From 22ddcd1f8f30fb2d9dd4acf9d8d646d060d3351a Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Wed, 21 Aug 2024 03:11:38 -0400 Subject: [PATCH 01/14] .editorconfig updates --- .editorconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.editorconfig b/.editorconfig index 55e95ea69f9..00ca8145659 100644 --- a/.editorconfig +++ b/.editorconfig @@ -12,6 +12,14 @@ indent_size = 4 indent_style = space indent_size = 2 +[*.props] +indent_style = space +indent_size = 2 + +[*.xml] +indent_style = space +indent_size = 2 + [*.wxs] indent_style = space indent_size = 2 From 6753915ef6b0d1e358444f6da5e61e32779058e6 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Wed, 21 Aug 2024 03:14:55 -0400 Subject: [PATCH 02/14] Format a bunch of documents --- .github/CODE_OF_CONDUCT.md | 20 +- .github/CONTRIBUTING.md | 72 +- .github/ISSUE_TEMPLATE/bug_report.md | 21 +- .github/ISSUE_TEMPLATE/feature_request.md | 5 +- .../workflows/auto-approve-dominions-prs.yml | 20 +- .github/workflows/check-pr-has-milestone.yml | 30 +- .github/workflows/ci-pipeline.yml | 3637 +++++++++-------- .github/workflows/ci-security.yml | 70 +- .github/workflows/dependabot-automerge.yml | 10 +- .github/workflows/rerun-flaky-tests.yml | 20 +- .github/workflows/stable-merge.yml | 90 +- .github/workflows/update-ss13-org-mirror.yml | 90 +- docs/DoxygenLayout.xml | 2 +- 13 files changed, 2059 insertions(+), 2028 deletions(-) diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md index 87a518e410c..5d136249dce 100644 --- a/.github/CODE_OF_CONDUCT.md +++ b/.github/CODE_OF_CONDUCT.md @@ -8,19 +8,19 @@ In the interest of fostering an open and welcoming environment, we as contributo Examples of behavior that contributes to creating a positive environment include: -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members +- Using welcoming and inclusive language +- Being respectful of differing viewpoints and experiences +- Gracefully accepting constructive criticism +- Focusing on what is best for the community +- Showing empathy towards other community members Examples of unacceptable behavior by participants include: -* The use of sexualized language or imagery and unwelcome sexual attention or advances -* Trolling, insulting/derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or electronic address, without explicit permission -* Other conduct which could reasonably be considered inappropriate in a professional setting +- The use of sexualized language or imagery and unwelcome sexual attention or advances +- Trolling, insulting/derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or electronic address, without explicit permission +- Other conduct which could reasonably be considered inappropriate in a professional setting ## Our Responsibilities diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 1c6c65e278c..e1eca340320 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -46,14 +46,15 @@ In addition, the installer project uses the Wix v4 Toolset which will cause an e In order to run the integration tests you must have the dotnet 7.0 SDK installed to properly build the OpenDream minimum compatible version. You must also have the following environment variables set. To run them more accurately, include the optional ones. + - `TGS_TEST_DATABASE_TYPE`: `MySql`, `MariaDB`, `PostgresSql`, or `SqlServer`. - `TGS_TEST_CONNECTION_STRING`: To a valid database connection string. You can use the setup wizard to create one. - (Optional) `TGS_TEST_GITHUB_TOKEN`: A GitHub personal access token with no scopes used to bypass rate limits. - (Optional) The following variables are all interdependent, so if one is set they all must be. - - `TGS_TEST_DISCORD_TOKEN`: To a valid discord bot token. - - `TGS_TEST_DISCORD_CHANNEL`: To a valid discord channel ID that the above bot can access. - - `TGS_TEST_IRC_CONNECTION_STRING`: To a valid IRC connection string. See the code for [IrcConnectionStringBuilder](../src/Tgstation.Server.Api/Models/IrcConnectionStringBuilder.cs) for details. - - `TGS_TEST_IRC_CHANNEL`: To a valid IRC channel accessible with the above connection. + - `TGS_TEST_DISCORD_TOKEN`: To a valid discord bot token. + - `TGS_TEST_DISCORD_CHANNEL`: To a valid discord channel ID that the above bot can access. + - `TGS_TEST_IRC_CONNECTION_STRING`: To a valid IRC connection string. See the code for [IrcConnectionStringBuilder](../src/Tgstation.Server.Api/Models/IrcConnectionStringBuilder.cs) for details. + - `TGS_TEST_IRC_CHANNEL`: To a valid IRC channel accessible with the above connection. - (Optional) `TGS_TEST_OD_ENGINE_VERSION`: Specify the full git commit SHA of the [OpenDream](https://github.com/OpenDreamProject/OpenDream) version to use in the main integration test, the default is the current HEAD of the default branch. - (Optional) `TGS_TEST_OD_GIT_DIRECTORY`: Path to a local [OpenDream](https://github.com/OpenDreamProject/OpenDream) git repository to use as an upstream for testing. - (Optional) `TGS_TEST_OD_EXCLUSIVE`: Set to `true` to enable the quicker integration test that only runs [OpenDream](https://github.com/OpenDreamProject/OpenDream) functionality. This is tested by default in the main integration test. @@ -63,7 +64,7 @@ You must also have the following environment variables set. To run them more acc For the full CI gambit, the following repository configuration must be set: - Setting `Workflow Permissions` to `Read and write permissions`: Enables GitHub Actions comments. -![image](https://github.com/tgstation/tgstation-server/assets/8171642/ab17fa74-364f-4e66-b7c4-b9bb24c6a599) + ![image](https://github.com/tgstation/tgstation-server/assets/8171642/ab17fa74-364f-4e66-b7c4-b9bb24c6a599) - Label `CI Cleared`: To allow PRs from forks to run CI with secrets after approval. - Integration [CodeCov](https://github.com/apps/codecov): Enables CodeCov status checks. - Secret `CODECOV_TOKEN`: A CodeCov repo token to work around https://github.com/codecov/codecov-action/issues/837. @@ -96,19 +97,23 @@ The `/src` folder at the root of this repository contains a series of `README.md You are expected to follow these specifications in order to make everyone's lives easier. It'll save both your time and ours, by making sure you don't have to make any changes and we don't have to ask you to. Thank you for reading this section! ### Object Oriented Code + As C# is an object-oriented language, code must be object-oriented when possible in order to be more flexible when adding content to it. If you don't know what "object-oriented" means, we highly recommend you do some light research to grasp the basics. ### No hacky code -Hacky code, such as adding specific checks, is highly discouraged and only allowed when there is ***no*** other option. (Protip: 'I couldn't immediately think of a proper way so thus there must be no other option' is not gonna cut it here! If you can't think of anything else, say that outright and admit that you need help with it. Maintainers exist for exactly that reason.) + +Hacky code, such as adding specific checks, is highly discouraged and only allowed when there is **_no_** other option. (Protip: 'I couldn't immediately think of a proper way so thus there must be no other option' is not gonna cut it here! If you can't think of anything else, say that outright and admit that you need help with it. Maintainers exist for exactly that reason.) You can avoid hacky code by using object-oriented methodologies, such as overriding a function (called "procs" in DM) or sectioning code into functions and then overriding them as required. ### No duplicated code + Copying code from one place to another may be suitable for small, short-time projects, but /tg/station is a long-term project and highly discourages this. Instead you can use object orientation, or simply placing repeated code in a function, to obey this specification easily. ### No magic numbers or strings + This means stuff like having a "mode" variable for an object set to "1" or "2" with no clear indicator of what that means. Make these `const string`s with a name that more clearly states what it's for. This is clearer and enhances readability of your code! Get used to doing it! ### Class Design Guidelines @@ -144,8 +149,10 @@ DON'T: Stylecop will throw warnings if your code does not match style guidelines. Do NOT suppress these ### Use early return + Do not enclose a function in an if-block when returning on a condition is more feasible This is bad: + ```C# void Hello() { @@ -155,7 +162,9 @@ void Hello() do stuff } ``` + This is good: + ```C# void Hello() { @@ -171,42 +180,44 @@ void Hello() do stuff } ``` + This prevents nesting levels from getting deeper then they need to be. ### Other Notes -* Code should be modular where possible; if you are working on a new addition, then strongly consider putting it in its own file unless it makes sense to put it with similar ones. - -* You are expected to help maintain the code that you add, meaning that if there is a problem then you are likely to be approached in order to fix any issues, runtimes, or bugs. - -* Some terminology to help understand the architecture: - * An instance can be thought of as a separate server. It has a separate directory, repository, set of byond installations, etc... The only thing shared amongst instances is API surface, users, global configuration, the active tgstation-server version, and the host machine. - * API refers to the HTTP API unless otherwise specified. - * The entirety of server functionality resides in the host (Tgstation.Server.Host) project. - * A Component is a service running in tgstation-server to help with instance functionality. These can only be communicated with via the HTTP or DM APIs. - * There is a difference between Watchdog and Host Watchdog. The former monitors DreamDaemon uptime, the latter handles updating tgstation-server. - * Interop is complicated terminology wise: - * Interop: The overall process of communication between tgstation-server and DreamDaemon. - * DMAPI: The tgstation-server provided code compiled into .dmbs to provide additional functionality. - * Topic: The process of sending a message from the TGS -> DD via /world/Topic() and receiving a response. - * Bridge: The process of sending a message from DD -> TGS and receiving a response. + +- Code should be modular where possible; if you are working on a new addition, then strongly consider putting it in its own file unless it makes sense to put it with similar ones. + +- You are expected to help maintain the code that you add, meaning that if there is a problem then you are likely to be approached in order to fix any issues, runtimes, or bugs. + +- Some terminology to help understand the architecture: + - An instance can be thought of as a separate server. It has a separate directory, repository, set of byond installations, etc... The only thing shared amongst instances is API surface, users, global configuration, the active tgstation-server version, and the host machine. + - API refers to the HTTP API unless otherwise specified. + - The entirety of server functionality resides in the host (Tgstation.Server.Host) project. + - A Component is a service running in tgstation-server to help with instance functionality. These can only be communicated with via the HTTP or DM APIs. + - There is a difference between Watchdog and Host Watchdog. The former monitors DreamDaemon uptime, the latter handles updating tgstation-server. + - Interop is complicated terminology wise: + - Interop: The overall process of communication between tgstation-server and DreamDaemon. + - DMAPI: The tgstation-server provided code compiled into .dmbs to provide additional functionality. + - Topic: The process of sending a message from the TGS -> DD via /world/Topic() and receiving a response. + - Bridge: The process of sending a message from DD -> TGS and receiving a response. ## Pull Request Process There is no strict process when it comes to merging pull requests. Pull requests will sometimes take a while before they are looked at by a maintainer; the bigger the change, the more time it will take before they are accepted into the code. Every team member is a volunteer who is giving up their own time to help maintain and contribute, so please be courteous and respectful. Here are some helpful ways to make it easier for you and for the maintainers when making a pull request. -* Make sure your pull request complies to the requirements outlined in [this guide](http://tgstation13.org/wiki/Getting_Your_Pull_Accepted) (with the exception of point 3) +- Make sure your pull request complies to the requirements outlined in [this guide](http://tgstation13.org/wiki/Getting_Your_Pull_Accepted) (with the exception of point 3) -* You are going to be expected to document all your changes in the pull request and add/update XML documentation comments for the functions and classes you modify. Failing to do so will mean delaying it as we will have to question why you made the change. On the other hand, you can speed up the process by making the pull request readable and easy to understand, with diagrams or before/after data. +- You are going to be expected to document all your changes in the pull request and add/update XML documentation comments for the functions and classes you modify. Failing to do so will mean delaying it as we will have to question why you made the change. On the other hand, you can speed up the process by making the pull request readable and easy to understand, with diagrams or before/after data. -* If you are proposing multiple changes, which change many different aspects of the code, you are expected to section them off into different pull requests in order to make it easier to review them and to deny/accept the changes that are deemed acceptable. +- If you are proposing multiple changes, which change many different aspects of the code, you are expected to section them off into different pull requests in order to make it easier to review them and to deny/accept the changes that are deemed acceptable. -* If your pull request is accepted, the code you add no longer belongs exclusively to you but to everyone; everyone is free to work on it, but you are also free to support or object to any changes being made, which will likely hold more weight, as you're the one who added the feature. It is a shame this has to be explicitly said, but there have been cases where this would've saved some trouble. +- If your pull request is accepted, the code you add no longer belongs exclusively to you but to everyone; everyone is free to work on it, but you are also free to support or object to any changes being made, which will likely hold more weight, as you're the one who added the feature. It is a shame this has to be explicitly said, but there have been cases where this would've saved some trouble. -* Your submission must be tested with 100% code coverage with both unit and integration tests +- Your submission must be tested with 100% code coverage with both unit and integration tests -* Please explain why you are submitting the pull request, and how you think your change will be beneficial to the server. Failure to do so will be grounds for rejecting the PR. +- Please explain why you are submitting the pull request, and how you think your change will be beneficial to the server. Failure to do so will be grounds for rejecting the PR. -* Commits MUST be properly titled and commented as we only use merge commits for the pull request process +- Commits MUST be properly titled and commented as we only use merge commits for the pull request process ## Making Model Changes @@ -238,7 +249,7 @@ OAuth providers are hardcoded but it is fairly easy to add new ones. The flow do 1. Add the name to the [Tgstation.Server.Api.Models.OAuthProviders](../src/Tgstation.Server.Api/Models/OAuthProviders.cs) enum (Also necessitates a minor HTTP API version bump). 1. Create an implementation of [IOAuthValidator](../src/Tgstation.Server.Host/Security/OAuth/IOAuthValidator.cs). - - Most providers can simply override the [GenericOAuthValidator](../src/Tgstation.Server.Host/Security/OAuth/GenericOAuthValidator.cs). + - Most providers can simply override the [GenericOAuthValidator](../src/Tgstation.Server.Host/Security/OAuth/GenericOAuthValidator.cs). 1. Construct the implementation in the [OAuthProviders](../src/Tgstation.Server.Host/Security/OAuth/OAuthProviders.cs) class. 1. Add a null entry to the default [appsettings.yml](../src/Tgstation.Server.Host/appsettings.yml). 1. Update the main [README.md](../README.md) to indicate the new provider. @@ -313,6 +324,7 @@ The build system will also handle closing the current milestone and creating new ## Banned content Do not add any of the following in a Pull Request or risk getting the PR closed: -* National Socialist Party of Germany content, National Socialist Party of Germany related content, or National Socialist Party of Germany references + +- National Socialist Party of Germany content, National Socialist Party of Germany related content, or National Socialist Party of Germany references Just becuase something isn't on this list doesn't mean that it's acceptable. Use common sense above all else. diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index ca0641d261e..0fdf438977c 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,10 +1,9 @@ --- name: Bug Report about: Report a problem with the server -title: '' +title: "" labels: Bug, Reproduction Required assignees: Cyberboss - --- **Describe the bug** @@ -12,6 +11,7 @@ A clear and concise description of what the bug is. Please note that client issu **To Reproduce** Steps to reproduce the behavior: + 1. Go to '...' 2. Click on '....' 3. Scroll down to '....' @@ -24,14 +24,15 @@ A clear and concise description of what you expected to happen. Please include full server logs to help diagnose your problem **Server State: (please complete the following information):** - - OS: - - Version: - - Database Type/Version: - - BYOND Version Used: - - git Repository Used: - - Origin Commit hash Used: - - Active Test Merges: - - Client Version: + +- OS: +- Version: +- Database Type/Version: +- BYOND Version Used: +- git Repository Used: +- Origin Commit hash Used: +- Active Test Merges: +- Client Version: **Additional context** Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index b6058b642bb..0c477a50440 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -1,10 +1,9 @@ --- name: Feature request about: Suggest an idea for the server -title: '' +title: "" labels: Feature Request, Backlog -assignees: '' - +assignees: "" --- **Is your feature request related to a problem? Please describe.** diff --git a/.github/workflows/auto-approve-dominions-prs.yml b/.github/workflows/auto-approve-dominions-prs.yml index cd499fffde8..23d4dcff358 100644 --- a/.github/workflows/auto-approve-dominions-prs.yml +++ b/.github/workflows/auto-approve-dominions-prs.yml @@ -6,8 +6,8 @@ name: "Auto-Approve Dominion's PRs" on: pull_request_target: branches: - - dev - - master + - dev + - master concurrency: group: "approve-dominion-${{ github.head_ref || github.run_id }}-${{ github.event_name }}" @@ -19,11 +19,11 @@ jobs: if: github.event.pull_request.user.login == 'Cyberboss' && !github.event.pull_request.draft && !contains(github.event.pull_request.body, '- [ ]') && (github.event.pull_request.base.repo.owner.login == 'tgstation' || github.event.pull_request.base.repo.owner.login == 'Cyberboss') runs-on: ubuntu-latest steps: - - name: GitHub API Call - run: | - curl --request POST \ - --url https://api.github.com/repos/${{github.repository}}/pulls/${{github.event.number}}/reviews \ - --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ - --header 'content-type: application/json' \ - -d '{"event":"APPROVE"}' \ - --fail + - name: GitHub API Call + run: | + curl --request POST \ + --url https://api.github.com/repos/${{github.repository}}/pulls/${{github.event.number}}/reviews \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + -d '{"event":"APPROVE"}' \ + --fail diff --git a/.github/workflows/check-pr-has-milestone.yml b/.github/workflows/check-pr-has-milestone.yml index 0ce8c605f99..d2b5029d9a0 100644 --- a/.github/workflows/check-pr-has-milestone.yml +++ b/.github/workflows/check-pr-has-milestone.yml @@ -2,10 +2,10 @@ name: "Check PR Has Milestone" on: pull_request: - types: [ opened, edited, synchronize, reopened, labeled ] + types: [opened, edited, synchronize, reopened, labeled] branches: - - dev - - master + - dev + - master concurrency: group: "check-pr-milestone-${{ github.head_ref || github.run_id }}-${{ github.event_name }}" @@ -16,16 +16,16 @@ jobs: name: Fail if Pull Request has no Associated Version Milestone runs-on: ubuntu-latest steps: - - name: Fail if no Milestone Set - if: github.event.pull_request.milestone == null - run: | - echo "::error::Pull request must have milestone set!" - exit 1 + - name: Fail if no Milestone Set + if: github.event.pull_request.milestone == null + run: | + echo "::error::Pull request must have milestone set!" + exit 1 - - name: Fail if Invalid Milestone Set - run: | - if [[ ${{ github.event.pull_request.milestone.title }} =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - exit 0 - fi - echo "::error::Pull request has non-standard milestone!" - exit 1 + - name: Fail if Invalid Milestone Set + run: | + if [[ ${{ github.event.pull_request.milestone.title }} =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + exit 0 + fi + echo "::error::Pull request has non-standard milestone!" + exit 1 diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml index 880b648d5ad..7dc77312870 100644 --- a/.github/workflows/ci-pipeline.yml +++ b/.github/workflows/ci-pipeline.yml @@ -16,19 +16,19 @@ # - Docker: https://hub.docker.com/r/tgstation/server # - apt repo: https://github.com/tgstation/tgstation-ppa # - winget: https://github.com/microsoft/winget-pkgs/tree/master/manifests/t/Tgstation/Server -name: 'CI Pipeline' +name: CI Pipeline on: schedule: - cron: 0 9 * * * push: branches: - - dev - - master + - dev + - master workflow_call: inputs: pull_request_number: - description: 'Pull Request Number' + description: Pull Request Number required: true type: string @@ -51,30 +51,30 @@ jobs: name: Build ReleaseNotes for Other Jobs runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: Build ReleaseNotes # Name checked in rerunFlakyTests.js - run: dotnet publish -c Release -p:TGS_HOST_NO_WEBPANEL=true -o release_notes_bins tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj - - - name: Store ReleaseNotes Binaries - uses: actions/upload-artifact@v4 - with: - name: release_notes_bins - path: ./release_notes_bins/ + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: Build ReleaseNotes # Name checked in rerunFlakyTests.js + run: dotnet publish -c Release -p:TGS_HOST_NO_WEBPANEL=true -o release_notes_bins tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj + + - name: Store ReleaseNotes Binaries + uses: actions/upload-artifact@v4 + with: + name: release_notes_bins + path: ./release_notes_bins/ code-scanning: name: Run CodeQL @@ -85,310 +85,310 @@ jobs: env: TGS_TELEMETRY_KEY_FILE: /tmp/tgs_telemetry_key.txt steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - name: Checkout (Branch) - uses: actions/checkout@v4 + - name: Checkout (Branch) + uses: actions/checkout@v4 - - name: Read Current SHA - id: get-pr-sha - if: github.event_name != 'push' && github.event_name != 'schedule' - shell: bash - run: echo "head_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT + - name: Read Current SHA + id: get-pr-sha + if: github.event_name != 'push' && github.event_name != 'schedule' + shell: bash + run: echo "head_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: csharp + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: csharp - - name: Setup Telemetry Key File - run: echo "fake_telemetry_key" > ${{ env.TGS_TELEMETRY_KEY_FILE }} + - name: Setup Telemetry Key File + run: echo "fake_telemetry_key" > ${{ env.TGS_TELEMETRY_KEY_FILE }} - - name: Build # Name checked in rerunFlakyTests.js - run: dotnet build -c ReleaseNoWindows -p:TGS_HOST_NO_WEBPANEL=true + - name: Build # Name checked in rerunFlakyTests.js + run: dotnet build -c ReleaseNoWindows -p:TGS_HOST_NO_WEBPANEL=true - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:csharp" + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:csharp" dmapi-build: name: Build DMAPI strategy: fail-fast: false matrix: - byond: [ '510.1346', '511.1385', '512.1488', '513.1542', '514.1589', 'EDGE' ] + byond: + ["510.1346", "511.1385", "512.1488", "513.1542", "514.1589", "EDGE"] runs-on: ubuntu-latest steps: - - name: Install Native x86 libc Dependencies # Name checked in rerunFlakyTests.js - run: | - sudo dpkg --add-architecture i386 - sudo apt-get update - sudo apt-get install -y -o APT::Immediate-Configure=0 libc6-i386 libstdc++6:i386 libgcc-s1:i386 - - - name: Cache BYOND .zips - uses: actions/cache@v4 - id: cache-byond - with: - path: ~/byond-zips-cache - key: byond-zips - - - name: Setup BYOND Cache if Necessary and Install - run: | - echo "Setting up BYOND." - FULL_VERSION=${{ matrix.byond }} - if [[ "$FULL_VERSION" = "EDGE" ]] ; then - VERSIONS=$(curl https://www.byond.com/download/version.txt) - FULL_VERSION=$(echo "$VERSIONS" | tail -n1) - echo "EDGE version evaluated to $FULL_VERSION" - - # Also needs updating in ByondTest.cs - declare -A bad_linux_releases=([515.1612]="515.1611" [515.1617]="515.1616") - - if [[ -n "${bad_linux_releases[$FULL_VERSION]}" ]] ; then - echo "$FULL_VERSION does not have a linux zip, falling back to ${bad_linux_releases[$FULL_VERSION]}" - FULL_VERSION=${bad_linux_releases[$FULL_VERSION]} - fi - fi - if [[ ! -f $HOME/byond-zips-cache/linux/$FULL_VERSION.zip ]] ; then - BYOND_MAJOR=${FULL_VERSION%.*} - mkdir -p $HOME/byond-zips-cache/linux - curl "https://www.byond.com/download/build/$BYOND_MAJOR/${FULL_VERSION}_byond_linux.zip" -o $HOME/byond-zips-cache/linux/$FULL_VERSION.zip - fi - mkdir -p "$HOME/BYOND" - cd "$HOME/BYOND" - cp $HOME/byond-zips-cache/linux/$FULL_VERSION.zip byond.zip - unzip byond.zip - cd byond - make here - exit 0 - - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: Read Current SHA - id: get-pr-sha - if: github.event_name != 'push' && github.event_name != 'schedule' - shell: bash - run: echo "head_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - - - - name: Compile DMAPI Test Project - run: | - set -e - retval=1 - source $HOME/BYOND/byond/bin/byondsetup - - if hash DreamMaker 2>/dev/null - then - DreamMaker "tests/DMAPI/BasicOperation/basic operation_test.dme" 2>&1 | tee result.log - retval=$? - if ! grep '\- 0 errors, 0 warnings' result.log + - name: Install Native x86 libc Dependencies # Name checked in rerunFlakyTests.js + run: | + sudo dpkg --add-architecture i386 + sudo apt-get update + sudo apt-get install -y -o APT::Immediate-Configure=0 libc6-i386 libstdc++6:i386 libgcc-s1:i386 + + - name: Cache BYOND .zips + uses: actions/cache@v4 + id: cache-byond + with: + path: ~/byond-zips-cache + key: byond-zips + + - name: Setup BYOND Cache if Necessary and Install + run: | + echo "Setting up BYOND." + FULL_VERSION=${{ matrix.byond }} + if [[ "$FULL_VERSION" = "EDGE" ]] ; then + VERSIONS=$(curl https://www.byond.com/download/version.txt) + FULL_VERSION=$(echo "$VERSIONS" | tail -n1) + echo "EDGE version evaluated to $FULL_VERSION" + + # Also needs updating in ByondTest.cs + declare -A bad_linux_releases=([515.1612]="515.1611" [515.1617]="515.1616") + + if [[ -n "${bad_linux_releases[$FULL_VERSION]}" ]] ; then + echo "$FULL_VERSION does not have a linux zip, falling back to ${bad_linux_releases[$FULL_VERSION]}" + FULL_VERSION=${bad_linux_releases[$FULL_VERSION]} + fi + fi + if [[ ! -f $HOME/byond-zips-cache/linux/$FULL_VERSION.zip ]] ; then + BYOND_MAJOR=${FULL_VERSION%.*} + mkdir -p $HOME/byond-zips-cache/linux + curl "https://www.byond.com/download/build/$BYOND_MAJOR/${FULL_VERSION}_byond_linux.zip" -o $HOME/byond-zips-cache/linux/$FULL_VERSION.zip + fi + mkdir -p "$HOME/BYOND" + cd "$HOME/BYOND" + cp $HOME/byond-zips-cache/linux/$FULL_VERSION.zip byond.zip + unzip byond.zip + cd byond + make here + exit 0 + + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: Read Current SHA + id: get-pr-sha + if: github.event_name != 'push' && github.event_name != 'schedule' + shell: bash + run: echo "head_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT + + - name: Compile DMAPI Test Project + run: | + set -e + retval=1 + source $HOME/BYOND/byond/bin/byondsetup + + if hash DreamMaker 2>/dev/null then - retval=1 + DreamMaker "tests/DMAPI/BasicOperation/basic operation_test.dme" 2>&1 | tee result.log + retval=$? + if ! grep '\- 0 errors, 0 warnings' result.log + then + retval=1 + fi + else + echo "Couldn't find the DreamMaker executable, aborting." + retval=2 fi - else - echo "Couldn't find the DreamMaker executable, aborting." - retval=2 - fi - exit $retval + exit $retval opendream-build: name: Build DMAPI (OpenDream) strategy: fail-fast: false matrix: - committish: [ 'master', 'tgs-min-compat' ] + committish: ["master", "tgs-min-compat"] runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - if: matrix.committish == 'master' - with: - dotnet-version: '${{ env.OD_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Setup dotnet (min-compat) - uses: actions/setup-dotnet@v4 - if: matrix.committish == 'tgs-min-compat' - with: - dotnet-version: '${{ env.OD_MIN_COMPAT_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: Checkout OpenDream - run: | - cd $HOME - git clone https://github.com/OpenDreamProject/OpenDream - cd OpenDream - git checkout ${{ matrix.committish }} - git submodule update --init --recursive - - - name: Build OpenDream # Name checked in rerunFlakyTests.js - run: | - cd $HOME/OpenDream/OpenDreamPackageTool - dotnet build -c Release --nologo -v q --property WarningLevel=0 /clp:ErrorsOnly - - - name: Build TGS Deployment # Name checked in rerunFlakyTests.js - run: | - cd $HOME/OpenDream - dotnet run -c Release --project OpenDreamPackageTool --no-build -- --tgs -o tgs_deploy - - - name: Compile DMAPI Test Project - run: | - cd tests/DMAPI/BasicOperation - $HOME/OpenDream/tgs_deploy/bin/compiler/DMCompiler --verbose --notices-enabled "basic operation_test.dme" + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + if: matrix.committish == 'master' + with: + dotnet-version: "${{ env.OD_DOTNET_VERSION }}.0.x" + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Setup dotnet (min-compat) + uses: actions/setup-dotnet@v4 + if: matrix.committish == 'tgs-min-compat' + with: + dotnet-version: "${{ env.OD_MIN_COMPAT_DOTNET_VERSION }}.0.x" + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: Checkout OpenDream + run: | + cd $HOME + git clone https://github.com/OpenDreamProject/OpenDream + cd OpenDream + git checkout ${{ matrix.committish }} + git submodule update --init --recursive + + - name: Build OpenDream # Name checked in rerunFlakyTests.js + run: | + cd $HOME/OpenDream/OpenDreamPackageTool + dotnet build -c Release --nologo -v q --property WarningLevel=0 /clp:ErrorsOnly + + - name: Build TGS Deployment # Name checked in rerunFlakyTests.js + run: | + cd $HOME/OpenDream + dotnet run -c Release --project OpenDreamPackageTool --no-build -- --tgs -o tgs_deploy + + - name: Compile DMAPI Test Project + run: | + cd tests/DMAPI/BasicOperation + $HOME/OpenDream/tgs_deploy/bin/compiler/DMCompiler --verbose --notices-enabled "basic operation_test.dme" efcore-version-match: name: Check Nuget Versions Match Tools runs-on: ubuntu-latest steps: - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: Retrieve dotnet-ef Tool Version - id: dotnet-ef-tool - run: echo "version=$(cat src/Tgstation.Server.Host/.config/dotnet-tools.json | jq -r '.tools."dotnet-ef".version')" >> $GITHUB_OUTPUT - - - name: Retrieve wix Tool Version - id: wix-tool - run: echo "version=$(cat build/package/winget/.config/dotnet-tools.json | jq -r '.tools.wix.version')" >> $GITHUB_OUTPUT - - - name: Retrieve dotnet-ef Nuget Version - id: dotnet-ef-nuget - run: | - regex='\s+' - if [[ $(cat src/Tgstation.Server.Host/Tgstation.Server.Host.csproj) =~ $regex ]]; then - echo "version=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT - else - echo "Regex search failed!" - exit 1 - fi - - - name: Retrieve wix Nuget Version - id: wix-nuget - run: | - regex='' - if [[ $(cat build/package/winget/Tgstation.Server.Host.Service.Wix/Tgstation.Server.Host.Service.Wix.wixproj) =~ $regex ]]; then - echo "version=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT - else - echo "Regex search failed!" - exit 1 - fi + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: Retrieve dotnet-ef Tool Version + id: dotnet-ef-tool + run: echo "version=$(cat src/Tgstation.Server.Host/.config/dotnet-tools.json | jq -r '.tools."dotnet-ef".version')" >> $GITHUB_OUTPUT + + - name: Retrieve wix Tool Version + id: wix-tool + run: echo "version=$(cat build/package/winget/.config/dotnet-tools.json | jq -r '.tools.wix.version')" >> $GITHUB_OUTPUT + + - name: Retrieve dotnet-ef Nuget Version + id: dotnet-ef-nuget + run: | + regex='\s+' + if [[ $(cat src/Tgstation.Server.Host/Tgstation.Server.Host.csproj) =~ $regex ]]; then + echo "version=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT + else + echo "Regex search failed!" + exit 1 + fi + + - name: Retrieve wix Nuget Version + id: wix-nuget + run: | + regex='' + if [[ $(cat build/package/winget/Tgstation.Server.Host.Service.Wix/Tgstation.Server.Host.Service.Wix.wixproj) =~ $regex ]]; then + echo "version=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT + else + echo "Regex search failed!" + exit 1 + fi - - name: Fail if dotnet-ef Versions Don't Match - if: ${{ steps.dotnet-ef-tool.outputs.version != steps.dotnet-ef-nuget.outputs.version }} - run: | - echo "${{ steps.dotnet-ef-tool.outputs.version }} != ${{ steps.dotnet-ef-nuget.outputs.version }}" - exit 1 + - name: Fail if dotnet-ef Versions Don't Match + if: ${{ steps.dotnet-ef-tool.outputs.version != steps.dotnet-ef-nuget.outputs.version }} + run: | + echo "${{ steps.dotnet-ef-tool.outputs.version }} != ${{ steps.dotnet-ef-nuget.outputs.version }}" + exit 1 - - name: Fail if wix Versions Don't Match - if: ${{ steps.wix-tool.outputs.version != steps.wix-nuget.outputs.version }} - run: | - echo "${{ steps.wix-tool.outputs.version }} != ${{ steps.wix-nuget.outputs.version }}" - exit 1 + - name: Fail if wix Versions Don't Match + if: ${{ steps.wix-tool.outputs.version != steps.wix-nuget.outputs.version }} + run: | + echo "${{ steps.wix-tool.outputs.version }} != ${{ steps.wix-nuget.outputs.version }}" + exit 1 pages-build: name: Build gh-pages needs: build-releasenotes runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: gh-pages Clone - run: git clone -b gh-pages --single-branch "https://git@github.com/tgstation/tgstation-server" $HOME/tgsdox - - - name: Retrieve ReleaseNotes Binaries - uses: actions/download-artifact@v4 - with: - name: release_notes_bins - path: release_notes_bins - - - name: Compile Changelog (Incremental) - run: | - mv $HOME/tgsdox/changelog.yml ./ 2>/dev/null - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --generate-full-notes - - - name: Generate App Token - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - - - name: Patch Doxyfile - run: | - VERSION=$(cat "build/Version.props" | grep -oPm1 "(?<=)[^<]+") - echo -e "\nPROJECT_NUMBER = $VERSION\nINPUT = .\nOUTPUT_DIRECTORY = ./doxout\nPROJECT_LOGO = ./artifacts/tgs.ico\nHAVE_DOT=YES" >> "docs/Doxyfile" - - - name: Doxygen Build - uses: mattnotmitt/doxygen-action@411df0c62acb5b96b8a93d93a7bf4b753c47ea05 # v1.9.5 - with: - doxyfile-path: 'docs/Doxyfile' - - - name: gh-pages Push - if: github.event_name == 'push' && github.event.ref == 'refs/heads/dev' && env.TGS_RELEASE_NOTES_TOKEN != '' - run: | - pushd $HOME/tgsdox - rm -r * - popd - sudo mv changelog.yml $HOME/tgsdox/ - echo ./doxout/* | xargs -n 10 sudo mv -t $HOME/tgsdox - cd $HOME/tgsdox - git config --global push.default simple - git config user.name "tgstation-server-ci[bot]" - git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" - echo '# THIS BRANCH IS AUTO GENERATED BY GITHUB ACTIONS' > README.md - - # Need to create a .nojekyll file to allow filenames starting with an underscore - # to be seen on the gh-pages site. Therefore creating an empty .nojekyll file. - echo "" > .nojekyll - echo "Adding files..." - git add --all - echo "Committing..." - git diff-index --quiet HEAD || git commit -m "Deploy code docs to GitHub Pages for workflow run ${{ github.run_number }}" -m "Commit: ${{ github.event.head_commit.id }}" - echo "Pushing..." - git push -f "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/tgstation/tgstation-server" 2>&1 + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: gh-pages Clone + run: git clone -b gh-pages --single-branch "https://git@github.com/tgstation/tgstation-server" $HOME/tgsdox + + - name: Retrieve ReleaseNotes Binaries + uses: actions/download-artifact@v4 + with: + name: release_notes_bins + path: release_notes_bins + + - name: Compile Changelog (Incremental) + run: | + mv $HOME/tgsdox/changelog.yml ./ 2>/dev/null + dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --generate-full-notes + + - name: Generate App Token + run: | + dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} + echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV + rm ${{ runner.temp }}/installation_secret.txt + + - name: Patch Doxyfile + run: | + VERSION=$(cat "build/Version.props" | grep -oPm1 "(?<=)[^<]+") + echo -e "\nPROJECT_NUMBER = $VERSION\nINPUT = .\nOUTPUT_DIRECTORY = ./doxout\nPROJECT_LOGO = ./artifacts/tgs.ico\nHAVE_DOT=YES" >> "docs/Doxyfile" + + - name: Doxygen Build + uses: mattnotmitt/doxygen-action@411df0c62acb5b96b8a93d93a7bf4b753c47ea05 # v1.9.5 + with: + doxyfile-path: "docs/Doxyfile" + + - name: gh-pages Push + if: github.event_name == 'push' && github.event.ref == 'refs/heads/dev' && env.TGS_RELEASE_NOTES_TOKEN != '' + run: | + pushd $HOME/tgsdox + rm -r * + popd + sudo mv changelog.yml $HOME/tgsdox/ + echo ./doxout/* | xargs -n 10 sudo mv -t $HOME/tgsdox + cd $HOME/tgsdox + git config --global push.default simple + git config user.name "tgstation-server-ci[bot]" + git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" + echo '# THIS BRANCH IS AUTO GENERATED BY GITHUB ACTIONS' > README.md + + # Need to create a .nojekyll file to allow filenames starting with an underscore + # to be seen on the gh-pages site. Therefore creating an empty .nojekyll file. + echo "" > .nojekyll + echo "Adding files..." + git add --all + echo "Committing..." + git diff-index --quiet HEAD || git commit -m "Deploy code docs to GitHub Pages for workflow run ${{ github.run_number }}" -m "Commit: ${{ github.event.head_commit.id }}" + echo "Pushing..." + git push -f "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/tgstation/tgstation-server" 2>&1 docker-build: name: Build Docker Image @@ -396,363 +396,364 @@ jobs: env: TGS_TELEMETRY_KEY_FILE: tgs_telemetry_key.txt steps: - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - name: Setup Telemetry Key File - shell: bash - run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} + - name: Setup Telemetry Key File + shell: bash + run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} - - name: Build Docker Image # Name checked in rerunFlakyTests.js - run: docker build . -f build/Dockerfile --build-arg TGS_TELEMETRY_KEY_FILE=${{ env.TGS_TELEMETRY_KEY_FILE }} + - name: Build Docker Image # Name checked in rerunFlakyTests.js + run: docker build . -f build/Dockerfile --build-arg TGS_TELEMETRY_KEY_FILE=${{ env.TGS_TELEMETRY_KEY_FILE }} - - name: Delete Telemetry Key File - if: always() - run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} + - name: Delete Telemetry Key File + if: always() + run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} linux-unit-tests: name: Linux Tests strategy: fail-fast: false matrix: - configuration: [ 'Debug', 'Release' ] + configuration: ["Debug", "Release"] env: TGS_TEST_DISCORD_TOKEN: ${{ secrets.DISCORD_TOKEN }} TGS_TEST_IRC_CONNECTION_STRING: ${{ secrets.IRC_CONNECTION_STRING }} TGS_TELEMETRY_KEY_FILE: /tmp/tgs_telemetry_key.txt runs-on: ubuntu-latest steps: - - name: Install Native x86 libc Dependencies # Name checked in rerunFlakyTests.js - run: | - sudo dpkg --add-architecture i386 - sudo apt-get update - sudo apt-get install -y -o APT::Immediate-Configure=0 libc6-i386 libstdc++6:i386 libgcc-s1:i386 libgdiplus - - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Setup Node.JS - uses: actions/setup-node@v4 - with: + - name: Install Native x86 libc Dependencies # Name checked in rerunFlakyTests.js + run: | + sudo dpkg --add-architecture i386 + sudo apt-get update + sudo apt-get install -y -o APT::Immediate-Configure=0 libc6-i386 libstdc++6:i386 libgcc-s1:i386 libgdiplus + + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Setup Node.JS + uses: actions/setup-node@v4 + with: node-version: ${{ env.TGS_WEBPANEL_NODE_VERSION }} - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - name: Enable Corepack - run: corepack enable + - name: Enable Corepack + run: corepack enable - - name: Setup Telemetry Key File - run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} + - name: Setup Telemetry Key File + run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} - - name: Build # Name checked in rerunFlakyTests.js - run: dotnet build -c ${{ matrix.configuration }}NoWindows + - name: Build # Name checked in rerunFlakyTests.js + run: dotnet build -c ${{ matrix.configuration }}NoWindows - - name: Delete Telemetry Key File - if: always() - run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} + - name: Delete Telemetry Key File + if: always() + run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} - - name: Cache BYOND .zips - uses: actions/cache@v4 - id: cache-byond - with: - path: ~/byond-zips-cache - key: byond-zips + - name: Cache BYOND .zips + uses: actions/cache@v4 + id: cache-byond + with: + path: ~/byond-zips-cache + key: byond-zips - - name: Run Unit Tests - run: sudo dotnet test --no-build --logger "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true" --filter TestCategory!=RequiresDatabase -c ${{ matrix.configuration }}NoWindows --collect:"XPlat Code Coverage" --settings build/ci.runsettings --results-directory ./TestResults tgstation-server.sln + - name: Run Unit Tests + run: sudo dotnet test --no-build --logger "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true" --filter TestCategory!=RequiresDatabase -c ${{ matrix.configuration }}NoWindows --collect:"XPlat Code Coverage" --settings build/ci.runsettings --results-directory ./TestResults tgstation-server.sln - - name: Store Code Coverage - uses: actions/upload-artifact@v4 - with: - name: linux-unit-test-coverage-${{ matrix.configuration }} - path: ./TestResults/ + - name: Store Code Coverage + uses: actions/upload-artifact@v4 + with: + name: linux-unit-test-coverage-${{ matrix.configuration }} + path: ./TestResults/ windows-unit-tests: name: Windows Tests strategy: fail-fast: false matrix: - configuration: [ 'Debug', 'Release' ] + configuration: ["Debug", "Release"] env: TGS_TEST_DISCORD_TOKEN: ${{ secrets.DISCORD_TOKEN }} TGS_TEST_IRC_CONNECTION_STRING: ${{ secrets.IRC_CONNECTION_STRING }} TGS_TELEMETRY_KEY_FILE: C:/tgs_telemetry_key.txt runs-on: windows-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Setup Node.JS - uses: actions/setup-node@v4 - with: + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Setup Node.JS + uses: actions/setup-node@v4 + with: node-version: ${{ env.TGS_WEBPANEL_NODE_VERSION }} - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - name: Enable Corepack - run: corepack enable + - name: Enable Corepack + run: corepack enable - - name: Setup Telemetry Key File - shell: bash - run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} + - name: Setup Telemetry Key File + shell: bash + run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} - - name: Build # Name checked in rerunFlakyTests.js - run: dotnet build -c ${{ matrix.configuration }}NoWix + - name: Build # Name checked in rerunFlakyTests.js + run: dotnet build -c ${{ matrix.configuration }}NoWix - - name: Delete Telemetry Key File - shell: bash - if: always() - run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} + - name: Delete Telemetry Key File + shell: bash + if: always() + run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} - - name: Cache BYOND .zips - uses: actions/cache@v4 - id: cache-byond - with: - path: ~/byond-zips-cache - key: byond-zips + - name: Cache BYOND .zips + uses: actions/cache@v4 + id: cache-byond + with: + path: ~/byond-zips-cache + key: byond-zips - - name: Run Unit Tests - run: dotnet test --no-build --logger "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true" --filter TestCategory!=RequiresDatabase -c ${{ matrix.configuration }}NoWix --collect:"XPlat Code Coverage" --settings build/ci.runsettings --results-directory ./TestResults tgstation-server.sln + - name: Run Unit Tests + run: dotnet test --no-build --logger "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true" --filter TestCategory!=RequiresDatabase -c ${{ matrix.configuration }}NoWix --collect:"XPlat Code Coverage" --settings build/ci.runsettings --results-directory ./TestResults tgstation-server.sln - - name: Store Code Coverage - uses: actions/upload-artifact@v4 - with: - name: windows-unit-test-coverage-${{ matrix.configuration }} - path: ./TestResults/ + - name: Store Code Coverage + uses: actions/upload-artifact@v4 + with: + name: windows-unit-test-coverage-${{ matrix.configuration }} + path: ./TestResults/ windows-integration-tests: name: Windows Live Tests - needs: [ dmapi-build, opendream-build ] + needs: [dmapi-build, opendream-build] strategy: fail-fast: false matrix: - database-type: [ 'SqlServer', 'Sqlite', 'PostgresSql', 'MariaDB', 'MySql' ] - watchdog-type: [ 'Basic', 'Advanced' ] - configuration: [ 'Debug', 'Release' ] + database-type: + ["SqlServer", "Sqlite", "PostgresSql", "MariaDB", "MySql"] + watchdog-type: ["Basic", "Advanced"] + configuration: ["Debug", "Release"] env: TGS_TELEMETRY_KEY_FILE: C:/tgs_telemetry_key.txt runs-on: windows-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: | - ${{ env.TGS_DOTNET_VERSION }}.0.x - ${{ env.OD_DOTNET_VERSION }}.0.x - ${{ env.OD_MIN_COMPAT_DOTNET_VERSION }}.0.x - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Wait for LocalDB Connection # Do this first because we don't want to find out it's failing later - shell: powershell - if: ${{ matrix.database-type == 'SqlServer' }} - run: | - Write-Host "Checking" - sqlcmd -l 600 -S "(localdb)\MSSQLLocalDB" -Q "SELECT @@VERSION;" - - - name: Setup Node.JS - uses: actions/setup-node@v4 - with: + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: | + ${{ env.TGS_DOTNET_VERSION }}.0.x + ${{ env.OD_DOTNET_VERSION }}.0.x + ${{ env.OD_MIN_COMPAT_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Wait for LocalDB Connection # Do this first because we don't want to find out it's failing later + shell: powershell + if: ${{ matrix.database-type == 'SqlServer' }} + run: | + Write-Host "Checking" + sqlcmd -l 600 -S "(localdb)\MSSQLLocalDB" -Q "SELECT @@VERSION;" + + - name: Setup Node.JS + uses: actions/setup-node@v4 + with: node-version: ${{ env.TGS_WEBPANEL_NODE_VERSION }} - - name: Set TGS_TEST_DUMP_API_SPEC - if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'SqlServer' }} - run: echo "TGS_TEST_DUMP_API_SPEC=yes" >> $Env:GITHUB_ENV - - - name: Set General__UseBasicWatchdog - if: ${{ matrix.watchdog-type == 'Basic' }} - run: echo "General__UseBasicWatchdog=true" >> $Env:GITHUB_ENV - - - name: Set Sqlite Connection Info - if: ${{ matrix.database-type == 'Sqlite' }} - shell: bash - run: | - echo "TGS_TEST_DATABASE_TYPE=Sqlite" >> $GITHUB_ENV - echo "TGS_TEST_CONNECTION_STRING=Data Source=TGS_${{ matrix.watchdog-type }}_${{ matrix.configuration }}.sqlite3;Mode=ReadWriteCreate" >> $GITHUB_ENV - - - name: Setup Postgres - uses: ankane/setup-postgres@v1 - if: ${{ matrix.database-type == 'PostgresSql' }} - - - name: Set PostgresSql Connection Info - if: ${{ matrix.database-type == 'PostgresSql' }} - shell: bash - run: | - echo "TGS_TEST_DATABASE_TYPE=PostgresSql" >> $GITHUB_ENV - echo "TGS_TEST_CONNECTION_STRING=Application Name=tgstation-server;Host=127.0.0.1;Username=$USER;Database=TGS__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV - - - name: Setup MariaDB - uses: ankane/setup-mariadb@v1 - if: ${{ matrix.database-type == 'MariaDB' }} - - - name: Set MariaDB Connection Info - if: ${{ matrix.database-type == 'MariaDB' }} - shell: bash - run: | - echo "TGS_TEST_DATABASE_TYPE=MariaDB" >> $GITHUB_ENV - echo "TGS_TEST_CONNECTION_STRING=Server=127.0.0.1;uid=root;database=tgs__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV - - - name: Setup MySQL - uses: ankane/setup-mysql@v1 - if: ${{ matrix.database-type == 'MySql' }} - - - name: Set MySQL Connection Info - if: ${{ matrix.database-type == 'MySql' }} - shell: bash - run: | - echo "TGS_TEST_DATABASE_TYPE=MySql" >> $GITHUB_ENV - echo "TGS_TEST_CONNECTION_STRING=Server=127.0.0.1;uid=root;database=tgs__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV - - - name: Set SqlServer Connection Info - if: ${{ matrix.database-type == 'SqlServer' }} - shell: bash - run: | - TGS_CONNSTRING_VALUE="Server=(localdb)\MSSQLLocalDB;Encrypt=false;Integrated Security=true;Initial Catalog=TGS_${{ matrix.watchdog-type }}_${{ matrix.configuration }};Application Name=tgstation-server" - echo "TGS_TEST_CONNECTION_STRING=$(echo $TGS_CONNSTRING_VALUE)" >> $GITHUB_ENV - echo "TGS_TEST_DATABASE_TYPE=SqlServer" >> $GITHUB_ENV - - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: Enable Corepack - run: corepack enable - - - name: Setup Telemetry Key File - shell: bash - run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} - - - name: Build # Name checked in rerunFlakyTests.js - run: dotnet build -c ${{ matrix.configuration }} tests/Tgstation.Server.Tests/Tgstation.Server.Tests.csproj - - - name: Delete Telemetry Key File - shell: bash - if: always() - run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} - - - name: Cache BYOND .zips - uses: actions/cache@v4 - id: cache-byond - with: - path: ~/byond-zips-cache - key: byond-zips - - - name: Run Live Tests # Logging here is weird because printing massive amounts of text on Windows runners is SLOW AS SHIT!!! - id: live-tests - shell: bash - run: | - cd tests/Tgstation.Server.Tests - sleep 10 - set +e - test_output=$(dotnet test -c ${{ matrix.configuration }} --no-build --filter TestCategory=RequiresDatabase --logger "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true" --collect:"XPlat Code Coverage" --settings ../../build/ci.runsettings --results-directory ../../TestResults) - retval=$? - set -e - cd ../.. - echo $test_output > ./test_output.txt - if [[ $retval -ne 0 ]]; then - echo "succeeded=NO" >> $GITHUB_OUTPUT - else - echo "succeeded=YES" >> $GITHUB_OUTPUT - fi - - - name: Store Live Tests Output - if: ${{ steps.live-tests.outputs.succeeded == 'YES' }} - uses: actions/upload-artifact@v4 - with: - name: windows-integration-test-logs-${{ matrix.configuration }}-${{ matrix.watchdog-type }}-${{ matrix.database-type }} - path: ./test_output.txt - - - name: Store Errored Live Tests Output - if: ${{ steps.live-tests.outputs.succeeded != 'YES' }} - uses: actions/upload-artifact@v4 - with: - name: errored-windows-test-logs-${{ matrix.configuration }}-${{ matrix.watchdog-type }}-${{ matrix.database-type }} - path: ./test_output.txt - - - name: Fail if Live Tests Failed - if: ${{ steps.live-tests.outputs.succeeded != 'YES' }} - run: exit 1 - - - name: Store Code Coverage - uses: actions/upload-artifact@v4 - with: - name: windows-integration-test-coverage-${{ matrix.configuration }}-${{ matrix.watchdog-type }}-${{ matrix.database-type }} - path: ./TestResults/ - - - name: Store OpenAPI Spec - if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'SqlServer' }} - uses: actions/upload-artifact@v4 - with: - name: openapi-spec - path: C:/tgs_api.json - - - name: Package Server Service - if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Basic' && matrix.database-type == 'PostgresSql' }} - run: | - cd src/Tgstation.Server.Host.Service - dotnet publish -c ${{ matrix.configuration }} -o ../../artifacts/Service - cd ../Tgstation.Server.Host - dotnet publish -c ${{ matrix.configuration }} --no-build -o ../../artifacts/Service/lib/Default - cd ../.. - mv artifacts/Service/lib/Default/appsettings.yml artifacts/Service/appsettings.yml - build/RemoveUnsupportedRuntimes.sh artifacts/Service/lib/Default - build/RemoveUnsupportedServiceRuntimes.ps1 artifacts/Service - - - name: Store Server Service - if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Basic' && matrix.database-type == 'PostgresSql' }} - uses: actions/upload-artifact@v4 - with: - name: ServerService - path: artifacts/Service/ - - - name: Install Code Signing Certificate - if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Basic' && matrix.database-type == 'PostgresSql' }} - shell: powershell - run: | - $pfxBytes = [convert]::FromBase64String("${{ secrets.CODE_SIGNING_BASE64 }}") - [IO.File]::WriteAllBytes("tg_codesigning.pfx", $pfxBytes) - $certPassword = ConvertTo-SecureString -String "${{ secrets.CODE_SIGNING_PASSWORD }}" -Force -AsPlainText - Import-PfxCertificate -FilePath tg_codesigning.pfx -Cert Cert:\CurrentUser\My -Password $certPassword - rm tg_codesigning.pfx - - - name: Test Sign Service .exe - if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Basic' && matrix.database-type == 'PostgresSql' }} - shell: powershell - run: Set-AuthenticodeSignature artifacts/Service/Tgstation.Server.Host.Service.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" + - name: Set TGS_TEST_DUMP_API_SPEC + if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'SqlServer' }} + run: echo "TGS_TEST_DUMP_API_SPEC=yes" >> $Env:GITHUB_ENV + + - name: Set General__UseBasicWatchdog + if: ${{ matrix.watchdog-type == 'Basic' }} + run: echo "General__UseBasicWatchdog=true" >> $Env:GITHUB_ENV + + - name: Set Sqlite Connection Info + if: ${{ matrix.database-type == 'Sqlite' }} + shell: bash + run: | + echo "TGS_TEST_DATABASE_TYPE=Sqlite" >> $GITHUB_ENV + echo "TGS_TEST_CONNECTION_STRING=Data Source=TGS_${{ matrix.watchdog-type }}_${{ matrix.configuration }}.sqlite3;Mode=ReadWriteCreate" >> $GITHUB_ENV + + - name: Setup Postgres + uses: ankane/setup-postgres@v1 + if: ${{ matrix.database-type == 'PostgresSql' }} + + - name: Set PostgresSql Connection Info + if: ${{ matrix.database-type == 'PostgresSql' }} + shell: bash + run: | + echo "TGS_TEST_DATABASE_TYPE=PostgresSql" >> $GITHUB_ENV + echo "TGS_TEST_CONNECTION_STRING=Application Name=tgstation-server;Host=127.0.0.1;Username=$USER;Database=TGS__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV + + - name: Setup MariaDB + uses: ankane/setup-mariadb@v1 + if: ${{ matrix.database-type == 'MariaDB' }} + + - name: Set MariaDB Connection Info + if: ${{ matrix.database-type == 'MariaDB' }} + shell: bash + run: | + echo "TGS_TEST_DATABASE_TYPE=MariaDB" >> $GITHUB_ENV + echo "TGS_TEST_CONNECTION_STRING=Server=127.0.0.1;uid=root;database=tgs__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV + + - name: Setup MySQL + uses: ankane/setup-mysql@v1 + if: ${{ matrix.database-type == 'MySql' }} + + - name: Set MySQL Connection Info + if: ${{ matrix.database-type == 'MySql' }} + shell: bash + run: | + echo "TGS_TEST_DATABASE_TYPE=MySql" >> $GITHUB_ENV + echo "TGS_TEST_CONNECTION_STRING=Server=127.0.0.1;uid=root;database=tgs__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV + + - name: Set SqlServer Connection Info + if: ${{ matrix.database-type == 'SqlServer' }} + shell: bash + run: | + TGS_CONNSTRING_VALUE="Server=(localdb)\MSSQLLocalDB;Encrypt=false;Integrated Security=true;Initial Catalog=TGS_${{ matrix.watchdog-type }}_${{ matrix.configuration }};Application Name=tgstation-server" + echo "TGS_TEST_CONNECTION_STRING=$(echo $TGS_CONNSTRING_VALUE)" >> $GITHUB_ENV + echo "TGS_TEST_DATABASE_TYPE=SqlServer" >> $GITHUB_ENV + + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: Enable Corepack + run: corepack enable + + - name: Setup Telemetry Key File + shell: bash + run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} + + - name: Build # Name checked in rerunFlakyTests.js + run: dotnet build -c ${{ matrix.configuration }} tests/Tgstation.Server.Tests/Tgstation.Server.Tests.csproj + + - name: Delete Telemetry Key File + shell: bash + if: always() + run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} + + - name: Cache BYOND .zips + uses: actions/cache@v4 + id: cache-byond + with: + path: ~/byond-zips-cache + key: byond-zips + + - name: Run Live Tests # Logging here is weird because printing massive amounts of text on Windows runners is SLOW AS SHIT!!! + id: live-tests + shell: bash + run: | + cd tests/Tgstation.Server.Tests + sleep 10 + set +e + test_output=$(dotnet test -c ${{ matrix.configuration }} --no-build --filter TestCategory=RequiresDatabase --logger "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true" --collect:"XPlat Code Coverage" --settings ../../build/ci.runsettings --results-directory ../../TestResults) + retval=$? + set -e + cd ../.. + echo $test_output > ./test_output.txt + if [[ $retval -ne 0 ]]; then + echo "succeeded=NO" >> $GITHUB_OUTPUT + else + echo "succeeded=YES" >> $GITHUB_OUTPUT + fi + + - name: Store Live Tests Output + if: ${{ steps.live-tests.outputs.succeeded == 'YES' }} + uses: actions/upload-artifact@v4 + with: + name: windows-integration-test-logs-${{ matrix.configuration }}-${{ matrix.watchdog-type }}-${{ matrix.database-type }} + path: ./test_output.txt + + - name: Store Errored Live Tests Output + if: ${{ steps.live-tests.outputs.succeeded != 'YES' }} + uses: actions/upload-artifact@v4 + with: + name: errored-windows-test-logs-${{ matrix.configuration }}-${{ matrix.watchdog-type }}-${{ matrix.database-type }} + path: ./test_output.txt + + - name: Fail if Live Tests Failed + if: ${{ steps.live-tests.outputs.succeeded != 'YES' }} + run: exit 1 + + - name: Store Code Coverage + uses: actions/upload-artifact@v4 + with: + name: windows-integration-test-coverage-${{ matrix.configuration }}-${{ matrix.watchdog-type }}-${{ matrix.database-type }} + path: ./TestResults/ + + - name: Store OpenAPI Spec + if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'SqlServer' }} + uses: actions/upload-artifact@v4 + with: + name: openapi-spec + path: C:/tgs_api.json + + - name: Package Server Service + if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Basic' && matrix.database-type == 'PostgresSql' }} + run: | + cd src/Tgstation.Server.Host.Service + dotnet publish -c ${{ matrix.configuration }} -o ../../artifacts/Service + cd ../Tgstation.Server.Host + dotnet publish -c ${{ matrix.configuration }} --no-build -o ../../artifacts/Service/lib/Default + cd ../.. + mv artifacts/Service/lib/Default/appsettings.yml artifacts/Service/appsettings.yml + build/RemoveUnsupportedRuntimes.sh artifacts/Service/lib/Default + build/RemoveUnsupportedServiceRuntimes.ps1 artifacts/Service + + - name: Store Server Service + if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Basic' && matrix.database-type == 'PostgresSql' }} + uses: actions/upload-artifact@v4 + with: + name: ServerService + path: artifacts/Service/ + + - name: Install Code Signing Certificate + if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Basic' && matrix.database-type == 'PostgresSql' }} + shell: powershell + run: | + $pfxBytes = [convert]::FromBase64String("${{ secrets.CODE_SIGNING_BASE64 }}") + [IO.File]::WriteAllBytes("tg_codesigning.pfx", $pfxBytes) + $certPassword = ConvertTo-SecureString -String "${{ secrets.CODE_SIGNING_PASSWORD }}" -Force -AsPlainText + Import-PfxCertificate -FilePath tg_codesigning.pfx -Cert Cert:\CurrentUser\My -Password $certPassword + rm tg_codesigning.pfx + + - name: Test Sign Service .exe + if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Basic' && matrix.database-type == 'PostgresSql' }} + shell: powershell + run: Set-AuthenticodeSignature artifacts/Service/Tgstation.Server.Host.Service.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" linux-integration-tests: name: Linux Live Tests @@ -762,9 +763,9 @@ jobs: image: ${{ (matrix.database-type == 'SqlServer') && 'mcr.microsoft.com/mssql/server:2019-latest' || '' }} env: SA_PASSWORD: myPassword - ACCEPT_EULA: 'Y' + ACCEPT_EULA: "Y" ports: - - 1433:1433 + - 1433:1433 postgres: image: ${{ (matrix.database-type == 'PostgresSql') && 'cyberboss/postgres-max-connections' || '' }} # Fork of _/postgres:latest with max_connections=500 becuase GitHub actions service containers have no way to set command lines. Rebuilds with updates. ports: @@ -801,426 +802,433 @@ jobs: strategy: fail-fast: false matrix: - database-type: [ 'Sqlite', 'PostgresSql', 'MariaDB', 'MySql' ] - watchdog-type: [ 'Basic', 'Advanced' ] - configuration: [ 'Debug', 'Release' ] + database-type: ["Sqlite", "PostgresSql", "MariaDB", "MySql"] + watchdog-type: ["Basic", "Advanced"] + configuration: ["Debug", "Release"] env: TGS_TELEMETRY_KEY_FILE: /tmp/tgs_telemetry_key.txt runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: | - ${{ env.TGS_DOTNET_VERSION }}.0.x - ${{ env.OD_DOTNET_VERSION }}.0.x - ${{ env.OD_MIN_COMPAT_DOTNET_VERSION }}.0.x - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Disable ptrace_scope - run: echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope - - - name: Install Native Dependencies # Name checked in rerunFlakyTests.js - run: | - sudo dpkg --add-architecture i386 - sudo apt-get update - sudo apt-get install -y -o APT::Immediate-Configure=0 libc6-i386 libstdc++6:i386 gdb libgcc-s1:i386 libgdiplus - - - name: Setup Node.JS - uses: actions/setup-node@v4 - with: + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: | + ${{ env.TGS_DOTNET_VERSION }}.0.x + ${{ env.OD_DOTNET_VERSION }}.0.x + ${{ env.OD_MIN_COMPAT_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Disable ptrace_scope + run: echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope + + - name: Install Native Dependencies # Name checked in rerunFlakyTests.js + run: | + sudo dpkg --add-architecture i386 + sudo apt-get update + sudo apt-get install -y -o APT::Immediate-Configure=0 libc6-i386 libstdc++6:i386 gdb libgcc-s1:i386 libgdiplus + + - name: Setup Node.JS + uses: actions/setup-node@v4 + with: node-version: ${{ env.TGS_WEBPANEL_NODE_VERSION }} - - name: Set Sqlite Connection Info - if: ${{ matrix.database-type == 'Sqlite' }} - run: | - echo "TGS_TEST_DATABASE_TYPE=Sqlite" >> $GITHUB_ENV - echo "TGS_TEST_CONNECTION_STRING=Data Source=TGS_${{ matrix.watchdog-type }}_${{ matrix.configuration }}.sqlite3;Mode=ReadWriteCreate" >> $GITHUB_ENV - - - name: Set PostgresSql Connection Info - if: ${{ matrix.database-type == 'PostgresSql' }} - run: | - echo "TGS_TEST_DATABASE_TYPE=PostgresSql" >> $GITHUB_ENV - echo "TGS_TEST_CONNECTION_STRING=Application Name=tgstation-server;Host=127.0.0.1;Username=postgres;Password=postgres;Database=TGS__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV - - - name: Set MariaDB Connection Info - if: ${{ matrix.database-type == 'MariaDB' }} - run: | - echo "TGS_TEST_DATABASE_TYPE=MariaDB" >> $GITHUB_ENV - echo "TGS_TEST_CONNECTION_STRING=Server=127.0.0.1;uid=root;pwd=mariadb;database=tgs__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV - - - name: Set MySQL Connection Info - if: ${{ matrix.database-type == 'MySql' }} - run: | - echo "TGS_TEST_DATABASE_TYPE=MySql" >> $GITHUB_ENV - echo "TGS_TEST_CONNECTION_STRING=Server=127.0.0.1;Port=3307;uid=root;pwd=mysql;database=tgs__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV - echo "Database__ServerVersion=5.7.31" >> $GITHUB_ENV - - - name: Set General__UseBasicWatchdog - if: ${{ matrix.watchdog-type == 'Basic' }} - run: echo "General__UseBasicWatchdog=true" >> $GITHUB_ENV - - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: Enable Corepack - run: corepack enable - - - name: Setup Telemetry Key File - run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} - - - name: Build # Name checked in rerunFlakyTests.js - run: dotnet build -c ${{ matrix.configuration }}NoWindows tests/Tgstation.Server.Tests/Tgstation.Server.Tests.csproj - - - name: Delete Telemetry Key File - if: always() - run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} - - - name: Cache BYOND .zips - uses: actions/cache@v4 - id: cache-byond - with: - path: ~/byond-zips-cache - key: byond-zips - - - name: Run Live Tests - run: | - cd tests/Tgstation.Server.Tests - sleep 10 - dotnet test -c ${{ matrix.configuration }}NoWindows --filter TestCategory=RequiresDatabase --logger "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true" --no-build --collect:"XPlat Code Coverage" --settings ../../build/ci.runsettings --results-directory ../../TestResults - - - name: Store Code Coverage - uses: actions/upload-artifact@v4 - with: - name: linux-integration-test-coverage-${{ matrix.configuration }}-${{ matrix.watchdog-type }}-${{ matrix.database-type }} - path: ./TestResults/ - - - name: Package Server Console - if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'MariaDB' }} - run: | - cd src/Tgstation.Server.Host.Console - dotnet publish -c ${{ matrix.configuration }} -o ../../artifacts/Console - cd ../Tgstation.Server.Host - dotnet publish -c ${{ matrix.configuration }}NoWindows --no-build -o ../../artifacts/Console/lib/Default - cd ../.. - mv artifacts/Console/lib/Default/appsettings.yml artifacts/Console/appsettings.yml - build/RemoveUnsupportedRuntimes.sh artifacts/Console/lib/Default - build/RemoveUnsupportedRuntimes.sh artifacts/Console - - - name: Package Server Update Package - if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'PostgresSql' }} - run: | - cd src/Tgstation.Server.Host - dotnet publish -c ${{ matrix.configuration }}NoWindows --no-build -o ../../artifacts/ServerUpdate - cd ../.. - rm artifacts/ServerUpdate/appsettings.yml - build/RemoveUnsupportedRuntimes.sh artifacts/ServerUpdate - - - name: Store Server Console - if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'MariaDB' }} - uses: actions/upload-artifact@v4 - with: - name: ServerConsole - path: artifacts/Console/ - - - name: Store Server Update Package - if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'PostgresSql' }} - uses: actions/upload-artifact@v4 - with: - name: ServerUpdatePackage - path: artifacts/ServerUpdate/ + - name: Set Sqlite Connection Info + if: ${{ matrix.database-type == 'Sqlite' }} + run: | + echo "TGS_TEST_DATABASE_TYPE=Sqlite" >> $GITHUB_ENV + echo "TGS_TEST_CONNECTION_STRING=Data Source=TGS_${{ matrix.watchdog-type }}_${{ matrix.configuration }}.sqlite3;Mode=ReadWriteCreate" >> $GITHUB_ENV + + - name: Set PostgresSql Connection Info + if: ${{ matrix.database-type == 'PostgresSql' }} + run: | + echo "TGS_TEST_DATABASE_TYPE=PostgresSql" >> $GITHUB_ENV + echo "TGS_TEST_CONNECTION_STRING=Application Name=tgstation-server;Host=127.0.0.1;Username=postgres;Password=postgres;Database=TGS__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV + + - name: Set MariaDB Connection Info + if: ${{ matrix.database-type == 'MariaDB' }} + run: | + echo "TGS_TEST_DATABASE_TYPE=MariaDB" >> $GITHUB_ENV + echo "TGS_TEST_CONNECTION_STRING=Server=127.0.0.1;uid=root;pwd=mariadb;database=tgs__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV + + - name: Set MySQL Connection Info + if: ${{ matrix.database-type == 'MySql' }} + run: | + echo "TGS_TEST_DATABASE_TYPE=MySql" >> $GITHUB_ENV + echo "TGS_TEST_CONNECTION_STRING=Server=127.0.0.1;Port=3307;uid=root;pwd=mysql;database=tgs__${{ matrix.watchdog-type }}_${{ matrix.configuration }}" >> $GITHUB_ENV + echo "Database__ServerVersion=5.7.31" >> $GITHUB_ENV + + - name: Set General__UseBasicWatchdog + if: ${{ matrix.watchdog-type == 'Basic' }} + run: echo "General__UseBasicWatchdog=true" >> $GITHUB_ENV + + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: Enable Corepack + run: corepack enable + + - name: Setup Telemetry Key File + run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} + + - name: Build # Name checked in rerunFlakyTests.js + run: dotnet build -c ${{ matrix.configuration }}NoWindows tests/Tgstation.Server.Tests/Tgstation.Server.Tests.csproj + + - name: Delete Telemetry Key File + if: always() + run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} + + - name: Cache BYOND .zips + uses: actions/cache@v4 + id: cache-byond + with: + path: ~/byond-zips-cache + key: byond-zips + + - name: Run Live Tests + run: | + cd tests/Tgstation.Server.Tests + sleep 10 + dotnet test -c ${{ matrix.configuration }}NoWindows --filter TestCategory=RequiresDatabase --logger "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true" --no-build --collect:"XPlat Code Coverage" --settings ../../build/ci.runsettings --results-directory ../../TestResults + + - name: Store Code Coverage + uses: actions/upload-artifact@v4 + with: + name: linux-integration-test-coverage-${{ matrix.configuration }}-${{ matrix.watchdog-type }}-${{ matrix.database-type }} + path: ./TestResults/ + + - name: Package Server Console + if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'MariaDB' }} + run: | + cd src/Tgstation.Server.Host.Console + dotnet publish -c ${{ matrix.configuration }} -o ../../artifacts/Console + cd ../Tgstation.Server.Host + dotnet publish -c ${{ matrix.configuration }}NoWindows --no-build -o ../../artifacts/Console/lib/Default + cd ../.. + mv artifacts/Console/lib/Default/appsettings.yml artifacts/Console/appsettings.yml + build/RemoveUnsupportedRuntimes.sh artifacts/Console/lib/Default + build/RemoveUnsupportedRuntimes.sh artifacts/Console + + - name: Package Server Update Package + if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'PostgresSql' }} + run: | + cd src/Tgstation.Server.Host + dotnet publish -c ${{ matrix.configuration }}NoWindows --no-build -o ../../artifacts/ServerUpdate + cd ../.. + rm artifacts/ServerUpdate/appsettings.yml + build/RemoveUnsupportedRuntimes.sh artifacts/ServerUpdate + + - name: Store Server Console + if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'MariaDB' }} + uses: actions/upload-artifact@v4 + with: + name: ServerConsole + path: artifacts/Console/ + + - name: Store Server Update Package + if: ${{ matrix.configuration == 'Release' && matrix.watchdog-type == 'Advanced' && matrix.database-type == 'PostgresSql' }} + uses: actions/upload-artifact@v4 + with: + name: ServerUpdatePackage + path: artifacts/ServerUpdate/ validate-openapi-spec: name: OpenAPI Spec Validation needs: windows-integration-tests runs-on: ubuntu-latest steps: - - name: Install IBM OpenAPI Validator - run: npm i -g ibm-openapi-validator@0.51.3 + - name: Install IBM OpenAPI Validator + run: npm i -g ibm-openapi-validator@0.51.3 - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - name: Retrieve OpenAPI Spec - uses: actions/download-artifact@v4 - with: - name: openapi-spec - path: ./swagger + - name: Retrieve OpenAPI Spec + uses: actions/download-artifact@v4 + with: + name: openapi-spec + path: ./swagger - - name: Lint OpenAPI Spec - run: npx lint-openapi -v -p -c build/OpenApiValidationSettings.json ./swagger/tgs_api.json + - name: Lint OpenAPI Spec + run: npx lint-openapi -v -p -c build/OpenApiValidationSettings.json ./swagger/tgs_api.json upload-code-coverage: name: Upload Code Coverage - needs: [ linux-unit-tests, linux-integration-tests, windows-unit-tests, windows-integration-tests, build-releasenotes ] + needs: + [ + linux-unit-tests, + linux-integration-tests, + windows-unit-tests, + windows-integration-tests, + build-releasenotes, + ] runs-on: ubuntu-latest steps: - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: Retrieve Linux Unit Test Coverage (Debug) - uses: actions/download-artifact@v4 - with: - name: linux-unit-test-coverage-Debug - path: ./code_coverage/unit_tests/linux_unit_tests_debug - - - name: Retrieve Linux Unit Test Coverage (Release) - uses: actions/download-artifact@v4 - with: - name: linux-unit-test-coverage-Release - path: ./code_coverage/unit_tests/linux_unit_tests_release - - - name: Retrieve Linux Integration Test Coverage (Release, Advanced, Sqlite) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Release-Advanced-Sqlite - path: ./code_coverage/integration_tests/linux_integration_tests_release_system_sqlite - - - name: Retrieve Linux Integration Test Coverage (Release, Advanced, PostgresSql) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Release-Advanced-PostgresSql - path: ./code_coverage/integration_tests/linux_integration_tests_release_system_mariadb - - - name: Retrieve Linux Integration Test Coverage (Release, Advanced, MariaDB) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Release-Advanced-MariaDB - path: ./code_coverage/integration_tests/linux_integration_tests_release_system_mysql - - - name: Retrieve Linux Integration Test Coverage (Release, Advanced, MySql) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Release-Advanced-MySql - path: ./code_coverage/integration_tests/linux_integration_tests_release_system_mysql - - - name: Retrieve Linux Integration Test Coverage (Release, Basic, Sqlite) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Release-Advanced-Sqlite - path: ./code_coverage/integration_tests/linux_integration_tests_release_basic_sqlite - - - name: Retrieve Linux Integration Test Coverage (Release, Basic, PostgresSql) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Release-Advanced-PostgresSql - path: ./code_coverage/integration_tests/linux_integration_tests_release_basic_mariadb - - - name: Retrieve Linux Integration Test Coverage (Release, Basic, MariaDB) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Release-Advanced-MariaDB - path: ./code_coverage/integration_tests/linux_integration_tests_release_basic_mysql - - - name: Retrieve Linux Integration Test Coverage (Release, Basic, MySql) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Release-Advanced-MySql - path: ./code_coverage/integration_tests/linux_integration_tests_release_basic_mysql - - - name: Retrieve Linux Integration Test Coverage (Debug, Advanced, Sqlite) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Debug-Advanced-Sqlite - path: ./code_coverage/integration_tests/linux_integration_tests_debug_system_sqlite - - - name: Retrieve Linux Integration Test Coverage (Debug, Advanced, PostgresSql) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Debug-Advanced-PostgresSql - path: ./code_coverage/integration_tests/linux_integration_tests_debug_system_mariadb - - - name: Retrieve Linux Integration Test Coverage (Debug, Advanced, MariaDB) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Debug-Advanced-MariaDB - path: ./code_coverage/integration_tests/linux_integration_tests_debug_system_mysql - - - name: Retrieve Linux Integration Test Coverage (Debug, Advanced, MySql) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Debug-Advanced-MySql - path: ./code_coverage/integration_tests/linux_integration_tests_debug_system_mysql - - - name: Retrieve Linux Integration Test Coverage (Debug, Basic, Sqlite) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Debug-Advanced-Sqlite - path: ./code_coverage/integration_tests/linux_integration_tests_debug_basic_sqlite - - - name: Retrieve Linux Integration Test Coverage (Debug, Basic, PostgresSql) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Debug-Advanced-PostgresSql - path: ./code_coverage/integration_tests/linux_integration_tests_debug_basic_mariadb - - - name: Retrieve Linux Integration Test Coverage (Debug, Basic, MariaDB) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Debug-Advanced-MariaDB - path: ./code_coverage/integration_tests/linux_integration_tests_debug_basic_mysql - - - name: Retrieve Linux Integration Test Coverage (Debug, Basic, MySql) - uses: actions/download-artifact@v4 - with: - name: linux-integration-test-coverage-Debug-Advanced-MySql - path: ./code_coverage/integration_tests/linux_integration_tests_debug_basic_mysql - - - name: Retrieve Windows Unit Test Coverage (Release) - uses: actions/download-artifact@v4 - with: - name: windows-unit-test-coverage-Release - path: ./code_coverage/unit_tests/windows_unit_tests_release - - - name: Retrieve Windows Integration Test Coverage (Debug, Basic, SqlServer) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Debug-Basic-SqlServer - path: ./code_coverage/integration_tests/windows_integration_tests_debug_basic_sqlserver - - - name: Retrieve Windows Integration Test Coverage (Release, Basic, SqlServer) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Release-Basic-SqlServer - path: ./code_coverage/integration_tests/windows_integration_tests_release_basic_sqlserver - - - name: Retrieve Windows Integration Test Coverage (Debug, Advanced, SqlServer) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Debug-Advanced-SqlServer - path: ./code_coverage/integration_tests/windows_integration_tests_debug_system_sqlserver - - - name: Retrieve Windows Integration Test Coverage (Release, Advanced, SqlServer) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Release-Advanced-SqlServer - path: ./code_coverage/integration_tests/windows_integration_tests_release_system_sqlserver - - - name: Retrieve Windows Integration Test Coverage (Debug, Basic, MariaDB) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Debug-Basic-MariaDB - path: ./code_coverage/integration_tests/windows_integration_tests_debug_basic_mariadb - - - name: Retrieve Windows Integration Test Coverage (Release, Basic, MariaDB) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Release-Basic-MariaDB - path: ./code_coverage/integration_tests/windows_integration_tests_release_basic_mariadb - - - name: Retrieve Windows Integration Test Coverage (Debug, Advanced, MariaDB) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Debug-Advanced-MariaDB - path: ./code_coverage/integration_tests/windows_integration_tests_debug_system_mariadb - - - name: Retrieve Windows Integration Test Coverage (Release, Advanced, MariaDB) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Release-Advanced-MariaDB - path: ./code_coverage/integration_tests/windows_integration_tests_release_system_mariadb - - - name: Retrieve Windows Integration Test Coverage (Debug, Basic, MySql) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Debug-Basic-MySql - path: ./code_coverage/integration_tests/windows_integration_tests_debug_basic_mysql - - - name: Retrieve Windows Integration Test Coverage (Release, Basic, MySql) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Release-Basic-MySql - path: ./code_coverage/integration_tests/windows_integration_tests_release_basic_mysql - - - name: Retrieve Windows Integration Test Coverage (Debug, Advanced, MySql) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Debug-Advanced-MySql - path: ./code_coverage/integration_tests/windows_integration_tests_debug_system_mysql - - - name: Retrieve Windows Integration Test Coverage (Release, Advanced, MySql) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Release-Advanced-MySql - path: ./code_coverage/integration_tests/windows_integration_tests_release_system_mysql - - - name: Retrieve Windows Integration Test Coverage (Debug, Basic, PostgresSql) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Debug-Basic-PostgresSql - path: ./code_coverage/integration_tests/windows_integration_tests_debug_basic_postgressql - - - name: Retrieve Windows Integration Test Coverage (Release, Basic, PostgresSql) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Release-Basic-PostgresSql - path: ./code_coverage/integration_tests/windows_integration_tests_release_basic_postgressql - - - name: Retrieve Windows Integration Test Coverage (Debug, Advanced, PostgresSql) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Debug-Advanced-PostgresSql - path: ./code_coverage/integration_tests/windows_integration_tests_debug_system_postgressql - - - name: Retrieve Windows Integration Test Coverage (Release, Advanced, PostgresSql) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Release-Advanced-PostgresSql - path: ./code_coverage/integration_tests/windows_integration_tests_release_system_postgressql - - - name: Retrieve Windows Integration Test Coverage (Debug, Basic, Sqlite) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Debug-Basic-Sqlite - path: ./code_coverage/integration_tests/windows_integration_tests_debug_basic_sqlite - - - name: Retrieve Windows Integration Test Coverage (Release, Basic, Sqlite) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Release-Basic-Sqlite - path: ./code_coverage/integration_tests/windows_integration_tests_release_basic_sqlite - - - name: Retrieve Windows Integration Test Coverage (Debug, Advanced, Sqlite) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Debug-Advanced-Sqlite - path: ./code_coverage/integration_tests/windows_integration_tests_debug_system_sqlite - - - name: Retrieve Windows Integration Test Coverage (Release, Advanced, Sqlite) - uses: actions/download-artifact@v4 - with: - name: windows-integration-test-coverage-Release-Advanced-Sqlite - path: ./code_coverage/integration_tests/windows_integration_tests_release_system_sqlite - - - name: Upload Coverage to CodeCov - uses: codecov/codecov-action@v4 - with: - directory: ./code_coverage - fail_ci_if_error: true - token: ${{ secrets.CODECOV_TOKEN }} - verbose: true - handle_no_reports_found: true + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: Retrieve Linux Unit Test Coverage (Debug) + uses: actions/download-artifact@v4 + with: + name: linux-unit-test-coverage-Debug + path: ./code_coverage/unit_tests/linux_unit_tests_debug + + - name: Retrieve Linux Unit Test Coverage (Release) + uses: actions/download-artifact@v4 + with: + name: linux-unit-test-coverage-Release + path: ./code_coverage/unit_tests/linux_unit_tests_release + + - name: Retrieve Linux Integration Test Coverage (Release, Advanced, Sqlite) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Release-Advanced-Sqlite + path: ./code_coverage/integration_tests/linux_integration_tests_release_system_sqlite + + - name: Retrieve Linux Integration Test Coverage (Release, Advanced, PostgresSql) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Release-Advanced-PostgresSql + path: ./code_coverage/integration_tests/linux_integration_tests_release_system_mariadb + + - name: Retrieve Linux Integration Test Coverage (Release, Advanced, MariaDB) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Release-Advanced-MariaDB + path: ./code_coverage/integration_tests/linux_integration_tests_release_system_mysql + + - name: Retrieve Linux Integration Test Coverage (Release, Advanced, MySql) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Release-Advanced-MySql + path: ./code_coverage/integration_tests/linux_integration_tests_release_system_mysql + + - name: Retrieve Linux Integration Test Coverage (Release, Basic, Sqlite) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Release-Advanced-Sqlite + path: ./code_coverage/integration_tests/linux_integration_tests_release_basic_sqlite + + - name: Retrieve Linux Integration Test Coverage (Release, Basic, PostgresSql) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Release-Advanced-PostgresSql + path: ./code_coverage/integration_tests/linux_integration_tests_release_basic_mariadb + + - name: Retrieve Linux Integration Test Coverage (Release, Basic, MariaDB) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Release-Advanced-MariaDB + path: ./code_coverage/integration_tests/linux_integration_tests_release_basic_mysql + + - name: Retrieve Linux Integration Test Coverage (Release, Basic, MySql) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Release-Advanced-MySql + path: ./code_coverage/integration_tests/linux_integration_tests_release_basic_mysql + + - name: Retrieve Linux Integration Test Coverage (Debug, Advanced, Sqlite) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Debug-Advanced-Sqlite + path: ./code_coverage/integration_tests/linux_integration_tests_debug_system_sqlite + + - name: Retrieve Linux Integration Test Coverage (Debug, Advanced, PostgresSql) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Debug-Advanced-PostgresSql + path: ./code_coverage/integration_tests/linux_integration_tests_debug_system_mariadb + + - name: Retrieve Linux Integration Test Coverage (Debug, Advanced, MariaDB) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Debug-Advanced-MariaDB + path: ./code_coverage/integration_tests/linux_integration_tests_debug_system_mysql + + - name: Retrieve Linux Integration Test Coverage (Debug, Advanced, MySql) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Debug-Advanced-MySql + path: ./code_coverage/integration_tests/linux_integration_tests_debug_system_mysql + + - name: Retrieve Linux Integration Test Coverage (Debug, Basic, Sqlite) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Debug-Advanced-Sqlite + path: ./code_coverage/integration_tests/linux_integration_tests_debug_basic_sqlite + + - name: Retrieve Linux Integration Test Coverage (Debug, Basic, PostgresSql) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Debug-Advanced-PostgresSql + path: ./code_coverage/integration_tests/linux_integration_tests_debug_basic_mariadb + + - name: Retrieve Linux Integration Test Coverage (Debug, Basic, MariaDB) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Debug-Advanced-MariaDB + path: ./code_coverage/integration_tests/linux_integration_tests_debug_basic_mysql + + - name: Retrieve Linux Integration Test Coverage (Debug, Basic, MySql) + uses: actions/download-artifact@v4 + with: + name: linux-integration-test-coverage-Debug-Advanced-MySql + path: ./code_coverage/integration_tests/linux_integration_tests_debug_basic_mysql + + - name: Retrieve Windows Unit Test Coverage (Release) + uses: actions/download-artifact@v4 + with: + name: windows-unit-test-coverage-Release + path: ./code_coverage/unit_tests/windows_unit_tests_release + + - name: Retrieve Windows Integration Test Coverage (Debug, Basic, SqlServer) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Debug-Basic-SqlServer + path: ./code_coverage/integration_tests/windows_integration_tests_debug_basic_sqlserver + + - name: Retrieve Windows Integration Test Coverage (Release, Basic, SqlServer) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Release-Basic-SqlServer + path: ./code_coverage/integration_tests/windows_integration_tests_release_basic_sqlserver + + - name: Retrieve Windows Integration Test Coverage (Debug, Advanced, SqlServer) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Debug-Advanced-SqlServer + path: ./code_coverage/integration_tests/windows_integration_tests_debug_system_sqlserver + + - name: Retrieve Windows Integration Test Coverage (Release, Advanced, SqlServer) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Release-Advanced-SqlServer + path: ./code_coverage/integration_tests/windows_integration_tests_release_system_sqlserver + + - name: Retrieve Windows Integration Test Coverage (Debug, Basic, MariaDB) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Debug-Basic-MariaDB + path: ./code_coverage/integration_tests/windows_integration_tests_debug_basic_mariadb + + - name: Retrieve Windows Integration Test Coverage (Release, Basic, MariaDB) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Release-Basic-MariaDB + path: ./code_coverage/integration_tests/windows_integration_tests_release_basic_mariadb + + - name: Retrieve Windows Integration Test Coverage (Debug, Advanced, MariaDB) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Debug-Advanced-MariaDB + path: ./code_coverage/integration_tests/windows_integration_tests_debug_system_mariadb + + - name: Retrieve Windows Integration Test Coverage (Release, Advanced, MariaDB) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Release-Advanced-MariaDB + path: ./code_coverage/integration_tests/windows_integration_tests_release_system_mariadb + + - name: Retrieve Windows Integration Test Coverage (Debug, Basic, MySql) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Debug-Basic-MySql + path: ./code_coverage/integration_tests/windows_integration_tests_debug_basic_mysql + + - name: Retrieve Windows Integration Test Coverage (Release, Basic, MySql) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Release-Basic-MySql + path: ./code_coverage/integration_tests/windows_integration_tests_release_basic_mysql + + - name: Retrieve Windows Integration Test Coverage (Debug, Advanced, MySql) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Debug-Advanced-MySql + path: ./code_coverage/integration_tests/windows_integration_tests_debug_system_mysql + + - name: Retrieve Windows Integration Test Coverage (Release, Advanced, MySql) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Release-Advanced-MySql + path: ./code_coverage/integration_tests/windows_integration_tests_release_system_mysql + + - name: Retrieve Windows Integration Test Coverage (Debug, Basic, PostgresSql) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Debug-Basic-PostgresSql + path: ./code_coverage/integration_tests/windows_integration_tests_debug_basic_postgressql + + - name: Retrieve Windows Integration Test Coverage (Release, Basic, PostgresSql) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Release-Basic-PostgresSql + path: ./code_coverage/integration_tests/windows_integration_tests_release_basic_postgressql + + - name: Retrieve Windows Integration Test Coverage (Debug, Advanced, PostgresSql) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Debug-Advanced-PostgresSql + path: ./code_coverage/integration_tests/windows_integration_tests_debug_system_postgressql + + - name: Retrieve Windows Integration Test Coverage (Release, Advanced, PostgresSql) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Release-Advanced-PostgresSql + path: ./code_coverage/integration_tests/windows_integration_tests_release_system_postgressql + + - name: Retrieve Windows Integration Test Coverage (Debug, Basic, Sqlite) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Debug-Basic-Sqlite + path: ./code_coverage/integration_tests/windows_integration_tests_debug_basic_sqlite + + - name: Retrieve Windows Integration Test Coverage (Release, Basic, Sqlite) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Release-Basic-Sqlite + path: ./code_coverage/integration_tests/windows_integration_tests_release_basic_sqlite + + - name: Retrieve Windows Integration Test Coverage (Debug, Advanced, Sqlite) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Debug-Advanced-Sqlite + path: ./code_coverage/integration_tests/windows_integration_tests_debug_system_sqlite + + - name: Retrieve Windows Integration Test Coverage (Release, Advanced, Sqlite) + uses: actions/download-artifact@v4 + with: + name: windows-integration-test-coverage-Release-Advanced-Sqlite + path: ./code_coverage/integration_tests/windows_integration_tests_release_system_sqlite + + - name: Upload Coverage to CodeCov + uses: codecov/codecov-action@v4 + with: + directory: ./code_coverage + fail_ci_if_error: true + token: ${{ secrets.CODECOV_TOKEN }} + verbose: true + handle_no_reports_found: true build-deb: name: Build .deb Package # Can't do i386 due to https://github.com/dotnet/core/issues/4595 @@ -1229,122 +1237,122 @@ jobs: env: TGS_TELEMETRY_KEY_FILE: /tmp/tgs_telemetry_key.txt steps: - - name: Install Native Dependencies # Name checked in rerunFlakyTests.js - run: | - sudo dpkg --add-architecture i386 - sudo apt-get update - sudo apt-get install -y -o APT::Immediate-Configure=0 libstdc++6:i386 libgcc-s1:i386 - - - name: Import GPG Key - if: github.event_name == 'push' && contains(github.event.head_commit.message, '[TGSDeploy]') && github.event.ref == 'refs/heads/master' - run: | - echo "${{ secrets.PACKAGING_PRIVATE_KEY }}" > private.pgp - echo ${{ secrets.PACKAGING_PRIVATE_KEY_PASSPHRASE }} | gpg --batch --yes --passphrase-fd 0 --import private.pgp - rm private.pgp - - - name: Install Native dotnet-sdk Package # Name checked in rerunFlakyTests.js - if: (!contains(env.TGS_DOTNET_QUALITY, 'preview')) - run: | - sudo apt-get update - sudo apt-get install -y dotnet-sdk-${{ env.TGS_DOTNET_VERSION }}.0 - - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Override /usr/bin/dotnet - run: | - DOTNET_PATH=$(which dotnet) - sudo rm /usr/bin/dotnet - sudo ln -s $DOTNET_PATH /usr/bin/dotnet - echo "New dotnet path should be $DOTNET_PATH" - - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: Grab Most Recent Changelog - run: curl -L https://raw.githubusercontent.com/tgstation/tgstation-server/gh-pages/changelog.yml -o changelog.yml - - - name: Setup Telemetry Key File - run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} - - - name: Retrieve ReleaseNotes Binaries - uses: actions/download-artifact@v4 - with: - name: release_notes_bins - path: release_notes_bins - - - name: Execute Build Script (Unsigned) - if: (!(github.event_name == 'push' && contains(github.event.head_commit.message, '[TGSDeploy]') && github.event.ref == 'refs/heads/master')) - env: - RELEASE_NOTES_DLL_PATH: ${{ github.workspace }}/release_notes_bins/Tgstation.Server.ReleaseNotes.dll - run: sudo -E build/package/deb/build_package.sh - - - name: Execute Build Script (Signed) - if: (github.event_name == 'push' && contains(github.event.head_commit.message, '[TGSDeploy]') && github.event.ref == 'refs/heads/master') - env: - RELEASE_NOTES_DLL_PATH: ${{ github.workspace }}/release_notes_bins/Tgstation.Server.ReleaseNotes.dll - PACKAGING_KEYGRIP: ${{ vars.PACKAGING_KEYGRIP }} - run: sudo -E build/package/deb/build_package.sh - - - name: Parse TGS version - run: | - echo "TGS_VERSION=$(xmlstarlet sel -N X="http://schemas.microsoft.com/developer/msbuild/2003" --template --value-of /X:Project/X:PropertyGroup/X:TgsCoreVersion build/Version.props)" >> $GITHUB_ENV - - - name: Verify Package Files are Signed - if: (github.event_name == 'push' && contains(github.event.head_commit.message, '[TGSDeploy]') && github.event.ref == 'refs/heads/master') - run: | - gpg --verify tgstation-server_${{ env.TGS_VERSION }}-1.dsc - gpg --verify tgstation-server_${{ env.TGS_VERSION }}-1_amd64.changes - gpg --verify tgstation-server_${{ env.TGS_VERSION }}-1_amd64.buildinfo - - - name: Delete Telemetry Key File - if: always() - run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} - - - name: Test Install - run: | - sudo mkdir /etc/tgstation-server - sudo cp build/package/appsettings.GitHub.yml /etc/tgstation-server/appsettings.Production.yml - sudo apt-get install -y ./tgstation-server_${{ env.TGS_VERSION }}-1_amd64.deb - sudo ls -al /etc/tgstation-server - sudo cat /etc/tgstation-server/appsettings.Production.yml - sudo cat /etc/tgstation-server/appsettings.yml - ls -al /opt/tgstation-server - cat /opt/tgstation-server/lib/Default/Tgstation.Server.Host.deps.json - cat /usr/bin/tgs-configure - - - name: Test Service - run: | - systemctl status tgstation-server - - - name: Test Uninstall # Wait 10s for service to initialize - shell: bash - run: | - sleep 10 - sudo apt-get remove -y tgstation-server - if [[ -d "/opt/tgstation-server" ]]; then - find /opt/tgstation-server - exit 2 - fi - - - name: Create Packaging Archive - run: tar cfJ tgstation-server-v${{ env.TGS_VERSION }}.debian.packaging.tar.xz tgstation-server_* - - - name: Upload Packaging Archive - uses: actions/upload-artifact@v4 - with: - name: packaging-debian - path: tgstation-server-v${{ env.TGS_VERSION }}.debian.packaging.tar.xz + - name: Install Native Dependencies # Name checked in rerunFlakyTests.js + run: | + sudo dpkg --add-architecture i386 + sudo apt-get update + sudo apt-get install -y -o APT::Immediate-Configure=0 libstdc++6:i386 libgcc-s1:i386 + + - name: Import GPG Key + if: github.event_name == 'push' && contains(github.event.head_commit.message, '[TGSDeploy]') && github.event.ref == 'refs/heads/master' + run: | + echo "${{ secrets.PACKAGING_PRIVATE_KEY }}" > private.pgp + echo ${{ secrets.PACKAGING_PRIVATE_KEY_PASSPHRASE }} | gpg --batch --yes --passphrase-fd 0 --import private.pgp + rm private.pgp + + - name: Install Native dotnet-sdk Package # Name checked in rerunFlakyTests.js + if: (!contains(env.TGS_DOTNET_QUALITY, 'preview')) + run: | + sudo apt-get update + sudo apt-get install -y dotnet-sdk-${{ env.TGS_DOTNET_VERSION }}.0 + + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Override /usr/bin/dotnet + run: | + DOTNET_PATH=$(which dotnet) + sudo rm /usr/bin/dotnet + sudo ln -s $DOTNET_PATH /usr/bin/dotnet + echo "New dotnet path should be $DOTNET_PATH" + + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: Grab Most Recent Changelog + run: curl -L https://raw.githubusercontent.com/tgstation/tgstation-server/gh-pages/changelog.yml -o changelog.yml + + - name: Setup Telemetry Key File + run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} + + - name: Retrieve ReleaseNotes Binaries + uses: actions/download-artifact@v4 + with: + name: release_notes_bins + path: release_notes_bins + + - name: Execute Build Script (Unsigned) + if: (!(github.event_name == 'push' && contains(github.event.head_commit.message, '[TGSDeploy]') && github.event.ref == 'refs/heads/master')) + env: + RELEASE_NOTES_DLL_PATH: ${{ github.workspace }}/release_notes_bins/Tgstation.Server.ReleaseNotes.dll + run: sudo -E build/package/deb/build_package.sh + + - name: Execute Build Script (Signed) + if: (github.event_name == 'push' && contains(github.event.head_commit.message, '[TGSDeploy]') && github.event.ref == 'refs/heads/master') + env: + RELEASE_NOTES_DLL_PATH: ${{ github.workspace }}/release_notes_bins/Tgstation.Server.ReleaseNotes.dll + PACKAGING_KEYGRIP: ${{ vars.PACKAGING_KEYGRIP }} + run: sudo -E build/package/deb/build_package.sh + + - name: Parse TGS version + run: | + echo "TGS_VERSION=$(xmlstarlet sel -N X="http://schemas.microsoft.com/developer/msbuild/2003" --template --value-of /X:Project/X:PropertyGroup/X:TgsCoreVersion build/Version.props)" >> $GITHUB_ENV + + - name: Verify Package Files are Signed + if: (github.event_name == 'push' && contains(github.event.head_commit.message, '[TGSDeploy]') && github.event.ref == 'refs/heads/master') + run: | + gpg --verify tgstation-server_${{ env.TGS_VERSION }}-1.dsc + gpg --verify tgstation-server_${{ env.TGS_VERSION }}-1_amd64.changes + gpg --verify tgstation-server_${{ env.TGS_VERSION }}-1_amd64.buildinfo + + - name: Delete Telemetry Key File + if: always() + run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} + + - name: Test Install + run: | + sudo mkdir /etc/tgstation-server + sudo cp build/package/appsettings.GitHub.yml /etc/tgstation-server/appsettings.Production.yml + sudo apt-get install -y ./tgstation-server_${{ env.TGS_VERSION }}-1_amd64.deb + sudo ls -al /etc/tgstation-server + sudo cat /etc/tgstation-server/appsettings.Production.yml + sudo cat /etc/tgstation-server/appsettings.yml + ls -al /opt/tgstation-server + cat /opt/tgstation-server/lib/Default/Tgstation.Server.Host.deps.json + cat /usr/bin/tgs-configure + + - name: Test Service + run: | + systemctl status tgstation-server + + - name: Test Uninstall # Wait 10s for service to initialize + shell: bash + run: | + sleep 10 + sudo apt-get remove -y tgstation-server + if [[ -d "/opt/tgstation-server" ]]; then + find /opt/tgstation-server + exit 2 + fi + + - name: Create Packaging Archive + run: tar cfJ tgstation-server-v${{ env.TGS_VERSION }}.debian.packaging.tar.xz tgstation-server_* + + - name: Upload Packaging Archive + uses: actions/upload-artifact@v4 + with: + name: packaging-debian + path: tgstation-server-v${{ env.TGS_VERSION }}.debian.packaging.tar.xz build-msi: name: Build Windows Installer .exe @@ -1352,190 +1360,201 @@ jobs: env: TGS_TELEMETRY_KEY_FILE: C:/tgs_telemetry_key.txt steps: - - name: Install winget - uses: Cyberboss/install-winget@v1 - with: - GITHUB_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} - - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Setup Node.JS - uses: actions/setup-node@v4 - with: + - name: Install winget + uses: Cyberboss/install-winget@v1 + with: + GITHUB_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} + + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Setup Node.JS + uses: actions/setup-node@v4 + with: node-version: ${{ env.TGS_WEBPANEL_NODE_VERSION }} - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: Restore Wix dotnet Tool - run: | - cd build/package/winget - dotnet tool restore - - - name: Validate winget Manifest - run: winget validate --manifest build/package/winget/manifest - - - name: Enable Corepack - run: corepack enable - - - name: Setup Telemetry Key File - shell: bash - run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} - - - name: Build Host # Name checked in rerunFlakyTests.js - run: dotnet build -c Release src/Tgstation.Server.Host/Tgstation.Server.Host.csproj - - - name: Delete Telemetry Key File - shell: bash - if: always() - run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} - - - name: Build Service # Name checked in rerunFlakyTests.js - run: dotnet build -c Release src/Tgstation.Server.Host.Service/Tgstation.Server.Host.Service.csproj - - - name: Prepare Artifacts - shell: powershell - run: build/package/winget/prepare_installer_input_artifacts.ps1 - - - name: Build Installer .exe # Name checked in rerunFlakyTests.js - run: | - cd build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle - dotnet build -c Release - - - name: Install Code Signing Certificate - shell: powershell - run: | - $pfxBytes = [convert]::FromBase64String("${{ secrets.CODE_SIGNING_BASE64 }}") - [IO.File]::WriteAllBytes("tg_codesigning.pfx", $pfxBytes) - $certPassword = ConvertTo-SecureString -String "${{ secrets.CODE_SIGNING_PASSWORD }}" -Force -AsPlainText - Import-PfxCertificate -FilePath tg_codesigning.pfx -Cert Cert:\CurrentUser\My -Password $certPassword - rm tg_codesigning.pfx - - - name: Sign Installer .exe for Testing # https://wixtoolset.org/docs/tools/signing/ - shell: powershell - run: | - cd build/package/winget - dotnet wix burn detach Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe -engine burnengine.exe - Set-AuthenticodeSignature burnengine.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" - dotnet wix burn reattach Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe -engine burnengine.exe -o test-installer.exe - Set-AuthenticodeSignature test-installer.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" - - - name: Test Install # Sanity checks the .deps.json exists, which the installation is broken without - shell: powershell # If it's missing, I found that in elements were the problem - run: | - mkdir C:/ProgramData/tgstation-server - cp build/package/appsettings.GitHub.yml C:/ProgramData/tgstation-server/appsettings.Production.yml - $file = [System.IO.Path]::GetFullPath("build/package/winget/test-installer.exe") - $log = [System.IO.Path]::GetFullPath("install.log") - $procMain = Start-Process -FilePath $file "/install /silent /log `"$log`"" -NoNewWindow -PassThru -Wait - if (Test-Path -Path $log -PathType Leaf) { - Get-Content $log - } - $installCode = $procMain.ExitCode - if($installCode -ne 0) { - Write-Host "ERROR INSTALLER EXIT CODE $installCode" - exit 3 - } - if (-Not (Test-Path -Path "C:/Program Files (x86)/tgstation-server/lib/Default/Tgstation.Server.Host.deps.json" -PathType Leaf)) { - exit 2 - } - if (-Not (Test-Path -Path "C:/ProgramData/tgstation-server/appsettings.yml" -PathType Leaf)) { - exit 4 - } - - - name: Test Service - shell: powershell - run: | - $service=Get-Service -Name tgstation-server -ErrorAction SilentlyContinue - if ($service.Length -eq 0) { - exit 3 - } - if ($service[0].Status -ne "Running") { - exit 4 - } - - - name: Test Uninstall # Sanity checks the .deps.json exists, which the installation is broken without - shell: powershell - run: | - $file = [System.IO.Path]::GetFullPath("build/package/winget/test-installer.exe") - $log = [System.IO.Path]::GetFullPath("uninstall.log") - $procMain = Start-Process -FilePath $file "/uninstall /silent /log `"$log`"" -NoNewWindow -PassThru -Wait - if (Test-Path -Path $log -PathType Leaf) { - Get-Content $log - } - $installCode = $procMain.ExitCode - if($installCode -ne 0) { - Write-Host "ERROR INSTALLER EXIT CODE $installCode" - exit 3 - } - $service=Get-Service -Name tgstation-server -ErrorAction SilentlyContinue - if ($service.Length -gt 0) { - echo $service - exit 2 - } - - - name: Upload Unsigned Installer .exe - uses: actions/upload-artifact@v4 - with: - name: packaging-preview-windows - path: build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: Restore Wix dotnet Tool + run: | + cd build/package/winget + dotnet tool restore + + - name: Validate winget Manifest + run: winget validate --manifest build/package/winget/manifest + + - name: Enable Corepack + run: corepack enable + + - name: Setup Telemetry Key File + shell: bash + run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} + + - name: Build Host # Name checked in rerunFlakyTests.js + run: dotnet build -c Release src/Tgstation.Server.Host/Tgstation.Server.Host.csproj + + - name: Delete Telemetry Key File + shell: bash + if: always() + run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} + + - name: Build Service # Name checked in rerunFlakyTests.js + run: dotnet build -c Release src/Tgstation.Server.Host.Service/Tgstation.Server.Host.Service.csproj + + - name: Prepare Artifacts + shell: powershell + run: build/package/winget/prepare_installer_input_artifacts.ps1 + + - name: Build Installer .exe # Name checked in rerunFlakyTests.js + run: | + cd build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle + dotnet build -c Release + + - name: Install Code Signing Certificate + shell: powershell + run: | + $pfxBytes = [convert]::FromBase64String("${{ secrets.CODE_SIGNING_BASE64 }}") + [IO.File]::WriteAllBytes("tg_codesigning.pfx", $pfxBytes) + $certPassword = ConvertTo-SecureString -String "${{ secrets.CODE_SIGNING_PASSWORD }}" -Force -AsPlainText + Import-PfxCertificate -FilePath tg_codesigning.pfx -Cert Cert:\CurrentUser\My -Password $certPassword + rm tg_codesigning.pfx + + - name: Sign Installer .exe for Testing # https://wixtoolset.org/docs/tools/signing/ + shell: powershell + run: | + cd build/package/winget + dotnet wix burn detach Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe -engine burnengine.exe + Set-AuthenticodeSignature burnengine.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" + dotnet wix burn reattach Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe -engine burnengine.exe -o test-installer.exe + Set-AuthenticodeSignature test-installer.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" + + - name: Test Install # Sanity checks the .deps.json exists, which the installation is broken without + shell: powershell # If it's missing, I found that in elements were the problem + run: | + mkdir C:/ProgramData/tgstation-server + cp build/package/appsettings.GitHub.yml C:/ProgramData/tgstation-server/appsettings.Production.yml + $file = [System.IO.Path]::GetFullPath("build/package/winget/test-installer.exe") + $log = [System.IO.Path]::GetFullPath("install.log") + $procMain = Start-Process -FilePath $file "/install /silent /log `"$log`"" -NoNewWindow -PassThru -Wait + if (Test-Path -Path $log -PathType Leaf) { + Get-Content $log + } + $installCode = $procMain.ExitCode + if($installCode -ne 0) { + Write-Host "ERROR INSTALLER EXIT CODE $installCode" + exit 3 + } + if (-Not (Test-Path -Path "C:/Program Files (x86)/tgstation-server/lib/Default/Tgstation.Server.Host.deps.json" -PathType Leaf)) { + exit 2 + } + if (-Not (Test-Path -Path "C:/ProgramData/tgstation-server/appsettings.yml" -PathType Leaf)) { + exit 4 + } + + - name: Test Service + shell: powershell + run: | + $service=Get-Service -Name tgstation-server -ErrorAction SilentlyContinue + if ($service.Length -eq 0) { + exit 3 + } + if ($service[0].Status -ne "Running") { + exit 4 + } + + - name: Test Uninstall # Sanity checks the .deps.json exists, which the installation is broken without + shell: powershell + run: | + $file = [System.IO.Path]::GetFullPath("build/package/winget/test-installer.exe") + $log = [System.IO.Path]::GetFullPath("uninstall.log") + $procMain = Start-Process -FilePath $file "/uninstall /silent /log `"$log`"" -NoNewWindow -PassThru -Wait + if (Test-Path -Path $log -PathType Leaf) { + Get-Content $log + } + $installCode = $procMain.ExitCode + if($installCode -ne 0) { + Write-Host "ERROR INSTALLER EXIT CODE $installCode" + exit 3 + } + $service=Get-Service -Name tgstation-server -ErrorAction SilentlyContinue + if ($service.Length -gt 0) { + echo $service + exit 2 + } + + - name: Upload Unsigned Installer .exe + uses: actions/upload-artifact@v4 + with: + name: packaging-preview-windows + path: build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe check-winget-pr-template: name: Check winget-pkgs Pull Request Template is up to date needs: build-releasenotes runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Checkout (Branch) - uses: actions/checkout@v4 - if: github.event_name == 'push' || github.event_name == 'schedule' - - - name: Checkout (PR Merge) - uses: actions/checkout@v4 - if: github.event_name != 'push' && github.event_name != 'schedule' - with: - ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - - - name: Read Current SHA - id: get-pr-sha - if: github.event_name != 'push' && github.event_name != 'schedule' - shell: bash - run: echo "head_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - - - name: Retrieve Latest winget-pkgs PULL_REQUEST_TEMPLATE commit SHA from GitHub API - id: get-sha - run: | - curl -L -u "${{ vars.DEV_PUSH_USERNAME }}:${{ secrets.DEV_PUSH_TOKEN }}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" -o commits.json https://api.github.com/repos/microsoft/winget-pkgs/commits?path=.github/PULL_REQUEST_TEMPLATE.md - echo "pr_template_sha=$(cat commits.json | jq '.[0].sha')" >> $GITHUB_OUTPUT - - - name: Retrieve ReleaseNotes Binaries - uses: actions/download-artifact@v4 - with: - name: release_notes_bins - path: release_notes_bins - - - name: Run ReleaseNotes Check - run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --winget-template-check ${{ steps.get-sha.outputs.pr_template_sha }} + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Checkout (Branch) + uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" + + - name: Read Current SHA + id: get-pr-sha + if: github.event_name != 'push' && github.event_name != 'schedule' + shell: bash + run: echo "head_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT + + - name: Retrieve Latest winget-pkgs PULL_REQUEST_TEMPLATE commit SHA from GitHub API + id: get-sha + run: | + curl -L -u "${{ vars.DEV_PUSH_USERNAME }}:${{ secrets.DEV_PUSH_TOKEN }}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" -o commits.json https://api.github.com/repos/microsoft/winget-pkgs/commits?path=.github/PULL_REQUEST_TEMPLATE.md + echo "pr_template_sha=$(cat commits.json | jq '.[0].sha')" >> $GITHUB_OUTPUT + + - name: Retrieve ReleaseNotes Binaries + uses: actions/download-artifact@v4 + with: + name: release_notes_bins + path: release_notes_bins + + - name: Run ReleaseNotes Check + run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --winget-template-check ${{ steps.get-sha.outputs.pr_template_sha }} ci-completion-gate: name: CI Completion Gate - needs: [ pages-build, docker-build, build-deb, build-msi, validate-openapi-spec, upload-code-coverage, check-winget-pr-template, efcore-version-match, code-scanning ] + needs: + [ + pages-build, + docker-build, + build-deb, + build-msi, + validate-openapi-spec, + upload-code-coverage, + check-winget-pr-template, + efcore-version-match, + code-scanning, + ] runs-on: ubuntu-latest steps: - name: Mandatory Empty Step @@ -1547,8 +1566,8 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'push' && contains(github.event.head_commit.message, 'Deploy]') steps: - - name: GitHub Requires at Least One Step for a Job - run: exit 0 + - name: GitHub Requires at Least One Step for a Job + run: exit 0 deploy-http: name: Deploy HTTP API @@ -1556,71 +1575,71 @@ jobs: runs-on: windows-latest if: contains(github.event.head_commit.message, '[APIDeploy]') steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Checkout - uses: actions/checkout@v4 - - - name: Parse API version - shell: powershell - run: | - [XML]$versionXML = Get-Content build/Version.props - $apiVersion = $versionXML.Project.PropertyGroup.TgsApiVersion - echo "TGS_API_VERSION=$apiVersion" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - - - name: Retrieve OpenAPI Spec - uses: actions/download-artifact@v4 - with: - name: openapi-spec - path: swagger - - - name: Grab Most Recent Changelog - shell: powershell - run: | - $ProgressPreference = 'SilentlyContinue' - Invoke-WebRequest -Uri https://raw.githubusercontent.com/tgstation/tgstation-server/gh-pages/changelog.yml -OutFile changelog.yml - - - name: Retrieve ReleaseNotes Binaries - uses: actions/download-artifact@v4 - with: - name: release_notes_bins - path: release_notes_bins - - - name: Generate Release Notes - run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll ${{ env.TGS_API_VERSION }} --httpapi - - - name: Generate App Token - shell: powershell - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - $installSecret = Get-Content ${{ runner.temp }}/installation_secret.txt - echo "INSTALLATION_TOKEN=$installSecret" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - rm ${{ runner.temp }}/installation_secret.txt - - - name: Create GitHub Release - uses: actions/create-release@v1 - id: create_release - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - tag_name: api-v${{ env.TGS_API_VERSION }} - release_name: tgstation-server API v${{ env.TGS_API_VERSION }} - body_path: release_notes.md - commitish: ${{ github.event.head_commit.id }} - - - name: Upload OpenApi Spec - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./swagger/tgs_api.json - asset_name: swagger.json - asset_content_type: application/json + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Checkout + uses: actions/checkout@v4 + + - name: Parse API version + shell: powershell + run: | + [XML]$versionXML = Get-Content build/Version.props + $apiVersion = $versionXML.Project.PropertyGroup.TgsApiVersion + echo "TGS_API_VERSION=$apiVersion" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append + + - name: Retrieve OpenAPI Spec + uses: actions/download-artifact@v4 + with: + name: openapi-spec + path: swagger + + - name: Grab Most Recent Changelog + shell: powershell + run: | + $ProgressPreference = 'SilentlyContinue' + Invoke-WebRequest -Uri https://raw.githubusercontent.com/tgstation/tgstation-server/gh-pages/changelog.yml -OutFile changelog.yml + + - name: Retrieve ReleaseNotes Binaries + uses: actions/download-artifact@v4 + with: + name: release_notes_bins + path: release_notes_bins + + - name: Generate Release Notes + run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll ${{ env.TGS_API_VERSION }} --httpapi + + - name: Generate App Token + shell: powershell + run: | + dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} + $installSecret = Get-Content ${{ runner.temp }}/installation_secret.txt + echo "INSTALLATION_TOKEN=$installSecret" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append + rm ${{ runner.temp }}/installation_secret.txt + + - name: Create GitHub Release + uses: actions/create-release@v1 + id: create_release + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + tag_name: api-v${{ env.TGS_API_VERSION }} + release_name: tgstation-server API v${{ env.TGS_API_VERSION }} + body_path: release_notes.md + commitish: ${{ github.event.head_commit.id }} + + - name: Upload OpenApi Spec + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./swagger/tgs_api.json + asset_name: swagger.json + asset_content_type: application/json deploy-dm: name: Deploy DreamMaker API @@ -1628,70 +1647,70 @@ jobs: runs-on: windows-latest if: contains(github.event.head_commit.message, '[DMDeploy]') steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Checkout - uses: actions/checkout@v4 - - - name: Parse DMAPI version - shell: powershell - run: | - [XML]$versionXML = Get-Content build/Version.props - $dmVersion = $versionXML.Project.PropertyGroup.TgsDmapiVersion - echo "TGS_DM_VERSION=$dmVersion" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - - - name: Zip DMAPI - shell: powershell - run: | - &"C:/Program Files/7-Zip/7z.exe" a DMAPI.zip ./src/DMAPI/* -tzip - - - name: Grab Most Recent Changelog - shell: powershell - run: | - $ProgressPreference = 'SilentlyContinue' - Invoke-WebRequest -Uri https://raw.githubusercontent.com/tgstation/tgstation-server/gh-pages/changelog.yml -OutFile changelog.yml - - - name: Retrieve ReleaseNotes Binaries - uses: actions/download-artifact@v4 - with: - name: release_notes_bins - path: release_notes_bins - - - name: Generate Release Notes - run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll ${{ env.TGS_DM_VERSION }} --dmapi - - - name: Generate App Token - shell: powershell - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - $installSecret = Get-Content ${{ runner.temp }}/installation_secret.txt - echo "INSTALLATION_TOKEN=$installSecret" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - rm ${{ runner.temp }}/installation_secret.txt - - - name: Create GitHub Release - uses: actions/create-release@v1 - id: create_release - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - tag_name: dmapi-v${{ env.TGS_DM_VERSION }} - release_name: tgstation-server DMAPI v${{ env.TGS_DM_VERSION }} - body_path: release_notes.md - commitish: ${{ github.event.head_commit.id }} - - - name: Upload DMAPI Artifact - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./DMAPI.zip - asset_name: DMAPI.zip - asset_content_type: application/zip + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Checkout + uses: actions/checkout@v4 + + - name: Parse DMAPI version + shell: powershell + run: | + [XML]$versionXML = Get-Content build/Version.props + $dmVersion = $versionXML.Project.PropertyGroup.TgsDmapiVersion + echo "TGS_DM_VERSION=$dmVersion" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append + + - name: Zip DMAPI + shell: powershell + run: | + &"C:/Program Files/7-Zip/7z.exe" a DMAPI.zip ./src/DMAPI/* -tzip + + - name: Grab Most Recent Changelog + shell: powershell + run: | + $ProgressPreference = 'SilentlyContinue' + Invoke-WebRequest -Uri https://raw.githubusercontent.com/tgstation/tgstation-server/gh-pages/changelog.yml -OutFile changelog.yml + + - name: Retrieve ReleaseNotes Binaries + uses: actions/download-artifact@v4 + with: + name: release_notes_bins + path: release_notes_bins + + - name: Generate Release Notes + run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll ${{ env.TGS_DM_VERSION }} --dmapi + + - name: Generate App Token + shell: powershell + run: | + dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} + $installSecret = Get-Content ${{ runner.temp }}/installation_secret.txt + echo "INSTALLATION_TOKEN=$installSecret" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append + rm ${{ runner.temp }}/installation_secret.txt + + - name: Create GitHub Release + uses: actions/create-release@v1 + id: create_release + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + tag_name: dmapi-v${{ env.TGS_DM_VERSION }} + release_name: tgstation-server DMAPI v${{ env.TGS_DM_VERSION }} + body_path: release_notes.md + commitish: ${{ github.event.head_commit.id }} + + - name: Upload DMAPI Artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./DMAPI.zip + asset_name: DMAPI.zip + asset_content_type: application/zip deploy-client: name: Deploy Nuget Packages @@ -1699,50 +1718,50 @@ jobs: runs-on: ubuntu-latest if: contains(github.event.head_commit.message, '[NugetDeploy]') steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Checkout - uses: actions/checkout@v4 - - - name: Grab Most Recent Changelog - run: curl -L https://raw.githubusercontent.com/tgstation/tgstation-server/gh-pages/changelog.yml -o changelog.yml - - - name: Retrieve ReleaseNotes Binaries - uses: actions/download-artifact@v4 - with: - name: release_notes_bins - path: release_notes_bins - - - name: Generate Release Notes - run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --nuget - - - name: Publish Tgstation.Server.Common to NuGet - uses: alirezanet/publish-nuget@e276c40afeb2a154046f0997820f2a9ea74832d9 # v3.1.0 - with: - PROJECT_FILE_PATH: src/Tgstation.Server.Common/Tgstation.Server.Common.csproj - TAG_COMMIT: false - INCLUDE_SYMBOLS: true - NUGET_KEY: ${{ secrets.NUGET_API_KEY }} - - - name: Publish Tgstation.Server.Api to NuGet - uses: alirezanet/publish-nuget@e276c40afeb2a154046f0997820f2a9ea74832d9 # v3.1.0 - with: - PROJECT_FILE_PATH: src/Tgstation.Server.Api/Tgstation.Server.Api.csproj - TAG_COMMIT: false - INCLUDE_SYMBOLS: true - NUGET_KEY: ${{ secrets.NUGET_API_KEY }} - - - name: Publish Tgstation.Server.Client to NuGet - uses: alirezanet/publish-nuget@e276c40afeb2a154046f0997820f2a9ea74832d9 # v3.1.0 - with: - PROJECT_FILE_PATH: src/Tgstation.Server.Client/Tgstation.Server.Client.csproj - TAG_COMMIT: false - INCLUDE_SYMBOLS: true - NUGET_KEY: ${{ secrets.NUGET_API_KEY }} + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Checkout + uses: actions/checkout@v4 + + - name: Grab Most Recent Changelog + run: curl -L https://raw.githubusercontent.com/tgstation/tgstation-server/gh-pages/changelog.yml -o changelog.yml + + - name: Retrieve ReleaseNotes Binaries + uses: actions/download-artifact@v4 + with: + name: release_notes_bins + path: release_notes_bins + + - name: Generate Release Notes + run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --nuget + + - name: Publish Tgstation.Server.Common to NuGet + uses: alirezanet/publish-nuget@e276c40afeb2a154046f0997820f2a9ea74832d9 # v3.1.0 + with: + PROJECT_FILE_PATH: src/Tgstation.Server.Common/Tgstation.Server.Common.csproj + TAG_COMMIT: false + INCLUDE_SYMBOLS: true + NUGET_KEY: ${{ secrets.NUGET_API_KEY }} + + - name: Publish Tgstation.Server.Api to NuGet + uses: alirezanet/publish-nuget@e276c40afeb2a154046f0997820f2a9ea74832d9 # v3.1.0 + with: + PROJECT_FILE_PATH: src/Tgstation.Server.Api/Tgstation.Server.Api.csproj + TAG_COMMIT: false + INCLUDE_SYMBOLS: true + NUGET_KEY: ${{ secrets.NUGET_API_KEY }} + + - name: Publish Tgstation.Server.Client to NuGet + uses: alirezanet/publish-nuget@e276c40afeb2a154046f0997820f2a9ea74832d9 # v3.1.0 + with: + PROJECT_FILE_PATH: src/Tgstation.Server.Client/Tgstation.Server.Client.csproj + TAG_COMMIT: false + INCLUDE_SYMBOLS: true + NUGET_KEY: ${{ secrets.NUGET_API_KEY }} ensure-release: name: Ensure TGS Release is Latest GitHub Release @@ -1750,20 +1769,20 @@ jobs: runs-on: ubuntu-latest if: (!(cancelled() || failure())) && (!contains(github.event.head_commit.message, '[TGSDeploy]')) steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - name: Retrieve ReleaseNotes Binaries - uses: actions/download-artifact@v4 - with: - name: release_notes_bins - path: release_notes_bins + - name: Retrieve ReleaseNotes Binaries + uses: actions/download-artifact@v4 + with: + name: release_notes_bins + path: release_notes_bins - - name: Run ReleaseNotes with --ensure-release - run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --ensure-release ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} + - name: Run ReleaseNotes with --ensure-release + run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --ensure-release ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} deploy-tgs: name: Deploy TGS @@ -1773,235 +1792,235 @@ jobs: env: TGS_TELEMETRY_KEY_FILE: C:/tgs_telemetry_key.txt steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Setup Node.JS - uses: actions/setup-node@v4 - with: + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Setup Node.JS + uses: actions/setup-node@v4 + with: node-version: ${{ env.TGS_WEBPANEL_NODE_VERSION }} - - name: Checkout - uses: actions/checkout@v4 - - - name: Restore Wix dotnet Tool - run: | - cd build/package/winget - dotnet tool restore - - - name: Enable Corepack - run: corepack enable - - - name: Setup Telemetry Key File - shell: bash - run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} - - # We need to rebuild the installer.exe so it can be properly signed - - name: Build Host # Name checked in rerunFlakyTests.js - run: dotnet build -c Release src/Tgstation.Server.Host/Tgstation.Server.Host.csproj - - - name: Delete Telemetry Key File - shell: bash - if: always() - run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} - - - name: Build Service # Name checked in rerunFlakyTests.js - run: dotnet build -c Release src/Tgstation.Server.Host.Service/Tgstation.Server.Host.Service.csproj - - - name: Prepare Artifacts - shell: powershell - run: build/package/winget/prepare_installer_input_artifacts.ps1 - - - name: Build Installer .exe # Name checked in rerunFlakyTests.js - run: | - cd build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle - dotnet build -c Release - - - name: Parse TGS version - shell: powershell - run: | - [XML]$versionXML = Get-Content build/Version.props - $tgsVersion = $versionXML.Project.PropertyGroup.TgsCoreVersion - $mariaDBVerison = $versionXML.Project.PropertyGroup.TgsMariaDBRedistVersion - echo "TGS_VERSION=$tgsVersion" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - echo "MARIADB_VERSION=$mariaDBVerison" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - - - name: Upload .msi - uses: actions/upload-artifact@v4 - with: - name: packaging-windows-raw-msi - path: build/package/winget/Tgstation.Server.Host.Service.Wix/bin/Release/en-US/tgstation-server.msi - - - name: Retrieve Server Service - uses: actions/download-artifact@v4 - with: - name: ServerService - path: ServerService - - - name: Retrieve Server Console - uses: actions/download-artifact@v4 - with: - name: ServerConsole - path: ServerConsole - - - name: Retrieve Server Update Package - uses: actions/download-artifact@v4 - with: - name: ServerUpdatePackage - path: ServerUpdatePackage - - - name: Retrieve OpenAPI Spec - uses: actions/download-artifact@v4 - with: - name: openapi-spec - path: swagger - - - name: Retrieve Debian Packaging Archive - uses: actions/download-artifact@v4 - with: - name: packaging-debian - path: packaging-debian - - - name: Install Code Signing Certificate - shell: powershell - run: | - $pfxBytes = [convert]::FromBase64String("${{ secrets.CODE_SIGNING_BASE64 }}") - [IO.File]::WriteAllBytes("tg_codesigning.pfx", $pfxBytes) - $certPassword = ConvertTo-SecureString -String "${{ secrets.CODE_SIGNING_PASSWORD }}" -Force -AsPlainText - Import-PfxCertificate -FilePath tg_codesigning.pfx -Cert Cert:\CurrentUser\My -Password $certPassword - rm tg_codesigning.pfx - - - name: Sign Installer .exe # https://wixtoolset.org/docs/tools/signing/ - shell: powershell - run: | - cd build/package/winget - dotnet wix burn detach Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe -engine burnengine.exe - Set-AuthenticodeSignature burnengine.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" - dotnet wix burn reattach Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe -engine burnengine.exe -o tgstation-server-installer.exe - Set-AuthenticodeSignature tgstation-server-installer.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" - - - name: Sign Service .exe - shell: powershell - run: Set-AuthenticodeSignature ServerService/Tgstation.Server.Host.Service.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" - - - name: Zip Artifacts - shell: powershell - run: | - &"C:/Program Files/7-Zip/7z.exe" a DMAPI.zip ./src/DMAPI/* -tzip - &"C:/Program Files/7-Zip/7z.exe" a ServerService.zip ./ServerService/* -tzip - &"C:/Program Files/7-Zip/7z.exe" a ServerConsole.zip ./ServerConsole/* -tzip - &"C:/Program Files/7-Zip/7z.exe" a ServerUpdatePackage.zip ./ServerUpdatePackage/* -tzip - - - name: Retrieve ReleaseNotes Binaries - uses: actions/download-artifact@v4 - with: - name: release_notes_bins - path: release_notes_bins - - - name: Generate Release Notes - run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll ${{ env.TGS_VERSION }} - - - name: Generate App Token - shell: powershell - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - $installSecret = Get-Content ${{ runner.temp }}/installation_secret.txt - echo "INSTALLATION_TOKEN=$installSecret" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - rm ${{ runner.temp }}/installation_secret.txt - - - name: Create GitHub Release - uses: actions/create-release@v1 - id: create_release - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - tag_name: tgstation-server-v${{ env.TGS_VERSION }} - release_name: tgstation-server-v${{ env.TGS_VERSION }} - body_path: release_notes.md - commitish: ${{ github.event.head_commit.id }} - - - name: Upload Server Console Artifact - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./ServerConsole.zip - asset_name: ServerConsole.zip - asset_content_type: application/zip - - - name: Upload Server Service Artifact - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./ServerService.zip - asset_name: ServerService.zip - asset_content_type: application/zip - - - name: Upload DMAPI Artifact - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./DMAPI.zip - asset_name: DMAPI.zip - asset_content_type: application/zip - - - name: Upload OpenApi Spec Artifact - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./swagger/tgs_api.json - asset_name: swagger.json - asset_content_type: application/json - - - name: Upload Server Update Package Artifact - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./ServerUpdatePackage.zip - asset_name: ServerUpdatePackage.zip - asset_content_type: application/zip - - - name: Upload Debian Pacakaging Artifact - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./packaging-debian/tgstation-server-v${{ env.TGS_VERSION }}.debian.packaging.tar.xz - asset_name: tgstation-server-v${{ env.TGS_VERSION }}.debian.packaging.tar.xz - asset_content_type: application/x-tar - - - name: Upload MariaDB .msi - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/mariadb.msi - asset_name: mariadb-${{ env.MARIADB_VERSION }}-winx64.msi - asset_content_type: application/octet-stream - - - name: Upload Installer .exe - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./build/package/winget/tgstation-server-installer.exe - asset_name: tgstation-server-installer.exe - asset_content_type: application/octet-stream + - name: Checkout + uses: actions/checkout@v4 + + - name: Restore Wix dotnet Tool + run: | + cd build/package/winget + dotnet tool restore + + - name: Enable Corepack + run: corepack enable + + - name: Setup Telemetry Key File + shell: bash + run: echo "${{ secrets.TGS_TELEMETRY_KEY }}" > ${{ env.TGS_TELEMETRY_KEY_FILE }} + + # We need to rebuild the installer.exe so it can be properly signed + - name: Build Host # Name checked in rerunFlakyTests.js + run: dotnet build -c Release src/Tgstation.Server.Host/Tgstation.Server.Host.csproj + + - name: Delete Telemetry Key File + shell: bash + if: always() + run: rm -f ${{ env.TGS_TELEMETRY_KEY_FILE }} + + - name: Build Service # Name checked in rerunFlakyTests.js + run: dotnet build -c Release src/Tgstation.Server.Host.Service/Tgstation.Server.Host.Service.csproj + + - name: Prepare Artifacts + shell: powershell + run: build/package/winget/prepare_installer_input_artifacts.ps1 + + - name: Build Installer .exe # Name checked in rerunFlakyTests.js + run: | + cd build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle + dotnet build -c Release + + - name: Parse TGS version + shell: powershell + run: | + [XML]$versionXML = Get-Content build/Version.props + $tgsVersion = $versionXML.Project.PropertyGroup.TgsCoreVersion + $mariaDBVerison = $versionXML.Project.PropertyGroup.TgsMariaDBRedistVersion + echo "TGS_VERSION=$tgsVersion" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append + echo "MARIADB_VERSION=$mariaDBVerison" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append + + - name: Upload .msi + uses: actions/upload-artifact@v4 + with: + name: packaging-windows-raw-msi + path: build/package/winget/Tgstation.Server.Host.Service.Wix/bin/Release/en-US/tgstation-server.msi + + - name: Retrieve Server Service + uses: actions/download-artifact@v4 + with: + name: ServerService + path: ServerService + + - name: Retrieve Server Console + uses: actions/download-artifact@v4 + with: + name: ServerConsole + path: ServerConsole + + - name: Retrieve Server Update Package + uses: actions/download-artifact@v4 + with: + name: ServerUpdatePackage + path: ServerUpdatePackage + + - name: Retrieve OpenAPI Spec + uses: actions/download-artifact@v4 + with: + name: openapi-spec + path: swagger + + - name: Retrieve Debian Packaging Archive + uses: actions/download-artifact@v4 + with: + name: packaging-debian + path: packaging-debian + + - name: Install Code Signing Certificate + shell: powershell + run: | + $pfxBytes = [convert]::FromBase64String("${{ secrets.CODE_SIGNING_BASE64 }}") + [IO.File]::WriteAllBytes("tg_codesigning.pfx", $pfxBytes) + $certPassword = ConvertTo-SecureString -String "${{ secrets.CODE_SIGNING_PASSWORD }}" -Force -AsPlainText + Import-PfxCertificate -FilePath tg_codesigning.pfx -Cert Cert:\CurrentUser\My -Password $certPassword + rm tg_codesigning.pfx + + - name: Sign Installer .exe # https://wixtoolset.org/docs/tools/signing/ + shell: powershell + run: | + cd build/package/winget + dotnet wix burn detach Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe -engine burnengine.exe + Set-AuthenticodeSignature burnengine.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" + dotnet wix burn reattach Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/tgstation-server-installer.exe -engine burnengine.exe -o tgstation-server-installer.exe + Set-AuthenticodeSignature tgstation-server-installer.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" + + - name: Sign Service .exe + shell: powershell + run: Set-AuthenticodeSignature ServerService/Tgstation.Server.Host.Service.exe -Certificate (Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq "${{ vars.CODE_SIGNING_THUMBPRINT }}" }) -TimestampServer "http://timestamp.digicert.com" + + - name: Zip Artifacts + shell: powershell + run: | + &"C:/Program Files/7-Zip/7z.exe" a DMAPI.zip ./src/DMAPI/* -tzip + &"C:/Program Files/7-Zip/7z.exe" a ServerService.zip ./ServerService/* -tzip + &"C:/Program Files/7-Zip/7z.exe" a ServerConsole.zip ./ServerConsole/* -tzip + &"C:/Program Files/7-Zip/7z.exe" a ServerUpdatePackage.zip ./ServerUpdatePackage/* -tzip + + - name: Retrieve ReleaseNotes Binaries + uses: actions/download-artifact@v4 + with: + name: release_notes_bins + path: release_notes_bins + + - name: Generate Release Notes + run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll ${{ env.TGS_VERSION }} + + - name: Generate App Token + shell: powershell + run: | + dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} + $installSecret = Get-Content ${{ runner.temp }}/installation_secret.txt + echo "INSTALLATION_TOKEN=$installSecret" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append + rm ${{ runner.temp }}/installation_secret.txt + + - name: Create GitHub Release + uses: actions/create-release@v1 + id: create_release + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + tag_name: tgstation-server-v${{ env.TGS_VERSION }} + release_name: tgstation-server-v${{ env.TGS_VERSION }} + body_path: release_notes.md + commitish: ${{ github.event.head_commit.id }} + + - name: Upload Server Console Artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./ServerConsole.zip + asset_name: ServerConsole.zip + asset_content_type: application/zip + + - name: Upload Server Service Artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./ServerService.zip + asset_name: ServerService.zip + asset_content_type: application/zip + + - name: Upload DMAPI Artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./DMAPI.zip + asset_name: DMAPI.zip + asset_content_type: application/zip + + - name: Upload OpenApi Spec Artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./swagger/tgs_api.json + asset_name: swagger.json + asset_content_type: application/json + + - name: Upload Server Update Package Artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./ServerUpdatePackage.zip + asset_name: ServerUpdatePackage.zip + asset_content_type: application/zip + + - name: Upload Debian Pacakaging Artifact + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./packaging-debian/tgstation-server-v${{ env.TGS_VERSION }}.debian.packaging.tar.xz + asset_name: tgstation-server-v${{ env.TGS_VERSION }}.debian.packaging.tar.xz + asset_content_type: application/x-tar + + - name: Upload MariaDB .msi + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/mariadb.msi + asset_name: mariadb-${{ env.MARIADB_VERSION }}-winx64.msi + asset_content_type: application/octet-stream + + - name: Upload Installer .exe + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./build/package/winget/tgstation-server-installer.exe + asset_name: tgstation-server-installer.exe + asset_content_type: application/octet-stream changelog-regen: name: Regenerate Changelog @@ -2009,47 +2028,47 @@ jobs: if: (!(cancelled() || failure())) && needs.deploy-tgs.result == 'success' needs: deploy-tgs steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: gh-pages Clone - run: git clone -b gh-pages --single-branch "https://git@github.com/tgstation/tgstation-server" $HOME/tgsdox - - - name: Retrieve ReleaseNotes Binaries - uses: actions/download-artifact@v4 - with: - name: release_notes_bins - path: release_notes_bins - - - name: Compile Changelog (Incremental) - run: | - mv $HOME/tgsdox/changelog.yml ./ 2>/dev/null - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --generate-full-notes - - - name: Generate App Token - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - - - name: gh-pages Push - run: | - pushd $HOME/tgsdox - rm -f changelog.yml - popd - sudo mv changelog.yml $HOME/tgsdox/ - cd $HOME/tgsdox - git config --global push.default simple - git config user.name "tgstation-server-ci[bot]" - git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" - git add changelog.yml - echo "Committing..." - git diff-index --quiet HEAD || git commit -m "Regenerate changelog post deploy for workflow run ${{ github.run_number }}" -m "Commit: ${{ github.event.head_commit.id }}" - echo "Pushing..." - git push -f "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/tgstation/tgstation-server" 2>&1 + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: gh-pages Clone + run: git clone -b gh-pages --single-branch "https://git@github.com/tgstation/tgstation-server" $HOME/tgsdox + + - name: Retrieve ReleaseNotes Binaries + uses: actions/download-artifact@v4 + with: + name: release_notes_bins + path: release_notes_bins + + - name: Compile Changelog (Incremental) + run: | + mv $HOME/tgsdox/changelog.yml ./ 2>/dev/null + dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --generate-full-notes + + - name: Generate App Token + run: | + dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} + echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV + rm ${{ runner.temp }}/installation_secret.txt + + - name: gh-pages Push + run: | + pushd $HOME/tgsdox + rm -f changelog.yml + popd + sudo mv changelog.yml $HOME/tgsdox/ + cd $HOME/tgsdox + git config --global push.default simple + git config user.name "tgstation-server-ci[bot]" + git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" + git add changelog.yml + echo "Committing..." + git diff-index --quiet HEAD || git commit -m "Regenerate changelog post deploy for workflow run ${{ github.run_number }}" -m "Commit: ${{ github.event.head_commit.id }}" + echo "Pushing..." + git push -f "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/tgstation/tgstation-server" 2>&1 deploy-docker: name: Deploy TGS (Docker) @@ -2057,25 +2076,25 @@ jobs: if: (!(cancelled() || failure())) && needs.deploy-tgs.result == 'success' runs-on: ubuntu-latest steps: - - name: Install Native Packages # Name checked in rerunFlakyTests.js - run: | - sudo apt-get update - sudo apt-get install -y xmlstarlet - - - name: Checkout - uses: actions/checkout@v4 - - - name: Parse TGS version - run: echo "TGS_VERSION=$(xmlstarlet sel -N X="http://schemas.microsoft.com/developer/msbuild/2003" --template --value-of /X:Project/X:PropertyGroup/X:TgsCoreVersion build/Version.props)" >> $GITHUB_ENV - - - name: Docker Build and Push - uses: elgohr/Publish-Docker-Github-Action@43dc228e327224b2eda11c8883232afd5b34943b # v5 - with: - name: tgstation/server - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - dockerfile: build/Dockerfile - tags: "latest,v${{ env.TGS_VERSION }}" + - name: Install Native Packages # Name checked in rerunFlakyTests.js + run: | + sudo apt-get update + sudo apt-get install -y xmlstarlet + + - name: Checkout + uses: actions/checkout@v4 + + - name: Parse TGS version + run: echo "TGS_VERSION=$(xmlstarlet sel -N X="http://schemas.microsoft.com/developer/msbuild/2003" --template --value-of /X:Project/X:PropertyGroup/X:TgsCoreVersion build/Version.props)" >> $GITHUB_ENV + + - name: Docker Build and Push + uses: elgohr/Publish-Docker-Github-Action@43dc228e327224b2eda11c8883232afd5b34943b # v5 + with: + name: tgstation/server + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + dockerfile: build/Dockerfile + tags: "latest,v${{ env.TGS_VERSION }}" deploy-ppa: name: Deploy TGS (PPA) @@ -2083,20 +2102,20 @@ jobs: if: (!(cancelled() || failure())) && needs.deploy-tgs.result == 'success' runs-on: ubuntu-latest steps: - - name: Install Native Packages # Name checked in rerunFlakyTests.js - run: | - sudo apt-get update - sudo apt-get install -y xmlstarlet + - name: Install Native Packages # Name checked in rerunFlakyTests.js + run: | + sudo apt-get update + sudo apt-get install -y xmlstarlet - - name: Checkout - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 - - name: Parse TGS version - run: echo "TGS_VERSION=$(xmlstarlet sel -N X="http://schemas.microsoft.com/developer/msbuild/2003" --template --value-of /X:Project/X:PropertyGroup/X:TgsCoreVersion build/Version.props)" >> $GITHUB_ENV + - name: Parse TGS version + run: echo "TGS_VERSION=$(xmlstarlet sel -N X="http://schemas.microsoft.com/developer/msbuild/2003" --template --value-of /X:Project/X:PropertyGroup/X:TgsCoreVersion build/Version.props)" >> $GITHUB_ENV - - name: Trigger tgstation-ppa workflow - run: | - curl -XPOST -u "${{ vars.DEV_PUSH_USERNAME }}:${{ secrets.DEV_PUSH_TOKEN }}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/tgstation/tgstation-ppa/actions/workflows/add_tgs_version.yml/dispatches --data '{"ref":"main","inputs":{"tgs_semver": "${{ env.TGS_VERSION }}"}}' + - name: Trigger tgstation-ppa workflow + run: | + curl -XPOST -u "${{ vars.DEV_PUSH_USERNAME }}:${{ secrets.DEV_PUSH_TOKEN }}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/tgstation/tgstation-ppa/actions/workflows/add_tgs_version.yml/dispatches --data '{"ref":"main","inputs":{"tgs_semver": "${{ env.TGS_VERSION }}"}}' deploy-winget: name: Deploy TGS (winget) @@ -2104,45 +2123,45 @@ jobs: if: (!(cancelled() || failure())) && needs.deploy-tgs.result == 'success' runs-on: windows-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Install winget - uses: Cyberboss/install-winget@v1 - with: - GITHUB_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} - - - name: Install wingetcreate - run: winget install wingetcreate --version 1.2.8.0 --disable-interactivity --accept-source-agreements # Pinned due to breaking every other version - - - name: Checkout - uses: actions/checkout@v4 - - - name: Retrieve Server Service - uses: actions/download-artifact@v4 - with: - name: packaging-windows-raw-msi - path: artifacts - - - name: Retrieve ReleaseNotes Binaries - uses: actions/download-artifact@v4 - with: - name: release_notes_bins - path: release_notes_bins - - - name: Execute Push Script - shell: powershell - run: build/package/winget/push_manifest.ps1 - env: - WINGET_PUSH_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} - - - name: Delay 10m to allow MS bot to update PR - shell: powershell - run: Sleep 600 - - - name: Run ReleaseNotes with --link-winget - shell: powershell - run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --link-winget ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Install winget + uses: Cyberboss/install-winget@v1 + with: + GITHUB_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} + + - name: Install wingetcreate + run: winget install wingetcreate --version 1.2.8.0 --disable-interactivity --accept-source-agreements # Pinned due to breaking every other version + + - name: Checkout + uses: actions/checkout@v4 + + - name: Retrieve Server Service + uses: actions/download-artifact@v4 + with: + name: packaging-windows-raw-msi + path: artifacts + + - name: Retrieve ReleaseNotes Binaries + uses: actions/download-artifact@v4 + with: + name: release_notes_bins + path: release_notes_bins + + - name: Execute Push Script + shell: powershell + run: build/package/winget/push_manifest.ps1 + env: + WINGET_PUSH_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} + + - name: Delay 10m to allow MS bot to update PR + shell: powershell + run: Sleep 600 + + - name: Run ReleaseNotes with --link-winget + shell: powershell + run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --link-winget ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} diff --git a/.github/workflows/ci-security.yml b/.github/workflows/ci-security.yml index 19edfa31dde..63b4cca6f00 100644 --- a/.github/workflows/ci-security.yml +++ b/.github/workflows/ci-security.yml @@ -1,15 +1,15 @@ -name: 'CI Security' +name: CI Security on: pull_request: branches: - - dev - - master + - dev + - master pull_request_target: - types: [ opened, reopened, labeled, synchronize ] + types: [opened, reopened, labeled, synchronize] branches: - - dev - - master + - dev + - master concurrency: group: "ci-security-${{ github.head_ref || github.run_id }}-${{ github.event_name }}" @@ -23,40 +23,40 @@ jobs: permissions: pull-requests: write steps: - - name: Comment on new Fork PR - if: github.event.action == 'opened' && !contains(github.event.pull_request.labels.*.name, 'CI Cleared') && github.event.pull_request.user.id != 49699333 - uses: thollander/actions-comment-pull-request@1d3973dc4b8e1399c0620d3f2b1aa5e795465308 - with: - message: Thank you for contributing to ${{ github.event.pull_request.base.repo.name }}! The workflow '${{ github.workflow }}' requires repository secrets and will not run without approval. Maintainers can add the `CI Cleared` label to allow it to run. Note that any changes to ci-security.yml and ci-pipeline.yml will not be reflected. + - name: Comment on new Fork PR + if: github.event.action == 'opened' && !contains(github.event.pull_request.labels.*.name, 'CI Cleared') && github.event.pull_request.user.id != 49699333 + uses: thollander/actions-comment-pull-request@1d3973dc4b8e1399c0620d3f2b1aa5e795465308 + with: + message: Thank you for contributing to ${{ github.event.pull_request.base.repo.name }}! The workflow '${{ github.workflow }}' requires repository secrets and will not run without approval. Maintainers can add the `CI Cleared` label to allow it to run. Note that any changes to ci-security.yml and ci-pipeline.yml will not be reflected. - - name: Comment on dependabot PR - if: github.event.action == 'opened' && !contains(github.event.pull_request.labels.*.name, 'CI Cleared') && github.event.pull_request.user.id == 49699333 - uses: thollander/actions-comment-pull-request@1d3973dc4b8e1399c0620d3f2b1aa5e795465308 - with: - message: Set the milestone to the next minor version, check for supply chain attacks, and then add the `CI Cleared` label to allow CI to run. + - name: Comment on dependabot PR + if: github.event.action == 'opened' && !contains(github.event.pull_request.labels.*.name, 'CI Cleared') && github.event.pull_request.user.id == 49699333 + uses: thollander/actions-comment-pull-request@1d3973dc4b8e1399c0620d3f2b1aa5e795465308 + with: + message: Set the milestone to the next minor version, check for supply chain attacks, and then add the `CI Cleared` label to allow CI to run. - - name: "Remove Stale 'CI Cleared' Label" - if: github.event.action == 'synchronize' || github.event.action == 'reopened' - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 - with: - labels: CI Cleared + - name: "Remove Stale 'CI Cleared' Label" + if: github.event.action == 'synchronize' || github.event.action == 'reopened' + uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 + with: + labels: CI Cleared - - name: "Remove 'CI Approval Required' Label" - if: (github.event.action == 'synchronize' || github.event.action == 'reopened') || ((github.event.action == 'opened' || github.event.action == 'labeled') && contains(github.event.pull_request.labels.*.name, 'CI Cleared')) - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 - with: - labels: CI Approval Required + - name: "Remove 'CI Approval Required' Label" + if: (github.event.action == 'synchronize' || github.event.action == 'reopened') || ((github.event.action == 'opened' || github.event.action == 'labeled') && contains(github.event.pull_request.labels.*.name, 'CI Cleared')) + uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 + with: + labels: CI Approval Required - - name: "Add 'CI Approval Required' Label" - if: (github.event.action == 'synchronize' || github.event.action == 'reopened') || ((github.event.action == 'opened' || github.event.action == 'labeled') && !contains(github.event.pull_request.labels.*.name, 'CI Cleared')) - uses: actions-ecosystem/action-add-labels@bd52874380e3909a1ac983768df6976535ece7f8 - with: - labels: CI Approval Required - github_token: ${{ github.token }} + - name: "Add 'CI Approval Required' Label" + if: (github.event.action == 'synchronize' || github.event.action == 'reopened') || ((github.event.action == 'opened' || github.event.action == 'labeled') && !contains(github.event.pull_request.labels.*.name, 'CI Cleared')) + uses: actions-ecosystem/action-add-labels@bd52874380e3909a1ac983768df6976535ece7f8 + with: + labels: CI Approval Required + github_token: ${{ github.token }} - - name: Fail if PR has Unlabeled new Commits from User - if: (github.event.action == 'synchronize' || github.event.action == 'reopened') || ((github.event.action == 'opened' || github.event.action == 'labeled') && !contains(github.event.pull_request.labels.*.name, 'CI Cleared')) - run: exit 1 + - name: Fail if PR has Unlabeled new Commits from User + if: (github.event.action == 'synchronize' || github.event.action == 'reopened') || ((github.event.action == 'opened' || github.event.action == 'labeled') && !contains(github.event.pull_request.labels.*.name, 'CI Cleared')) + run: exit 1 ci-pipline-workflow-call: name: CI Pipeline diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml index 54a745d37ca..8efb0f70f93 100644 --- a/.github/workflows/dependabot-automerge.yml +++ b/.github/workflows/dependabot-automerge.yml @@ -1,11 +1,11 @@ -name: 'Automerge Dependabot' +name: Automerge Dependabot on: pull_request_target: - types: [ opened, reopened ] + types: [opened, reopened] branches: - - dev - - master + - dev + - master concurrency: group: "dependabot-automerge-${{ github.head_ref || github.run_id }}-${{ github.event_name }}" @@ -24,7 +24,7 @@ jobs: - name: Setup dotnet uses: actions/setup-dotnet@v4 with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - name: Checkout diff --git a/.github/workflows/rerun-flaky-tests.yml b/.github/workflows/rerun-flaky-tests.yml index 806d89e3597..a5d11b34043 100644 --- a/.github/workflows/rerun-flaky-tests.yml +++ b/.github/workflows/rerun-flaky-tests.yml @@ -1,21 +1,21 @@ name: Rerun Flaky Live Tests on: workflow_run: - workflows: ['CI Pipeline', 'CI Security'] + workflows: ["CI Pipeline", "CI Security"] types: - - completed + - completed jobs: rerun_flaky_tests: name: Rerun Flaky Tests runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.run_attempt < 3 }} steps: - - name: Checkout - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 - - name: Rerun flaky tests - uses: actions/github-script@v6 - with: - script: | - const { rerunFlakyTests } = await import('${{ github.workspace }}/.github/workflows/scripts/rerunFlakyTests.js') - await rerunFlakyTests({ github, context }) + - name: Rerun flaky tests + uses: actions/github-script@v6 + with: + script: | + const { rerunFlakyTests } = await import('${{ github.workspace }}/.github/workflows/scripts/rerunFlakyTests.js') + await rerunFlakyTests({ github, context }) diff --git a/.github/workflows/stable-merge.yml b/.github/workflows/stable-merge.yml index 509c9e85c56..44ab924be95 100644 --- a/.github/workflows/stable-merge.yml +++ b/.github/workflows/stable-merge.yml @@ -1,9 +1,9 @@ -name: 'Master Merge' +name: Master Merge on: push: branches: - - master + - master workflow_dispatch: env: @@ -15,46 +15,46 @@ jobs: name: Master Merge runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Build Checkout - uses: actions/checkout@v4 - with: - path: temp_workspace - - - name: Build ReleaseNotes - run: | - cd temp_workspace - dotnet build -c Release -p:TGS_HOST_NO_WEBPANEL=true tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj - - - name: Generate App Token - run: | - cd temp_workspace - dotnet run -c Release --no-build --project tools/Tgstation.Server.ReleaseNotes --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - env: - TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} - - - name: Main Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - token: ${{ env.INSTALLATION_TOKEN }} - - - name: Merge master into dev - uses: robotology/gh-action-nightly-merge@14b4a4cf358f7479aa708bee05cf8a794d6a2516 #v1.5.0 - with: - stable_branch: 'master' - development_branch: 'dev' - allow_ff: true - allow_forks: true - user_name: tgstation-server-ci[bot] - user_email: 161980869+tgstation-server-ci[bot]@users.noreply.github.com - push_token: INSTALLATION_TOKEN - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + + - name: Build Checkout + uses: actions/checkout@v4 + with: + path: temp_workspace + + - name: Build ReleaseNotes + run: | + cd temp_workspace + dotnet build -c Release -p:TGS_HOST_NO_WEBPANEL=true tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj + + - name: Generate App Token + run: | + cd temp_workspace + dotnet run -c Release --no-build --project tools/Tgstation.Server.ReleaseNotes --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} + echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV + rm ${{ runner.temp }}/installation_secret.txt + env: + TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} + + - name: Main Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ env.INSTALLATION_TOKEN }} + + - name: Merge master into dev + uses: robotology/gh-action-nightly-merge@14b4a4cf358f7479aa708bee05cf8a794d6a2516 #v1.5.0 + with: + stable_branch: master + development_branch: dev + allow_ff: true + allow_forks: true + user_name: tgstation-server-ci[bot] + user_email: 161980869+tgstation-server-ci[bot]@users.noreply.github.com + push_token: INSTALLATION_TOKEN + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-ss13-org-mirror.yml b/.github/workflows/update-ss13-org-mirror.yml index f6562220f7b..90593300711 100644 --- a/.github/workflows/update-ss13-org-mirror.yml +++ b/.github/workflows/update-ss13-org-mirror.yml @@ -1,11 +1,11 @@ -name: 'Sync spacestation13/tgstation-server' +name: Sync spacestation13/tgstation-server on: push: branches: - - dev + - dev tags: - - '*' + - "*" workflow_dispatch: env: @@ -21,52 +21,52 @@ jobs: name: Fork Sync runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x' - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x + dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - name: Build Checkout - uses: actions/checkout@v4 - with: - path: temp_workspace + - name: Build Checkout + uses: actions/checkout@v4 + with: + path: temp_workspace - - name: Build ReleaseNotes - run: | - cd temp_workspace - dotnet build -c Release -p:TGS_HOST_NO_WEBPANEL=true tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj + - name: Build ReleaseNotes + run: | + cd temp_workspace + dotnet build -c Release -p:TGS_HOST_NO_WEBPANEL=true tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj - - name: Generate App Token - run: | - cd temp_workspace - dotnet run -c Release --no-build --project tools/Tgstation.Server.ReleaseNotes --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} --spacestation13 - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - env: - TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} + - name: Generate App Token + run: | + cd temp_workspace + dotnet run -c Release --no-build --project tools/Tgstation.Server.ReleaseNotes --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} --spacestation13 + echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV + rm ${{ runner.temp }}/installation_secret.txt + env: + TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} - - name: Main Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - fetch-tags: true - token: ${{ env.INSTALLATION_TOKEN }} + - name: Main Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + token: ${{ env.INSTALLATION_TOKEN }} - - name: Build ReleaseNotes - run: dotnet build -c Release -p:TGS_HOST_NO_WEBPANEL=true tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj + - name: Build ReleaseNotes + run: dotnet build -c Release -p:TGS_HOST_NO_WEBPANEL=true tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj - - name: Generate App Token - run: | - dotnet run -c Release --no-build --project tools/Tgstation.Server.ReleaseNotes --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - env: - TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} + - name: Generate App Token + run: | + dotnet run -c Release --no-build --project tools/Tgstation.Server.ReleaseNotes --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} + echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV + rm ${{ runner.temp }}/installation_secret.txt + env: + TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} - - name: Push to Spacestation13 Fork - run: | - git config user.name "tgstation-server-ci[bot]" - git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" - git push "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/spacestation13/tgstation-server" - git push --tags "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/spacestation13/tgstation-server" + - name: Push to Spacestation13 Fork + run: | + git config user.name "tgstation-server-ci[bot]" + git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" + git push "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/spacestation13/tgstation-server" + git push --tags "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/spacestation13/tgstation-server" diff --git a/docs/DoxygenLayout.xml b/docs/DoxygenLayout.xml index f5560d94a86..554f8417f5f 100644 --- a/docs/DoxygenLayout.xml +++ b/docs/DoxygenLayout.xml @@ -12,7 +12,7 @@ - + From 5b78ceae7b7a1c7e31bd9991de38295404179218 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Wed, 21 Aug 2024 03:15:12 -0400 Subject: [PATCH 03/14] Refer to me by ID rather than login, safer --- .github/workflows/auto-approve-dominions-prs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-approve-dominions-prs.yml b/.github/workflows/auto-approve-dominions-prs.yml index 23d4dcff358..14561463a0a 100644 --- a/.github/workflows/auto-approve-dominions-prs.yml +++ b/.github/workflows/auto-approve-dominions-prs.yml @@ -16,7 +16,7 @@ concurrency: jobs: approve-pr-if-dominion-is-author: name: Approve PR if Dominion is Author - if: github.event.pull_request.user.login == 'Cyberboss' && !github.event.pull_request.draft && !contains(github.event.pull_request.body, '- [ ]') && (github.event.pull_request.base.repo.owner.login == 'tgstation' || github.event.pull_request.base.repo.owner.login == 'Cyberboss') + if: github.event.pull_request.user.id == 8171642 && !github.event.pull_request.draft && !contains(github.event.pull_request.body, '- [ ]') && (github.event.pull_request.base.repo.owner.login == 'tgstation' || github.event.pull_request.base.repo.owner.login == 'Cyberboss') runs-on: ubuntu-latest steps: - name: GitHub API Call From d965d3c95770c6e3cb835275c82767ad4c2cfe35 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Wed, 21 Aug 2024 03:37:21 -0400 Subject: [PATCH 04/14] Cleanup dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c385be3cd0c..a294fb05fde 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,7 +9,7 @@ updates: - Dependencies open-pull-requests-limit: 100 - package-ecosystem: github-actions - directory: "/" + directory: / target-branch: master schedule: interval: daily From 726e5fb2ee38881005636eaa79af3baf66d623a8 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Wed, 21 Aug 2024 03:59:22 -0400 Subject: [PATCH 05/14] Fully switch to the GitHubApp token action - Fix --ensure-release not having the token set. - Remove `--token-output-file` command. - Remove upload code coverage dependency on releasenotes. --- .github/workflows/ci-pipeline.yml | 149 ++++++++++++------ .github/workflows/ci-security.yml | 13 +- .github/workflows/dependabot-automerge.yml | 23 +-- .github/workflows/size-label.yml | 13 +- .github/workflows/stable-merge.yml | 34 +--- .github/workflows/update-ss13-org-mirror.yml | 36 ++--- .../Tgstation.Server.ReleaseNotes/Program.cs | 93 ++--------- 7 files changed, 159 insertions(+), 202 deletions(-) diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml index 7dc77312870..62cebdaf33a 100644 --- a/.github/workflows/ci-pipeline.yml +++ b/.github/workflows/ci-pipeline.yml @@ -39,7 +39,6 @@ env: TGS_DOTNET_QUALITY: ga TGS_WEBPANEL_NODE_VERSION: 20.x TGS_TEST_GITHUB_TOKEN: ${{ secrets.LIVE_TESTS_TOKEN }} - TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} PACKAGING_PRIVATE_KEY_PASSPHRASE: ${{ secrets.PACKAGING_PRIVATE_KEY_PASSPHRASE }} concurrency: @@ -345,17 +344,20 @@ jobs: name: release_notes_bins path: release_notes_bins + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Compile Changelog (Incremental) + env: + TGS_RELEASE_NOTES_TOKEN: ${{ steps.app-token-generation.outputs.token }} run: | mv $HOME/tgsdox/changelog.yml ./ 2>/dev/null dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --generate-full-notes - - name: Generate App Token - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - - name: Patch Doxyfile run: | VERSION=$(cat "build/Version.props" | grep -oPm1 "(?<=)[^<]+") @@ -367,7 +369,7 @@ jobs: doxyfile-path: "docs/Doxyfile" - name: gh-pages Push - if: github.event_name == 'push' && github.event.ref == 'refs/heads/dev' && env.TGS_RELEASE_NOTES_TOKEN != '' + if: github.event_name == 'push' && github.event.ref == 'refs/heads/dev' run: | pushd $HOME/tgsdox rm -r * @@ -388,7 +390,7 @@ jobs: echo "Committing..." git diff-index --quiet HEAD || git commit -m "Deploy code docs to GitHub Pages for workflow run ${{ github.run_number }}" -m "Commit: ${{ github.event.head_commit.id }}" echo "Pushing..." - git push -f "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/tgstation/tgstation-server" 2>&1 + git push -f "https://tgstation-server-ci:${{ steps.app-token-generation.outputs.token }}@github.com/tgstation/tgstation-server" 2>&1 docker-build: name: Build Docker Image @@ -973,7 +975,6 @@ jobs: linux-integration-tests, windows-unit-tests, windows-integration-tests, - build-releasenotes, ] runs-on: ubuntu-latest steps: @@ -1291,15 +1292,24 @@ jobs: name: release_notes_bins path: release_notes_bins + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Execute Build Script (Unsigned) if: (!(github.event_name == 'push' && contains(github.event.head_commit.message, '[TGSDeploy]') && github.event.ref == 'refs/heads/master')) env: + TGS_RELEASE_NOTES_TOKEN: ${{ steps.app-token-generation.outputs.token }} RELEASE_NOTES_DLL_PATH: ${{ github.workspace }}/release_notes_bins/Tgstation.Server.ReleaseNotes.dll run: sudo -E build/package/deb/build_package.sh - name: Execute Build Script (Signed) if: (github.event_name == 'push' && contains(github.event.head_commit.message, '[TGSDeploy]') && github.event.ref == 'refs/heads/master') env: + TGS_RELEASE_NOTES_TOKEN: ${{ steps.app-token-generation.outputs.token }} RELEASE_NOTES_DLL_PATH: ${{ github.workspace }}/release_notes_bins/Tgstation.Server.ReleaseNotes.dll PACKAGING_KEYGRIP: ${{ vars.PACKAGING_KEYGRIP }} run: sudo -E build/package/deb/build_package.sh @@ -1538,7 +1548,16 @@ jobs: name: release_notes_bins path: release_notes_bins + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Run ReleaseNotes Check + env: + TGS_RELEASE_NOTES_TOKEN: ${{ steps.app-token-generation.outputs.token }} run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --winget-template-check ${{ steps.get-sha.outputs.pr_template_sha }} ci-completion-gate: @@ -1609,22 +1628,23 @@ jobs: name: release_notes_bins path: release_notes_bins + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Generate Release Notes + env: + TGS_RELEASE_NOTES_TOKEN: ${{ steps.app-token-generation.outputs.token }} run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll ${{ env.TGS_API_VERSION }} --httpapi - - name: Generate App Token - shell: powershell - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - $installSecret = Get-Content ${{ runner.temp }}/installation_secret.txt - echo "INSTALLATION_TOKEN=$installSecret" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - rm ${{ runner.temp }}/installation_secret.txt - - name: Create GitHub Release uses: actions/create-release@v1 id: create_release env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: tag_name: api-v${{ env.TGS_API_VERSION }} release_name: tgstation-server API v${{ env.TGS_API_VERSION }} @@ -1634,7 +1654,7 @@ jobs: - name: Upload OpenApi Spec uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./swagger/tgs_api.json @@ -1680,22 +1700,23 @@ jobs: name: release_notes_bins path: release_notes_bins + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Generate Release Notes + env: + TGS_RELEASE_NOTES_TOKEN: ${{ steps.app-token-generation.outputs.token }} run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll ${{ env.TGS_DM_VERSION }} --dmapi - - name: Generate App Token - shell: powershell - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - $installSecret = Get-Content ${{ runner.temp }}/installation_secret.txt - echo "INSTALLATION_TOKEN=$installSecret" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - rm ${{ runner.temp }}/installation_secret.txt - - name: Create GitHub Release uses: actions/create-release@v1 id: create_release env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: tag_name: dmapi-v${{ env.TGS_DM_VERSION }} release_name: tgstation-server DMAPI v${{ env.TGS_DM_VERSION }} @@ -1705,7 +1726,7 @@ jobs: - name: Upload DMAPI Artifact uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./DMAPI.zip @@ -1736,7 +1757,16 @@ jobs: name: release_notes_bins path: release_notes_bins + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Generate Release Notes + env: + TGS_RELEASE_NOTES_TOKEN: ${{ steps.app-token-generation.outputs.token }} run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --nuget - name: Publish Tgstation.Server.Common to NuGet @@ -1781,7 +1811,16 @@ jobs: name: release_notes_bins path: release_notes_bins + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Run ReleaseNotes with --ensure-release + env: + TGS_RELEASE_NOTES_TOKEN: ${{ steps.app-token-generation.outputs.token }} run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --ensure-release ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} deploy-tgs: @@ -1920,22 +1959,23 @@ jobs: name: release_notes_bins path: release_notes_bins + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Generate Release Notes + env: + TGS_RELEASE_NOTES_TOKEN: ${{ steps.app-token-generation.outputs.token }} run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll ${{ env.TGS_VERSION }} - - name: Generate App Token - shell: powershell - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - $installSecret = Get-Content ${{ runner.temp }}/installation_secret.txt - echo "INSTALLATION_TOKEN=$installSecret" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append - rm ${{ runner.temp }}/installation_secret.txt - - name: Create GitHub Release uses: actions/create-release@v1 id: create_release env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: tag_name: tgstation-server-v${{ env.TGS_VERSION }} release_name: tgstation-server-v${{ env.TGS_VERSION }} @@ -1945,7 +1985,7 @@ jobs: - name: Upload Server Console Artifact uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./ServerConsole.zip @@ -1955,7 +1995,7 @@ jobs: - name: Upload Server Service Artifact uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./ServerService.zip @@ -1965,7 +2005,7 @@ jobs: - name: Upload DMAPI Artifact uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./DMAPI.zip @@ -1975,7 +2015,7 @@ jobs: - name: Upload OpenApi Spec Artifact uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./swagger/tgs_api.json @@ -1985,7 +2025,7 @@ jobs: - name: Upload Server Update Package Artifact uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./ServerUpdatePackage.zip @@ -1995,7 +2035,7 @@ jobs: - name: Upload Debian Pacakaging Artifact uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./packaging-debian/tgstation-server-v${{ env.TGS_VERSION }}.debian.packaging.tar.xz @@ -2005,7 +2045,7 @@ jobs: - name: Upload MariaDB .msi uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./build/package/winget/Tgstation.Server.Host.Service.Wix.Bundle/bin/Release/mariadb.msi @@ -2015,7 +2055,7 @@ jobs: - name: Upload Installer .exe uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ env.INSTALLATION_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./build/package/winget/tgstation-server-installer.exe @@ -2043,7 +2083,16 @@ jobs: name: release_notes_bins path: release_notes_bins + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Compile Changelog (Incremental) + env: + TGS_RELEASE_NOTES_TOKEN: ${{ steps.app-token-generation.outputs.token }} run: | mv $HOME/tgsdox/changelog.yml ./ 2>/dev/null dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --generate-full-notes @@ -2068,7 +2117,7 @@ jobs: echo "Committing..." git diff-index --quiet HEAD || git commit -m "Regenerate changelog post deploy for workflow run ${{ github.run_number }}" -m "Commit: ${{ github.event.head_commit.id }}" echo "Pushing..." - git push -f "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/tgstation/tgstation-server" 2>&1 + git push -f "https://tgstation-server-ci:${{ steps.app-token-generation.outputs.token }}@github.com/tgstation/tgstation-server" 2>&1 deploy-docker: name: Deploy TGS (Docker) @@ -2162,6 +2211,8 @@ jobs: shell: powershell run: Sleep 600 - - name: Run ReleaseNotes with --link-winget + - name: Ensure Latest Release is TGS Release + env: + TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} # Has to be a user here shell: powershell run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --link-winget ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} diff --git a/.github/workflows/ci-security.yml b/.github/workflows/ci-security.yml index 63b4cca6f00..d6ff073d62f 100644 --- a/.github/workflows/ci-security.yml +++ b/.github/workflows/ci-security.yml @@ -23,36 +23,47 @@ jobs: permissions: pull-requests: write steps: + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Comment on new Fork PR if: github.event.action == 'opened' && !contains(github.event.pull_request.labels.*.name, 'CI Cleared') && github.event.pull_request.user.id != 49699333 uses: thollander/actions-comment-pull-request@1d3973dc4b8e1399c0620d3f2b1aa5e795465308 with: message: Thank you for contributing to ${{ github.event.pull_request.base.repo.name }}! The workflow '${{ github.workflow }}' requires repository secrets and will not run without approval. Maintainers can add the `CI Cleared` label to allow it to run. Note that any changes to ci-security.yml and ci-pipeline.yml will not be reflected. + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} - name: Comment on dependabot PR if: github.event.action == 'opened' && !contains(github.event.pull_request.labels.*.name, 'CI Cleared') && github.event.pull_request.user.id == 49699333 uses: thollander/actions-comment-pull-request@1d3973dc4b8e1399c0620d3f2b1aa5e795465308 with: message: Set the milestone to the next minor version, check for supply chain attacks, and then add the `CI Cleared` label to allow CI to run. + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} - name: "Remove Stale 'CI Cleared' Label" if: github.event.action == 'synchronize' || github.event.action == 'reopened' uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 with: labels: CI Cleared + github_token: ${{ steps.app-token-generation.outputs.token }} - name: "Remove 'CI Approval Required' Label" if: (github.event.action == 'synchronize' || github.event.action == 'reopened') || ((github.event.action == 'opened' || github.event.action == 'labeled') && contains(github.event.pull_request.labels.*.name, 'CI Cleared')) uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 with: labels: CI Approval Required + github_token: ${{ steps.app-token-generation.outputs.token }} - name: "Add 'CI Approval Required' Label" if: (github.event.action == 'synchronize' || github.event.action == 'reopened') || ((github.event.action == 'opened' || github.event.action == 'labeled') && !contains(github.event.pull_request.labels.*.name, 'CI Cleared')) uses: actions-ecosystem/action-add-labels@bd52874380e3909a1ac983768df6976535ece7f8 with: labels: CI Approval Required - github_token: ${{ github.token }} + github_token: ${{ steps.app-token-generation.outputs.token }} - name: Fail if PR has Unlabeled new Commits from User if: (github.event.action == 'synchronize' || github.event.action == 'reopened') || ((github.event.action == 'opened' || github.event.action == 'labeled') && !contains(github.event.pull_request.labels.*.name, 'CI Cleared')) diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml index 8efb0f70f93..28cb3846757 100644 --- a/.github/workflows/dependabot-automerge.yml +++ b/.github/workflows/dependabot-automerge.yml @@ -21,25 +21,14 @@ jobs: runs-on: ubuntu-latest if: github.event.pull_request.user.id == 49699333 steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Checkout - uses: actions/checkout@v4 - - - name: Build ReleaseNotes - run: dotnet publish -c Release -p:TGS_HOST_NO_WEBPANEL=true -o release_notes_bins tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj - - name: Generate App Token - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} - name: Enable Automerge uses: daneden/enable-automerge-action@f8558b65c5b8d8bfb592c4e74e3d491624a38fbd #v1.0.2-ish with: - github-token: ${{ env.INSTALLATION_TOKEN }} + github-token: ${{ steps.app-token-generation.outputs.token }} diff --git a/.github/workflows/size-label.yml b/.github/workflows/size-label.yml index 0d0e5038133..69b51c5e520 100644 --- a/.github/workflows/size-label.yml +++ b/.github/workflows/size-label.yml @@ -14,7 +14,14 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - name: size-label - uses: "pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12" # v0.5.2, consider upgrading after https://github.com/pascalgn/size-label-action/pull/54 is merged + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + + - name: Run Labeller + uses: pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} diff --git a/.github/workflows/stable-merge.yml b/.github/workflows/stable-merge.yml index 44ab924be95..8c0cc72c2b4 100644 --- a/.github/workflows/stable-merge.yml +++ b/.github/workflows/stable-merge.yml @@ -15,36 +15,18 @@ jobs: name: Master Merge runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Build Checkout - uses: actions/checkout@v4 - with: - path: temp_workspace - - - name: Build ReleaseNotes - run: | - cd temp_workspace - dotnet build -c Release -p:TGS_HOST_NO_WEBPANEL=true tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj - - name: Generate App Token - run: | - cd temp_workspace - dotnet run -c Release --no-build --project tools/Tgstation.Server.ReleaseNotes --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - env: - TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} - - name: Main Checkout + - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - token: ${{ env.INSTALLATION_TOKEN }} + token: ${{ steps.app-token-generation.outputs.token }} - name: Merge master into dev uses: robotology/gh-action-nightly-merge@14b4a4cf358f7479aa708bee05cf8a794d6a2516 #v1.5.0 @@ -57,4 +39,4 @@ jobs: user_email: 161980869+tgstation-server-ci[bot]@users.noreply.github.com push_token: INSTALLATION_TOKEN env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} diff --git a/.github/workflows/update-ss13-org-mirror.yml b/.github/workflows/update-ss13-org-mirror.yml index 90593300711..eb971228437 100644 --- a/.github/workflows/update-ss13-org-mirror.yml +++ b/.github/workflows/update-ss13-org-mirror.yml @@ -21,37 +21,19 @@ jobs: name: Fork Sync runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - - name: Build Checkout - uses: actions/checkout@v4 - with: - path: temp_workspace - - - name: Build ReleaseNotes - run: | - cd temp_workspace - dotnet build -c Release -p:TGS_HOST_NO_WEBPANEL=true tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj - - name: Generate App Token - run: | - cd temp_workspace - dotnet run -c Release --no-build --project tools/Tgstation.Server.ReleaseNotes --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} --spacestation13 - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - env: - TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} - - name: Main Checkout + - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 fetch-tags: true - token: ${{ env.INSTALLATION_TOKEN }} + token: ${{ steps.app-token-generation.outputs.token }} - name: Build ReleaseNotes run: dotnet build -c Release -p:TGS_HOST_NO_WEBPANEL=true tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj @@ -68,5 +50,5 @@ jobs: run: | git config user.name "tgstation-server-ci[bot]" git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" - git push "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/spacestation13/tgstation-server" - git push --tags "https://tgstation-server-ci:${{ env.INSTALLATION_TOKEN }}@github.com/spacestation13/tgstation-server" + git push "https://tgstation-server-ci:${{ steps.app-token-generation.outputs.token }}@github.com/spacestation13/tgstation-server" + git push --tags "https://tgstation-server-ci:${{ steps.app-token-generation.outputs.token }}@github.com/spacestation13/tgstation-server" diff --git a/tools/Tgstation.Server.ReleaseNotes/Program.cs b/tools/Tgstation.Server.ReleaseNotes/Program.cs index 46c887fd5f6..5ab07e4906e 100644 --- a/tools/Tgstation.Server.ReleaseNotes/Program.cs +++ b/tools/Tgstation.Server.ReleaseNotes/Program.cs @@ -59,15 +59,13 @@ static async Task Main(string[] args) var shaCheck = versionString.Equals("--winget-template-check", StringComparison.OrdinalIgnoreCase); var fullNotes = versionString.Equals("--generate-full-notes", StringComparison.OrdinalIgnoreCase); var nuget = versionString.Equals("--nuget", StringComparison.OrdinalIgnoreCase); - var genToken = versionString.Equals("--token-output-file", StringComparison.OrdinalIgnoreCase); if ((!Version.TryParse(versionString, out var version) || version.Revision != -1) && !ensureRelease && !linkWinget && !shaCheck && !fullNotes - && !nuget - && !genToken) + && !nuget) { Console.WriteLine("Invalid version: " + versionString); return 2; @@ -109,51 +107,23 @@ static async Task Main(string[] args) } var client = new GitHubClient(new Octokit.ProductHeaderValue("tgs_release_notes")); - try + const string ReleaseNotesEnvVar = "TGS_RELEASE_NOTES_TOKEN"; + var githubToken = Environment.GetEnvironmentVariable(ReleaseNotesEnvVar); + if (String.IsNullOrWhiteSpace(githubToken) && !doNotCloseMilestone && !ensureRelease) { - if (ensureRelease) - { - if (args.Length < 2) - { - Console.WriteLine("Missing PEM Base64 for updating release!"); - return 454233; - } + Console.WriteLine("Missing " + ReleaseNotesEnvVar + " environment variable!"); + return 3; + } - await GenerateAppCredentials(client, args[1], false); + if (!String.IsNullOrWhiteSpace(githubToken)) + { + client.Credentials = new Credentials(githubToken); + } + try + { + if (ensureRelease) return await EnsureRelease(client); - } - - if (genToken) - { - if (args.Length < 3) - { - Console.WriteLine("Missing output file path or PEM Base64 for app authentication!"); - return 33847; - } - - bool toSS13 = args.Length > 3 && args[3].Equals("--spacestation13", StringComparison.OrdinalIgnoreCase); - await GenerateAppCredentials(client, args[2], toSS13); - - var token = client.Credentials.GetToken(); - var destPath = args[1]; - Directory.CreateDirectory(Path.GetDirectoryName(destPath)); - await File.WriteAllTextAsync(destPath, token); - return 0; - } - - const string ReleaseNotesEnvVar = "TGS_RELEASE_NOTES_TOKEN"; - var githubToken = Environment.GetEnvironmentVariable(ReleaseNotesEnvVar); - if (String.IsNullOrWhiteSpace(githubToken) && !doNotCloseMilestone && !ensureRelease) - { - Console.WriteLine("Missing " + ReleaseNotesEnvVar + " environment variable!"); - return 3; - } - - if (!String.IsNullOrWhiteSpace(githubToken)) - { - client.Credentials = new Credentials(githubToken); - } if (linkWinget) { @@ -1627,41 +1597,6 @@ [optional blank line(s), stripped] return 0; } - static async ValueTask GenerateAppCredentials(GitHubClient gitHubClient, string pemBase64, bool toSS13) - { - var pemBytes = Convert.FromBase64String(pemBase64); - var pem = Encoding.UTF8.GetString(pemBytes); - - var rsa = RSA.Create(); - rsa.ImportFromPem(pem); - - var signingCredentials = new SigningCredentials(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha256); - var jwtSecurityTokenHandler = new JwtSecurityTokenHandler { SetDefaultTimesOnTokenCreation = false }; - - var now = DateTime.UtcNow; - - var jwt = jwtSecurityTokenHandler.CreateToken(new SecurityTokenDescriptor - { - Issuer = AppId.ToString(), - Expires = now.AddMinutes(10), - IssuedAt = now, - SigningCredentials = signingCredentials - }); - - var jwtStr = jwtSecurityTokenHandler.WriteToken(jwt); - - gitHubClient.Credentials = new Credentials(jwtStr, AuthenticationType.Bearer); - - var installation = await gitHubClient.GitHubApps.GetRepositoryInstallationForCurrent( - toSS13 - ? "spacestation13" - : RepoOwner, - RepoName); - var installToken = await gitHubClient.GitHubApps.CreateInstallationToken(installation.Id); - - gitHubClient.Credentials = new Credentials(installToken.Token); - } - static void DebugAssert(bool condition, string message = null) { // This exists because one of the fucking asserts evaluates an enumerable or something and it was getting optimized out in release From b94ddebfbd946ae09ecd80c7e810bd97973bc877 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Wed, 21 Aug 2024 18:17:41 -0400 Subject: [PATCH 06/14] Increase flaky test attempts to 5 --- .github/workflows/rerun-flaky-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rerun-flaky-tests.yml b/.github/workflows/rerun-flaky-tests.yml index a5d11b34043..946e7dbb226 100644 --- a/.github/workflows/rerun-flaky-tests.yml +++ b/.github/workflows/rerun-flaky-tests.yml @@ -8,7 +8,7 @@ jobs: rerun_flaky_tests: name: Rerun Flaky Tests runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.run_attempt < 3 }} + if: ${{ github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.run_attempt < 5 }} steps: - name: Checkout uses: actions/checkout@v4 From cee4a7b9d39af78db09fe9af90bfe87804780b45 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Wed, 21 Aug 2024 18:21:14 -0400 Subject: [PATCH 07/14] Slightly different message for actions updates --- .github/workflows/ci-security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-security.yml b/.github/workflows/ci-security.yml index d6ff073d62f..6dd80b8f54b 100644 --- a/.github/workflows/ci-security.yml +++ b/.github/workflows/ci-security.yml @@ -41,7 +41,7 @@ jobs: if: github.event.action == 'opened' && !contains(github.event.pull_request.labels.*.name, 'CI Cleared') && github.event.pull_request.user.id == 49699333 uses: thollander/actions-comment-pull-request@1d3973dc4b8e1399c0620d3f2b1aa5e795465308 with: - message: Set the milestone to the next minor version, check for supply chain attacks, and then add the `CI Cleared` label to allow CI to run. + message: Set the milestone to the next ${{ (github.head_ref == 'master' && 'patch') || 'minor' }} version, check for supply chain attacks, and then add the `CI Cleared` label to allow CI to run. GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} - name: "Remove Stale 'CI Cleared' Label" From 14378dbdfb68d03a43e8ac3d8a93dfe4e4e185bc Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Wed, 21 Aug 2024 18:24:13 -0400 Subject: [PATCH 08/14] Fix overeager deployment conditionals --- .github/workflows/ci-pipeline.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml index 62cebdaf33a..9bf1a44dd6c 100644 --- a/.github/workflows/ci-pipeline.yml +++ b/.github/workflows/ci-pipeline.yml @@ -1797,7 +1797,7 @@ jobs: name: Ensure TGS Release is Latest GitHub Release needs: [deploy-dm, deploy-http] runs-on: ubuntu-latest - if: (!(cancelled() || failure())) && (!contains(github.event.head_commit.message, '[TGSDeploy]')) + if: (!(cancelled() || failure())) && (!contains(github.event.head_commit.message, '[TGSDeploy]')) && (needs.deploy-dm.result == 'success' || needs.deploy-http.result == 'success') steps: - name: Setup dotnet uses: actions/setup-dotnet@v4 @@ -1827,7 +1827,7 @@ jobs: name: Deploy TGS needs: [deploy-dm, deploy-http, deployment-gate] runs-on: windows-latest - if: (!(cancelled() || failure())) && github.event.ref == 'refs/heads/master' && contains(github.event.head_commit.message, '[TGSDeploy]') + if: (!(cancelled() || failure())) && github.event.ref == 'refs/heads/master' && contains(github.event.head_commit.message, '[TGSDeploy]') && needs.deployment-gate.result == 'success' env: TGS_TELEMETRY_KEY_FILE: C:/tgs_telemetry_key.txt steps: From 5a8287bacd9378bfe5b9ba824b2217594724c997 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Thu, 22 Aug 2024 17:15:48 -0400 Subject: [PATCH 09/14] Fix stray usages of ReleaseNotes app token generation --- .github/workflows/ci-pipeline.yml | 12 ------------ .github/workflows/stable-merge.yml | 2 +- .github/workflows/update-ss13-org-mirror.yml | 11 ----------- 3 files changed, 1 insertion(+), 24 deletions(-) diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml index 9bf1a44dd6c..bd57127dd41 100644 --- a/.github/workflows/ci-pipeline.yml +++ b/.github/workflows/ci-pipeline.yml @@ -2068,12 +2068,6 @@ jobs: if: (!(cancelled() || failure())) && needs.deploy-tgs.result == 'success' needs: deploy-tgs steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: ${{ env.TGS_DOTNET_VERSION }}.0.x - dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }} - - name: gh-pages Clone run: git clone -b gh-pages --single-branch "https://git@github.com/tgstation/tgstation-server" $HOME/tgsdox @@ -2097,12 +2091,6 @@ jobs: mv $HOME/tgsdox/changelog.yml ./ 2>/dev/null dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --generate-full-notes - - name: Generate App Token - run: | - dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - - name: gh-pages Push run: | pushd $HOME/tgsdox diff --git a/.github/workflows/stable-merge.yml b/.github/workflows/stable-merge.yml index 8c0cc72c2b4..f467dac9337 100644 --- a/.github/workflows/stable-merge.yml +++ b/.github/workflows/stable-merge.yml @@ -37,6 +37,6 @@ jobs: allow_forks: true user_name: tgstation-server-ci[bot] user_email: 161980869+tgstation-server-ci[bot]@users.noreply.github.com - push_token: INSTALLATION_TOKEN + push_token: ${{ steps.app-token-generation.outputs.token }} env: GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} diff --git a/.github/workflows/update-ss13-org-mirror.yml b/.github/workflows/update-ss13-org-mirror.yml index eb971228437..8fde15074d1 100644 --- a/.github/workflows/update-ss13-org-mirror.yml +++ b/.github/workflows/update-ss13-org-mirror.yml @@ -35,17 +35,6 @@ jobs: fetch-tags: true token: ${{ steps.app-token-generation.outputs.token }} - - name: Build ReleaseNotes - run: dotnet build -c Release -p:TGS_HOST_NO_WEBPANEL=true tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj - - - name: Generate App Token - run: | - dotnet run -c Release --no-build --project tools/Tgstation.Server.ReleaseNotes --token-output-file ${{ runner.temp }}/installation_secret.txt ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - env: - TGS_RELEASE_NOTES_TOKEN: ${{ secrets.DEV_PUSH_TOKEN }} - - name: Push to Spacestation13 Fork run: | git config user.name "tgstation-server-ci[bot]" From d1743d58e83984bff60dfbdaff5b73610e84a270 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Thu, 22 Aug 2024 17:30:28 -0400 Subject: [PATCH 10/14] Fix code scanning --- .github/workflows/ci-pipeline.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml index bd57127dd41..612bfbc3a6a 100644 --- a/.github/workflows/ci-pipeline.yml +++ b/.github/workflows/ci-pipeline.yml @@ -80,7 +80,6 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - actions: read env: TGS_TELEMETRY_KEY_FILE: /tmp/tgs_telemetry_key.txt steps: @@ -92,6 +91,13 @@ jobs: - name: Checkout (Branch) uses: actions/checkout@v4 + if: github.event_name == 'push' || github.event_name == 'schedule' + + - name: Checkout (PR Merge) + uses: actions/checkout@v4 + if: github.event_name != 'push' && github.event_name != 'schedule' + with: + ref: "refs/pull/${{ inputs.pull_request_number }}/merge" - name: Read Current SHA id: get-pr-sha From 71b91b286e4787da67f57250acd9c6a125342f80 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Thu, 22 Aug 2024 18:32:25 -0400 Subject: [PATCH 11/14] Mark .deb service testing as flaky --- .github/workflows/scripts/rerunFlakyTests.js | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/scripts/rerunFlakyTests.js b/.github/workflows/scripts/rerunFlakyTests.js index 091504979d5..ae4cd73d90e 100644 --- a/.github/workflows/scripts/rerunFlakyTests.js +++ b/.github/workflows/scripts/rerunFlakyTests.js @@ -2,6 +2,7 @@ const CONSIDERED_STEP_PREFIXES = [ "Build", // Nuget.org sporadic issues "Install Native", // apt repository issues + "Test Service", // systemd bollocks ]; // Otherwise only check jobs that start with these. From 9f89cbd3820576546438a9c85f62de8349820aae Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Thu, 22 Aug 2024 20:37:26 -0400 Subject: [PATCH 12/14] Fix fucking master merge again --- .github/workflows/stable-merge.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/stable-merge.yml b/.github/workflows/stable-merge.yml index f467dac9337..7bd9cf84fd9 100644 --- a/.github/workflows/stable-merge.yml +++ b/.github/workflows/stable-merge.yml @@ -37,6 +37,7 @@ jobs: allow_forks: true user_name: tgstation-server-ci[bot] user_email: 161980869+tgstation-server-ci[bot]@users.noreply.github.com - push_token: ${{ steps.app-token-generation.outputs.token }} + push_token: INSTALLATION_TOKEN env: GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} + INSTALLATION_TOKEN: ${{ steps.app-token-generation.outputs.token }} From 946e5dff86962f88bb43a6a3fcec48fdcba51c91 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Thu, 22 Aug 2024 21:06:40 -0400 Subject: [PATCH 13/14] Fix process memory retrieval --- src/Tgstation.Server.Host/System/Process.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Tgstation.Server.Host/System/Process.cs b/src/Tgstation.Server.Host/System/Process.cs index 13a1a278f50..e180cfc3cc6 100644 --- a/src/Tgstation.Server.Host/System/Process.cs +++ b/src/Tgstation.Server.Host/System/Process.cs @@ -29,7 +29,7 @@ public long? MemoryUsage { try { - return handle.VirtualMemorySize64; + return handle.PrivateMemorySize64; } catch (Exception ex) { From 428d97e6fc906ebc4501f5f57306f1ee475ec961 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Thu, 22 Aug 2024 21:07:42 -0400 Subject: [PATCH 14/14] Version bump to 6.9.1 --- build/Version.props | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/Version.props b/build/Version.props index f524e2ee699..fe1a9528862 100644 --- a/build/Version.props +++ b/build/Version.props @@ -3,7 +3,7 @@ - 6.9.0 + 6.9.1 5.2.0 10.7.0 7.0.0