From eae7ff7b5fab340004882153a55f90c2d2be19c1 Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Wed, 16 Jul 2025 13:58:35 +0200 Subject: [PATCH 01/12] Added a "branch_protection_filter" CI task to filter out a direct push builds on feature branches. --- .circleci/config.yml | 67 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index cd9a1b4d5..bc382ecb8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -39,6 +39,68 @@ commands: - "a0:41:a2:56:c8:7d:3f:29:41:d1:87:92:fd:50:2b:6b" jobs: + branch_protection_filter: + machine: true + resource_class: medium + steps: + - run: + name: Check if the build should continue. + command: | + #!/usr/bin/env bash + + set -euo pipefail + + PIPELINE_EVENT_ACTION="<< pipeline.event.action >>" + PIPELINE_GIT_BRANCH="<< pipeline.git.branch >>" + + readonly PROTECTED_BRANCHES=( + master + release + stable + ) + + readonly ALLOWED_PATTERNS=( + '^epic/' + '/epic/' + ) + + is_protected_branch() { + for b in "${PROTECTED_BRANCHES[@]}"; do + [[ $PIPELINE_GIT_BRANCH == "$b" ]] && return 0 + done + + return 1 + } + + matches_allowed_pattern() { + for pattern in "${ALLOWED_PATTERNS[@]}"; do + [[ $PIPELINE_GIT_BRANCH =~ $pattern ]] && return 0 + done + + return 1 + } + + should_allow_pipeline() { + # Allow for non-push events. A job could be trigger via API, a pull request, or a scheduled event. + [[ $PIPELINE_EVENT_ACTION != "push" ]] && return 0 + + # Direct commits on protected branches (after merging a pull request). + is_protected_branch && return 0 + + # Epic branches (direct commits or merged pull requests). + matches_allowed_pattern && return 0 + + # Most probably a direct commit on a feature branch. + return 1 + } + + if ! should_allow_pipeline; then + circleci-agent step halt + exit 1 + fi + + exit 0 + generate_configuration: docker: - image: cimg/node:22.12.0 @@ -58,4 +120,7 @@ workflows: version: 2 config: jobs: - - generate_configuration + - branch_protection_filter + - generate_configuration: + requires: + - branch_protection_filter From e02b8b813e19fd33829abdb9ab278c02a59976fa Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 07:51:20 +0200 Subject: [PATCH 02/12] Apply suggestion from @pomek --- .circleci/config.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index bc382ecb8..2aa5ef227 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -55,8 +55,6 @@ jobs: readonly PROTECTED_BRANCHES=( master - release - stable ) readonly ALLOWED_PATTERNS=( From 8fddba48f17b14d347ed32378d44d48ba61a8e09 Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 07:55:05 +0200 Subject: [PATCH 03/12] Debug log. --- .circleci/config.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2aa5ef227..db7423448 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -52,6 +52,9 @@ jobs: PIPELINE_EVENT_ACTION="<< pipeline.event.action >>" PIPELINE_GIT_BRANCH="<< pipeline.git.branch >>" + + echo PIPELINE_EVENT_ACTION=$PIPELINE_EVENT_ACTION + echo PIPELINE_GIT_BRANCH=$PIPELINE_GIT_BRANCH readonly PROTECTED_BRANCHES=( master From bf65f90964f2b56e3276815ff2509f5edc44279d Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 07:57:09 +0200 Subject: [PATCH 04/12] Apply suggestion from @pomek --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index db7423448..0e5d6ba25 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -53,6 +53,7 @@ jobs: PIPELINE_EVENT_ACTION="<< pipeline.event.action >>" PIPELINE_GIT_BRANCH="<< pipeline.git.branch >>" + # Check what happens when applying a suggestion. echo PIPELINE_EVENT_ACTION=$PIPELINE_EVENT_ACTION echo PIPELINE_GIT_BRANCH=$PIPELINE_GIT_BRANCH From ed6fbae19eef7945dd2e48989c152a24fa18dd7f Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 07:57:44 +0200 Subject: [PATCH 05/12] Apply suggestion from @pomek --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 0e5d6ba25..48fc4a4ce 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -53,7 +53,7 @@ jobs: PIPELINE_EVENT_ACTION="<< pipeline.event.action >>" PIPELINE_GIT_BRANCH="<< pipeline.git.branch >>" - # Check what happens when applying a suggestion. + # Check what happens when applying a suggestion. echo PIPELINE_EVENT_ACTION=$PIPELINE_EVENT_ACTION echo PIPELINE_GIT_BRANCH=$PIPELINE_GIT_BRANCH From 7987dfbd60c490ed27d6b8af98170dbc5d16bc4d Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 08:02:09 +0200 Subject: [PATCH 06/12] Thu Jul 17 08:02:09 AM CEST 2025 -- ci/4073-ci-filters. --- .circleci/config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 48fc4a4ce..6312f2414 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -56,6 +56,8 @@ jobs: # Check what happens when applying a suggestion. echo PIPELINE_EVENT_ACTION=$PIPELINE_EVENT_ACTION echo PIPELINE_GIT_BRANCH=$PIPELINE_GIT_BRANCH + echo CIRCLE_PULL_REQUESTS=$CIRCLE_PULL_REQUESTS + echo CIRCLE_PULL_REQUEST=$CIRCLE_PULL_REQUEST readonly PROTECTED_BRANCHES=( master From 4aec9debbcc265dc3ac5d2ed9440ad84f26997f8 Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 08:02:32 +0200 Subject: [PATCH 07/12] Thu Jul 17 08:02:32 AM CEST 2025 -- ci/4073-ci-filters. --- .circleci/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6312f2414..7369369c2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -56,7 +56,6 @@ jobs: # Check what happens when applying a suggestion. echo PIPELINE_EVENT_ACTION=$PIPELINE_EVENT_ACTION echo PIPELINE_GIT_BRANCH=$PIPELINE_GIT_BRANCH - echo CIRCLE_PULL_REQUESTS=$CIRCLE_PULL_REQUESTS echo CIRCLE_PULL_REQUEST=$CIRCLE_PULL_REQUEST readonly PROTECTED_BRANCHES=( From 24c710bce2da4fd8576e0fd46847b4979173ae5a Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 08:50:48 +0200 Subject: [PATCH 08/12] Thu Jul 17 08:50:47 AM CEST 2025 -- ci/4073-ci-filters. --- .circleci/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 7369369c2..48fc4a4ce 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -56,7 +56,6 @@ jobs: # Check what happens when applying a suggestion. echo PIPELINE_EVENT_ACTION=$PIPELINE_EVENT_ACTION echo PIPELINE_GIT_BRANCH=$PIPELINE_GIT_BRANCH - echo CIRCLE_PULL_REQUEST=$CIRCLE_PULL_REQUEST readonly PROTECTED_BRANCHES=( master From 52c8164867adfbd918d08cff1235a041ed25f138 Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 09:51:12 +0200 Subject: [PATCH 09/12] Use a dedicated config to handle CircleCI Github event parameters. --- .circleci/config-github.yml | 128 ++++++++++++++++++++++++++++++++++++ .circleci/config.yml | 69 +------------------ 2 files changed, 129 insertions(+), 68 deletions(-) create mode 100644 .circleci/config-github.yml diff --git a/.circleci/config-github.yml b/.circleci/config-github.yml new file mode 100644 index 000000000..48fc4a4ce --- /dev/null +++ b/.circleci/config-github.yml @@ -0,0 +1,128 @@ +# This is the based configuration required by CircleCI to run a build. +# +# The repository uses the dynamic configuration to generate +# tasks for executing tests and checking the code coverage. +# +# This configuration aims to prepare a complete design and continue checking +# the repository in a new workflow. +# +# To modify the commands to execute on CI, review the following files: +# - scripts/ci/generate-circleci-configuration.js - the script that creates the `config-tests.yml` file used on the new workflow. +# - .circleci/template.yml - the template filled with data to execute. +# +# Useful resources: +# - https://circleci.com/docs/using-dynamic-configuration/ +version: 2.1 + +setup: true + +parameters: + triggerCommitHash: + type: string + default: "" + isNightly: + type: boolean + default: false + isRelease: + type: boolean + default: false + +orbs: + continuation: circleci/continuation@0.1.2 + +commands: + install_ssh_keys_command: + description: "Install SSH keys" + steps: + - add_ssh_keys: + fingerprints: + - "a0:41:a2:56:c8:7d:3f:29:41:d1:87:92:fd:50:2b:6b" + +jobs: + branch_protection_filter: + machine: true + resource_class: medium + steps: + - run: + name: Check if the build should continue. + command: | + #!/usr/bin/env bash + + set -euo pipefail + + PIPELINE_EVENT_ACTION="<< pipeline.event.action >>" + PIPELINE_GIT_BRANCH="<< pipeline.git.branch >>" + + # Check what happens when applying a suggestion. + echo PIPELINE_EVENT_ACTION=$PIPELINE_EVENT_ACTION + echo PIPELINE_GIT_BRANCH=$PIPELINE_GIT_BRANCH + + readonly PROTECTED_BRANCHES=( + master + ) + + readonly ALLOWED_PATTERNS=( + '^epic/' + '/epic/' + ) + + is_protected_branch() { + for b in "${PROTECTED_BRANCHES[@]}"; do + [[ $PIPELINE_GIT_BRANCH == "$b" ]] && return 0 + done + + return 1 + } + + matches_allowed_pattern() { + for pattern in "${ALLOWED_PATTERNS[@]}"; do + [[ $PIPELINE_GIT_BRANCH =~ $pattern ]] && return 0 + done + + return 1 + } + + should_allow_pipeline() { + # Allow for non-push events. A job could be trigger via API, a pull request, or a scheduled event. + [[ $PIPELINE_EVENT_ACTION != "push" ]] && return 0 + + # Direct commits on protected branches (after merging a pull request). + is_protected_branch && return 0 + + # Epic branches (direct commits or merged pull requests). + matches_allowed_pattern && return 0 + + # Most probably a direct commit on a feature branch. + return 1 + } + + if ! should_allow_pipeline; then + circleci-agent step halt + exit 1 + fi + + exit 0 + + generate_configuration: + docker: + - image: cimg/node:22.12.0 + steps: + - checkout + - install_ssh_keys_command + - run: + name: Install dependencies + command: yarn install + - run: + name: Generate a new configuration to check all packages in the repository + command: node scripts/ci/generate-circleci-configuration.js + - continuation/continue: + configuration_path: .circleci/config-tests.yml + +workflows: + version: 2 + config: + jobs: + - branch_protection_filter + - generate_configuration: + requires: + - branch_protection_filter diff --git a/.circleci/config.yml b/.circleci/config.yml index 48fc4a4ce..cd9a1b4d5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -39,70 +39,6 @@ commands: - "a0:41:a2:56:c8:7d:3f:29:41:d1:87:92:fd:50:2b:6b" jobs: - branch_protection_filter: - machine: true - resource_class: medium - steps: - - run: - name: Check if the build should continue. - command: | - #!/usr/bin/env bash - - set -euo pipefail - - PIPELINE_EVENT_ACTION="<< pipeline.event.action >>" - PIPELINE_GIT_BRANCH="<< pipeline.git.branch >>" - - # Check what happens when applying a suggestion. - echo PIPELINE_EVENT_ACTION=$PIPELINE_EVENT_ACTION - echo PIPELINE_GIT_BRANCH=$PIPELINE_GIT_BRANCH - - readonly PROTECTED_BRANCHES=( - master - ) - - readonly ALLOWED_PATTERNS=( - '^epic/' - '/epic/' - ) - - is_protected_branch() { - for b in "${PROTECTED_BRANCHES[@]}"; do - [[ $PIPELINE_GIT_BRANCH == "$b" ]] && return 0 - done - - return 1 - } - - matches_allowed_pattern() { - for pattern in "${ALLOWED_PATTERNS[@]}"; do - [[ $PIPELINE_GIT_BRANCH =~ $pattern ]] && return 0 - done - - return 1 - } - - should_allow_pipeline() { - # Allow for non-push events. A job could be trigger via API, a pull request, or a scheduled event. - [[ $PIPELINE_EVENT_ACTION != "push" ]] && return 0 - - # Direct commits on protected branches (after merging a pull request). - is_protected_branch && return 0 - - # Epic branches (direct commits or merged pull requests). - matches_allowed_pattern && return 0 - - # Most probably a direct commit on a feature branch. - return 1 - } - - if ! should_allow_pipeline; then - circleci-agent step halt - exit 1 - fi - - exit 0 - generate_configuration: docker: - image: cimg/node:22.12.0 @@ -122,7 +58,4 @@ workflows: version: 2 config: jobs: - - branch_protection_filter - - generate_configuration: - requires: - - branch_protection_filter + - generate_configuration From d844fd5c63202cf56617e7317ef9308c2edb33bb Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 09:54:02 +0200 Subject: [PATCH 10/12] Thu Jul 17 09:54:02 AM CEST 2025 -- ci/4073-ci-filters. From 6b7b444c4aacf73a5393890b26a73a55322049d6 Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 09:55:38 +0200 Subject: [PATCH 11/12] Thu Jul 17 09:55:37 AM CEST 2025 -- ci/4073-ci-filters. From e5b96feee17125e9026d22d995f4244d2b0b1f37 Mon Sep 17 00:00:00 2001 From: Kamil Piechaczek Date: Thu, 17 Jul 2025 09:57:21 +0200 Subject: [PATCH 12/12] Apply suggestion from @pomek --- .circleci/config-github.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config-github.yml b/.circleci/config-github.yml index 48fc4a4ce..a3aad7963 100644 --- a/.circleci/config-github.yml +++ b/.circleci/config-github.yml @@ -1,5 +1,6 @@ # This is the based configuration required by CircleCI to run a build. # +# # The repository uses the dynamic configuration to generate # tasks for executing tests and checking the code coverage. #