Skip to content

Commit 52b437d

Browse files
codemistcodemist
authored
Merge branch 'main' into mntor-3951-1
2 parents 8624e2f + 15b8722 commit 52b437d

File tree

90 files changed

+3767
-1501
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

90 files changed

+3767
-1501
lines changed

.dockerignore

+2
Original file line numberDiff line numberDiff line change
@@ -1 +1,3 @@
11
node_modules
2+
.git
3+
.github

.env.local.example

+7-1
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ SUBSCRIPTION_BILLING_AMOUNT_YEARLY_US=13.37
5252
SUBSCRIPTION_BILLING_AMOUNT_MONTHLY_US=42.42
5353

5454
# HIBP setup
55-
HIBP_KANON_API_ROOT=https://enterprise.stage-api.haveibeenpwned.com
55+
HIBP_KANON_API_ROOT=https://api.haveibeenpwned.com
5656

5757
# Sentry setup
5858
SENTRY_DSN=https://573f784b5cc7481ebf8c0c385d2ad776@o1069899.ingest.sentry.io/4504612374052864
@@ -84,3 +84,9 @@ S3_BUCKET=firefoxmonitor-dev-monitor-cdn-dev-static-website
8484

8585
# Data broker removal estimates data
8686
DATA_BROKER_REMOVAL_ESTIMATES_DATA=[]
87+
88+
# GCP PubSub settings - see the PubSub heading in the README
89+
GCP_PUBSUB_PROJECT_ID=your-project-name
90+
GCP_PUBSUB_TOPIC_NAME=hibp-breaches
91+
GCP_PUBSUB_SUBSCRIPTION_NAME=hibp-cron
92+
PUBSUB_EMULATOR_HOST=localhost:8085

.github/workflows/build.yaml

+4
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
name: Build
22

3+
permissions: {}
4+
35
on: [push]
46

57
jobs:
@@ -9,6 +11,8 @@ jobs:
911

1012
steps:
1113
- uses: actions/checkout@v4
14+
with:
15+
persist-credentials: false
1216
- name: Use Node.js
1317
uses: actions/setup-node@v4
1418
with:

.github/workflows/conflicts.yml

+6
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,18 @@
11
name: No unresolved conflicts
2+
3+
permissions: {}
4+
25
on:
36
pull_request:
47
branches: [ main, localization ]
8+
59
jobs:
610
detect-unresolved-conflicts:
711
runs-on: ubuntu-latest
812
steps:
913
- uses: actions/checkout@v4
14+
with:
15+
persist-credentials: false
1016
- name: List files with merge conflict markers
1117
# Encode conflict markers so this file does not trigger git's conflict detection.
1218
run: git --no-pager grep "$(echo 'PDw8PDw8PAo=' | base64 -d)" ":(exclude).github/" || true

.github/workflows/docker_build_deploy.yml

+4
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
name: Build Docker image and publish
22

3+
permissions: {}
4+
35
on:
46
push:
57
branches: [ main ]
@@ -10,6 +12,8 @@ jobs:
1012
steps:
1113
- name: Check out the repo
1214
uses: actions/checkout@v4
15+
with:
16+
persist-credentials: false
1317

1418
- name: Log in to Docker Hub
1519
uses: docker/login-action@v3

.github/workflows/docker_check.yml

+5
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
name: Build Docker image check
2+
3+
permissions: {}
4+
25
on:
36
pull_request:
47
jobs:
@@ -18,6 +21,8 @@ jobs:
1821
1922
- name: Check out the repo
2023
uses: actions/checkout@v4
24+
with:
25+
persist-credentials: false
2126

2227
- name: Build Docker image
2328
run: docker build .

.github/workflows/e2e_cron.yml

+6-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
name: Monitor Cron e2e Tests
2+
3+
permissions: {}
4+
25
on:
36
schedule:
47
- cron: '0 8 * * *'
@@ -19,6 +22,8 @@ jobs:
1922
runs-on: ubuntu-latest
2023
steps:
2124
- uses: actions/checkout@v4
25+
with:
26+
persist-credentials: false
2227
- uses: actions/setup-node@v4
2328
with:
2429
node-version: 20.18.x
@@ -44,7 +49,7 @@ jobs:
4449
run: npx playwright install --with-deps
4550

4651
- name: Run Playwright tests - ${{ inputs.environment != null && inputs.environment || 'stage' }}
47-
if: github.actor != 'dependabot[bot]'
52+
if: github.event.pull_request.user.login != 'dependabot[bot]'
4853
run: npm run e2e -- --workers=1 --update-snapshots
4954
timeout-minutes: 40
5055
env:

.github/workflows/e2e_pr_full.yml

+6-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
name: Monitor E2E Test Suite (full)
2+
3+
permissions: {}
4+
25
on:
36
push:
47
branches: [ main ]
@@ -30,6 +33,8 @@ jobs:
3033

3134
steps:
3235
- uses: actions/checkout@v4
36+
with:
37+
persist-credentials: false
3338
- uses: actions/setup-node@v4
3439
with:
3540
node-version: 20.18.x
@@ -58,7 +63,7 @@ jobs:
5863
run: npx playwright install --with-deps
5964

6065
- name: Run Playwright tests
61-
if: github.actor != 'dependabot[bot]'
66+
if: github.event.pull_request.user.login != 'dependabot[bot]'
6267
run: npm run e2e -- --update-snapshots
6368
timeout-minutes: 20
6469
env:

.github/workflows/e2e_pr_smoke.yml

+6-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
name: Monitor E2E Test Suite (smoke)
2+
3+
permissions: {}
4+
25
on:
36
push:
47
branches: [ main ]
@@ -30,6 +33,8 @@ jobs:
3033

3134
steps:
3235
- uses: actions/checkout@v4
36+
with:
37+
persist-credentials: false
3338
- uses: actions/setup-node@v4
3439
with:
3540
node-version: 20.18.x
@@ -58,7 +63,7 @@ jobs:
5863
run: npx playwright install --with-deps
5964

6065
- name: Run Playwright tests
61-
if: github.actor != 'dependabot[bot]'
66+
if: github.event.pull_request.user.login != 'dependabot[bot]'
6267
run: npm run e2e:smoke
6368
timeout-minutes: 10
6469
env:

.github/workflows/glean-probe-scraper.yml

+4-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
name: Glean probe-scraper
2+
3+
permissions: {}
4+
25
on:
36
push:
47
paths:
@@ -10,4 +13,4 @@ on:
1013
- src/telemetry/backend-metrics.yaml
1114
jobs:
1215
glean-probe-scraper:
13-
uses: mozilla/probe-scraper/.github/workflows/glean.yaml@main
16+
uses: mozilla/probe-scraper/.github/workflows/glean.yaml@main

.github/workflows/lighthouse_cron.yml

+5
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
name: Lighthouse Report Cron
2+
3+
permissions: {}
4+
25
on:
36
schedule:
47
- cron: '0 6 * * *'
@@ -22,6 +25,8 @@ jobs:
2225
id-token: write
2326
steps:
2427
- uses: actions/checkout@v4
28+
with:
29+
persist-credentials: false
2530
- name: Use Node.js 20.18.x
2631
uses: actions/setup-node@v4
2732
with:

.github/workflows/lint.yaml

+5
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
name: Lint
22

3+
permissions: {}
4+
35
on: [push]
46

57
jobs:
@@ -9,6 +11,8 @@ jobs:
911

1012
steps:
1113
- uses: actions/checkout@v4
14+
with:
15+
persist-credentials: false
1216
- name: Use Node.js
1317
uses: actions/setup-node@v4
1418
with:
@@ -19,3 +23,4 @@ jobs:
1923
# Mirror old linter from CircleCI, verifies that linter succeeds
2024
- run: npm run lint
2125
- run: node src/scripts/build/checkNodeVersionAlignment.js
26+
- run: node src/scripts/build/checkGithubActionsBestPractices.js

.github/workflows/preview_deploy_gcp.yml

+12-9
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
name: Deploy Preview
22

3-
on:
3+
permissions: {}
4+
5+
on:
46
pull_request:
57

68
env:
@@ -12,7 +14,7 @@ env:
1214

1315
jobs:
1416
deploy:
15-
permissions:
17+
permissions:
1618
pull-requests: write
1719
# Secrets aren't available for Dependabot PR (because the updated
1820
# dependencies might abuse them), so they don't have enough rights to
@@ -22,12 +24,14 @@ jobs:
2224
steps:
2325
- name: Checkout
2426
uses: actions/checkout@v4
25-
27+
with:
28+
persist-credentials: false
29+
2630
- name: Setup Cloud SDK
2731
uses: 'google-github-actions/auth@v2'
2832
with:
2933
credentials_json: '${{ secrets.GCP_SA_KEY }}'
30-
34+
3135
- name: Use gcloud CLI
3236
run: gcloud info
3337

@@ -37,19 +41,19 @@ jobs:
3741
continue-on-error: true
3842
run: |
3943
gcloud sql instances create ${{ env.SERVICE }}-${{ env.TAG }} --tier=db-f1-micro --region=${{ env.REGION }} --database-version=POSTGRES_15 --edition=enterprise
40-
gcloud sql users set-password postgres --host=% --instance ${{ env.SERVICE }}-${{ env.TAG }} --password postgres
44+
gcloud sql users set-password postgres --host=% --instance ${{ env.SERVICE }}-${{ env.TAG }} --password postgres
4145
gcloud sql databases create blurts --instance=${{ env.SERVICE }}-${{ env.TAG }}
4246
gcloud sql databases list --instance=${{ env.SERVICE }}-${{ env.TAG }}
4347
gcloud sql instances list
44-
48+
4549
- name: Authorize Docker push
4650
run: gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev
4751

4852
- name: Build and Push Container
4953
run: |-
5054
docker build -t ${{env.REGION}}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }} -f './Dockerfile.cloudrun' .
5155
docker push ${{env.REGION}}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }}
52-
56+
5357
- name: Deploy to Cloud Run
5458
id: deploy
5559
uses: google-github-actions/deploy-cloudrun@v2
@@ -79,7 +83,7 @@ jobs:
7983
DB_USER=postgres
8084
DB_PASSWORD=postgres
8185
CLOUD_SQL_CONNECTION_NAME=${{ env.PROJECT_ID }}:${{env.REGION}}:${{ env.SERVICE }}-${{ env.TAG }}
82-
DATABASE_URL= postgres://postgres:postgres@localhost:5432/blurts
86+
DATABASE_URL= postgres://postgres:postgres@localhost:5432/blurts
8387
8488
- name: Comment on Pull Request
8589
uses: thollander/actions-comment-pull-request@v3
@@ -89,4 +93,3 @@ jobs:
8993
Preview URL :rocket: : ${{ steps.deploy.outputs.url }}
9094
comment-tag: preview_url
9195
create-if-not-exists: true
92-

.github/workflows/preview_deploy_gcp_cleanup.yml

+7-5
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
11
name: Deploy Preview Cleanup
22

3-
on:
3+
permissions: {}
4+
5+
on:
46
# when pull request is merged or closed
5-
pull_request:
7+
pull_request:
68
types: [closed]
79

810
env:
@@ -14,7 +16,7 @@ env:
1416

1517
jobs:
1618
deploy:
17-
permissions:
19+
permissions:
1820
pull-requests: write
1921
# Secrets aren't available for Dependabot PR (because the updated
2022
# dependencies might abuse them), so they don't have enough rights to
@@ -26,15 +28,15 @@ jobs:
2628
uses: 'google-github-actions/auth@v2'
2729
with:
2830
credentials_json: '${{ secrets.GCP_SA_KEY }}'
29-
31+
3032
- name: Use gcloud CLI
3133
run: 'gcloud info'
3234

3335
- name: Delete created database
3436
id: db_delete
3537
# Delete cloud sql instance
3638
run: 'gcloud sql instances delete blurts-server-${{ env.TAG }}'
37-
39+
3840
- name: Delete created cloud run service
3941
id: cloudrun_delete
4042
run: gcloud run services delete blurts-server-${{ env.TAG }} --region ${{ env.REGION }} --platform managed --quiet

.github/workflows/production_deploy.yml

+7-2
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
name: Monitor 1-click Deployment
2+
3+
permissions: {}
4+
25
on:
36
workflow_dispatch:
47
inputs:
@@ -23,6 +26,8 @@ jobs:
2326
steps:
2427
- name: Checkout Repository
2528
uses: actions/checkout@v4
29+
with:
30+
persist-credentials: false
2631

2732
- name: Log in to Docker Hub
2833
uses: docker/login-action@v3
@@ -35,6 +40,6 @@ jobs:
3540

3641
- name: Retag image
3742
run: docker tag ${{ env.DOCKER_IMAGE_NAME }}:${{ inputs.originalImageTag }} ${{ env.DOCKER_IMAGE_NAME }}:${{ inputs.environment }}-${{ inputs.originalImageTag }}
38-
43+
3944
- name: Redeploy image
40-
run: docker push ${{ env.DOCKER_IMAGE_NAME }}:${{ inputs.environment }}-${{ inputs.originalImageTag }}
45+
run: docker push ${{ env.DOCKER_IMAGE_NAME }}:${{ inputs.environment }}-${{ inputs.originalImageTag }}

.github/workflows/reference_linter.yaml

+5
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
name: Lint Reference Files
2+
3+
permissions: {}
4+
25
on:
36
push:
47
pull_request:
@@ -9,6 +12,8 @@ jobs:
912
steps:
1013
- name: Clone repository
1114
uses: actions/checkout@v4
15+
with:
16+
persist-credentials: false
1217
- name: Set up Python 3
1318
uses: actions/setup-python@v5
1419
with:

0 commit comments

Comments
 (0)