Skip to content
Build

fix(deps): downgrade flowbite to v2.5.2 in package.json and package-lock.json #2115

Sign in to view logs

fix(deps): downgrade flowbite to v2.5.2 in package.json and package-lock.json

fix(deps): downgrade flowbite to v2.5.2 in package.json and package-lock.json #2115

Workflow file for this run

.github/workflows/build.yml at efaf04d
name: "Build"
on:
pull_request:
merge_group:
push:
branches:
- master
jobs:
changes:
runs-on: ubuntu-latest
permissions:
pull-requests: read
outputs:
package-lock-json: ${{ steps.filter.outputs.package-lock-json }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
package-lock-json:
- 'frontend/package-lock.json'
build-agent:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-nix
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: build thymis-agent
uses: ./.github/actions/run-command-with-nix-cache-upload
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
script: |
nix build .#thymis-agent --print-build-logs
build-agent-aarch64:
runs-on: ubuntu-22.04-arm
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-nix
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: build thymis-agent-aarch64
uses: ./.github/actions/run-command-with-nix-cache-upload
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
script: |
nix build .#thymis-agent --print-build-logs
build-thymis-controller:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
path: thymis
- uses: ./thymis/.github/actions/setup-nix
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Build thymis-frontend
uses: ./thymis/.github/actions/run-command-with-nix-cache-upload
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
script: |
cd thymis
nix build .#thymis-frontend --print-build-logs 2>&1 | tee build.log
sleep 1
- name: Get Thymis App Token
id: generate-token
if: failure()
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.THYMIS_APP_ID }}
private-key: ${{ secrets.THYMIS_APP_PRIVATE_KEY }}
- uses: actions/checkout@v4
if: failure()
with:
token: ${{ steps.generate-token.outputs.token }}
path: thymis-2
ref: ${{ github.head_ref || github.ref_name }}
- name: check if failed because of frontend hash failure, in that case, commit the new hash
if: failure()
env:
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
run: |
if grep -q -e "hash mismatch in fixed-output derivation" -e "npmDepsHash is out of date" thymis/build.log; then
cd thymis-2
echo "frontendHashFailure detected, committing new hash"
# git config --global user.name github-actions[bot]
# git config --global user.email 41898282+github-actions[bot]@users.noreply.github.com
USER_NAME=${{ steps.generate-token.outputs.app-slug }}[bot]
USER_ID=$(gh api "/users/${USER_NAME}" --jq '.id')
USER_EMAIL="${USER_ID}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com"
git config user.email $USER_EMAIL
git config user.name $USER_NAME
# > To fix the issue:
# > 1. Use `lib.fakeHash` as the npmDepsHash value
# > 2. Build the derivation and wait for it to fail with a hash mismatch
# > 3. Copy the 'got: sha256-' value back into the npmDepsHash field
# okay
# first use sed
# file is in ./frontend/default.nix
# line loops like
# npmDepsHash = "sha256-<hash>";
# we want to replace the hash to lib.fakeHash at first
(cd frontend && nix develop .#ci --command npm install)
git add ./frontend/package-lock.json
sed -i 's/npmDepsHash = "sha256-.*";/npmDepsHash = lib.fakeHash;/' ./frontend/default.nix
# and then build the derivation again
nix build .#thymis-frontend --print-build-logs 2>&1 | tee build.log
# now checkout the head_ref branch
git fetch --all
git checkout $BRANCH_NAME
# look for line "got: sha256-<hash>"
# and replace the hash in the file
newHash=$(grep -oP 'got: sha256-\K[0-9a-zA-Z/+=]+' build.log)
sed -i "s@npmDepsHash = lib.fakeHash;@npmDepsHash = \"sha256-$newHash\";@" ./frontend/default.nix
git add ./frontend/default.nix
# if this is a renovate PR (identify by the branch name, "renovate/" prefix)
# then amend the commit instead of creating a new one, so that renovate does not panic
# we need to force push in this case
# additional condition: only if the last commits author is "renovate[bot]"
lastCommitAuthor=$(git log -1 --pretty=format:'%an')
echo "last commit author: '$lastCommitAuthor'"
# only push if no changes were made to the branch since this added
if [[ ${{ github.event.pull_request.head.sha || github.sha }} == $(git rev-parse HEAD) ]]; then
git commit -m "chore(nix,automation): update npmDepsHash in ./frontend/default.nix"
git push
else
echo "Changes were made to the branch since the last commit, not pushing"
fi
fi
- name: build thymis-controller
uses: ./thymis/.github/actions/run-command-with-nix-cache-upload
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
script: |
cd thymis
nix build .#thymis-controller --print-build-logs
build-thymis-controller-pi-3-sd-image:
runs-on: ubuntu-22.04-arm
needs: changes
if: ${{ ! (needs.changes.outputs.package-lock-json == 'true' && github.actor == 'renovate[bot]' && github.event_name == 'pull_request') }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-nix
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: run command with nix cache upload
uses: ./.github/actions/run-command-with-nix-cache-upload
with:
script: |
nix build .#thymis-controller-pi-3-sd-image --print-build-logs
- uses: ./.github/actions/assemble-image-and-assert-existence
build-thymis-controller-pi-4-sd-image:
runs-on: ubuntu-22.04-arm
needs: changes
if: ${{ ! (needs.changes.outputs.package-lock-json == 'true' && github.actor == 'renovate[bot]' && github.event_name == 'pull_request') }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-nix
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: build thymis-controller-pi-4-sd-image
uses: ./.github/actions/run-command-with-nix-cache-upload
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
script: |
nix build .#thymis-controller-pi-4-sd-image --print-build-logs
- uses: ./.github/actions/assemble-image-and-assert-existence
build-thymis-controller-pi-5-sd-image:
runs-on: ubuntu-22.04-arm
needs: changes
if: ${{ ! (needs.changes.outputs.package-lock-json == 'true' && github.actor == 'renovate[bot]' && github.event_name == 'pull_request') }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-nix
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: build thymis-controller-pi-5-sd-image
uses: ./.github/actions/run-command-with-nix-cache-upload
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
script: |
nix build .#thymis-controller-pi-5-sd-image --print-build-logs
- uses: ./.github/actions/assemble-image-and-assert-existence
build-generic-x86_64-image:
runs-on: ubuntu-latest
needs: changes
if: ${{ ! (needs.changes.outputs.package-lock-json == 'true' && github.actor == 'renovate[bot]' && github.event_name == 'pull_request') }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-nix
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: pin nixpkgs
run: nix registry add nixpkgs github:NixOS/nixpkgs/nixos-24.11
- name: build thymis-controller-generic-x86_64-image
uses: ./.github/actions/run-command-with-nix-cache-upload
with:
attic_token: ${{ secrets.ATTIC_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
script: |
nix build .#thymis-controller-generic-x86_64-image --print-build-logs
- uses: ./.github/actions/assemble-image-and-assert-existence