ci: tidy up workflows and implement a consistent style #1905
Conversation
all workflows now use ubuntu-24.04 as the runner type to match the release workflows codeql.yml - bump actions to v3 - add least-privilege perms + concurrency to stop duplicate runs - ignore docs only changes conflict_labeler.yml - run on opened, reopened, and synchronize - bump action version - add concurrency group to avoid duplicate labeling cypress.yml - skip docs-only changes; don’t run on draft PRs - add concurrency to stop duplicate runs + 10m timeout docs-deploy.yml - add configure-pages@v5 and bump upload-pages-artifact to v4 - set explicit pages/id-token perms + concurrency - minor cleanups (working-directory, ubuntu-24.04) helm.yml - switch oras discover to oras manifest fetch - add concurrency to stop duplicate runs lint-helm-charts.yml - bump action versions - enforce version bumps (--check-version-increment=true) - add least-privilege perms + concurrency to stop duplicate runs support.yml - add least-privilege perms test-docs-deploy.yml - add least-privilege perms + concurrency to stop duplicate runs
|
CC: @M0NsTeRRR |
|
@M0NsTeRRR I just pushed the commit, please let me know when you have looked over it. |
|
@M0NsTeRRR this is where we will see some issues now as we made this two separate PR's I added the pnpm logic into these workflows but these will now fail the tests as the package.json changes are not present in this PR. |
|
Closed PR-1904 and merged into PR-1905. |
fallenbagel
left a comment
There was a problem hiding this comment.
@sudo-kraken lockfile needs to be updated
|
This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged. |
|
|
@sudo-kraken there is still a merge conflict in the lock file |
|
The conflict is resolved and tests passed. |
|
I have created a branch with the updated workflows in my fork then pr'd them into develop to test along with the updated Dockerfile and package.json etc, with the only difference being that the publishing sections are removed leaving only the builds in, the preview run has been successful and the other is running see below: Preview: https://github.com/sudo-kraken/jellyseerr/actions/runs/17947025757 |
|
Last hotfix hopefully, added to update the latest tag in release.yml as it was still using the old env var for the owner. |
Signed-off-by: Ludovic Ortega <[email protected]>
|
Fixed :
Otherwise LGTM, @sudo-kraken any comment on my last commit ? |
Signed-off-by: Ludovic Ortega <[email protected]>
Review complete, all good from me, good work. LGTM 👍 |
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
| uses: docker/build-push-action@v5 | ||
|
|
||
| - name: Warm cache (no push) — ${{ matrix.platform }} | ||
| uses: docker/build-push-action@v6 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> "$GITHUB_OUTPUT" | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| docker manifest push ghcr.io/${{ env.OWNER_LC }}/jellyseerr:develop | ||
| - name: Extract metadata | ||
| id: meta | ||
| uses: docker/metadata-action@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| org.opencontainers.image.created=${{ steps.ts.outputs.TIMESTAMP }} | ||
| - name: Build & Push (multi-arch, single tag) | ||
| uses: docker/build-push-action@v6 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
|
|
||
| - name: Set up Helm | ||
| uses: azure/[email protected] | ||
| uses: azure/setup-helm@v4 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> "$GITHUB_OUTPUT" | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Log in to Docker Hub | ||
| uses: docker/login-action@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| password: ${{ secrets.DOCKER_TOKEN }} | ||
|
|
||
| - name: Log in to GitHub Container Registry | ||
| uses: docker/login-action@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
|
|
||
| - name: Extract metadata | ||
| id: meta | ||
| uses: docker/metadata-action@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| org.opencontainers.image.created=${{ steps.ts.outputs.TIMESTAMP }} | ||
| - name: Build & Push (multi-arch, single tag) | ||
| uses: docker/build-push-action@v6 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
|
@all-contributors please add @sudo-kraken for infra |
|
I've put up a pull request to add @sudo-kraken! 🎉 |
feat(ci): tidy up workflows and implement a consistent style
all workflows now use ubuntu-24.04 as the runner type to match the release workflows
codeql.yml
conflict_labeler.yml
cypress.yml
docs-deploy.yml
helm.yml
lint-helm-charts.yml
support.yml
test-docs-deploy.yml