vasceannie/nhost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(ci): minor improvements to the ci (#3527)

Browse Source
This commit is contained in:
David Barroso
2025-09-29 12:02:04 +02:00
committed by GitHub
parent 48ef43202c
commit 7d2bc4c06e
37 changed files with 110 additions and 710 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/ci_release.yaml vendored
View File

@@ -36,7 +36,7 @@ jobs:
cli:
needs: extract-project
if: needs.extract-project.outputs.project == 'cli'
uses: ./.github/workflows/cli_release.yaml
uses: ./.github/workflows/cli_wf_release.yaml
with:
GIT_REF: ${{ github.sha }}
VERSION: ${{ needs.extract-project.outputs.version }}
@@ -51,7 +51,7 @@ jobs:
dashboard:
needs: extract-project
if: needs.extract-project.outputs.project == '@nhost/dashboard'
uses: ./.github/workflows/dashboard_release.yaml
uses: ./.github/workflows/dashboard_wf_release.yaml
with:
GIT_REF: ${{ github.sha }}
VERSION: ${{ needs.extract-project.outputs.version }}
@@ -85,7 +85,7 @@ jobs:
storage:
needs: extract-project
if: needs.extract-project.outputs.project == 'storage'
uses: ./.github/workflows/storage_release.yaml
uses: ./.github/workflows/storage_wf_release.yaml
with:
GIT_REF: ${{ github.sha }}
VERSION: ${{ needs.extract-project.outputs.version }}

6
.github/workflows/cli_checks.yaml vendored
View File

@@ -27,6 +27,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check-permissions:
runs-on: ubuntu-latest
@@ -70,7 +74,7 @@ jobs:
NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
test_cli_build:
uses: ./.github/workflows/cli_test_new_project.yaml
uses: ./.github/workflows/cli_wf_test_new_project.yaml
needs:
- check-permissions
- build_artifacts

0
.github/workflows/cli_release.yaml → .github/workflows/cli_wf_release.yaml vendored
View File

0
.github/workflows/cli_test_new_project.yaml → .github/workflows/cli_wf_test_new_project.yaml vendored
View File

4
.github/workflows/codegen_checks.yaml vendored
View File

@@ -25,6 +25,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check-permissions:
runs-on: ubuntu-latest

8
.github/workflows/dashboard_checks.yaml vendored
View File

@@ -32,6 +32,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check-permissions:
runs-on: ubuntu-latest
@@ -59,6 +63,7 @@ jobs:
VERCEL_TEAM_ID: ${{ secrets.DASHBOARD_VERCEL_TEAM_ID }}
VERCEL_PROJECT_ID: ${{ secrets.DASHBOARD_STAGING_VERCEL_PROJECT_ID }}
VERCEL_DEPLOY_TOKEN: ${{ secrets.DASHBOARD_VERCEL_DEPLOY_TOKEN }}
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
build_artifacts:
@@ -71,6 +76,7 @@ jobs:
GIT_REF: ${{ github.sha }}
VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
DOCKER: true
OS_MATRIX: '["blacksmith-2vcpu-ubuntu-2404"]'
secrets:
AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
@@ -93,7 +99,7 @@ jobs:
e2e_staging:
uses: ./.github/workflows/wf_dashboard_e2e_staging.yaml
uses: ./.github/workflows/dashboard_wf_e2e_staging.yaml
needs:
- check-permissions
- deploy-vercel

27
.github/workflows/dashboard_release_staging.yaml vendored
View File

@@ -4,6 +4,32 @@ on:
push:
branches:
- main
paths:
- '.github/workflows/wf_build_artifacts.yaml'
- '.github/workflows/wf_check.yaml'
- '.github/workflows/dashboard_checks.yaml'
# common build
- 'flake.nix'
- 'flake.lock'
- 'nixops/**'
- 'build/**'
# common javascript
- ".npmrc"
- ".prettierignore"
- ".prettierrc.js"
- "audit-ci.jsonc"
- "package.json"
- "pnpm-workspace.yaml"
- "pnpm-lock.yaml"
- "turbo.json"
# dashboard
- "dashboard/**"
# nhost-js
- packages/nhost-js/**
jobs:
deploy-vercel:
@@ -19,4 +45,5 @@ jobs:
VERCEL_TEAM_ID: ${{ secrets.DASHBOARD_VERCEL_TEAM_ID }}
VERCEL_PROJECT_ID: ${{ secrets.DASHBOARD_STAGING_VERCEL_PROJECT_ID }}
VERCEL_DEPLOY_TOKEN: ${{ secrets.DASHBOARD_VERCEL_DEPLOY_TOKEN }}
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_STAGING }}

4
.github/workflows/wf_dashboard_e2e_staging.yaml → .github/workflows/dashboard_wf_e2e_staging.yaml vendored
View File

@@ -59,6 +59,10 @@ on:
PLAYWRIGHT_REPORT_ENCRYPTION_KEY:
required: true
concurrency:
group: dashboard-e2e-staging
cancel-in-progress: false
env:
NEXT_PUBLIC_ENV: dev
NEXT_TELEMETRY_DISABLED: 1

1
.github/workflows/dashboard_release.yaml → .github/workflows/dashboard_wf_release.yaml vendored
View File

@@ -46,6 +46,7 @@ jobs:
VERCEL_TEAM_ID: ${{ secrets.VERCEL_TEAM_ID }}
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
VERCEL_DEPLOY_TOKEN: ${{ secrets.VERCEL_DEPLOY_TOKEN }}
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
build_artifacts:

4
.github/workflows/docs_checks.yaml vendored
View File

@@ -31,6 +31,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check-permissions:
runs-on: ubuntu-latest

5
.github/workflows/examples_demos_checks.yaml vendored
View File

@@ -41,6 +41,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check-permissions:
runs-on: ubuntu-latest
@@ -77,6 +81,7 @@ jobs:
GIT_REF: ${{ github.sha }}
VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
DOCKER: false
OS_MATRIX: '["blacksmith-2vcpu-ubuntu-2404"]'
secrets:
AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}

5
.github/workflows/examples_guides_checks.yaml vendored
View File

@@ -41,6 +41,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check-permissions:
runs-on: ubuntu-latest
@@ -77,6 +81,7 @@ jobs:
GIT_REF: ${{ github.sha }}
VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
DOCKER: false
OS_MATRIX: '["blacksmith-2vcpu-ubuntu-2404"]'
secrets:
AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}

5
.github/workflows/examples_tutorials_checks.yaml vendored
View File

@@ -41,6 +41,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check-permissions:
runs-on: ubuntu-latest
@@ -77,6 +81,7 @@ jobs:
GIT_REF: ${{ github.sha }}
VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
DOCKER: false
OS_MATRIX: '["blacksmith-2vcpu-ubuntu-2404"]'
secrets:
AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}

4
.github/workflows/gen_codeql-analysis.yml vendored
View File

@@ -1,8 +1,6 @@
name: "CodeQL"
on:
push: {}
pull_request: {}
schedule:
- cron: '20 23 * * 3'
@@ -18,7 +16,7 @@ jobs:
strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
language: [ 'javascript', 'go' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support

4
.github/workflows/nhost-js_checks.yaml vendored
View File

@@ -38,6 +38,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check-permissions:
runs-on: ubuntu-latest

4
.github/workflows/nixops_checks.yaml vendored
View File

@@ -17,6 +17,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check-permissions:
runs-on: ubuntu-latest

4
.github/workflows/storage_checks.yaml vendored
View File

@@ -26,6 +26,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check-permissions:
runs-on: ubuntu-latest

0
.github/workflows/storage_release.yaml → .github/workflows/storage_wf_release.yaml vendored
View File

6
.github/workflows/wf_build_artifacts.yaml vendored
View File

@@ -17,6 +17,10 @@ on:
DOCKER:
type: boolean
required: true
OS_MATRIX:
type: string
required: false
default: '["blacksmith-4vcpu-ubuntu-2404-arm", "blacksmith-2vcpu-ubuntu-2404"]'
secrets:
AWS_ACCOUNT_ID:
required: true
@@ -37,7 +41,7 @@ jobs:
strategy:
matrix:
os: [blacksmith-4vcpu-ubuntu-2404-arm, blacksmith-2vcpu-ubuntu-2404]
os: ${{ fromJSON(inputs.OS_MATRIX) }}
fail-fast: true
runs-on: ${{ matrix.os }}

4
.github/workflows/wf_deploy_vercel.yaml vendored
View File

@@ -27,6 +27,8 @@ on:
required: true
DISCORD_WEBHOOK:
required: false
TURBO_TOKEN:
required: true
outputs:
preview-url:
@@ -69,6 +71,8 @@ jobs:
env:
VERCEL_ORG_ID: ${{ secrets.VERCEL_TEAM_ID }}
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: nhost
run: |
TARGET_OPTS="--target=${{ inputs.ENVIRONMENT }}"
echo "Deploying to: ${{ inputs.ENVIRONMENT }}..."

20
cli/.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -1,20 +0,0 @@
## Description
<!--
Use one of the following title prefix to categorize the pull request:
feat: mark this pull request as a feature
fix: mark this pull request as a bug fix
chore: mark this pull request as a maintenance item
To auto merge this pull request when it was approved
by another member of the organization: set the label `auto-merge`
-->
## Problem
A short description of the problem this PR is addressing.
## Solution
A short description of the chosen method to resolve the problem
with an overview of the logic and implementation details when needed.
## Notes
Other notes that you want to share but do not fit into _Problem_ or _Solution_.

36
cli/.github/cert.sh vendored
View File

@@ -1,36 +0,0 @@
#!/bin/bash
set -euo pipefail
mkdir -p /tmp/letsencrypt
echo "Generating SSL certificate for hostnames: local.nhost.run, local.graphql.nhost.run, local.auth.nhost.run, local.storage.nhost.run, local.functions.nhost.run, local.mail.nhost.run"
docker run --rm \
--name certbot \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-e AWS_REGION \
-v /tmp/letsencrypt:/etc/letsencrypt \
-v /tmp/letsencrypt:/var/lib/letsencrypt \
certbot/dns-route53 certonly --dns-route53 --dns-route53-propagation-seconds 60 \
-d local.auth.nhost.run \
-d local.dashboard.nhost.run \
-d local.db.nhost.run \
-d local.functions.nhost.run \
-d local.graphql.nhost.run \
-d local.hasura.nhost.run \
-d local.mailhog.nhost.run \
-d local.storage.nhost.run \
-d *.auth.local.nhost.run \
-d *.dashboard.local.nhost.run \
-d *.db.local.nhost.run \
-d *.functions.local.nhost.run \
-d *.graphql.local.nhost.run \
-d *.hasura.local.nhost.run \
-d *.mailhog.local.nhost.run \
-d *.storage.local.nhost.run \
-m 'admin@nhost.io' --non-interactive --agree-tos --server https://acme-v02.api.letsencrypt.org/directory
sudo cp /tmp/letsencrypt/live/local.db.nhost.run/fullchain.pem ssl/.ssl/
sudo cp /tmp/letsencrypt/live/local.db.nhost.run/privkey.pem ssl/.ssl/

8
cli/.github/labeler.yml vendored
View File

@@ -1,8 +0,0 @@
labels:
'feature':
- '^(?i:feat)'
- '^(?i:feature)'
'fix':
- '^(?i:fix)'
'chore':
- '^(?i:chore)'

39
cli/.github/release-drafter.yml vendored
View File

@@ -1,39 +0,0 @@
name-template: 'v$RESOLVED_VERSION'
tag-template: 'v$RESOLVED_VERSION'
categories:
- title: '🚀 Features'
label: 'feature'
- title: '🐛 Bug Fixes'
label: 'fix'
- title: '🧰 Maintenance'
label: 'chore'
change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
version-resolver:
major:
labels:
- 'major'
minor:
labels:
- 'minor'
patch:
labels:
- 'patch'
default: patch
autolabeler:
- label: 'feature'
title:
- '/^feat/i'
- '/^feature/i'
- label: 'fix'
title:
- '/^fix/i'
- label: 'chore'
title:
- '/^chore/i'
prerelease: true
template: |
## Changes
$CHANGES

16
cli/.github/stale.yml vendored
View File

@@ -1,16 +0,0 @@
# Configuration for probot-stale - https://github.com/probot/stale
daysUntilStale: 180
daysUntilClose: 7
limitPerRun: 30
onlyLabels: []
exemptLabels: []
exemptProjects: false
exemptMilestones: false
exemptAssignees: false
staleLabel: stale
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs. Thank you
for your contributions.

17
cli/.github/workflows/assign_labels.yml vendored
View File

@@ -1,17 +0,0 @@
# this workflow will run on all pull requests opened but in the context of the base of the pull request.
on:
pull_request_target:
types: [opened]
name: "assign labels"
jobs:
# labeler will label pull requests based on their title.
# the configuration is at .github/labeler.yml.
label_pull_request:
runs-on: ubuntu-latest
steps:
-
name: Label Pull Request
uses: jimschubert/labeler-action@v2
with:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

53
cli/.github/workflows/build-cert-weekly.yaml.disabled vendored
View File

@@ -1,53 +0,0 @@
---
name: "build certificate weekly"
on:
schedule:
- cron: '0 0 * * 1'
jobs:
run:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Check out repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Configure aws
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::796351718684:role/github-actions-nhost-cli
aws-region: eu-central-1
- name: fetch let's encrypt cert
id: certs
run: |
.github/cert.sh
echo "CERT_FULL_CHAIN<<EOF" >> $GITHUB_OUTPUT
sudo cat /tmp/letsencrypt/live/local.db.nhost.run/fullchain.pem >> "$GITHUB_OUTPUT"
echo EOF >> $GITHUB_OUTPUT
echo "CERT_PRIV_KEY<<EOF" >> $GITHUB_OUTPUT
sudo cat /tmp/letsencrypt/live/local.db.nhost.run/privkey.pem >> "$GITHUB_OUTPUT"
echo EOF >> $GITHUB_OUTPUT
shell: bash
- uses: hmanzur/actions-set-secret@v2.0.0
with:
name: 'CERT_FULL_CHAIN'
value: "${{ steps.certs.outputs.CERT_FULL_CHAIN }}"
repository: nhost/cli
token: ${{ secrets.GH_PAT }}
- uses: hmanzur/actions-set-secret@v2.0.0
with:
name: 'CERT_PRIV_KEY'
value: "${{ steps.certs.outputs.CERT_PRIV_KEY }}"
repository: nhost/cli
token: ${{ secrets.GH_PAT }}

27
cli/.github/workflows/checks.yaml vendored
View File

@@ -1,27 +0,0 @@
---
name: "check and build"
on:
pull_request:
push:
branches:
- main
jobs:
tests:
uses: ./.github/workflows/wf_check.yaml
secrets:
NHOST_PAT: ${{ secrets.NHOST_PAT }}
build_artifacts:
strategy:
fail-fast: true
matrix:
GOOS: ["darwin", "linux"]
GOARCH: ["amd64", "arm64"]
uses: ./.github/workflows/wf_build_artifacts.yaml
with:
GOOS: ${{ matrix.GOOS }}
GOARCH: ${{ matrix.GOARCH }}
VERSION: ${{ github.sha }}
secrets:
NHOST_PAT: ${{ secrets.NHOST_PAT }}

56
cli/.github/workflows/codeql-analysis.yml vendored
View File

@@ -1,56 +0,0 @@
name: "CodeQL"
on:
push: {}
pull_request: {}
schedule:
- cron: '20 23 * * 3'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'go' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

27
cli/.github/workflows/gen_ai_review.yaml vendored
View File

@@ -1,27 +0,0 @@
---
name: "gen: AI review"
on:
pull_request:
types: [opened, reopened, ready_for_review]
issue_comment:
jobs:
pr_agent_job:
if: ${{ github.event.sender.type != 'Bot' }}
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
issues: write
pull-requests: write
name: Run pr agent on every pull request, respond to user comments
steps:
- name: PR Agent action step
id: pragent
uses: Codium-ai/pr-agent@v0.29
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OPENAI_KEY: ${{ secrets.OPENAI_API_KEY }}
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
config.max_model_tokens: 100000
config.model: "anthropic/claude-sonnet-4-20250514"
config.model_turbo: "anthropic/claude-sonnet-4-20250514"
ignore.glob: "['vendor/**','**/client_gen.go','**/models_gen.go','**/generated.go','**/*.gen.go']"

91
cli/.github/workflows/gen_schedule_update_deps.yaml vendored
View File

@@ -1,91 +0,0 @@
---
name: "gen: update depenendencies"
on:
schedule:
- cron: '0 2 1 2,5,8,11 *'
jobs:
run:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
pull-requests: write
steps:
- name: Check out repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure aws
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}:role/github-actions-nhost-${{ github.event.repository.name }}
aws-region: eu-central-1
- uses: nixbuild/nix-quick-install-action@v26
with:
nix_version: 2.16.2
nix_conf: |
experimental-features = nix-command flakes
sandbox = false
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
substituters = https://cache.nixos.org/?priority=40 s3://nhost-nix-cache?region=eu-central-1&priority=50
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ secrets.NIX_CACHE_PUB_KEY }}
- name: Cache nix store
uses: actions/cache@v4
with:
path: /nix
key: nix-update-deps-${{ hashFiles('flakes.nix', 'flake.lock') }}
- name: Update nix flakes
run: nix flake update
- uses: shaunco/ssh-agent@git-repo-mapping
with:
ssh-private-key: |
${{ secrets.NHOST_BE_DEPLOY_SSH_PRIVATE_KEY}}
repo-mappings: |
github.com/nhost/be
- name: Update golang dependencies
run: |
export GOPRIVATE=github.com/nhost/be
nix develop -c bash -c "
go mod tidy
go get -u $(cat go.mod | grep nhost\/be | tr ' ' '@') ./...
go mod tidy
go mod vendor
"
- name: Create Pull Request
uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: Update dependencies
committer: GitHub <noreply@github.com>
author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
signoff: false
branch: automated/update-deps
delete-branch: true
title: '[Scheduled] Update dependencies'
body: |
Dependencies updated
Note - If you see this PR and the checks haven't run, close and reopen the PR. See https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
labels: |
dependencies
draft: false
- name: "Cache nix store on s3"
run: |
echo ${{ secrets.NIX_CACHE_PRIV_KEY }} > cache-priv-key.pem
nix build .\#devShells.x86_64-linux.default
nix store sign --key-file cache-priv-key.pem --all
nix copy --to s3://nhost-nix-cache\?region=eu-central-1 .\#devShells.x86_64-linux.default
- run: rm cache-priv-key.pem
if: always()

35
cli/.github/workflows/release.yaml vendored
View File

@@ -1,35 +0,0 @@
---
name: "release"
on:
release:
types: [published]
jobs:
tests:
uses: ./.github/workflows/wf_check.yaml
secrets:
NHOST_PAT: ${{ secrets.NHOST_PAT }}
build_artifacts:
strategy:
matrix:
GOOS: ["darwin", "linux"]
GOARCH: ["amd64", "arm64"]
uses: ./.github/workflows/wf_build_artifacts.yaml
with:
GOOS: ${{ matrix.GOOS }}
GOARCH: ${{ matrix.GOARCH }}
VERSION: ${{ github.ref_name }}
secrets:
NHOST_PAT: ${{ secrets.NHOST_PAT }}
publish:
uses: ./.github/workflows/wf_publish.yaml
needs:
- tests
- build_artifacts
with:
VERSION: ${{ github.ref_name }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

17
cli/.github/workflows/release_drafter.yml vendored
View File

@@ -1,17 +0,0 @@
name: "release drafter"
on:
push:
branches:
- main
jobs:
# draft your next release notes as pull requests are merged into "master"
# the configuration is at /.github/release-drafter.yml.
update_release_draft:
runs-on: ubuntu-latest
steps:
- uses: release-drafter/release-drafter@v5
with:
config-name: release-drafter.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

89
cli/.github/workflows/wf_build_artifacts.yaml vendored
View File

@@ -1,89 +0,0 @@
---
on:
workflow_call:
inputs:
GIT_REF:
type: string
required: false
VERSION:
type: string
required: true
GOOS:
type: string
required: true
GOARCH:
type: string
required: true
secrets:
NHOST_PAT:
required: true
jobs:
artifacts:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- name: "Check out repository"
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ inputs.GIT_REF }}
submodules: true
- uses: cachix/install-nix-action@v27
with:
install_url: "https://releases.nixos.org/nix/nix-2.22.3/install"
install_options: "--no-daemon"
extra_nix_config: |
experimental-features = nix-command flakes
sandbox = false
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
substituters = https://cache.nixos.org/?priority=40
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
- name: Compute common env vars
id: vars
run: |
echo "VERSION=$(make get-version VERSION=${{ inputs.VERSION }})" >> $GITHUB_OUTPUT
- name: "Build artifact"
run: |
make build ARCH=${{ inputs.GOARCH }} OS=${{ inputs.GOOS }}
find -L result -type f -exec cp {} nhost-cli \;
- name: "Push artifact to artifact repository"
uses: actions/upload-artifact@v4
with:
name: cli-${{ steps.vars.outputs.VERSION }}-${{ inputs.GOOS }}-${{ inputs.GOARCH }}
path: nhost-cli
retention-days: 7
- name: "Build docker-image"
run: |
make build-docker-image ARCH=${{ inputs.GOARCH }}
if: ${{ ( inputs.GOOS == 'linux' ) }}
- name: "Create a new project"
run: |
export NHOST_DOMAIN=staging.nhost.run
export NHOST_CONFIGSERVER_IMAGE=nhost/cli:${{ steps.vars.outputs.VERSION }}
mkdir new-project
cd new-project
../nhost-cli login --pat ${{ secrets.NHOST_PAT }}
../nhost-cli init
../nhost-cli up --down-on-error
../nhost-cli down
if: ${{ ( inputs.GOOS == 'linux' && inputs.GOARCH == 'amd64' ) }}
- name: "Push docker-image to artifact repository"
uses: actions/upload-artifact@v4
with:
name: cli-docker-image-${{ steps.vars.outputs.VERSION }}-${{ inputs.GOOS }}-${{ inputs.GOARCH }}
path: result
retention-days: 7
if: ${{ ( inputs.GOOS == 'linux' ) }}

42
cli/.github/workflows/wf_check.yaml vendored
View File

@@ -1,42 +0,0 @@
---
on:
workflow_call:
inputs:
GIT_REF:
type: string
required: false
secrets:
NHOST_PAT:
required: true
jobs:
tests:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- name: "Check out repository"
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ inputs.GIT_REF }}
submodules: true
- uses: cachix/install-nix-action@v27
with:
install_url: "https://releases.nixos.org/nix/nix-2.22.3/install"
install_options: "--no-daemon"
extra_nix_config: |
experimental-features = nix-command flakes
sandbox = false
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
substituters = https://cache.nixos.org/?priority=40
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
- name: "Run checks"
run: |
export NHOST_PAT=${{ secrets.NHOST_PAT }}
make check

93
cli/.github/workflows/wf_publish.yaml vendored
View File

@@ -1,93 +0,0 @@
---
on:
workflow_call:
inputs:
VERSION:
type: string
required: true
secrets:
DOCKER_USERNAME:
required: true
DOCKER_PASSWORD:
required: true
name: release
jobs:
release:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- name: "Check out repository"
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ inputs.GIT_REF }}
submodules: true
- name: Compute common env vars
id: vars
run: |
echo "VERSION=$(make get-version VERSION=${{ inputs.VERSION }})" >> $GITHUB_OUTPUT
- name: "Get artifacts"
uses: actions/download-artifact@v4
with:
path: ~/artifacts
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Upload docker images
shell: bash
run: |
export VERSION=${{ steps.vars.outputs.VERSION }}
export CONTAINER_NAME=nhost/cli
skopeo copy --insecure-policy \
dir:/home/runner/artifacts/cli-docker-image-$VERSION-linux-amd64 \
docker-daemon:$CONTAINER_NAME:$VERSION-amd64
docker push $CONTAINER_NAME:$VERSION-amd64
skopeo copy --insecure-policy \
dir:/home/runner/artifacts/cli-docker-image-$VERSION-linux-arm64 \
docker-daemon:$CONTAINER_NAME:$VERSION-arm64
docker push $CONTAINER_NAME:$VERSION-arm64
docker manifest create \
$CONTAINER_NAME:$VERSION \
--amend $CONTAINER_NAME:$VERSION-amd64 \
--amend $CONTAINER_NAME:$VERSION-arm64
docker manifest push $CONTAINER_NAME:$VERSION
- name: Upload assets
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
export VERSION=${{ steps.vars.outputs.VERSION }}
mkdir upload
find ~/artifacts -type f -name "nhost-cli" -exec bash -c 'chmod +x "$0" && mv "$0" "${0//nhost-cli/cli}"' {} \;
tar cvzf upload/cli-$VERSION-darwin-amd64.tar.gz -C ~/artifacts/cli-$VERSION-darwin-amd64 cli
tar cvzf upload/cli-$VERSION-darwin-arm64.tar.gz -C ~/artifacts/cli-$VERSION-darwin-arm64 cli
tar cvzf upload/cli-$VERSION-linux-amd64.tar.gz -C ~/artifacts/cli-$VERSION-linux-amd64 cli
tar cvzf upload/cli-$VERSION-linux-arm64.tar.gz -C ~/artifacts/cli-$VERSION-linux-arm64 cli
cd upload
find . -type f -exec sha256sum {} + > ../checksums.txt
cd ..
cat checksums.txt
gh release upload \
--clobber "${{ github.ref_name }}" \
./upload/* checksums.txt

53
turbo.json
View File

@@ -3,62 +3,45 @@
"tasks": {
"build": {
"dependsOn": ["^build"],
"outputs": ["dist/**", "umd/**", "build/**", ".next/**"]
},
"@nhost-examples/react-apollo#build": {
"dependsOn": ["^build"],
"outputs": ["dist/**"],
"env": ["VITE_NHOST_SUBDOMAIN", "VITE_NHOST_REGION"]
},
"@nhost-examples/sveltekit#build": {
"dependsOn": ["^build"],
"outputs": [".svelte-kit/**", ".vercel/**"],
"env": ["PUBLIC_NHOST_SUBDOMAIN", "PUBLIC_NHOST_REGION", "ENABLE_EXPERIMENTAL_COREPACK"]
},
"@nhost-examples/vue-apollo#build": {
"dependsOn": ["^build"],
"outputs": ["dist/**"],
"env": ["VITE_NHOST_SUBDOMAIN", "VITE_NHOST_REGION"]
},
"@nhost/docs#build": {
"cache": false
"outputs": ["dist/**", ".next/**"]
},
"@nhost/dashboard#build": {
"dependsOn": ["^build"],
"outputs": ["dist/**", ".next/**"],
"outputs": [".next/**"],
"env": [
"NEXT_TELEMETRY_DISABLED",
"NEXT_PUBLIC_NHOST_PLATFORM",
"NEXT_PUBLIC_NHOST_MIGRATIONS_URL",
"NEXT_PUBLIC_NHOST_HASURA_URL",
"NEXT_PUBLIC_ENV"
"NEXT_PUBLIC_ENV",
"NEXT_PUBLIC_NHOST_ADMIN_SECRET",
"NEXT_PUBLIC_NHOST_AUTH_URL",
"NEXT_PUBLIC_NHOST_DATABASE_URL",
"NEXT_PUBLIC_NHOST_GRAPHQL_URL",
"NEXT_PUBLIC_NHOST_STORAGE_URL",
"NEXT_PUBLIC_NHOST_FUNCTIONS_URL",
"NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL",
"NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL",
"NEXT_PUBLIC_NHOST_HASURA_API_URL",
"NEXT_PUBLIC_NHOST_CONFIGSERVER_URL",
"NEXT_PUBLIC_NHOST_BRAGI_WEBSOCKET",
"NEXT_PUBLIC_DISCORD_LOGGING",
"NEXT_PUBLIC_ZENDESK_USER_EMAIL",
"NEXT_PUBLIC_ZENDESK_API_KEY",
"NEXT_PUBLIC_ZENDESK_URL"
]
},
"@nhost/sync-versions#start": {
"cache": false
},
"test": {
"dependsOn": ["^build"],
"outputs": ["coverage/**"]
},
"e2e": {
"dependsOn": ["^build"],
"outputs": []
},
"dev": {
"cache": false
},
"docgen": {
"cache": false,
"dependsOn": ["^build"]
},
"lint": {
"dependsOn": ["^build"],
"outputs": []
},
"lint:fix": {
"outputs": []
},
"start": {}
}
}