From 17a987da72ed53c00965d0e3db811eadb58060af Mon Sep 17 00:00:00 2001 From: Jake Bailey <5341706+jakebailey@users.noreply.github.com> Date: Thu, 4 Jan 2024 10:31:11 -0800 Subject: [PATCH] Switch GHA workflows for LF line endings to work around dependabot bug (#56944) --- .dprint.jsonc | 1 + .github/ISSUE_TEMPLATE/config.yml | 30 +- .github/workflows/close-issues.yml | 98 +++---- .github/workflows/error-deltas-watchdog.yaml | 90 +++--- .github/workflows/new-release-branch.yaml | 104 +++---- .github/workflows/nightly.yaml | 92 +++--- .github/workflows/pr-modified-files.yml | 272 +++++++++--------- .../workflows/release-branch-artifact.yaml | 94 +++--- .github/workflows/set-version.yaml | 112 ++++---- .github/workflows/sync-branch.yaml | 88 +++--- .github/workflows/update-package-lock.yaml | 104 +++---- 11 files changed, 543 insertions(+), 542 deletions(-) diff --git a/.dprint.jsonc b/.dprint.jsonc index 98a8c53f8e5..90794be60fe 100644 --- a/.dprint.jsonc +++ b/.dprint.jsonc @@ -30,6 +30,7 @@ "importDeclaration.sortNamedImports": "maintain" }, "prettier": { + "newLineKind": "lf", "associations": [ "**/*.{yaml,yml}" ], diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 9526309bdc2..e4d4b1f6714 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,15 +1,15 @@ ---- -blank_issues_enabled: false -contact_links: - - about: 'Please ask and answer usage questions on Stack Overflow.' - name: Question - url: 'https://stackoverflow.com/questions/tagged/typescript' - - about: 'Alternatively, you can use the TypeScript Community Discord.' - name: Chat - url: 'https://discord.gg/typescript' - - about: 'Please check the FAQ before filing new issues' - name: 'TypeScript FAQ' - url: 'https://github.com/microsoft/TypeScript/wiki/FAQ' - - about: 'Please raise issues about the site on its own repo.' - name: Website - url: 'https://github.com/microsoft/TypeScript-Website/issues/new' +--- +blank_issues_enabled: false +contact_links: + - about: 'Please ask and answer usage questions on Stack Overflow.' + name: Question + url: 'https://stackoverflow.com/questions/tagged/typescript' + - about: 'Alternatively, you can use the TypeScript Community Discord.' + name: Chat + url: 'https://discord.gg/typescript' + - about: 'Please check the FAQ before filing new issues' + name: 'TypeScript FAQ' + url: 'https://github.com/microsoft/TypeScript/wiki/FAQ' + - about: 'Please raise issues about the site on its own repo.' + name: Website + url: 'https://github.com/microsoft/TypeScript-Website/issues/new' diff --git a/.github/workflows/close-issues.yml b/.github/workflows/close-issues.yml index f3321ebaa05..159d6101f4c 100644 --- a/.github/workflows/close-issues.yml +++ b/.github/workflows/close-issues.yml @@ -1,49 +1,49 @@ -name: Close issues - -on: - schedule: - - cron: '0 1 * * *' - workflow_dispatch: - -permissions: - contents: read - -# Ensure scripts are run with pipefail. See: -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference -defaults: - run: - shell: bash - -jobs: - close-issues: - runs-on: ubuntu-latest - if: github.repository == 'microsoft/TypeScript' - permissions: - contents: read # Apparently required to create issues - issues: write - - steps: - - name: Close issues - env: - GH_TOKEN: ${{ secrets.TS_BOT_GITHUB_TOKEN }} - run: | - DATE=$(date --date='2 days ago' --iso-8601) - - close_issues() { - echo "Closing issues marked as '$1'." - for issue in $(gh issue list --limit 100 --label "$1" --repo ${{ github.repository }} --state open --search "updated:<$DATE" --json number --jq '.[].number'); do - echo "Closing https://github.com/${{ github.repository }}/issues/$issue" - gh issue close $issue --repo ${{ github.repository }} --reason "not planned" --comment "This issue has been marked as \"$1\" and has seen no recent activity. It has been automatically closed for house-keeping purposes." - done - } - - close_issues "Duplicate" - close_issues "Unactionable" - close_issues "Not a Defect" - close_issues "External" - close_issues "Working as Intended" - close_issues "Question" - close_issues "Out of Scope" - close_issues "Declined" - close_issues "Won't Fix" - close_issues "Too Complex" +name: Close issues + +on: + schedule: + - cron: '0 1 * * *' + workflow_dispatch: + +permissions: + contents: read + +# Ensure scripts are run with pipefail. See: +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference +defaults: + run: + shell: bash + +jobs: + close-issues: + runs-on: ubuntu-latest + if: github.repository == 'microsoft/TypeScript' + permissions: + contents: read # Apparently required to create issues + issues: write + + steps: + - name: Close issues + env: + GH_TOKEN: ${{ secrets.TS_BOT_GITHUB_TOKEN }} + run: | + DATE=$(date --date='2 days ago' --iso-8601) + + close_issues() { + echo "Closing issues marked as '$1'." + for issue in $(gh issue list --limit 100 --label "$1" --repo ${{ github.repository }} --state open --search "updated:<$DATE" --json number --jq '.[].number'); do + echo "Closing https://github.com/${{ github.repository }}/issues/$issue" + gh issue close $issue --repo ${{ github.repository }} --reason "not planned" --comment "This issue has been marked as \"$1\" and has seen no recent activity. It has been automatically closed for house-keeping purposes." + done + } + + close_issues "Duplicate" + close_issues "Unactionable" + close_issues "Not a Defect" + close_issues "External" + close_issues "Working as Intended" + close_issues "Question" + close_issues "Out of Scope" + close_issues "Declined" + close_issues "Won't Fix" + close_issues "Too Complex" diff --git a/.github/workflows/error-deltas-watchdog.yaml b/.github/workflows/error-deltas-watchdog.yaml index 86aee16a715..2d74e1fb9e3 100644 --- a/.github/workflows/error-deltas-watchdog.yaml +++ b/.github/workflows/error-deltas-watchdog.yaml @@ -1,45 +1,45 @@ -name: 'typescript-error-deltas Watchdog' - -on: - workflow_dispatch: - schedule: - - cron: '0 0 * * 3' # Every Wednesday - -permissions: - contents: read - -# Ensure scripts are run with pipefail. See: -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference -defaults: - run: - shell: bash - -jobs: - check-for-recent: - runs-on: ubuntu-latest - if: github.repository == 'microsoft/TypeScript' - permissions: - contents: read # Apparently required to create issues - issues: write - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - TAGS: '@navya9singh @RyanCavanaugh @DanielRosenwasser' - steps: - - name: NewErrors - run: | # --json and --jq prints exactly one issue number per line of output - DATE=$(date --date="7 days ago" --iso-8601) - gh issue list --repo microsoft/typescript --search "[NewErrors] created:>=$DATE" --state all --json number --jq ".[].number" \ - | grep -qe "[0-9]" \ - || gh issue create --repo ${{ github.repository }} --title "No NewErrors issue since $DATE" --body "$TAGS Please check the [pipeline](https://typescript.visualstudio.com/TypeScript/_build?definitionId=48)." - - name: ServerErrors TS - run: | - DATE=$(date --date="7 days ago" --iso-8601) - gh issue list --repo microsoft/typescript --search "[ServerErrors][TypeScript] created:>=$DATE" --state all --json number --jq ".[].number" \ - | grep -qe "[0-9]" \ - || gh issue create --repo ${{ github.repository }} --title "No TypeScript ServerErrors issue since $DATE" --body "$TAGS Please check the [pipeline](https://typescript.visualstudio.com/TypeScript/_build?definitionId=59)." - - name: ServerErrors JS - run: | - DATE=$(date --date="7 days ago" --iso-8601) - gh issue list --repo microsoft/typescript --search "[ServerErrors][JavaScript] created:>=$DATE" --state all --json number --jq ".[].number" \ - | grep -qe "[0-9]" \ - || gh issue create --repo ${{ github.repository }} --title "No JavaScript ServerErrors issue since $DATE" --body "$TAGS Please check the [pipeline](https://typescript.visualstudio.com/TypeScript/_build?definitionId=58)." +name: 'typescript-error-deltas Watchdog' + +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * 3' # Every Wednesday + +permissions: + contents: read + +# Ensure scripts are run with pipefail. See: +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference +defaults: + run: + shell: bash + +jobs: + check-for-recent: + runs-on: ubuntu-latest + if: github.repository == 'microsoft/TypeScript' + permissions: + contents: read # Apparently required to create issues + issues: write + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TAGS: '@navya9singh @RyanCavanaugh @DanielRosenwasser' + steps: + - name: NewErrors + run: | # --json and --jq prints exactly one issue number per line of output + DATE=$(date --date="7 days ago" --iso-8601) + gh issue list --repo microsoft/typescript --search "[NewErrors] created:>=$DATE" --state all --json number --jq ".[].number" \ + | grep -qe "[0-9]" \ + || gh issue create --repo ${{ github.repository }} --title "No NewErrors issue since $DATE" --body "$TAGS Please check the [pipeline](https://typescript.visualstudio.com/TypeScript/_build?definitionId=48)." + - name: ServerErrors TS + run: | + DATE=$(date --date="7 days ago" --iso-8601) + gh issue list --repo microsoft/typescript --search "[ServerErrors][TypeScript] created:>=$DATE" --state all --json number --jq ".[].number" \ + | grep -qe "[0-9]" \ + || gh issue create --repo ${{ github.repository }} --title "No TypeScript ServerErrors issue since $DATE" --body "$TAGS Please check the [pipeline](https://typescript.visualstudio.com/TypeScript/_build?definitionId=59)." + - name: ServerErrors JS + run: | + DATE=$(date --date="7 days ago" --iso-8601) + gh issue list --repo microsoft/typescript --search "[ServerErrors][JavaScript] created:>=$DATE" --state all --json number --jq ".[].number" \ + | grep -qe "[0-9]" \ + || gh issue create --repo ${{ github.repository }} --title "No JavaScript ServerErrors issue since $DATE" --body "$TAGS Please check the [pipeline](https://typescript.visualstudio.com/TypeScript/_build?definitionId=58)." diff --git a/.github/workflows/new-release-branch.yaml b/.github/workflows/new-release-branch.yaml index fd38d8bf1d2..53d2c984d82 100644 --- a/.github/workflows/new-release-branch.yaml +++ b/.github/workflows/new-release-branch.yaml @@ -1,52 +1,52 @@ -name: New Release Branch - -on: - repository_dispatch: - types: [new-release-branch] - -permissions: - contents: read - -# Ensure scripts are run with pipefail. See: -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference -defaults: - run: - shell: bash - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - filter: blob:none # https://github.blog/2020-12-21-get-up-to-speed-with-partial-clone-and-shallow-clone/ - fetch-depth: 0 # Default is 1; need to set to 0 to get the benefits of blob:none. - token: ${{ secrets.TS_BOT_GITHUB_TOKEN }} - - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 - - run: | - npm --version - # corepack enable npm - npm install -g $(jq -r '.packageManager' < package.json) - npm --version - - run: | - git checkout -b ${{ github.event.client_payload.branch_name }} - sed -i -e 's/"version": ".*"/"version": "${{ github.event.client_payload.package_version }}"/g' package.json - sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' src/compiler/corePublic.ts - sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' tests/baselines/reference/api/typescript.d.ts - sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' tests/baselines/reference/api/tsserverlibrary.d.ts - sed -i -e 's/const version\(: string\)\{0,1\} = `${versionMajorMinor}.0-.*`/const version = `${versionMajorMinor}.0-${{ github.event.client_payload.core_tag || 'dev' }}`/g' src/compiler/corePublic.ts - npm ci - npm install # update package-lock.json to ensure the version bump is included - npx hereby LKG - npm test - git diff - git add package.json package-lock.json - git add src/compiler/corePublic.ts - git add tests/baselines/reference/api/typescript.d.ts - git add tests/baselines/reference/api/tsserverlibrary.d.ts - git add --force ./lib - git config user.email "typescriptbot@microsoft.com" - git config user.name "TypeScript Bot" - git commit -m 'Bump version to ${{ github.event.client_payload.package_version }} and LKG' - git push --set-upstream origin ${{ github.event.client_payload.branch_name }} +name: New Release Branch + +on: + repository_dispatch: + types: [new-release-branch] + +permissions: + contents: read + +# Ensure scripts are run with pipefail. See: +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference +defaults: + run: + shell: bash + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + filter: blob:none # https://github.blog/2020-12-21-get-up-to-speed-with-partial-clone-and-shallow-clone/ + fetch-depth: 0 # Default is 1; need to set to 0 to get the benefits of blob:none. + token: ${{ secrets.TS_BOT_GITHUB_TOKEN }} + - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + - run: | + npm --version + # corepack enable npm + npm install -g $(jq -r '.packageManager' < package.json) + npm --version + - run: | + git checkout -b ${{ github.event.client_payload.branch_name }} + sed -i -e 's/"version": ".*"/"version": "${{ github.event.client_payload.package_version }}"/g' package.json + sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' src/compiler/corePublic.ts + sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' tests/baselines/reference/api/typescript.d.ts + sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' tests/baselines/reference/api/tsserverlibrary.d.ts + sed -i -e 's/const version\(: string\)\{0,1\} = `${versionMajorMinor}.0-.*`/const version = `${versionMajorMinor}.0-${{ github.event.client_payload.core_tag || 'dev' }}`/g' src/compiler/corePublic.ts + npm ci + npm install # update package-lock.json to ensure the version bump is included + npx hereby LKG + npm test + git diff + git add package.json package-lock.json + git add src/compiler/corePublic.ts + git add tests/baselines/reference/api/typescript.d.ts + git add tests/baselines/reference/api/tsserverlibrary.d.ts + git add --force ./lib + git config user.email "typescriptbot@microsoft.com" + git config user.name "TypeScript Bot" + git commit -m 'Bump version to ${{ github.event.client_payload.package_version }} and LKG' + git push --set-upstream origin ${{ github.event.client_payload.branch_name }} diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml index 00664d82cbb..e45016f0103 100644 --- a/.github/workflows/nightly.yaml +++ b/.github/workflows/nightly.yaml @@ -1,46 +1,46 @@ -name: Publish Nightly - -on: - schedule: - - cron: '0 7 * * *' - # enable users to manually trigger with workflow_dispatch - workflow_dispatch: {} - repository_dispatch: - types: [publish-nightly] - -permissions: - contents: read - -# Ensure scripts are run with pipefail. See: -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference -defaults: - run: - shell: bash - -jobs: - build: - runs-on: ubuntu-latest - if: github.repository == 'microsoft/TypeScript' - - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 - with: - # Use NODE_AUTH_TOKEN environment variable to authenticate to this registry. - registry-url: https://registry.npmjs.org/ - - run: | - npm --version - # corepack enable npm - npm install -g $(jq -r '.packageManager' < package.json) - npm --version - - name: Setup and publish nightly - run: | - npm whoami - npm ci - npx hereby configure-nightly - npx hereby LKG - npx hereby runtests-parallel - npx hereby clean - npm publish --tag next - env: - NODE_AUTH_TOKEN: ${{secrets.npm_token}} +name: Publish Nightly + +on: + schedule: + - cron: '0 7 * * *' + # enable users to manually trigger with workflow_dispatch + workflow_dispatch: {} + repository_dispatch: + types: [publish-nightly] + +permissions: + contents: read + +# Ensure scripts are run with pipefail. See: +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference +defaults: + run: + shell: bash + +jobs: + build: + runs-on: ubuntu-latest + if: github.repository == 'microsoft/TypeScript' + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + with: + # Use NODE_AUTH_TOKEN environment variable to authenticate to this registry. + registry-url: https://registry.npmjs.org/ + - run: | + npm --version + # corepack enable npm + npm install -g $(jq -r '.packageManager' < package.json) + npm --version + - name: Setup and publish nightly + run: | + npm whoami + npm ci + npx hereby configure-nightly + npx hereby LKG + npx hereby runtests-parallel + npx hereby clean + npm publish --tag next + env: + NODE_AUTH_TOKEN: ${{secrets.npm_token}} diff --git a/.github/workflows/pr-modified-files.yml b/.github/workflows/pr-modified-files.yml index 09841f73fc6..1784558ec02 100644 --- a/.github/workflows/pr-modified-files.yml +++ b/.github/workflows/pr-modified-files.yml @@ -1,136 +1,136 @@ -name: Check modified files -on: - # For security reasons, we have to use pull_request_target here. - # This differs from pull_request in that it runs at the _base_ of the PR, - # e.g. main. This allows us to access secrets. In this workflow, we should - # never actually clone the PR, as it may contain malicious code. - # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ - pull_request_target: - branches: - - main - -# We only ever need one of these running on a single PR. -# Just let the newest one complete if there are multiple running. -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -# Ensure scripts are run with pipefail. See: -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference -defaults: - run: - shell: bash - -jobs: - manage-prs: - runs-on: ubuntu-latest - if: github.repository == 'microsoft/TypeScript' - - # No need to set explicit permissions; we are using typescript-bot's token, not github-actions' token. - - env: - GH_TOKEN: ${{ secrets.TS_BOT_GITHUB_TOKEN }} - - steps: - - name: Check if PR author is in pr_owners.txt - id: pr_owner - run: | - curl -s https://raw.githubusercontent.com/microsoft/TypeScript/main/.github/pr_owners.txt > pr_owners.txt - if grep -Fxq -m1 "${{ github.event.pull_request.user.login }}" pr_owners.txt; then - echo "pr_owner=true" >> "$GITHUB_OUTPUT" - else - echo "pr_owner=false" >> "$GITHUB_OUTPUT" - fi - - - name: Create scripts - run: | - cat > is_changed.sh <<'EOF' - #!/bin/bash - FILENAME=changed_files.txt - if [ ! -f $FILENAME ]; then - # The gh command only returns info for the first 100 files. To get - # the rest, we have to use the graphql API. See: - # https://github.com/cli/cli/issues/5368#issuecomment-1344253654 - gh api graphql -f query=' - query($endCursor: String) { - repository(owner: "microsoft", name: "TypeScript") { - pullRequest(number: ${{ github.event.pull_request.number }}) { - files(first: 100, after: $endCursor) { - pageInfo{ hasNextPage, endCursor } - nodes { - path - } - } - } - } - }' --paginate --jq '.data.repository.pullRequest.files.nodes.[].path' > $FILENAME - fi - for file in "$@"; do - grep -Fxq -m1 "$file" $FILENAME && exit 0 - done - exit 1 - EOF - chmod +x is_changed.sh - - cat > already_commented.sh <<'EOF' - #!/bin/bash - FILENAME=bot_comments.txt - if [ ! -f $FILENAME ]; then - gh pr view ${{ github.event.pull_request.number }} --repo ${{ github.repository }} \ - --json 'comments' --jq '.comments[] | select(.author.login == "typescript-bot") | .body' > $FILENAME - fi - exec grep -Fq -m1 "$1" $FILENAME - EOF - chmod +x already_commented.sh - - - name: Generated DOM files - if: steps.pr_owner.outputs.pr_owner == 'false' - run: | - if ./is_changed.sh "src/lib/dom.generated.d.ts" \ - "src/lib/dom.iterable.generated.d.ts" \ - "src/lib/webworker.generated.d.ts" \ - "src/lib/webworker.iterable.generated.d.ts"; then - MESSAGE="It looks like you've sent a pull request to update some generated declaration files related to the DOM." - MESSAGE+=" These files aren't meant to be edited by hand, as they are synchronized with files in" - MESSAGE+=" [the TypeScript-DOM-lib-generator repository](https://github.com/microsoft/TypeScript-DOM-lib-generator)." - MESSAGE+=" You can [read more here](https://github.com/microsoft/TypeScript/blob/main/CONTRIBUTING.md#contributing-libdts-fixes)." - MESSAGE+=" For house-keeping purposes, this pull request will be closed." - - gh pr close ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --comment "$MESSAGE" - exit 1 # Stop the pipeline; we just closed the PR. - fi - - - name: Check if PR modifies protocol.ts - run: | - if ./is_changed.sh "src/server/protocol.ts"; then - MESSAGE="Thanks for the PR! It looks like you've changed the TSServer protocol in some way." - MESSAGE+=" Please ensure that any changes here don't break consumers of the current TSServer API." - MESSAGE+=" For some extra review, we'll ping @sheetalkamat, @mjbvz, @zkat, and @joj for you." - MESSAGE+=" Feel free to loop in other consumers/maintainers if necessary." - - if ./already_commented.sh "It looks like you've changed the TSServer protocol in some way."; then - echo "Already commented." - else - gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --body "$MESSAGE" - fi - fi - - - name: Check for breaking changes - run: | - if ./is_changed.sh "tests/baselines/reference/api/typescript.d.ts" \ - "tests/baselines/reference/api/tsserverlibrary.d.ts"; then - MESSAGE="Looks like you're introducing a change to the public API surface area." - MESSAGE+=" If this includes breaking changes, please document them" - MESSAGE+=" [on our wiki's API Breaking Changes page](https://github.com/microsoft/TypeScript/wiki/API-Breaking-Changes)." - MESSAGE+=$'\n\n' - MESSAGE+="Also, please make sure @DanielRosenwasser and @RyanCavanaugh are aware of the changes, just as a heads up." - - if ./already_commented.sh "Looks like you're introducing a change to the public API surface area."; then - echo "Already commented." - else - gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --body "$MESSAGE" - fi - fi +name: Check modified files +on: + # For security reasons, we have to use pull_request_target here. + # This differs from pull_request in that it runs at the _base_ of the PR, + # e.g. main. This allows us to access secrets. In this workflow, we should + # never actually clone the PR, as it may contain malicious code. + # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + pull_request_target: + branches: + - main + +# We only ever need one of these running on a single PR. +# Just let the newest one complete if there are multiple running. +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +# Ensure scripts are run with pipefail. See: +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference +defaults: + run: + shell: bash + +jobs: + manage-prs: + runs-on: ubuntu-latest + if: github.repository == 'microsoft/TypeScript' + + # No need to set explicit permissions; we are using typescript-bot's token, not github-actions' token. + + env: + GH_TOKEN: ${{ secrets.TS_BOT_GITHUB_TOKEN }} + + steps: + - name: Check if PR author is in pr_owners.txt + id: pr_owner + run: | + curl -s https://raw.githubusercontent.com/microsoft/TypeScript/main/.github/pr_owners.txt > pr_owners.txt + if grep -Fxq -m1 "${{ github.event.pull_request.user.login }}" pr_owners.txt; then + echo "pr_owner=true" >> "$GITHUB_OUTPUT" + else + echo "pr_owner=false" >> "$GITHUB_OUTPUT" + fi + + - name: Create scripts + run: | + cat > is_changed.sh <<'EOF' + #!/bin/bash + FILENAME=changed_files.txt + if [ ! -f $FILENAME ]; then + # The gh command only returns info for the first 100 files. To get + # the rest, we have to use the graphql API. See: + # https://github.com/cli/cli/issues/5368#issuecomment-1344253654 + gh api graphql -f query=' + query($endCursor: String) { + repository(owner: "microsoft", name: "TypeScript") { + pullRequest(number: ${{ github.event.pull_request.number }}) { + files(first: 100, after: $endCursor) { + pageInfo{ hasNextPage, endCursor } + nodes { + path + } + } + } + } + }' --paginate --jq '.data.repository.pullRequest.files.nodes.[].path' > $FILENAME + fi + for file in "$@"; do + grep -Fxq -m1 "$file" $FILENAME && exit 0 + done + exit 1 + EOF + chmod +x is_changed.sh + + cat > already_commented.sh <<'EOF' + #!/bin/bash + FILENAME=bot_comments.txt + if [ ! -f $FILENAME ]; then + gh pr view ${{ github.event.pull_request.number }} --repo ${{ github.repository }} \ + --json 'comments' --jq '.comments[] | select(.author.login == "typescript-bot") | .body' > $FILENAME + fi + exec grep -Fq -m1 "$1" $FILENAME + EOF + chmod +x already_commented.sh + + - name: Generated DOM files + if: steps.pr_owner.outputs.pr_owner == 'false' + run: | + if ./is_changed.sh "src/lib/dom.generated.d.ts" \ + "src/lib/dom.iterable.generated.d.ts" \ + "src/lib/webworker.generated.d.ts" \ + "src/lib/webworker.iterable.generated.d.ts"; then + MESSAGE="It looks like you've sent a pull request to update some generated declaration files related to the DOM." + MESSAGE+=" These files aren't meant to be edited by hand, as they are synchronized with files in" + MESSAGE+=" [the TypeScript-DOM-lib-generator repository](https://github.com/microsoft/TypeScript-DOM-lib-generator)." + MESSAGE+=" You can [read more here](https://github.com/microsoft/TypeScript/blob/main/CONTRIBUTING.md#contributing-libdts-fixes)." + MESSAGE+=" For house-keeping purposes, this pull request will be closed." + + gh pr close ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --comment "$MESSAGE" + exit 1 # Stop the pipeline; we just closed the PR. + fi + + - name: Check if PR modifies protocol.ts + run: | + if ./is_changed.sh "src/server/protocol.ts"; then + MESSAGE="Thanks for the PR! It looks like you've changed the TSServer protocol in some way." + MESSAGE+=" Please ensure that any changes here don't break consumers of the current TSServer API." + MESSAGE+=" For some extra review, we'll ping @sheetalkamat, @mjbvz, @zkat, and @joj for you." + MESSAGE+=" Feel free to loop in other consumers/maintainers if necessary." + + if ./already_commented.sh "It looks like you've changed the TSServer protocol in some way."; then + echo "Already commented." + else + gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --body "$MESSAGE" + fi + fi + + - name: Check for breaking changes + run: | + if ./is_changed.sh "tests/baselines/reference/api/typescript.d.ts" \ + "tests/baselines/reference/api/tsserverlibrary.d.ts"; then + MESSAGE="Looks like you're introducing a change to the public API surface area." + MESSAGE+=" If this includes breaking changes, please document them" + MESSAGE+=" [on our wiki's API Breaking Changes page](https://github.com/microsoft/TypeScript/wiki/API-Breaking-Changes)." + MESSAGE+=$'\n\n' + MESSAGE+="Also, please make sure @DanielRosenwasser and @RyanCavanaugh are aware of the changes, just as a heads up." + + if ./already_commented.sh "Looks like you're introducing a change to the public API surface area."; then + echo "Already commented." + else + gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --body "$MESSAGE" + fi + fi diff --git a/.github/workflows/release-branch-artifact.yaml b/.github/workflows/release-branch-artifact.yaml index 24be83d5a44..aa6f97491e3 100644 --- a/.github/workflows/release-branch-artifact.yaml +++ b/.github/workflows/release-branch-artifact.yaml @@ -1,47 +1,47 @@ -name: Create Releasable Package Drop - -on: - push: - branches: - - release-* - -permissions: - contents: read - -# Ensure scripts are run with pipefail. See: -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference -defaults: - run: - shell: bash - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 - - run: | - npm --version - # corepack enable npm - npm install -g $(jq -r '.packageManager' < package.json) - npm --version - - name: npm install and test - run: | - npm ci - npm test - - name: Installing browsers - run: npx playwright install --with-deps - - name: Validate the browser can import TypeScript - run: npx hereby test-browser-integration - - name: LKG, clean, and pack - run: | - npx hereby LKG - npx hereby clean - npm pack ./ - mv typescript-*.tgz typescript.tgz - - name: Upload built tarfile - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: tgz - path: typescript.tgz +name: Create Releasable Package Drop + +on: + push: + branches: + - release-* + +permissions: + contents: read + +# Ensure scripts are run with pipefail. See: +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference +defaults: + run: + shell: bash + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + - run: | + npm --version + # corepack enable npm + npm install -g $(jq -r '.packageManager' < package.json) + npm --version + - name: npm install and test + run: | + npm ci + npm test + - name: Installing browsers + run: npx playwright install --with-deps + - name: Validate the browser can import TypeScript + run: npx hereby test-browser-integration + - name: LKG, clean, and pack + run: | + npx hereby LKG + npx hereby clean + npm pack ./ + mv typescript-*.tgz typescript.tgz + - name: Upload built tarfile + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: tgz + path: typescript.tgz diff --git a/.github/workflows/set-version.yaml b/.github/workflows/set-version.yaml index 11d57994f3d..d3f521901cb 100644 --- a/.github/workflows/set-version.yaml +++ b/.github/workflows/set-version.yaml @@ -1,56 +1,56 @@ -name: Set branch version - -on: - repository_dispatch: - types: [set-version] - -permissions: - contents: read - -# Ensure scripts are run with pipefail. See: -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference -defaults: - run: - shell: bash - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ github.event.client_payload.branch_name }} - token: ${{ secrets.TS_BOT_GITHUB_TOKEN }} - - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 - - run: | - npm --version - # corepack enable npm - npm install -g $(jq -r '.packageManager' < package.json) - npm --version - # notably, this is essentially the same script as `new-release-branch.yaml` (with fewer inputs), but it assumes the branch already exists - # do note that executing the transform below will prevent the `configurePrerelease` script from running on the source, as it makes the - # `version` identifier no longer match the regex it uses - # required client_payload members: - # branch_name - the target branch - # package_version - the full version string (eg, `3.9.1-rc` or `3.9.2`) - # core_major_minor - the major.minor pair associated with the desired package_version (eg, `3.9` for `3.9.3`) - - run: | - sed -i -e 's/"version": ".*"/"version": "${{ github.event.client_payload.package_version }}"/g' package.json - sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' src/compiler/corePublic.ts - sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' tests/baselines/reference/api/typescript.d.ts - sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' tests/baselines/reference/api/tsserverlibrary.d.ts - sed -i -e 's/const version\(: string\)\{0,1\} = .*;/const version = "${{ github.event.client_payload.package_version }}" as string;/g' src/compiler/corePublic.ts - npm ci - npm install # update package-lock.json to ensure the version bump is included - npx hereby LKG - npm test - git diff - git add package.json package-lock.json - git add src/compiler/corePublic.ts - git add tests/baselines/reference/api/typescript.d.ts - git add tests/baselines/reference/api/tsserverlibrary.d.ts - git add --force ./lib - git config user.email "typescriptbot@microsoft.com" - git config user.name "TypeScript Bot" - git commit -m 'Bump version to ${{ github.event.client_payload.package_version }} and LKG' - git push +name: Set branch version + +on: + repository_dispatch: + types: [set-version] + +permissions: + contents: read + +# Ensure scripts are run with pipefail. See: +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference +defaults: + run: + shell: bash + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ github.event.client_payload.branch_name }} + token: ${{ secrets.TS_BOT_GITHUB_TOKEN }} + - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + - run: | + npm --version + # corepack enable npm + npm install -g $(jq -r '.packageManager' < package.json) + npm --version + # notably, this is essentially the same script as `new-release-branch.yaml` (with fewer inputs), but it assumes the branch already exists + # do note that executing the transform below will prevent the `configurePrerelease` script from running on the source, as it makes the + # `version` identifier no longer match the regex it uses + # required client_payload members: + # branch_name - the target branch + # package_version - the full version string (eg, `3.9.1-rc` or `3.9.2`) + # core_major_minor - the major.minor pair associated with the desired package_version (eg, `3.9` for `3.9.3`) + - run: | + sed -i -e 's/"version": ".*"/"version": "${{ github.event.client_payload.package_version }}"/g' package.json + sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' src/compiler/corePublic.ts + sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' tests/baselines/reference/api/typescript.d.ts + sed -i -e 's/const versionMajorMinor = ".*"/const versionMajorMinor = "${{ github.event.client_payload.core_major_minor }}"/g' tests/baselines/reference/api/tsserverlibrary.d.ts + sed -i -e 's/const version\(: string\)\{0,1\} = .*;/const version = "${{ github.event.client_payload.package_version }}" as string;/g' src/compiler/corePublic.ts + npm ci + npm install # update package-lock.json to ensure the version bump is included + npx hereby LKG + npm test + git diff + git add package.json package-lock.json + git add src/compiler/corePublic.ts + git add tests/baselines/reference/api/typescript.d.ts + git add tests/baselines/reference/api/tsserverlibrary.d.ts + git add --force ./lib + git config user.email "typescriptbot@microsoft.com" + git config user.name "TypeScript Bot" + git commit -m 'Bump version to ${{ github.event.client_payload.package_version }} and LKG' + git push diff --git a/.github/workflows/sync-branch.yaml b/.github/workflows/sync-branch.yaml index 3a40e9b9a97..b0aa80adb86 100644 --- a/.github/workflows/sync-branch.yaml +++ b/.github/workflows/sync-branch.yaml @@ -1,44 +1,44 @@ -name: Sync branch with master - -on: - repository_dispatch: - types: [sync-branch] - workflow_dispatch: - inputs: - branch_name: - description: 'Target Branch Name' - required: true - -permissions: - contents: read - -# Ensure scripts are run with pipefail. See: -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference -defaults: - run: - shell: bash - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ github.event.inputs.branch_name || github.event.client_payload.branch_name }} - filter: blob:none # https://github.blog/2020-12-21-get-up-to-speed-with-partial-clone-and-shallow-clone/ - fetch-depth: 0 # Default is 1; need to set to 0 to get the benefits of blob:none. - token: ${{ secrets.TS_BOT_GITHUB_TOKEN }} - # required client_payload members: - # branch_name - the target branch - - run: | - git config user.email "typescriptbot@microsoft.com" - git config user.name "TypeScript Bot" - git fetch origin main - git merge origin/main --no-ff - npm ci - npx hereby LKG - git add --force ./lib - git commit -m 'Update LKG' - git push +name: Sync branch with master + +on: + repository_dispatch: + types: [sync-branch] + workflow_dispatch: + inputs: + branch_name: + description: 'Target Branch Name' + required: true + +permissions: + contents: read + +# Ensure scripts are run with pipefail. See: +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference +defaults: + run: + shell: bash + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ github.event.inputs.branch_name || github.event.client_payload.branch_name }} + filter: blob:none # https://github.blog/2020-12-21-get-up-to-speed-with-partial-clone-and-shallow-clone/ + fetch-depth: 0 # Default is 1; need to set to 0 to get the benefits of blob:none. + token: ${{ secrets.TS_BOT_GITHUB_TOKEN }} + # required client_payload members: + # branch_name - the target branch + - run: | + git config user.email "typescriptbot@microsoft.com" + git config user.name "TypeScript Bot" + git fetch origin main + git merge origin/main --no-ff + npm ci + npx hereby LKG + git add --force ./lib + git commit -m 'Update LKG' + git push diff --git a/.github/workflows/update-package-lock.yaml b/.github/workflows/update-package-lock.yaml index 5b0613cc305..9884382fb7a 100644 --- a/.github/workflows/update-package-lock.yaml +++ b/.github/workflows/update-package-lock.yaml @@ -1,52 +1,52 @@ -name: Update package-lock.json - -on: - schedule: - # This is probably 6am UTC, which is 10pm PST or 11pm PDT - # Alternatively, 6am local is also fine - - cron: '0 6 * * *' - workflow_dispatch: {} - -permissions: - contents: read - -# Ensure scripts are run with pipefail. See: -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference -defaults: - run: - shell: bash - -jobs: - build: - runs-on: ubuntu-latest - if: github.repository == 'microsoft/TypeScript' - - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - token: ${{ secrets.TS_BOT_GITHUB_TOKEN }} - - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 - with: - node-version: 16 - - run: | - npm --version - # corepack enable npm - npm install -g $(jq -r '.packageManager' < package.json) - npm --version - - - name: Update package-lock.json and push - run: | - rm package-lock.json - npm install - - if git diff --exit-code --name-only package-lock.json; then - echo "No change." - else - npm test - npx hereby LKG - git config user.email "typescriptbot@microsoft.com" - git config user.name "TypeScript Bot" - git add -f package-lock.json - git commit -m "Update package-lock.json" - git push - fi +name: Update package-lock.json + +on: + schedule: + # This is probably 6am UTC, which is 10pm PST or 11pm PDT + # Alternatively, 6am local is also fine + - cron: '0 6 * * *' + workflow_dispatch: {} + +permissions: + contents: read + +# Ensure scripts are run with pipefail. See: +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference +defaults: + run: + shell: bash + +jobs: + build: + runs-on: ubuntu-latest + if: github.repository == 'microsoft/TypeScript' + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + token: ${{ secrets.TS_BOT_GITHUB_TOKEN }} + - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + with: + node-version: 16 + - run: | + npm --version + # corepack enable npm + npm install -g $(jq -r '.packageManager' < package.json) + npm --version + + - name: Update package-lock.json and push + run: | + rm package-lock.json + npm install + + if git diff --exit-code --name-only package-lock.json; then + echo "No change." + else + npm test + npx hereby LKG + git config user.email "typescriptbot@microsoft.com" + git config user.name "TypeScript Bot" + git add -f package-lock.json + git commit -m "Update package-lock.json" + git push + fi