; then | |
| docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $IMAGE_NAME:$RELEASE | |
| docker push $IMAGE_NAME:$RELEASE | |
| fi | |
| else | |
| docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $IMAGE_NAME:$RELEASE | |
| docker push $IMAGE_NAME:$RELEASE | |
| fi | |
| fi | |
| services-docker-image-publish: | |
| runs-on: ubuntu-20.04 | |
| needs: [deploy, release-versions] | |
| strategy: | |
| matrix: | |
| service: ['account', 'authorization', 'ddp-streamer', 'presence', 'stream-hub'] | |
| steps: | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_PASS }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.CR_USER }} | |
| password: ${{ secrets.CR_PAT }} | |
| - name: Get Docker image name | |
| id: gh-docker | |
| run: | | |
| LOWERCASE_REPOSITORY=$(echo "${{ github.repository_owner }}" | tr "[:upper:]" "[:lower:]") | |
| GH_IMAGE_NAME="ghcr.io/${LOWERCASE_REPOSITORY}/${{ matrix.service }}-service:${{ needs.release-versions.outputs.gh-docker-tag }}" | |
| echo "GH_IMAGE_NAME: $GH_IMAGE_NAME" | |
| echo "::set-output name=gh-image-name::${GH_IMAGE_NAME}" | |
| - name: Pull Docker image | |
| run: docker pull ${{ steps.gh-docker.outputs.gh-image-name }} | |
| - name: Publish Docker images | |
| run: | | |
| DH_IMAGE_NAME="rocketchat/${{ matrix.service }}-service" | |
| # 'develop' or 'tag' | |
| DOCKER_TAG=$GITHUB_REF_NAME | |
| echo "DH_IMAGE_NAME: $DH_IMAGE_NAME" | |
| echo "DOCKER_TAG: $DOCKER_TAG" | |
| # tag and push the specific tag version | |
| docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $DH_IMAGE_NAME:$DOCKER_TAG | |
| docker push $DH_IMAGE_NAME:$DOCKER_TAG | |
| if [[ $GITHUB_REF == refs/tags/* ]]; then | |
| RELEASE="${{ needs.release-versions.outputs.release }}" | |
| echo "RELEASE: $RELEASE" | |
| if [[ $RELEASE == 'latest' ]]; then | |
| if [[ '${{ needs.release-versions.outputs.latest-release }}' == $GITHUB_REF_NAME ]]; then | |
| docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $DH_IMAGE_NAME:$RELEASE | |
| docker push $DH_IMAGE_NAME:$RELEASE | |
| fi | |
| else | |
| docker tag ${{ steps.gh-docker.outputs.gh-image-name }} $DH_IMAGE_NAME:$RELEASE | |
| docker push $DH_IMAGE_NAME:$RELEASE | |
| fi | |
| fi |