From e34d4d764ef3ae2d140f0e7b38f36dc67834a9a7 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 30 May 2024 10:02:46 -0400 Subject: [PATCH 1/6] Check for token --- .github/workflows/deploy-config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-config.yml b/.github/workflows/deploy-config.yml index 3a2d935dd28..5dc3a427e1a 100644 --- a/.github/workflows/deploy-config.yml +++ b/.github/workflows/deploy-config.yml @@ -42,6 +42,7 @@ jobs: - name: Yarn install run: yarn - name: Deploy project config if needed + if: env.FIREBASE_CLI_TOKEN != '' run: yarn ts-node scripts/ci-test/deploy-if-needed.ts env: FIREBASE_CLI_TOKEN: ${{secrets.FIREBASE_CLI_TOKEN}} From 2241063bea61693dce725fc00583337ad1a184b0 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 30 May 2024 09:52:59 -0400 Subject: [PATCH 2/6] Check for secrets.* before running jobs --- .../workflows/health-metrics-pull-request.yml | 20 +++++++++++++++++-- .github/workflows/health-metrics-release.yml | 16 +++++++++++++++ .../test-changed-firestore-integration.yml | 16 +++++++++++++++ 3 files changed, 50 insertions(+), 2 deletions(-) diff --git a/.github/workflows/health-metrics-pull-request.yml b/.github/workflows/health-metrics-pull-request.yml index 2148c6d5abf..fec66c697ac 100644 --- a/.github/workflows/health-metrics-pull-request.yml +++ b/.github/workflows/health-metrics-pull-request.yml @@ -33,9 +33,24 @@ env: NODE_OPTIONS: "--max-old-space-size=4096" jobs: + has-sa-key: + name: Check for Service Account Key + runs-on: ubuntu-latest + outputs: + has-sa-key: ${{ steps.check-key.outputs.has-sa-key }} + steps: + - name: Check for Service Account Key + id: check-key + env: + HAS_SA_KEY: ${{ secrets.GCP_SA_KEY != '' && 1 || '' }} + if: env.HAS_SA_KEY + run: | + echo "has-sa-key=1" >> $GITHUB_OUTPUTS + binary-size: + needs: has-sa-key name: Binary Size - if: (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]') + if: needs.has-sa-key.outputs.has-sa-key && (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]') runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -51,8 +66,9 @@ jobs: - name: Run health-metrics/binary-size test run: yarn size-report modular-export-size: + needs: has-sa-key name: Binary Size For Modular Exports - if: (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]') + if: needs.has-sa-key.outputs.has-sa-key && (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]') runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/health-metrics-release.yml b/.github/workflows/health-metrics-release.yml index 1fbb9b4d4a1..53801eec2fa 100644 --- a/.github/workflows/health-metrics-release.yml +++ b/.github/workflows/health-metrics-release.yml @@ -19,8 +19,24 @@ on: tags: ['**'] jobs: + has-sa-key: + name: Check for Service Account Key + runs-on: ubuntu-latest + outputs: + has-sa-key: ${{ steps.check-key.outputs.has-sa-key }} + steps: + - name: Check for Service Account Key + id: check-key + env: + HAS_SA_KEY: ${{ secrets.GCP_SA_KEY != '' && 1 || '' }} + if: env.HAS_SA_KEY + run: | + echo "has-sa-key=1" >> $GITHUB_OUTPUTS + release-diffing: + needs: has-sa-key name: Release Diffing + if: needs.has-sa-key.outputs.has-sa-key runs-on: ubuntu-latest steps: - uses: 'google-github-actions/auth@v0' diff --git a/.github/workflows/test-changed-firestore-integration.yml b/.github/workflows/test-changed-firestore-integration.yml index 85e9c7e3eaa..a772a75e772 100644 --- a/.github/workflows/test-changed-firestore-integration.yml +++ b/.github/workflows/test-changed-firestore-integration.yml @@ -21,8 +21,24 @@ env: NODE_OPTIONS: "--max_old_space_size=4096" jobs: + has-sa-key: + name: Check for Service Account Key + runs-on: ubuntu-latest + outputs: + has-sa-key: ${{ steps.check-key.outputs.has-sa-key }} + steps: + - name: Check for Service Account Key + id: check-key + env: + HAS_SA_KEY: ${{ secrets.JSSDK_ACTIONS_SA_KEY != '' && 1 || '' }} + if: env.HAS_SA_KEY + run: | + echo "has-sa-key=1" >> $GITHUB_OUTPUTS + test: + needs: has-sa-key name: Test Firestore Integration If Changed + if: needs.has-sa-key.outputs.has-sa-key runs-on: ubuntu-latest env: run_terraform_steps: ${{ secrets.JSSDK_ACTIONS_SA_KEY != '' }} From fdacc3b7fbf99ab02e9ff9021cf817611d448763 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 30 May 2024 10:07:09 -0400 Subject: [PATCH 3/6] Check for secrets.* before running jobs --- .github/workflows/e2e-test.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 80a555f7840..4d631f537f4 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -24,8 +24,33 @@ env: NODE_OPTIONS: "--max_old_space_size=4096" jobs: + has-secrets: + name: Check for Service Account Key + runs-on: ubuntu-latest + outputs: + has-secrets: ${{ steps.check-secrets.outputs.has-secrets }} + steps: + - name: Check for Service Account Key + id: check-secrets + env: + HAS_SECRETS: ${{ + secrets.TEST_PROJECT_CONFIG != '' && + secrets.TEST_ACCOUNT != '' && + secrets.FIREBASE_CLI_TOKEN != '' && + secrets.APP_CHECK_DEBUG_TOKEN != '' && + secrets.JSCORE_CHAT_WEBHOOK_URL != '' && + secrets.RELEASE_TRACKER_URL != '' && + 1 || + '' + }} + if: env.HAS_SECRETS + run: | + echo "has-secrets=1" >> $GITHUB_OUTPUTS + test: + needs: has-secrets name: Run E2E Smoke Tests + if: needs.has-secrets.outputs.has-secrets runs-on: ubuntu-latest defaults: From 455b9d5e891731054b495a5a2cc1f8c6a18c4648 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 30 May 2024 10:18:49 -0400 Subject: [PATCH 4/6] Check for secrets.* before running jobs --- .github/workflows/release-prod.yml | 72 ++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/.github/workflows/release-prod.yml b/.github/workflows/release-prod.yml index d0c3de16859..01b48a8c59d 100644 --- a/.github/workflows/release-prod.yml +++ b/.github/workflows/release-prod.yml @@ -24,8 +24,80 @@ on: required: true jobs: + has-secrets: + name: Check for secrets + runs-on: ubuntu-latest + outputs: + has-secrets: ${{ steps.check-secrets.outputs.has-secrets }} + steps: + - name: Check for secrets + id: check-secrets + env: + HAS_SECRETS: ${{ + secrets.NPM_TOKEN_ANALYTICS != '' && + secrets.NPM_TOKEN_ANALYTICS_COMPAT != '' && + secrets.NPM_TOKEN_ANALYTICS_INTEROP_TYPES != '' && + secrets.NPM_TOKEN_ANALYTICS_TYPES != '' && + secrets.NPM_TOKEN_API_DOCUMENTER != '' && + secrets.NPM_TOKEN_APP != '' && + secrets.NPM_TOKEN_APP_CHECK != '' && + secrets.NPM_TOKEN_APP_CHECK_COMPAT != '' && + secrets.NPM_TOKEN_APP_CHECK_INTEROP_TYPES != '' && + secrets.NPM_TOKEN_APP_CHECK_TYPES != '' && + secrets.NPM_TOKEN_APP_COMPAT != '' && + secrets.NPM_TOKEN_APP_TYPES != '' && + secrets.NPM_TOKEN_AUTH != '' && + secrets.NPM_TOKEN_AUTH_COMPAT != '' && + secrets.NPM_TOKEN_AUTH_INTEROP_TYPES != '' && + secrets.NPM_TOKEN_AUTH_TYPES != '' && + secrets.NPM_TOKEN_COMPONENT != '' && + secrets.NPM_TOKEN_DATABASE != '' && + secrets.NPM_TOKEN_DATABASE_COMPAT != '' && + secrets.NPM_TOKEN_DATABASE_TYPES != '' && + secrets.NPM_TOKEN_FIREBASE != '' && + secrets.NPM_TOKEN_FIRESTORE != '' && + secrets.NPM_TOKEN_FIRESTORE_COMPAT != '' && + secrets.NPM_TOKEN_FIRESTORE_TYPES != '' && + secrets.NPM_TOKEN_FUNCTIONS != '' && + secrets.NPM_TOKEN_FUNCTIONS_COMPAT != '' && + secrets.NPM_TOKEN_FUNCTIONS_TYPES != '' && + secrets.NPM_TOKEN_INSTALLATIONS != '' && + secrets.NPM_TOKEN_INSTALLATIONS_COMPAT != '' && + secrets.NPM_TOKEN_INSTALLATIONS_TYPES != '' && + secrets.NPM_TOKEN_LOGGER != '' && + secrets.NPM_TOKEN_MESSAGING != '' && + secrets.NPM_TOKEN_MESSAGING_COMPAT != '' && + secrets.NPM_TOKEN_MESSAGING_INTEROP_TYPES != '' && + secrets.NPM_TOKEN_MESSAGING_TYPES != '' && + secrets.NPM_TOKEN_PERFORMANCE != '' && + secrets.NPM_TOKEN_PERFORMANCE_COMPAT != '' && + secrets.NPM_TOKEN_PERFORMANCE_TYPES != '' && + secrets.NPM_TOKEN_POLYFILL != '' && + secrets.NPM_TOKEN_REMOTE_CONFIG != '' && + secrets.NPM_TOKEN_REMOTE_CONFIG_COMPAT != '' && + secrets.NPM_TOKEN_REMOTE_CONFIG_TYPES != '' && + secrets.NPM_TOKEN_RULES_UNIT_TESTING != '' && + secrets.NPM_TOKEN_STORAGE != '' && + secrets.NPM_TOKEN_STORAGE_COMPAT != '' && + secrets.NPM_TOKEN_STORAGE_TYPES != '' && + secrets.NPM_TOKEN_TESTING != '' && + secrets.NPM_TOKEN_UTIL != '' && + secrets.NPM_TOKEN_VERTEXAI != '' && + secrets.NPM_TOKEN_VERTEXAI_PREVIEW != '' && + secrets.NPM_TOKEN_WEBCHANNEL_WRAPPER != '' && + secrets.OSS_BOT_GITHUB_TOKEN != '' && + secrets.RELEASE_TRACKER_URL != '' && + 1 || + '' + }} + if: env.HAS_SECRETS + run: | + echo "has-secrets=1" >> $GITHUB_OUTPUTS + deploy: + needs: has-secrets name: Production Release + if: needs.has-secrets.outputs.has-secrets runs-on: ubuntu-latest # Allow GITHUB_TOKEN to have write permissions permissions: From a1a0a765e3f26d52bb560903ae8ab443fefd4b12 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 30 May 2024 10:20:58 -0400 Subject: [PATCH 5/6] Check for secrets.* before running jobs --- .github/workflows/release-staging.yml | 74 ++++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-staging.yml b/.github/workflows/release-staging.yml index 32eca1f036d..3bc6bd0b3d2 100644 --- a/.github/workflows/release-staging.yml +++ b/.github/workflows/release-staging.yml @@ -40,11 +40,83 @@ env: NODE_OPTIONS: "--max_old_space_size=4096" jobs: + has-secrets: + name: Check for secrets + runs-on: ubuntu-latest + outputs: + has-secrets: ${{ steps.check-secrets.outputs.has-secrets }} + steps: + - name: Check for secrets + id: check-secrets + env: + HAS_SECRETS: ${{ + secrets.NPM_TOKEN_ANALYTICS != '' && + secrets.NPM_TOKEN_ANALYTICS_COMPAT != '' && + secrets.NPM_TOKEN_ANALYTICS_INTEROP_TYPES != '' && + secrets.NPM_TOKEN_ANALYTICS_TYPES != '' && + secrets.NPM_TOKEN_API_DOCUMENTER != '' && + secrets.NPM_TOKEN_APP != '' && + secrets.NPM_TOKEN_APP_CHECK != '' && + secrets.NPM_TOKEN_APP_CHECK_COMPAT != '' && + secrets.NPM_TOKEN_APP_CHECK_INTEROP_TYPES != '' && + secrets.NPM_TOKEN_APP_CHECK_TYPES != '' && + secrets.NPM_TOKEN_APP_COMPAT != '' && + secrets.NPM_TOKEN_APP_TYPES != '' && + secrets.NPM_TOKEN_AUTH != '' && + secrets.NPM_TOKEN_AUTH_COMPAT != '' && + secrets.NPM_TOKEN_AUTH_INTEROP_TYPES != '' && + secrets.NPM_TOKEN_AUTH_TYPES != '' && + secrets.NPM_TOKEN_COMPONENT != '' && + secrets.NPM_TOKEN_DATABASE != '' && + secrets.NPM_TOKEN_DATABASE_COMPAT != '' && + secrets.NPM_TOKEN_DATABASE_TYPES != '' && + secrets.NPM_TOKEN_FIREBASE != '' && + secrets.NPM_TOKEN_FIRESTORE != '' && + secrets.NPM_TOKEN_FIRESTORE_COMPAT != '' && + secrets.NPM_TOKEN_FIRESTORE_TYPES != '' && + secrets.NPM_TOKEN_FUNCTIONS != '' && + secrets.NPM_TOKEN_FUNCTIONS_COMPAT != '' && + secrets.NPM_TOKEN_FUNCTIONS_TYPES != '' && + secrets.NPM_TOKEN_INSTALLATIONS != '' && + secrets.NPM_TOKEN_INSTALLATIONS_COMPAT != '' && + secrets.NPM_TOKEN_INSTALLATIONS_TYPES != '' && + secrets.NPM_TOKEN_LOGGER != '' && + secrets.NPM_TOKEN_MESSAGING != '' && + secrets.NPM_TOKEN_MESSAGING_COMPAT != '' && + secrets.NPM_TOKEN_MESSAGING_INTEROP_TYPES != '' && + secrets.NPM_TOKEN_MESSAGING_TYPES != '' && + secrets.NPM_TOKEN_PERFORMANCE != '' && + secrets.NPM_TOKEN_PERFORMANCE_COMPAT != '' && + secrets.NPM_TOKEN_PERFORMANCE_TYPES != '' && + secrets.NPM_TOKEN_POLYFILL != '' && + secrets.NPM_TOKEN_REMOTE_CONFIG != '' && + secrets.NPM_TOKEN_REMOTE_CONFIG_COMPAT != '' && + secrets.NPM_TOKEN_REMOTE_CONFIG_TYPES != '' && + secrets.NPM_TOKEN_RULES_UNIT_TESTING != '' && + secrets.NPM_TOKEN_STORAGE != '' && + secrets.NPM_TOKEN_STORAGE_COMPAT != '' && + secrets.NPM_TOKEN_STORAGE_TYPES != '' && + secrets.NPM_TOKEN_TESTING != '' && + secrets.NPM_TOKEN_UTIL != '' && + secrets.NPM_TOKEN_VERTEXAI != '' && + secrets.NPM_TOKEN_VERTEXAI_PREVIEW != '' && + secrets.NPM_TOKEN_WEBCHANNEL_WRAPPER != '' && + secrets.OSS_BOT_GITHUB_TOKEN != '' && + secrets.OSS_BOT_GITHUB_TOKEN != '' && + secrets.RELEASE_TRACKER_URL != '' && + 1 || + '' + }} + if: env.HAS_SECRETS + run: | + echo "has-secrets=1" >> $GITHUB_OUTPUTS + deploy: + needs: has-secrets name: Staging Release runs-on: ubuntu-latest # Block this workflow if run on a non-release branch. - if: github.event.inputs.release-branch == 'release' || endsWith(github.event.inputs.release-branch, '-releasebranch') + if: needs.has-secrets.outputs.has-secrets && (github.event.inputs.release-branch == 'release' || endsWith(github.event.inputs.release-branch, '-releasebranch')) steps: - name: Set up node (20) uses: actions/setup-node@v3 From cbc6a2d820d79e17a1ae9cf98360005a2a231085 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 30 May 2024 10:22:16 -0400 Subject: [PATCH 6/6] Check for secrets.* before running jobs --- .github/workflows/release-tweet.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/release-tweet.yml b/.github/workflows/release-tweet.yml index edd2634637b..9070d82c041 100644 --- a/.github/workflows/release-tweet.yml +++ b/.github/workflows/release-tweet.yml @@ -45,6 +45,14 @@ jobs: FORCE_PUBLISH: ${{ github.event.inputs.force }} - name: Post to Twitter uses: firebase/firebase-admin-node/.github/actions/send-tweet@master + if: ${{ + env.consumer-key != '' && + env.consumer-secret != '' && + env.access-token != '' && + env.access-token-secret != '' && + 1 || + '' + }} with: status: > v${{github.event.inputs.version}} of @Firebase JavaScript client for Web / Node.js is available.