chore: merge remote-tracking branch 'ietf-tools/main' into feat/clarity

.github/workflows/build.yml

@@ -59,47 +59,59 @@ jobs:
     steps:   
     - uses: actions/checkout@v4
       with:
-        fetch-depth: 0
+        fetch-depth: 1
+        fetch-tags: false
 
-    - name: Get Next Version
+    - name: Get Next Version (Prod)
       if: ${{ github.ref_name == 'release' }}
       id: semver
       uses: ietf-tools/semver-action@v1
       with:
         token: ${{ github.token }}
         branch: release
         skipInvalidTags: true
-
-    - name: Set Next Version Env Var
+
+    - name: Get Dev Version
+      if: ${{ github.ref_name != 'release' }}
+      id: semverdev
+      uses: ietf-tools/semver-action@v1
+      with:
+        token: ${{ github.token }}
+        branch: release
+        skipInvalidTags: true
+        noVersionBumpBehavior: 'current'
+        noNewCommitBehavior: 'current'
+
+    - name: Set Release Flag
       if: ${{ github.ref_name == 'release' }}
       run: |
-        echo "NEXT_VERSION=$nextStrict" >> $GITHUB_ENV
+        echo "IS_RELEASE=true" >> $GITHUB_ENV
         
     - name: Create Draft Release
-      uses: ncipollo/release-action@v1.13.0
+      uses: ncipollo/release-action@v1.14.0
       if: ${{ github.ref_name == 'release' }}
       with:
         prerelease: true
         draft: false
         commit: ${{ github.sha }}
-        tag: ${{ env.NEXT_VERSION }}
-        name: ${{ env.NEXT_VERSION }}
+        tag: ${{ steps.semver.outputs.nextStrict }}
+        name: ${{ steps.semver.outputs.nextStrict }}
         body: '*pending*'
         token: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Set Build Variables
       id: buildvars
       run: |
-        if [[ $NEXT_VERSION ]]; then
-          echo "Using AUTO SEMVER mode: $NEXT_VERSION"
+        if [[ $IS_RELEASE ]]; then
+          echo "Using AUTO SEMVER mode: ${{ steps.semver.outputs.nextStrict }}"
           echo "should_deploy=true" >> $GITHUB_OUTPUT
-          echo "pkg_version=$NEXT_VERSION" >> $GITHUB_OUTPUT
-          echo "::notice::Release $NEXT_VERSION created using branch $GITHUB_REF_NAME"
+          echo "pkg_version=${{ steps.semver.outputs.nextStrict }}" >> $GITHUB_OUTPUT
+          echo "::notice::Release ${{ steps.semver.outputs.nextStrict }} created using branch $GITHUB_REF_NAME"
         else
-          echo "Using TEST mode: 11.0.0-dev.$GITHUB_RUN_NUMBER"
+          echo "Using TEST mode: ${{ steps.semverdev.outputs.nextMajorStrict }}.0.0-dev.$GITHUB_RUN_NUMBER"
           echo "should_deploy=false" >> $GITHUB_OUTPUT
-          echo "pkg_version=11.0.0-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_OUTPUT
-          echo "::notice::Non-production build 11.0.0-dev.$GITHUB_RUN_NUMBER created using branch $GITHUB_REF_NAME"
+          echo "pkg_version=${{ steps.semverdev.outputs.nextMajorStrict }}.0.0-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_OUTPUT
+          echo "::notice::Non-production build ${{ steps.semverdev.outputs.nextMajorStrict }}.0.0-dev.$GITHUB_RUN_NUMBER created using branch $GITHUB_REF_NAME"
         fi
 
   # -----------------------------------------------------------------
@@ -122,6 +134,9 @@ jobs:
     if: ${{ !failure() && !cancelled() }}
     needs: [tests, prepare]
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
     env:
       SHOULD_DEPLOY: ${{needs.prepare.outputs.should_deploy}}
       PKG_VERSION: ${{needs.prepare.outputs.pkg_version}}
@@ -131,7 +146,8 @@ jobs:
     steps:
     - uses: actions/checkout@v4
       with:
-        fetch-depth: 0
+        fetch-depth: 1
+        fetch-tags: false
 
     - name: Setup Node.js
       uses: actions/setup-node@v4
@@ -145,20 +161,24 @@ jobs:
 
     - name: Download a Coverage Results
       if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }}
-      uses: actions/download-artifact@v4.1.0
+      uses: actions/download-artifact@v4.1.4
       with:
         name: coverage
 
     - name: Make Release Build
       env:
         DEBIAN_FRONTEND: noninteractive
+        BROWSERSLIST_IGNORE_OLD_DATA: 1
       run: |
         echo "PKG_VERSION: $PKG_VERSION"
         echo "GITHUB_SHA: $GITHUB_SHA"
         echo "GITHUB_REF_NAME: $GITHUB_REF_NAME"
-        echo "Running build script..."
-        chmod +x ./dev/deploy/build.sh
-        sh ./dev/deploy/build.sh
+        echo "Running frontend build script..."
+        echo "Compiling native node packages..."
+        yarn rebuild
+        echo "Packaging static assets..."
+        yarn build --base=https://static.ietf.org/dt/$PKG_VERSION/
+        yarn legacy:build
         echo "Setting version $PKG_VERSION..."
         sed -i -r -e "s|^__version__ += '.*'$|__version__ = '$PKG_VERSION'|" ietf/__init__.py
         sed -i -r -e "s|^__release_hash__ += '.*'$|__release_hash__ = '$GITHUB_SHA'|" ietf/__init__.py
@@ -176,7 +196,57 @@ jobs:
       run: |
         echo "Build release tarball..."
         mkdir -p /home/runner/work/release
-        tar -czf /home/runner/work/release/release.tar.gz -X dev/deploy/exclude-patterns.txt .
+        tar -czf /home/runner/work/release/release.tar.gz -X dev/build/exclude-patterns.txt .
+
+    - name: Collect + Push Statics
+      env:
+        DEBIAN_FRONTEND: noninteractive
+        AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_STATIC_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_STATIC_KEY_SECRET }}
+        AWS_DEFAULT_REGION: auto
+        AWS_ENDPOINT_URL: ${{ secrets.CF_R2_ENDPOINT }}
+      run: |
+        echo "Collecting statics..."
+        docker run --rm --name collectstatics -v $(pwd):/workspace ghcr.io/ietf-tools/datatracker-app-base:latest sh dev/build/collectstatics.sh
+        echo "Pushing statics..."
+        cd static
+        aws s3 sync . s3://static/dt/$PKG_VERSION --only-show-errors
+
+    - name: Augment dockerignore for docker image build
+      env:
+        DEBIAN_FRONTEND: noninteractive
+      run: |
+        cat >> .dockerignore <<EOL
+        .devcontainer
+        .github
+        .vscode
+        helm
+        playwright
+        svn-history
+        docker-compose.yml
+        EOL
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build Release Docker Image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: dev/build/Dockerfile
+        platforms: linux/amd64,linux/arm64
+        push: true
+        tags: ghcr.io/ietf-tools/datatracker:${{ env.PKG_VERSION }}
 
     - name: Update CHANGELOG
       id: changelog
@@ -208,7 +278,7 @@ jobs:
         histCoveragePath: historical-coverage.json
 
     - name: Create Release
-      uses: ncipollo/release-action@v1.13.0
+      uses: ncipollo/release-action@v1.14.0
       if: ${{ env.SHOULD_DEPLOY == 'true' }}
       with:
         allowUpdates: true
@@ -221,7 +291,7 @@ jobs:
         token: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Update Baseline Coverage
-      uses: ncipollo/release-action@v1.13.0
+      uses: ncipollo/release-action@v1.14.0
       if: ${{ github.event.inputs.updateCoverage == 'true' || github.ref_name == 'release' }}
       with:
         allowUpdates: true
@@ -253,7 +323,7 @@ jobs:
     steps:      
     - name: Notify on Slack (Success)
       if: ${{ !contains(join(needs.*.result, ','), 'failure') }}
-      uses: slackapi/slack-github-action@v1.24.0
+      uses: slackapi/slack-github-action@v1.25.0
       with:
         channel-id: ${{ secrets.SLACK_GH_BUILDS_CHANNEL_ID }}
         payload: |
@@ -276,7 +346,7 @@ jobs:
         SLACK_BOT_TOKEN: ${{ secrets.SLACK_GH_BOT }}
     - name: Notify on Slack (Failure)
       if: ${{ contains(join(needs.*.result, ','), 'failure') }}
-      uses: slackapi/slack-github-action@v1.24.0
+      uses: slackapi/slack-github-action@v1.25.0
       with:
         channel-id: ${{ secrets.SLACK_GH_BUILDS_CHANNEL_ID }}
         payload: |
@@ -315,7 +385,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Download a Release Artifact
-      uses: actions/download-artifact@v4.1.0
+      uses: actions/download-artifact@v4.1.4
       with:
         name: release-${{ env.PKG_VERSION }}
 
@@ -351,7 +421,7 @@ jobs:
 
     steps:
     - name: Download a Release Artifact
-      uses: actions/download-artifact@v4.1.0
+      uses: actions/download-artifact@v4.1.4
       with:
         name: release-${{ env.PKG_VERSION }}
         path: /a/www/ietf-datatracker/main.dev.${{ github.run_number }}

.github/workflows/dependency-review.yml

@@ -17,6 +17,6 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4
         with:
           vulnerability-check: false

.github/workflows/tests-az.yml

@@ -38,7 +38,7 @@ jobs:
         ssh-keyscan -t rsa $vminfo >> ~/.ssh/known_hosts
 
     - name: Remote SSH into VM
-      uses: appleboy/ssh-action@2451745138b602d3e100a6def50c8e4e39591d4c
+      uses: appleboy/ssh-action@029f5b4aeeeb58fdfe1410a5d17f967dacf36262
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:

.github/workflows/tests.yml

@@ -59,7 +59,7 @@ jobs:
         path: geckodriver.log
 
     - name: Upload Coverage Results to Codecov
-      uses: codecov/codecov-action@v3.1.4
+      uses: codecov/codecov-action@v4.2.0
       with:
         files: coverage.xml
 

.gitignore

@@ -23,8 +23,10 @@ datatracker.sublime-workspace
 /media
 /node_modules
 /release-coverage.json
+/static
 /tmp-*
 /.testresult
+*.swp
 *.pyc
 __pycache__
 .yarn/*