diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/ci-codeql-analysis.yml | 19 | ||||
| -rw-r--r-- | .github/workflows/ci-compat.yml | 26 | ||||
| -rw-r--r-- | .github/workflows/ci-openapi.yml | 271 | ||||
| -rw-r--r-- | .github/workflows/ci-tests.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/commands.yml | 13 | ||||
| -rw-r--r-- | .github/workflows/issue-stale.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/issue-template-check.yml | 7 | ||||
| -rw-r--r-- | .github/workflows/openapi-generate.yml | 44 | ||||
| -rw-r--r-- | .github/workflows/openapi-merge.yml | 140 | ||||
| -rw-r--r-- | .github/workflows/openapi-pull-request.yml | 80 | ||||
| -rw-r--r-- | .github/workflows/openapi-workflow-run.yml | 59 | ||||
| -rw-r--r-- | .github/workflows/project-automation.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/pull-request-conflict.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/pull-request-stale.yaml | 2 | ||||
| -rw-r--r-- | .github/workflows/release-bump-version.yaml | 6 |
15 files changed, 375 insertions, 309 deletions
diff --git a/.github/workflows/ci-codeql-analysis.yml b/.github/workflows/ci-codeql-analysis.yml index 0823cf9be9..442114dd80 100644 --- a/.github/workflows/ci-codeql-analysis.yml +++ b/.github/workflows/ci-codeql-analysis.yml @@ -8,6 +8,10 @@ on: schedule: - cron: '24 2 * * 4' +permissions: + contents: read + security-events: write + jobs: analyze: name: Analyze @@ -20,18 +24,21 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Setup .NET - uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 with: - dotnet-version: '9.0.x' + dotnet-version: '10.0.x' - name: Initialize CodeQL - uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8 + uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: languages: ${{ matrix.language }} queries: +security-extended + - name: Autobuild - uses: github/codeql-action/autobuild@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8 + uses: github/codeql-action/autobuild@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8 + uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 diff --git a/.github/workflows/ci-compat.yml b/.github/workflows/ci-compat.yml index a3c49969ce..dd48209a1f 100644 --- a/.github/workflows/ci-compat.yml +++ b/.github/workflows/ci-compat.yml @@ -1,6 +1,6 @@ name: ABI Compatibility on: - pull_request_target: + pull_request: permissions: {} @@ -11,22 +11,22 @@ jobs: permissions: read-all steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Setup .NET - uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 with: - dotnet-version: '9.0.x' + dotnet-version: '10.0.x' - name: Build run: | dotnet build Jellyfin.Server -o ./out - name: Upload Head - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: abi-head retention-days: 14 @@ -40,16 +40,16 @@ jobs: permissions: read-all steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} fetch-depth: 0 - name: Setup .NET - uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 with: - dotnet-version: '9.0.x' + dotnet-version: '10.0.x' - name: Checkout common ancestor env: @@ -65,7 +65,7 @@ jobs: dotnet build Jellyfin.Server -o ./out - name: Upload Head - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: abi-base retention-days: 14 @@ -77,7 +77,7 @@ jobs: pull-requests: write # to create or update comment (peter-evans/create-or-update-comment) name: ABI - Difference - if: ${{ github.event_name == 'pull_request_target' }} + if: ${{ github.event_name == 'pull_request' }} runs-on: ubuntu-latest needs: - abi-head @@ -85,13 +85,13 @@ jobs: steps: - name: Download abi-head - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: abi-head path: abi-head - name: Download abi-base - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: abi-base path: abi-base @@ -106,7 +106,7 @@ jobs: { echo 'body<<EOF' for file in Jellyfin.Data.dll MediaBrowser.Common.dll MediaBrowser.Controller.dll MediaBrowser.Model.dll Emby.Naming.dll Jellyfin.Extensions.dll Jellyfin.MediaEncoding.Keyframes.dll Jellyfin.Database.Implementations.dll; do - COMPAT_OUTPUT="$( { apicompat --left ./abi-base/${file} --right ./abi-head/${file}; } 2>&1 )" + COMPAT_OUTPUT="$( { apicompat --left ./abi-base/${file} --right ./abi-head/${file}; } 2>&1 || true )" if [ "APICompat ran successfully without finding any breaking changes." != "${COMPAT_OUTPUT}" ]; then printf "\n${file}\n${COMPAT_OUTPUT}\n" fi diff --git a/.github/workflows/ci-openapi.yml b/.github/workflows/ci-openapi.yml deleted file mode 100644 index 46af68e587..0000000000 --- a/.github/workflows/ci-openapi.yml +++ /dev/null @@ -1,271 +0,0 @@ -name: OpenAPI -on: - push: - branches: - - master - tags: - - 'v*' - pull_request_target: - -permissions: {} - -jobs: - openapi-head: - name: OpenAPI - HEAD - runs-on: ubuntu-latest - permissions: read-all - steps: - - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - ref: ${{ github.event.pull_request.head.sha }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - - name: Setup .NET - uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1 - with: - dotnet-version: '9.0.x' - - name: Generate openapi.json - run: dotnet test tests/Jellyfin.Server.Integration.Tests/Jellyfin.Server.Integration.Tests.csproj -c Release --filter "Jellyfin.Server.Integration.Tests.OpenApiSpecTests" - - name: Upload openapi.json - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 - with: - name: openapi-head - retention-days: 14 - if-no-files-found: error - path: tests/Jellyfin.Server.Integration.Tests/bin/Release/net9.0/openapi.json - - openapi-base: - name: OpenAPI - BASE - if: ${{ github.base_ref != '' }} - runs-on: ubuntu-latest - permissions: read-all - steps: - - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - ref: ${{ github.event.pull_request.head.sha }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - fetch-depth: 0 - - name: Checkout common ancestor - env: - HEAD_REF: ${{ github.head_ref }} - run: | - git remote add upstream https://github.com/${{ github.event.pull_request.base.repo.full_name }} - git -c protocol.version=2 fetch --prune --progress --no-recurse-submodules upstream +refs/heads/*:refs/remotes/upstream/* +refs/tags/*:refs/tags/* - ANCESTOR_REF=$(git merge-base upstream/${{ github.base_ref }} origin/$HEAD_REF) - git checkout --progress --force $ANCESTOR_REF - - name: Setup .NET - uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1 - with: - dotnet-version: '9.0.x' - - name: Generate openapi.json - run: dotnet test tests/Jellyfin.Server.Integration.Tests/Jellyfin.Server.Integration.Tests.csproj -c Release --filter "Jellyfin.Server.Integration.Tests.OpenApiSpecTests" - - name: Upload openapi.json - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 - with: - name: openapi-base - retention-days: 14 - if-no-files-found: error - path: tests/Jellyfin.Server.Integration.Tests/bin/Release/net9.0/openapi.json - - openapi-diff: - permissions: - pull-requests: write # to create or update comment (peter-evans/create-or-update-comment) - - name: OpenAPI - Difference - if: ${{ github.event_name == 'pull_request_target' }} - runs-on: ubuntu-latest - needs: - - openapi-head - - openapi-base - steps: - - name: Download openapi-head - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 - with: - name: openapi-head - path: openapi-head - - name: Download openapi-base - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 - with: - name: openapi-base - path: openapi-base - - name: Workaround openapi-diff issue - run: | - sed -i 's/"allOf"/"oneOf"/g' openapi-head/openapi.json - sed -i 's/"allOf"/"oneOf"/g' openapi-base/openapi.json - - name: Calculate OpenAPI difference - uses: docker://openapitools/openapi-diff - continue-on-error: true - with: - args: --fail-on-changed --markdown openapi-changes.md openapi-base/openapi.json openapi-head/openapi.json - - id: read-diff - name: Read openapi-diff output - run: | - # Read and fix markdown - body=$(cat openapi-changes.md) - # Write to workflow summary - echo "$body" >> $GITHUB_STEP_SUMMARY - # Set ApiChanged var - if [ "$body" != '' ]; then - echo "ApiChanged=1" >> "$GITHUB_OUTPUT" - else - echo "ApiChanged=0" >> "$GITHUB_OUTPUT" - fi - # Add header/footer for diff comment - echo '<!--openapi-diff-workflow-comment-->' > openapi-changes-reply.md - echo "<details>" >> openapi-changes-reply.md - echo "<summary>Changes in OpenAPI specification found. Expand to see details.</summary>" >> openapi-changes-reply.md - echo "" >> openapi-changes-reply.md - echo "$body" >> openapi-changes-reply.md - echo "" >> openapi-changes-reply.md - echo "</details>" >> openapi-changes-reply.md - - name: Find difference comment - uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0 - id: find-comment - with: - issue-number: ${{ github.event.pull_request.number }} - direction: last - body-includes: openapi-diff-workflow-comment - - name: Reply or edit difference comment (changed) - uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 - if: ${{ steps.read-diff.outputs.ApiChanged == '1' }} - with: - issue-number: ${{ github.event.pull_request.number }} - comment-id: ${{ steps.find-comment.outputs.comment-id }} - edit-mode: replace - body-path: openapi-changes-reply.md - - name: Edit difference comment (unchanged) - uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 - if: ${{ steps.read-diff.outputs.ApiChanged == '0' && steps.find-comment.outputs.comment-id != '' }} - with: - issue-number: ${{ github.event.pull_request.number }} - comment-id: ${{ steps.find-comment.outputs.comment-id }} - edit-mode: replace - body: | - <!--openapi-diff-workflow-comment--> - - No changes to OpenAPI specification found. See history of this comment for previous changes. - - publish-unstable: - name: OpenAPI - Publish Unstable Spec - if: ${{ github.event_name != 'pull_request_target' && !startsWith(github.ref, 'refs/tags/v') && contains(github.repository_owner, 'jellyfin') }} - runs-on: ubuntu-latest - needs: - - openapi-head - steps: - - name: Set unstable dated version - id: version - run: |- - echo "JELLYFIN_VERSION=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_ENV - - name: Download openapi-head - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 - with: - name: openapi-head - path: openapi-head - - name: Upload openapi.json (unstable) to repository server - uses: appleboy/scp-action@ff85246acaad7bdce478db94a363cd2bf7c90345 # v1.0.0 - with: - host: "${{ secrets.REPO_HOST }}" - username: "${{ secrets.REPO_USER }}" - key: "${{ secrets.REPO_KEY }}" - source: openapi-head/openapi.json - strip_components: 1 - target: "/srv/incoming/openapi/unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}" - - name: Move openapi.json (unstable) into place - uses: appleboy/ssh-action@823bd89e131d8d508129f9443cad5855e9ba96f0 # v1.2.4 - with: - host: "${{ secrets.REPO_HOST }}" - username: "${{ secrets.REPO_USER }}" - key: "${{ secrets.REPO_KEY }}" - debug: false - script_stop: false - script: | - if ! test -d /run/workflows; then - sudo mkdir -p /run/workflows - sudo chown ${{ secrets.REPO_USER }} /run/workflows - fi - ( - flock -x -w 300 200 || exit 1 - TGT_DIR="/srv/repository/main/openapi" - LAST_SPEC="$( ls -lt ${TGT_DIR}/unstable/ | grep 'jellyfin-openapi' | head -1 | awk '{ print $NF }' )" - # If new and previous spec don't differ (diff retcode 0), remove incoming and finish - if diff /srv/incoming/openapi/unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}/openapi.json ${TGT_DIR}/unstable/${LAST_SPEC} &>/dev/null; then - rm -r /srv/incoming/openapi/unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }} - exit 0 - fi - # Move new spec into place - sudo mv /srv/incoming/openapi/unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}/openapi.json ${TGT_DIR}/unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}.json - # Delete previous jellyfin-openapi-unstable_previous.json - sudo rm ${TGT_DIR}/jellyfin-openapi-unstable_previous.json - # Move current jellyfin-openapi-unstable.json symlink to jellyfin-openapi-unstable_previous.json - sudo mv ${TGT_DIR}/jellyfin-openapi-unstable.json ${TGT_DIR}/jellyfin-openapi-unstable_previous.json - # Create new jellyfin-openapi-unstable.json symlink - sudo ln -s unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}.json ${TGT_DIR}/jellyfin-openapi-unstable.json - # Check that the previous openapi unstable spec link is correct - if [[ "$( readlink ${TGT_DIR}/jellyfin-openapi-unstable_previous.json )" != "unstable/${LAST_SPEC}" ]]; then - sudo rm ${TGT_DIR}/jellyfin-openapi-unstable_previous.json - sudo ln -s unstable/${LAST_SPEC} ${TGT_DIR}/jellyfin-openapi-unstable_previous.json - fi - ) 200>/run/workflows/openapi-unstable.lock - - publish-stable: - name: OpenAPI - Publish Stable Spec - if: ${{ startsWith(github.ref, 'refs/tags/v') && contains(github.repository_owner, 'jellyfin') }} - runs-on: ubuntu-latest - needs: - - openapi-head - steps: - - name: Set version number - id: version - run: |- - echo "JELLYFIN_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV - - name: Download openapi-head - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 - with: - name: openapi-head - path: openapi-head - - name: Upload openapi.json (stable) to repository server - uses: appleboy/scp-action@ff85246acaad7bdce478db94a363cd2bf7c90345 # v1.0.0 - with: - host: "${{ secrets.REPO_HOST }}" - username: "${{ secrets.REPO_USER }}" - key: "${{ secrets.REPO_KEY }}" - source: openapi-head/openapi.json - strip_components: 1 - target: "/srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}" - - name: Move openapi.json (stable) into place - uses: appleboy/ssh-action@823bd89e131d8d508129f9443cad5855e9ba96f0 # v1.2.4 - with: - host: "${{ secrets.REPO_HOST }}" - username: "${{ secrets.REPO_USER }}" - key: "${{ secrets.REPO_KEY }}" - debug: false - script_stop: false - script: | - if ! test -d /run/workflows; then - sudo mkdir -p /run/workflows - sudo chown ${{ secrets.REPO_USER }} /run/workflows - fi - ( - flock -x -w 300 200 || exit 1 - TGT_DIR="/srv/repository/main/openapi" - LAST_SPEC="$( ls -lt ${TGT_DIR}/stable/ | grep 'jellyfin-openapi' | head -1 | awk '{ print $NF }' )" - # If new and previous spec don't differ (diff retcode 0), remove incoming and finish - if diff /srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}/openapi.json ${TGT_DIR}/stable/${LAST_SPEC} &>/dev/null; then - rm -r /srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }} - exit 0 - fi - # Move new spec into place - sudo mv /srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}/openapi.json ${TGT_DIR}/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}.json - # Delete previous jellyfin-openapi-stable_previous.json - sudo rm ${TGT_DIR}/jellyfin-openapi-stable_previous.json - # Move current jellyfin-openapi-stable.json symlink to jellyfin-openapi-stable_previous.json - sudo mv ${TGT_DIR}/jellyfin-openapi-stable.json ${TGT_DIR}/jellyfin-openapi-stable_previous.json - # Create new jellyfin-openapi-stable.json symlink - sudo ln -s stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}.json ${TGT_DIR}/jellyfin-openapi-stable.json - # Check that the previous openapi stable spec link is correct - if [[ "$( readlink ${TGT_DIR}/jellyfin-openapi-stable_previous.json )" != "stable/${LAST_SPEC}" ]]; then - sudo rm ${TGT_DIR}/jellyfin-openapi-stable_previous.json - sudo ln -s stable/${LAST_SPEC} ${TGT_DIR}/jellyfin-openapi-stable_previous.json - fi - ) 200>/run/workflows/openapi-stable.lock diff --git a/.github/workflows/ci-tests.yml b/.github/workflows/ci-tests.yml index f70243221d..f0ecb166b4 100644 --- a/.github/workflows/ci-tests.yml +++ b/.github/workflows/ci-tests.yml @@ -9,7 +9,7 @@ on: pull_request: env: - SDK_VERSION: "9.0.x" + SDK_VERSION: "10.0.x" jobs: run-tests: @@ -20,9 +20,9 @@ jobs: runs-on: "${{ matrix.os }}" steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1 + - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 with: dotnet-version: ${{ env.SDK_VERSION }} @@ -35,7 +35,7 @@ jobs: --verbosity minimal - name: Merge code coverage results - uses: danielpalme/ReportGenerator-GitHub-Action@ee0ae774f6d3afedcbd1683c1ab21b83670bdf8e # v5.5.1 + uses: danielpalme/ReportGenerator-GitHub-Action@a003c8fb9ac008fd0fffd5faa4f7d3ecb52e0675 # v5.5.7 with: reports: "**/coverage.cobertura.xml" targetdir: "merged/" diff --git a/.github/workflows/commands.yml b/.github/workflows/commands.yml index 0d3e09d1a1..9d3d99cb71 100644 --- a/.github/workflows/commands.yml +++ b/.github/workflows/commands.yml @@ -4,7 +4,7 @@ on: types: - created - edited - pull_request_target: + pull_request: types: - labeled - synchronize @@ -24,7 +24,7 @@ jobs: reactions: '+1' - name: Checkout the latest code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.JF_BOT_TOKEN }} fetch-depth: 0 @@ -36,20 +36,23 @@ jobs: rename: name: Rename - if: contains(github.event.comment.body, '@jellyfin-bot rename') && github.event.comment.author_association == 'MEMBER' + if: contains(github.event.comment.body, '@jellyfin-bot rename') runs-on: ubuntu-latest steps: - name: pull in script - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: jellyfin/jellyfin-triage-script + - name: install python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.14' cache: 'pip' + - name: install python packages run: pip install -r rename/requirements.txt + - name: run rename script run: python3 rename.py working-directory: ./rename diff --git a/.github/workflows/issue-stale.yml b/.github/workflows/issue-stale.yml index cb535297e0..339fcf569e 100644 --- a/.github/workflows/issue-stale.yml +++ b/.github/workflows/issue-stale.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest if: ${{ contains(github.repository, 'jellyfin/') }} steps: - - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: repo-token: ${{ secrets.JF_BOT_TOKEN }} ascending: true diff --git a/.github/workflows/issue-template-check.yml b/.github/workflows/issue-template-check.yml index 8be48b5c3a..dcd1fb7cfe 100644 --- a/.github/workflows/issue-template-check.yml +++ b/.github/workflows/issue-template-check.yml @@ -10,16 +10,19 @@ jobs: issues: write steps: - name: pull in script - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: jellyfin/jellyfin-triage-script + - name: install python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.14' cache: 'pip' + - name: install python packages run: pip install -r main-repo-triage/requirements.txt + - name: check and comment issue working-directory: ./main-repo-triage run: python3 single_issue_gha.py diff --git a/.github/workflows/openapi-generate.yml b/.github/workflows/openapi-generate.yml new file mode 100644 index 0000000000..dbfaf9d30b --- /dev/null +++ b/.github/workflows/openapi-generate.yml @@ -0,0 +1,44 @@ +name: OpenAPI Generate + +on: + workflow_call: + inputs: + ref: + required: true + type: string + repository: + required: true + type: string + artifact: + required: true + type: string + +permissions: + contents: read + +jobs: + main: + name: Main + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ inputs.ref }} + repository: ${{ inputs.repository }} + + - name: Configure .NET + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 + with: + dotnet-version: '10.0.x' + + - name: Create File + run: dotnet test tests/Jellyfin.Server.Integration.Tests/Jellyfin.Server.Integration.Tests.csproj -c Release --filter Jellyfin.Server.Integration.Tests.OpenApiSpecTests + + - name: Upload Artifact + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: ${{ inputs.artifact }} + path: tests/Jellyfin.Server.Integration.Tests/bin/Release/net10.0/openapi.json + retention-days: 14 + if-no-files-found: error diff --git a/.github/workflows/openapi-merge.yml b/.github/workflows/openapi-merge.yml new file mode 100644 index 0000000000..2421c09ad7 --- /dev/null +++ b/.github/workflows/openapi-merge.yml @@ -0,0 +1,140 @@ +name: OpenAPI Publish +on: + push: + branches: + - master + tags: + - 'v*' + +jobs: + publish-openapi: + name: OpenAPI - Publish Artifact + uses: ./.github/workflows/openapi-generate.yml + permissions: + contents: read + with: + ref: ${{ github.sha }} + repository: ${{ github.repository }} + artifact: openapi-head + + publish-unstable: + name: OpenAPI - Publish Unstable Spec + if: ${{ github.event_name != 'pull_request' && !startsWith(github.ref, 'refs/tags/v') && contains(github.repository_owner, 'jellyfin') }} + runs-on: ubuntu-latest + needs: + - publish-openapi + steps: + - name: Set unstable dated version + id: version + run: |- + echo "JELLYFIN_VERSION=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_ENV + - name: Download openapi-head + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: openapi-head + path: openapi-head + - name: Upload openapi.json (unstable) to repository server + uses: appleboy/scp-action@ff85246acaad7bdce478db94a363cd2bf7c90345 # v1.0.0 + with: + host: "${{ secrets.REPO_HOST }}" + username: "${{ secrets.REPO_USER }}" + key: "${{ secrets.REPO_KEY }}" + source: openapi-head/openapi.json + strip_components: 1 + target: "/srv/incoming/openapi/unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}" + - name: Move openapi.json (unstable) into place + uses: appleboy/ssh-action@0ff4204d59e8e51228ff73bce53f80d53301dee2 # v1.2.5 + with: + host: "${{ secrets.REPO_HOST }}" + username: "${{ secrets.REPO_USER }}" + key: "${{ secrets.REPO_KEY }}" + debug: false + script: | + if ! test -d /run/workflows; then + sudo mkdir -p /run/workflows + sudo chown ${{ secrets.REPO_USER }} /run/workflows + fi + ( + flock -x -w 300 200 || exit 1 + TGT_DIR="/srv/repository/main/openapi" + LAST_SPEC="$( ls -lt ${TGT_DIR}/unstable/ | grep 'jellyfin-openapi' | head -1 | awk '{ print $NF }' )" + # If new and previous spec don't differ (diff retcode 0), remove incoming and finish + if diff /srv/incoming/openapi/unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}/openapi.json ${TGT_DIR}/unstable/${LAST_SPEC} &>/dev/null; then + rm -r /srv/incoming/openapi/unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }} + exit 0 + fi + # Move new spec into place + sudo mv /srv/incoming/openapi/unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}/openapi.json ${TGT_DIR}/unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}.json + # Delete previous jellyfin-openapi-unstable_previous.json + sudo rm ${TGT_DIR}/jellyfin-openapi-unstable_previous.json + # Move current jellyfin-openapi-unstable.json symlink to jellyfin-openapi-unstable_previous.json + sudo mv ${TGT_DIR}/jellyfin-openapi-unstable.json ${TGT_DIR}/jellyfin-openapi-unstable_previous.json + # Create new jellyfin-openapi-unstable.json symlink + sudo ln -s unstable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}.json ${TGT_DIR}/jellyfin-openapi-unstable.json + # Check that the previous openapi unstable spec link is correct + if [[ "$( readlink ${TGT_DIR}/jellyfin-openapi-unstable_previous.json )" != "unstable/${LAST_SPEC}" ]]; then + sudo rm ${TGT_DIR}/jellyfin-openapi-unstable_previous.json + sudo ln -s unstable/${LAST_SPEC} ${TGT_DIR}/jellyfin-openapi-unstable_previous.json + fi + ) 200>/run/workflows/openapi-unstable.lock + + publish-stable: + name: OpenAPI - Publish Stable Spec + if: ${{ startsWith(github.ref, 'refs/tags/v') && contains(github.repository_owner, 'jellyfin') }} + runs-on: ubuntu-latest + needs: + - publish-openapi + steps: + - name: Set version number + id: version + run: |- + echo "JELLYFIN_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV + - name: Download openapi-head + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: openapi-head + path: openapi-head + - name: Upload openapi.json (stable) to repository server + uses: appleboy/scp-action@ff85246acaad7bdce478db94a363cd2bf7c90345 # v1.0.0 + with: + host: "${{ secrets.REPO_HOST }}" + username: "${{ secrets.REPO_USER }}" + key: "${{ secrets.REPO_KEY }}" + source: openapi-head/openapi.json + strip_components: 1 + target: "/srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}" + - name: Move openapi.json (stable) into place + uses: appleboy/ssh-action@0ff4204d59e8e51228ff73bce53f80d53301dee2 # v1.2.5 + with: + host: "${{ secrets.REPO_HOST }}" + username: "${{ secrets.REPO_USER }}" + key: "${{ secrets.REPO_KEY }}" + debug: false + script: | + if ! test -d /run/workflows; then + sudo mkdir -p /run/workflows + sudo chown ${{ secrets.REPO_USER }} /run/workflows + fi + ( + flock -x -w 300 200 || exit 1 + TGT_DIR="/srv/repository/main/openapi" + LAST_SPEC="$( ls -lt ${TGT_DIR}/stable/ | grep 'jellyfin-openapi' | head -1 | awk '{ print $NF }' )" + # If new and previous spec don't differ (diff retcode 0), remove incoming and finish + if diff /srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}/openapi.json ${TGT_DIR}/stable/${LAST_SPEC} &>/dev/null; then + rm -r /srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }} + exit 0 + fi + # Move new spec into place + sudo mv /srv/incoming/openapi/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}/openapi.json ${TGT_DIR}/stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}.json + # Delete previous jellyfin-openapi-stable_previous.json + sudo rm ${TGT_DIR}/jellyfin-openapi-stable_previous.json + # Move current jellyfin-openapi-stable.json symlink to jellyfin-openapi-stable_previous.json + sudo mv ${TGT_DIR}/jellyfin-openapi-stable.json ${TGT_DIR}/jellyfin-openapi-stable_previous.json + # Create new jellyfin-openapi-stable.json symlink + sudo ln -s stable/jellyfin-openapi-${{ env.JELLYFIN_VERSION }}.json ${TGT_DIR}/jellyfin-openapi-stable.json + # Check that the previous openapi stable spec link is correct + if [[ "$( readlink ${TGT_DIR}/jellyfin-openapi-stable_previous.json )" != "stable/${LAST_SPEC}" ]]; then + sudo rm ${TGT_DIR}/jellyfin-openapi-stable_previous.json + sudo ln -s stable/${LAST_SPEC} ${TGT_DIR}/jellyfin-openapi-stable_previous.json + fi + ) 200>/run/workflows/openapi-stable.lock diff --git a/.github/workflows/openapi-pull-request.yml b/.github/workflows/openapi-pull-request.yml new file mode 100644 index 0000000000..4acd0f4d4f --- /dev/null +++ b/.github/workflows/openapi-pull-request.yml @@ -0,0 +1,80 @@ +name: OpenAPI Check +on: + pull_request: + +jobs: + ancestor: + name: Common Ancestor + runs-on: ubuntu-latest + outputs: + base_ref: ${{ steps.ancestor.outputs.base_ref }} + steps: + - name: Checkout Repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ github.event.pull_request.head.sha }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + fetch-depth: 0 + - name: Search History + id: ancestor + run: | + git remote add upstream https://github.com/${{ github.event.pull_request.base.repo.full_name }} + git fetch --prune --progress --no-recurse-submodules upstream +refs/heads/*:refs/remotes/upstream/* +refs/tags/*:refs/tags/* + + ANCESTOR_REF=$(git merge-base upstream/${{ github.base_ref }} HEAD) + + echo "ref: ${ANCESTOR_REF}" + + echo "base_ref=${ANCESTOR_REF}" >> "$GITHUB_OUTPUT" + + head: + name: Head Artifact + uses: ./.github/workflows/openapi-generate.yml + with: + ref: ${{ github.event.pull_request.head.sha }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + artifact: openapi-head + + base: + name: Base Artifact + uses: ./.github/workflows/openapi-generate.yml + needs: + - ancestor + with: + ref: ${{ needs.ancestor.outputs.base_ref }} + repository: ${{ github.event.pull_request.base.repo.full_name }} + artifact: openapi-base + + diff: + name: Generate Report + runs-on: ubuntu-latest + needs: + - head + - base + steps: + - name: Download Head + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: openapi-head + path: openapi-head + - name: Download Base + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: openapi-base + path: openapi-base + - name: Detect Changes + id: openapi-diff + run: | + sed -i 's:allOf:oneOf:g' openapi-head/openapi.json + sed -i 's:allOf:oneOf:g' openapi-base/openapi.json + + mkdir -p /tmp/openapi-report + mv openapi-head/openapi.json /tmp/openapi-report/head.json + mv openapi-base/openapi.json /tmp/openapi-report/base.json + + docker run -v /tmp/openapi-report:/data openapitools/openapi-diff:2.1.6 /data/base.json /data/head.json --state -l ERROR --markdown /data/openapi-report.md + - name: Upload Artifact + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: openapi-report + path: /tmp/openapi-report/openapi-report.md diff --git a/.github/workflows/openapi-workflow-run.yml b/.github/workflows/openapi-workflow-run.yml new file mode 100644 index 0000000000..0f9e84e56b --- /dev/null +++ b/.github/workflows/openapi-workflow-run.yml @@ -0,0 +1,59 @@ +name: OpenAPI Report + +on: + workflow_run: + workflows: + - OpenAPI Check + types: + - completed + +jobs: + metadata: + name: Generate Metadata + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'success' }} + outputs: + pr_number: ${{ steps.pr_number.outputs.pr_number }} + steps: + - name: Get Pull Request Number + id: pr_number + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + HEAD_SHA: ${{ github.event.workflow_run.head_sha }} + run: | + API_RESPONSE=$(gh pr list --repo "${GITHUB_REPOSITORY}" --search "${HEAD_SHA}" --state open --json number) + PR_NUMBER=$(echo "${API_RESPONSE}" | jq '.[0].number') + + echo "repository: ${GITHUB_REPOSITORY}" + echo "sha: ${HEAD_SHA}" + echo "response: ${API_RESPONSE}" + echo "pr: ${PR_NUMBER}" + + echo "pr_number=${PR_NUMBER}" >> "${GITHUB_OUTPUT}" + + comment: + name: Pull Request Comment + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'success' }} + needs: + - metadata + permissions: + pull-requests: write + actions: read + contents: read + steps: + - name: Download OpenAPI Report + id: download_report + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: openapi-report + path: openapi-report + run-id: ${{ github.event.workflow_run.id }} + github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Push Comment + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + github-token: ${{ secrets.JF_BOT_TOKEN }} + file-path: ${{ steps.download_report.outputs.download-path }}/openapi-report.md + pr-number: ${{ needs.metadata.outputs.pr_number }} + comment-tag: openapi-report diff --git a/.github/workflows/project-automation.yml b/.github/workflows/project-automation.yml index d62f655b30..9a9f3214a7 100644 --- a/.github/workflows/project-automation.yml +++ b/.github/workflows/project-automation.yml @@ -4,7 +4,7 @@ on: push: branches: - master - pull_request_target: + pull_request: issue_comment: permissions: {} @@ -21,6 +21,7 @@ jobs: with: project: Current Release action: delete + column: In progress repo-token: ${{ secrets.JF_BOT_TOKEN }} - name: Add to 'Release Next' project diff --git a/.github/workflows/pull-request-conflict.yml b/.github/workflows/pull-request-conflict.yml index e6a9bf0caa..b003636a6e 100644 --- a/.github/workflows/pull-request-conflict.yml +++ b/.github/workflows/pull-request-conflict.yml @@ -4,7 +4,7 @@ on: push: branches: - master - pull_request_target: + pull_request: issue_comment: permissions: {} @@ -16,7 +16,7 @@ jobs: steps: - name: Apply label uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 # v3.0.3 - if: ${{ github.event_name == 'push' || github.event_name == 'pull_request_target'}} + if: ${{ github.event_name == 'push' || github.event_name == 'pull_request'}} with: dirtyLabel: 'merge conflict' commentOnDirty: 'This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged.' diff --git a/.github/workflows/pull-request-stale.yaml b/.github/workflows/pull-request-stale.yaml index 0d74e643e2..e114276c28 100644 --- a/.github/workflows/pull-request-stale.yaml +++ b/.github/workflows/pull-request-stale.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest if: ${{ contains(github.repository, 'jellyfin/') }} steps: - - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: repo-token: ${{ secrets.JF_BOT_TOKEN }} ascending: true diff --git a/.github/workflows/release-bump-version.yaml b/.github/workflows/release-bump-version.yaml index d39d2cb9c3..963b4a6023 100644 --- a/.github/workflows/release-bump-version.yaml +++ b/.github/workflows/release-bump-version.yaml @@ -28,12 +28,12 @@ jobs: timeoutSeconds: 3600 - name: Setup YQ - uses: chrisdickinson/setup-yq@latest + uses: chrisdickinson/setup-yq@fa3192edd79d6eb0e4e12de8dde3a0c26f2b853b # latest with: yq-version: v4.9.8 - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ env.TAG_BRANCH }} @@ -66,7 +66,7 @@ jobs: NEXT_VERSION: ${{ github.event.inputs.NEXT_VERSION }} steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ env.TAG_BRANCH }} |