From 48df14e164258db6cbb52f117521007a70eabfd3 Mon Sep 17 00:00:00 2001 From: Philip Harrison Date: Tue, 27 Jul 2021 19:01:13 +0100 Subject: [PATCH 1/2] Improve setup and testing readme Incremental improvement to the readme for setting up and running tests. Also removed some cruft from the action template. There still some left, planning to follow up and replace it with better content instead of janking it out. --- .github/workflows/integration-test.yml | 7 ++- .github/workflows/test.yml | 6 +-- README.md | 71 +++++++++++--------------- action.yml | 4 +- package.json | 3 +- 5 files changed, 38 insertions(+), 53 deletions(-) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index dfac095..81865e4 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -1,5 +1,5 @@ name: 'ci' -on: pull_request +on: pull_request_target jobs: integration: @@ -13,7 +13,6 @@ jobs: run: docker login docker.pkg.github.com -u x -p ${{ secrets.GPR_TOKEN }} - name: GRP pull run: docker pull docker.pkg.github.com/dependabot/dependabot-updater:latest - - run: | - npm ci + - run: npm ci - name: Run integration test files - run: npm test "integration" + run: npm run test-integration diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f87041f..e60df01 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,10 +11,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - run: | - npm ci - - run: | - SKIP_INTEGRATION_TESTS=true npm run all + - run: npm ci + - run: npm run all test: # make sure the action works on a clean machine without building runs-on: ubuntu-latest steps: diff --git a/README.md b/README.md index 10598a4..6ac4db3 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,17 @@ ## Setup -> First, you'll need to have a reasonably modern version of `node` handy. This won't work with versions older than 9, for instance. +### Prerequisites -Install the dependencies +**node**: v14 LTS and up +**docker**: current release + +### Project dependencies ```bash $ npm install ``` -Build the typescript and package it for distribution - -```bash -$ npm run package -``` +## Tests Run the tests :heavy_check_mark: @@ -27,37 +26,33 @@ $ npm test ... ``` -## Change action.yml +### Running integration tests -The action.yml contains defines the inputs and output for your action. - -Update the action.yml with your name, description, inputs and outputs for your action. +```bash +$ npm run test-integration +``` -See the [documentation](https://help.github.com/en/articles/metadata-syntax-for-github-actions) +The integration test will time out if you don't already have the docker image on +your local machine. -## Change the Code +You'll need to create a [GitHub PAT](https://github.com/settings/tokens/new) +(Personal Access Token) to access the updater image hosted on [GitHub +Packages](https://github.com/dependabot/dependabot-updater/pkgs/container/dependabot-updater%2Fdependabot-updater). -Most toolkit and CI/CD operations involve async operations so the action is run in an async function. +Create the PAT with `read:packages` permissions checked and export it: -```javascript -import * as core from '@actions/core'; -... +```bash +export GPR_TOKEN=_pat_with_read_packages_ +``` -async function run() { - try { - ... - } - catch (error) { - core.setFailed(error.message); - } -} +Pull the updater image: -run() +```bash +docker login docker.pkg.github.com -u x -p $GPR_TOKEN +docker pull docker.pkg.github.com/dependabot/dependabot-updater:latest ``` -See the [toolkit documentation](https://github.com/actions/toolkit/blob/master/README.md#packages) for the various packages. - -## Publish to a distribution branch +## Releasing a new version of the action Actions are run from GitHub repos so we will checkin the packed dist folder. @@ -70,24 +65,16 @@ $ git commit -a -m "prod dependencies" $ git push origin releases/v1 ``` -Note: We recommend using the `--license` option for ncc, which will create a license file for all of the production node modules used in your project. - Your action is now published! :rocket: See the [versioning documentation](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md) -## Validate - -You can now validate the action by referencing `./` in a workflow in your repo (see [test.yml](.github/workflows/test.yml)) +After testing you can [create a v1 tag](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md) to reference the stable and latest V1 action -```yaml -uses: ./ -with: - milliseconds: 1000 -``` +## Change action.yml -See the [actions tab](https://github.com/actions/typescript-action/actions) for runs of this action! :rocket: +The action.yml contains defines the inputs and output for your action. -## Usage: +Update the action.yml with your name, description, inputs and outputs for your action. -After testing you can [create a v1 tag](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md) to reference the stable and latest V1 action +See the [documentation](https://help.github.com/en/articles/metadata-syntax-for-github-actions) diff --git a/action.yml b/action.yml index f4ee827..fc7e242 100644 --- a/action.yml +++ b/action.yml @@ -1,6 +1,6 @@ name: 'Updater Action' -description: 'Provide a description here' -author: 'Your name or organization here' +description: 'Runs dependabot-updater in Actions' +author: 'GitHub' runs: using: 'node12' main: 'dist/index.js' diff --git a/package.json b/package.json index 631a14a..5013546 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,8 @@ "format": "prettier --write **/*.ts", "lint": "eslint --fix **/*.ts", "package": "rm -f ./output/output.json && ncc build --source-map --license licenses.txt", - "test": "jest --detectOpenHandles", + "test": "SKIP_INTEGRATION_TESTS=true jest --detectOpenHandles", + "test-integration": "jest --detectOpenHandles 'integration'", "prepare": "husky install", "all": "npm run format && npm run lint && npm run package && npm test" }, From 971b1ec0f26134068894f02905c562b182516726 Mon Sep 17 00:00:00 2001 From: Philip Harrison Date: Tue, 27 Jul 2021 19:05:37 +0100 Subject: [PATCH 2/2] Add permissions to integration ci action --- .github/workflows/integration-test.yml | 3 +- README.md | 55 +++++++++++++++++--------- 2 files changed, 39 insertions(+), 19 deletions(-) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 81865e4..83e3b72 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -1,6 +1,7 @@ name: 'ci' on: pull_request_target - +permissions: + contents: read jobs: integration: runs-on: ubuntu-latest diff --git a/README.md b/README.md index 6ac4db3..3b6d022 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,9 @@ ### Prerequisites -**node**: v14 LTS and up -**docker**: current release +**node**: e.g. `brew install node` on Mac + +**docker**: e.g. `brew install docker` on Mac ### Project dependencies @@ -13,7 +14,7 @@ $ npm install ## Tests -Run the tests :heavy_check_mark: +Run the tests (excluding integration tests) :heavy_check_mark: ```bash $ npm test @@ -36,8 +37,7 @@ The integration test will time out if you don't already have the docker image on your local machine. You'll need to create a [GitHub PAT](https://github.com/settings/tokens/new) -(Personal Access Token) to access the updater image hosted on [GitHub -Packages](https://github.com/dependabot/dependabot-updater/pkgs/container/dependabot-updater%2Fdependabot-updater). +(Personal Access Token) to access the updater image hosted on [dependabot/dependabot-updater](https://github.com/dependabot/dependabot-updater/pkgs/container/dependabot-updater%2Fdependabot-updater). Create the PAT with `read:packages` permissions checked and export it: @@ -52,29 +52,48 @@ docker login docker.pkg.github.com -u x -p $GPR_TOKEN docker pull docker.pkg.github.com/dependabot/dependabot-updater:latest ``` +#### Debugging the fake dependabot-api json-server + +Integration tests run against a fake dependabot-api server using +[json-server](https://github.com/typicode/json-server). + +Initial responses are defined in `__tess__/server/db.json` and the server itself +configured in `__tests__server/server.js`. + +Run the api server outside of tests: + +```bash +node __tests__/server/server.js +``` + +Inspect resources: + +```bash +curl http://localhost:9000/update_jobs/1/details +``` + +### Running against a local dependabot-api instance + +TBD + ## Releasing a new version of the action -Actions are run from GitHub repos so we will checkin the packed dist folder. +Actions executes the `dist/index.js` file when run, defined in `action.yml`. This is packaged using [ncc](https://github.com/zeit/ncc). -Then run [ncc](https://github.com/zeit/ncc) and push the results: +To update the `dist/index.js` run: ```bash $ npm run package -$ git add dist -$ git commit -a -m "prod dependencies" -$ git push origin releases/v1 ``` -Your action is now published! :rocket: - -See the [versioning documentation](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md) +### Tagging releases -After testing you can [create a v1 tag](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md) to reference the stable and latest V1 action +When tagging a release, use semver e.g. `v1.0.0`. -## Change action.yml +Also update the major version tag to point to the latest major release, e.g. `git tag v1`. -The action.yml contains defines the inputs and output for your action. +### Major versions -Update the action.yml with your name, description, inputs and outputs for your action. +Create a new `releases/v1` branch before merging a `v2` branch to main to allow releasing patch releases of previous major versions. -See the [documentation](https://help.github.com/en/articles/metadata-syntax-for-github-actions) +![versioning](https://github.com/actions/toolkit/blob/master/docs/assets/action-releases.png)