build(deps-dev): bump happy-dom from 17.1.1 to 17.1.4 in /frontend (#… #917
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - 'release/**' | |
| tags: | |
| - "v*" | |
| # Only run for pull requests if relevant files were changed | |
| pull_request: | |
| branches: | |
| - main | |
| - 'release/**' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| CARGO_NET_GIT_FETCH_WITH_CLI: "true" | |
| SCCACHE_GHA_ENABLED: "true" | |
| RUSTC_WRAPPER: "sccache" | |
| IMAGE: ghcr.io/element-hq/matrix-authentication-service | |
| IMAGE_SYN2MAS: ghcr.io/element-hq/matrix-authentication-service/syn2mas | |
| BUILDCACHE: ghcr.io/element-hq/matrix-authentication-service/buildcache | |
| DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index | |
| jobs: | |
| compute-version: | |
| name: Compute version using git describe | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| describe: ${{ steps.git.outputs.describe }} | |
| timestamp: ${{ steps.git.outputs.timestamp }} | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4.2.2 | |
| with: | |
| # Need a full clone so that `git describe` reports the right version | |
| fetch-depth: 0 | |
| - name: Compute version and timestamp out of git history | |
| id: git | |
| run: | | |
| echo "describe=$(git describe --tags --match 'v*.*.*' --always)" >> $GITHUB_OUTPUT | |
| echo "timestamp=$(git log -1 --format=%ct)" >> $GITHUB_OUTPUT | |
| build-assets: | |
| name: Build assets | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4.2.2 | |
| - uses: ./.github/actions/build-frontend | |
| - uses: ./.github/actions/build-policies | |
| - name: Prepare assets artifact | |
| run: | | |
| mkdir -p assets-dist/share | |
| cp policies/policy.wasm assets-dist/share/policy.wasm | |
| cp frontend/dist/manifest.json assets-dist/share/manifest.json | |
| cp -r frontend/dist/ assets-dist/share/assets | |
| cp -r templates/ assets-dist/share/templates | |
| cp -r translations/ assets-dist/share/translations | |
| cp LICENSE assets-dist/LICENSE | |
| chmod -R u=rwX,go=rX assets-dist/ | |
| - name: Upload assets | |
| uses: actions/upload-artifact@v4.6.0 | |
| with: | |
| name: assets | |
| path: assets-dist | |
| build-binaries: | |
| name: Build binaries | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - compute-version | |
| strategy: | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| - target: aarch64-unknown-linux-gnu | |
| env: | |
| VERGEN_GIT_DESCRIBE: ${{ needs.compute-version.outputs.describe }} | |
| SOURCE_DATE_EPOCH: ${{ needs.compute-version.outputs.timestamp }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4.2.2 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: | | |
| ${{ matrix.target }} | |
| - name: Setup sccache | |
| uses: mozilla-actions/sccache-action@v0.0.7 | |
| - name: Install zig | |
| uses: goto-bus-stop/setup-zig@v2 | |
| with: | |
| version: 0.13.0 | |
| - name: Install cargo-zigbuild | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-zigbuild | |
| - name: Build the binary | |
| run: | | |
| cargo zigbuild \ | |
| --release \ | |
| --target ${{ matrix.target }}.2.17 \ | |
| --no-default-features \ | |
| --features dist \ | |
| -p mas-cli | |
| - name: Upload binary artifact | |
| uses: actions/upload-artifact@v4.6.0 | |
| with: | |
| name: binary-${{ matrix.target }} | |
| path: target/${{ matrix.target }}/release/mas-cli | |
| assemble-archives: | |
| name: Assemble release archives | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - build-assets | |
| - build-binaries | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Download assets | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: assets | |
| path: assets-dist | |
| - name: Download binary x86_64 | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: binary-x86_64-unknown-linux-gnu | |
| path: binary-x86_64 | |
| - name: Download binary aarch64 | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: binary-aarch64-unknown-linux-gnu | |
| path: binary-aarch64 | |
| - name: Create final archives | |
| run: | | |
| for arch in x86_64 aarch64; do | |
| mkdir -p dist/${arch}/share | |
| cp -r assets-dist/share/* dist/${arch}/share/ | |
| cp assets-dist/LICENSE dist/${arch}/LICENSE | |
| cp binary-$arch/mas-cli dist/${arch}/mas-cli | |
| chmod -R u=rwX,go=rX dist/${arch}/ | |
| chmod u=rwx,go=rx dist/${arch}/mas-cli | |
| tar -czvf mas-cli-${arch}-linux.tar.gz --owner=0 --group=0 -C dist/${arch}/ . | |
| done | |
| - name: Upload aarch64 archive | |
| uses: actions/upload-artifact@v4.6.0 | |
| with: | |
| name: mas-cli-aarch64-linux | |
| path: mas-cli-aarch64-linux.tar.gz | |
| - name: Upload x86_64 archive | |
| uses: actions/upload-artifact@v4.6.0 | |
| with: | |
| name: mas-cli-x86_64-linux | |
| path: mas-cli-x86_64-linux.tar.gz | |
| build-image: | |
| name: Build and push Docker image | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| metadata: ${{ steps.output.outputs.metadata }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| needs: | |
| - compute-version | |
| env: | |
| VERGEN_GIT_DESCRIBE: ${{ needs.compute-version.outputs.describe }} | |
| SOURCE_DATE_EPOCH: ${{ needs.compute-version.outputs.timestamp }} | |
| steps: | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5.6.1 | |
| with: | |
| images: "${{ env.IMAGE }}" | |
| bake-target: docker-metadata-action | |
| flavor: | | |
| latest=auto | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Docker meta (debug variant) | |
| id: meta-debug | |
| uses: docker/metadata-action@v5.6.1 | |
| with: | |
| images: "${{ env.IMAGE }}" | |
| bake-target: docker-metadata-action-debug | |
| flavor: | | |
| latest=auto | |
| suffix=-debug,onlatest=true | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Docker meta (syn2mas) | |
| id: meta-syn2mas | |
| uses: docker/metadata-action@v5.6.1 | |
| with: | |
| images: "${{ env.IMAGE_SYN2MAS }}" | |
| bake-target: docker-metadata-action-syn2mas | |
| flavor: | | |
| latest=auto | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Setup Cosign | |
| uses: sigstore/cosign-installer@v3.8.1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3.9.0 | |
| with: | |
| buildkitd-config-inline: | | |
| [registry."docker.io"] | |
| mirrors = ["mirror.gcr.io"] | |
| - name: Login to GitHub Container Registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # For pull-requests, only read from the cache, do not try to push to the | |
| # cache or the image itself | |
| - name: Build | |
| uses: docker/bake-action@v6.4.0 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| files: | | |
| ./docker-bake.hcl | |
| cwd://${{ steps.meta.outputs.bake-file }} | |
| cwd://${{ steps.meta-debug.outputs.bake-file }} | |
| cwd://${{ steps.meta-syn2mas.outputs.bake-file }} | |
| set: | | |
| base.cache-from=type=registry,ref=${{ env.BUILDCACHE }}:buildcache | |
| - name: Build and push | |
| id: bake | |
| uses: docker/bake-action@v6.4.0 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| files: | | |
| ./docker-bake.hcl | |
| cwd://${{ steps.meta.outputs.bake-file }} | |
| cwd://${{ steps.meta-debug.outputs.bake-file }} | |
| cwd://${{ steps.meta-syn2mas.outputs.bake-file }} | |
| set: | | |
| base.output=type=image,push=true | |
| base.cache-from=type=registry,ref=${{ env.BUILDCACHE }}:buildcache | |
| base.cache-to=type=registry,ref=${{ env.BUILDCACHE }}:buildcache,mode=max | |
| - name: Transform bake output | |
| # This transforms the ouput to an object which looks like this: | |
| # { reguar: { digest: "…", tags: ["…", "…"] }, debug: { digest: "…", tags: ["…"] }, … } | |
| id: output | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| echo 'metadata<<EOF' >> $GITHUB_OUTPUT | |
| echo '${{ steps.bake.outputs.metadata }}' | jq -c 'with_entries(select(.value | (type == "object" and has("containerimage.digest")))) | map_values({ digest: .["containerimage.digest"], tags: (.["image.name"] | split(",")) })' >> $GITHUB_OUTPUT | |
| echo 'EOF' >> $GITHUB_OUTPUT | |
| - name: Sign the images with GitHub Actions provided token | |
| # Only sign on tags and on commits on main branch | |
| if: | | |
| github.event_name != 'pull_request' | |
| && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') | |
| env: | |
| REGULAR_DIGEST: ${{ steps.output.outputs.metadata && fromJSON(steps.output.outputs.metadata).regular.digest }} | |
| DEBUG_DIGEST: ${{ steps.output.outputs.metadata && fromJSON(steps.output.outputs.metadata).debug.digest }} | |
| SYN2MAS_DIGEST: ${{ steps.output.outputs.metadata && fromJSON(steps.output.outputs.metadata).syn2mas.digest }} | |
| run: |- | |
| cosign sign --yes \ | |
| "$IMAGE@$REGULAR_DIGEST" \ | |
| "$IMAGE@$DEBUG_DIGEST" \ | |
| "$IMAGE_SYN2MAS@$SYN2MAS_DIGEST" | |
| syn2mas: | |
| name: Release syn2mas on NPM | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| if: github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4.2.2 | |
| - name: Install Node | |
| uses: actions/setup-node@v4.2.0 | |
| with: | |
| node-version-file: ./tools/syn2mas/.nvmrc | |
| - name: Install Node dependencies | |
| working-directory: ./tools/syn2mas | |
| run: npm ci | |
| - name: Publish | |
| uses: JS-DevTools/npm-publish@v3 | |
| with: | |
| package: ./tools/syn2mas | |
| token: ${{ secrets.NPM_TOKEN }} | |
| provenance: true | |
| dry-run: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
| release: | |
| name: Release | |
| if: startsWith(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - assemble-archives | |
| - build-image | |
| - syn2mas | |
| steps: | |
| - name: Download the artifacts from the previous job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: mas-cli-* | |
| path: artifacts | |
| merge-multiple: true | |
| - name: Prepare a release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| generate_release_notes: true | |
| body: | | |
| ### Docker image | |
| Regular image: | |
| - Digest: | |
| ``` | |
| ${{ env.IMAGE }}@${{ fromJSON(needs.build-image.outputs.metadata).regular.digest }} | |
| ``` | |
| - Tags: | |
| ``` | |
| ${{ join(fromJSON(needs.build-image.outputs.metadata).regular.tags, ' | |
| ') }} | |
| ``` | |
| Debug variant: | |
| - Digest: | |
| ``` | |
| ${{ env.IMAGE }}@${{ fromJSON(needs.build-image.outputs.metadata).debug.digest }} | |
| ``` | |
| - Tags: | |
| ``` | |
| ${{ join(fromJSON(needs.build-image.outputs.metadata).debug.tags, ' | |
| ') }} | |
| ``` | |
| `syn2mas` migration tool: | |
| - Digest: | |
| ``` | |
| ${{ env.IMAGE_SYN2MAS }}@${{ fromJSON(needs.build-image.outputs.metadata).syn2mas.digest }} | |
| ``` | |
| - Tags: | |
| ``` | |
| ${{ join(fromJSON(needs.build-image.outputs.metadata).syn2mas.tags, ' | |
| ') }} | |
| ``` | |
| files: | | |
| artifacts/mas-cli-aarch64-linux.tar.gz | |
| artifacts/mas-cli-x86_64-linux.tar.gz | |
| draft: true | |
| unstable: | |
| name: Update the unstable release | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - assemble-archives | |
| - build-image | |
| if: github.ref == 'refs/heads/main' | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4.2.2 | |
| with: | |
| sparse-checkout: | | |
| .github/scripts | |
| - name: Download the artifacts from the previous job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: mas-cli-* | |
| path: artifacts | |
| merge-multiple: true | |
| - name: Update unstable git tag | |
| uses: actions/github-script@v7.0.1 | |
| with: | |
| script: | | |
| const script = require('./.github/scripts/update-unstable-tag.cjs'); | |
| await script({ core, github, context }); | |
| - name: Update unstable release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: 'Unstable build' | |
| tag_name: unstable | |
| body: | | |
| This is an automatically updated unstable release containing the latest builds from the main branch. | |
| **⚠️ Warning: These are development builds and may be unstable.** | |
| Last updated: ${{ github.event.head_commit.timestamp }} | |
| Commit: ${{ github.sha }} | |
| ### Docker image | |
| Regular image: | |
| - Digest: | |
| ``` | |
| ${{ env.IMAGE }}@${{ fromJSON(needs.build-image.outputs.metadata).regular.digest }} | |
| ``` | |
| - Tags: | |
| ``` | |
| ${{ join(fromJSON(needs.build-image.outputs.metadata).regular.tags, ' | |
| ') }} | |
| ``` | |
| Debug variant: | |
| - Digest: | |
| ``` | |
| ${{ env.IMAGE }}@${{ fromJSON(needs.build-image.outputs.metadata).debug.digest }} | |
| ``` | |
| - Tags: | |
| ``` | |
| ${{ join(fromJSON(needs.build-image.outputs.metadata).debug.tags, ' | |
| ') }} | |
| ``` | |
| files: | | |
| artifacts/mas-cli-aarch64-linux.tar.gz | |
| artifacts/mas-cli-x86_64-linux.tar.gz | |
| prerelease: true | |
| make_latest: false |