mirror of
https://github.com/bitwarden/browser
synced 2025-12-06 00:13:28 +00:00
167 lines
6.2 KiB
YAML
167 lines
6.2 KiB
YAML
# This workflow runs TypeScript compatibility checks when the SDK is updated.
|
|
# Triggered automatically by the SDK repository via workflow_dispatch when SDK PRs are created/updated.
|
|
name: SDK Breaking Change Check
|
|
run-name: "SDK breaking change check (${{ github.event.inputs.sdk_version }})"
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
sdk_version:
|
|
description: "SDK version being tested"
|
|
required: true
|
|
type: string
|
|
source_repo:
|
|
description: "Source repository"
|
|
required: true
|
|
type: string
|
|
artifacts_run_id:
|
|
description: "Artifacts run ID"
|
|
required: true
|
|
type: string
|
|
artifact_name:
|
|
description: "Artifact name"
|
|
required: true
|
|
type: string
|
|
|
|
permissions:
|
|
contents: read
|
|
actions: read
|
|
id-token: write
|
|
|
|
jobs:
|
|
type-check:
|
|
name: TypeScript compatibility check
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 15
|
|
env:
|
|
_SOURCE_REPO: ${{ github.event.inputs.source_repo }}
|
|
_SDK_VERSION: ${{ github.event.inputs.sdk_version }}
|
|
_ARTIFACTS_RUN_ID: ${{ github.event.inputs.artifacts_run_id }}
|
|
_ARTIFACT_NAME: ${{ github.event.inputs.artifact_name }}
|
|
|
|
steps:
|
|
- name: Log in to Azure
|
|
uses: bitwarden/gh-actions/azure-login@main
|
|
with:
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
- name: Get Azure Key Vault secrets
|
|
id: get-kv-secrets
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: gh-org-bitwarden
|
|
secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
|
|
|
|
- name: Generate GH App token
|
|
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
|
|
id: app-token
|
|
with:
|
|
app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
|
|
private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
|
|
permission-actions: read # for reading and downloading the artifacts for a workflow run
|
|
|
|
- name: Log out from Azure
|
|
uses: bitwarden/gh-actions/azure-logout@main
|
|
|
|
- name: Check out clients repository
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Get Node Version
|
|
id: retrieve-node-version
|
|
run: |
|
|
NODE_NVMRC=$(cat .nvmrc)
|
|
NODE_VERSION=${NODE_NVMRC/v/''}
|
|
echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
|
with:
|
|
cache: 'npm'
|
|
cache-dependency-path: '**/package-lock.json'
|
|
node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
|
|
|
|
- name: Install Node dependencies
|
|
run: |
|
|
echo "📦 Installing Node dependencies with retry logic..."
|
|
|
|
RETRY_COUNT=0
|
|
MAX_RETRIES=3
|
|
while [ ${RETRY_COUNT} -lt ${MAX_RETRIES} ]; do
|
|
RETRY_COUNT=$((RETRY_COUNT + 1))
|
|
echo "🔄 npm ci attempt ${RETRY_COUNT} of ${MAX_RETRIES}..."
|
|
|
|
if npm ci; then
|
|
echo "✅ npm ci successful"
|
|
break
|
|
else
|
|
echo "❌ npm ci attempt ${RETRY_COUNT} failed"
|
|
[ ${RETRY_COUNT} -lt ${MAX_RETRIES} ] && sleep 5
|
|
fi
|
|
done
|
|
|
|
if [ ${RETRY_COUNT} -eq ${MAX_RETRIES} ]; then
|
|
echo "::error::npm ci failed after ${MAX_RETRIES} attempts"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Download SDK artifacts
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
github_token: ${{ steps.app-token.outputs.token }}
|
|
workflow: build-wasm-internal.yml
|
|
workflow_conclusion: success
|
|
run_id: ${{ env._ARTIFACTS_RUN_ID }}
|
|
artifacts: ${{ env._ARTIFACT_NAME }}
|
|
repo: ${{ env._SOURCE_REPO }}
|
|
path: ./sdk-internal
|
|
if_no_artifact_found: fail
|
|
|
|
- name: Override SDK using npm link
|
|
working-directory: ./
|
|
run: |
|
|
echo "🔧 Setting up SDK override using npm link..."
|
|
echo "📊 SDK Version: ${_SDK_VERSION}"
|
|
echo "📦 Artifact Source: ${_SOURCE_REPO} run ${_ARTIFACTS_RUN_ID}"
|
|
|
|
echo "📋 SDK package contents:"
|
|
ls -la ./sdk-internal/
|
|
|
|
echo "🔗 Creating npm link to SDK package..."
|
|
if ! npm link ./sdk-internal; then
|
|
echo "::error::Failed to link SDK package"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Run TypeScript compatibility check
|
|
run: |
|
|
|
|
echo "🔍 Running TypeScript type checking with SDK version: ${_SDK_VERSION}"
|
|
echo "🎯 Type checking command: npm run test:types"
|
|
|
|
# Add GitHub Step Summary output
|
|
echo "## 📊 TypeScript Compatibility Check" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **SDK Version**: ${_SDK_VERSION}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Source Repository**: ${_SOURCE_REPO}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Artifacts Run ID**: ${_ARTIFACTS_RUN_ID}" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
|
|
TYPE_CHECK_START=$(date +%s)
|
|
|
|
# Run type check with timeout - exit code determines gh run watch result
|
|
if timeout 10m npm run test:types; then
|
|
TYPE_CHECK_END=$(date +%s)
|
|
TYPE_CHECK_DURATION=$((TYPE_CHECK_END - TYPE_CHECK_START))
|
|
echo "✅ TypeScript compilation successful (${TYPE_CHECK_DURATION}s)"
|
|
echo "✅ **Result**: TypeScript compilation successful" >> $GITHUB_STEP_SUMMARY
|
|
echo "No breaking changes detected for SDK version ${_SDK_VERSION}" >> $GITHUB_STEP_SUMMARY
|
|
else
|
|
TYPE_CHECK_END=$(date +%s)
|
|
TYPE_CHECK_DURATION=$((TYPE_CHECK_END - TYPE_CHECK_START))
|
|
echo "❌ TypeScript compilation failed after ${TYPE_CHECK_DURATION}s - breaking changes detected"
|
|
echo "❌ **Result**: TypeScript compilation failed" >> $GITHUB_STEP_SUMMARY
|
|
echo "Breaking changes detected for SDK version ${_SDK_VERSION}" >> $GITHUB_STEP_SUMMARY
|
|
exit 1
|
|
fi
|