diff --git a/.github/workflows/build_application_images.yml b/.github/workflows/build_application_images.yml index 07b0ac1b77..6d6df1d20c 100644 --- a/.github/workflows/build_application_images.yml +++ b/.github/workflows/build_application_images.yml @@ -4,9 +4,9 @@ on: workflow_call: env: - GIT_HASH: ${{ github.event.pull_request.head.sha || github.sha }} + GIT_HASH: ${{ github.sha }} + GIT_REF_NAME: ${{ github.ref }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GIT_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref }} permissions: id-token: write @@ -20,8 +20,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Run clamscan run: | clamscan --version diff --git a/.github/workflows/build_frontend_assets.yml b/.github/workflows/build_frontend_assets.yml index 73ba4fd9d2..051154e414 100644 --- a/.github/workflows/build_frontend_assets.yml +++ b/.github/workflows/build_frontend_assets.yml @@ -9,7 +9,7 @@ on: description: Environment to build frontend assets for env: - GIT_HASH: ${{ github.event.pull_request.head.sha || github.sha }} + GIT_HASH: ${{ github.sha }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} ENV: ${{ inputs.env }} @@ -26,8 +26,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Set up node uses: actions/setup-node@v4 with: diff --git a/.github/workflows/check_migrations.yml b/.github/workflows/check_migrations.yml index 159182c452..93cf015096 100644 --- a/.github/workflows/check_migrations.yml +++ b/.github/workflows/check_migrations.yml @@ -5,7 +5,6 @@ name: Check Migrations on: pull_request: - types: [opened, synchronize] jobs: check_migrations: @@ -14,67 +13,6 @@ jobs: steps: - name: Checkout all uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Fetch base branch - run: | - echo "Fetching the latest version of the BASE branch '${{ github.event.pull_request.base.ref }}'" - git fetch --no-tags origin "${{ github.event.pull_request.base.ref }}:${{ github.event.pull_request.base.ref }}" - - - name: Fetch head branch - run: | - echo "Fetching the latest version of the HEAD branch '${{ github.event.pull_request.head.ref }}'" - git fetch --no-tags origin "${{ github.event.pull_request.head.ref }}:${{ github.event.pull_request.head.ref }}" - - - name: Gather migration files from base branch - run: | - echo "Gathering ./migrations/ files from base branch '${{ github.event.pull_request.base.ref }}'" - BASE_FILES=$(git ls-tree --name-only "${{ github.event.pull_request.base.ref }}" -- ./migrations/) - echo "BASE files:" - echo "${BASE_FILES}" - - # We need to format $MIGRATION_BASE_FILES as a heredoc so that we can use it in the next step - echo "MIGRATION_BASE_FILES<> ${GITHUB_ENV} - echo "${BASE_FILES}" >> ${GITHUB_ENV} - echo "EOF" >> ${GITHUB_ENV} - - - name: Gather changed migration files from head branch - run: | - echo "Comparing head branch '${{ github.event.pull_request.head.ref }}' with base branch '${{ github.event.pull_request.base.ref }}'" - echo "Gathering ./migrations/ file changes from head branch '${{ github.event.pull_request.head.ref }}'" - HEAD_MIGRATION_FILES=$(git diff --name-only --diff-filter=A "${{ github.event.pull_request.base.ref }}" "${{ github.event.pull_request.head.ref }}" -- ./migrations/) - echo "HEAD changed files:" - echo "${HEAD_MIGRATION_FILES}" - - # We need to format $MIGRATION_HEAD_FILES as a heredoc so that we can use it in the next step - echo "MIGRATION_HEAD_FILES<> ${GITHUB_ENV} - echo "${HEAD_MIGRATION_FILES}" >> ${GITHUB_ENV} - echo "EOF" >> ${GITHUB_ENV} - - - name: Extracting prefixes from head branch - run: | - HEAD_PREFIXES=$(echo "${{ env.MIGRATION_HEAD_FILES }}" | awk -F'__' '{print $1}') - echo "HEAD prefixes: '${HEAD_PREFIXES}'" - echo "MIGRATION_HEAD_PREFIXES<> ${GITHUB_ENV} - echo "${HEAD_PREFIXES}" >> ${GITHUB_ENV} - echo "EOF" >> ${GITHUB_ENV} - - - name: Extracting prefixes from base branch - run: | - BASE_PREFIXES=$(echo "${{ env.MIGRATION_BASE_FILES }}" | awk -F'__' '{print $1}') - echo "BASE prefixes: '${BASE_PREFIXES}'" - echo "MIGRATION_BASE_PREFIXES<> $GITHUB_ENV - echo "${BASE_PREFIXES}" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - - - name: Check for duplicate prefixes - run: | - DUPLICATES=$(echo "${{ env.MIGRATION_HEAD_PREFIXES }} ${{ env.MIGRATION_BASE_PREFIXES }}" | tr ' ' '\n' | sort | uniq -d) - - if [ -n "${DUPLICATES}" ]; then - echo "Duplicate migration prefixes found: ${DUPLICATES}" - exit 1 - fi - - echo "No duplicate migration prefixes found, you're good to go!" + - name: Check migrations + run: ./scripts/check_migration_versions.sh diff --git a/.github/workflows/deploy_to_environment.yml b/.github/workflows/deploy_to_environment.yml index b6093ca9fb..22f0aa55ec 100644 --- a/.github/workflows/deploy_to_environment.yml +++ b/.github/workflows/deploy_to_environment.yml @@ -8,7 +8,7 @@ on: type: string env: - GIT_HASH: ${{ github.event.pull_request.head.sha || github.sha }} + GIT_HASH: ${{ github.sha }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} ENV: ${{ inputs.env }} @@ -34,8 +34,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4.0.1 with: @@ -85,8 +83,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4.0.1 with: @@ -134,8 +130,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4.0.1 with: diff --git a/.github/workflows/pr_checks.yml b/.github/workflows/pr_checks.yml index 245569c84b..d51c048034 100644 --- a/.github/workflows/pr_checks.yml +++ b/.github/workflows/pr_checks.yml @@ -2,8 +2,6 @@ name: PR Checks on: pull_request: - branches: - - "**" # This concurrency group exists with cancel-in-progress: true so that only the latest run of the workflow is executed (as its all that should matter). concurrency: diff --git a/.github/workflows/pr_label_checks.yml b/.github/workflows/pr_label_checks.yml index 5917b63f2c..6b195a7060 100644 --- a/.github/workflows/pr_label_checks.yml +++ b/.github/workflows/pr_label_checks.yml @@ -2,7 +2,7 @@ name: PR Label Checks on: pull_request: - types: [labeled, unlabeled, opened, synchronize, ready_for_review] + types: [labeled, unlabeled, opened, reopened, synchronize, ready_for_review] # This concurrency group exists with cancel-in-progress: true so that only the latest run of the workflow is executed (as its all that should matter). concurrency: diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 53e2712ddb..025633fe4e 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -10,8 +10,8 @@ on: default: false env: - GIT_HASH: ${{ github.event.pull_request.head.sha || github.sha }} - GIT_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref }} + GIT_HASH: ${{ github.sha }} + GIT_REF_NAME: ${{ github.ref }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} POSTGRES_PASSWORD: mysecretpassword POSTGRES_USER: postgres @@ -40,8 +40,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Login to Docker Hub uses: docker/login-action@v3 with: @@ -71,8 +69,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Set up node uses: actions/setup-node@v4 with: @@ -208,8 +204,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Set up node uses: actions/setup-node@v4 with: @@ -301,8 +295,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Set up node uses: actions/setup-node@v4 with: @@ -338,8 +330,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Set up node uses: actions/setup-node@v4 with: @@ -362,8 +352,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Set up node uses: actions/setup-node@v4 with: diff --git a/.github/workflows/scan_deployed_image.yml b/.github/workflows/scan_deployed_image.yml index ba3eb99bb0..71fea2ba76 100644 --- a/.github/workflows/scan_deployed_image.yml +++ b/.github/workflows/scan_deployed_image.yml @@ -7,7 +7,7 @@ on: env: AWS_DEFAULT_REGION: us-west-2 SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GIT_HASH: ${{ github.event.pull_request.head.sha || github.sha }} + GIT_HASH: ${{ github.sha }} jobs: rescan_deployed_image: @@ -16,8 +16,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_HASH }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4.0.1 with: diff --git a/scripts/check_migration_versions.sh b/scripts/check_migration_versions.sh new file mode 100755 index 0000000000..93f491e111 --- /dev/null +++ b/scripts/check_migration_versions.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +# + +set -eu -o pipefail + +# Parent path magic to always set the correct relative paths when running this script +parent_path=$( cd "$(dirname "${BASH_SOURCE[0]}")" || exit ; pwd -P ) +cd "$parent_path" || exit + +# shellcheck disable=SC2012 +migration_versions=$(ls -1 ../migrations/ | sed 's/__.*$//' | sort -V) +migration_versions_unique=$(echo "$migration_versions" | uniq) + +count_of_migrations=$(echo "$migration_versions" | wc -l) +count_of_uniq_migrations=$(echo "$migration_versions_unique" | wc -l) + +# Print out results +echo "Detected $count_of_migrations migrations." +echo "Detected $count_of_uniq_migrations unique migrations." + +# If the number of migrations is not equal to the number of unique migrations, +# then there are duplicate migrations. +if [ "$count_of_migrations" -ne "$count_of_uniq_migrations" ]; then + echo "Duplicate migrations detected. Please remove the duplicate migrations." + echo "The following migrations are duplicated:" + echo "$migration_versions" | uniq -d + exit 1 +fi \ No newline at end of file