chore: import upstream snapshot with attribution

This commit is contained in:
wehub-resource-sync
2026-07-13 13:34:48 +08:00
commit 77bb5bf71f
3762 changed files with 353249 additions and 0 deletions
@@ -0,0 +1,33 @@
name: 'Create or Update Secret'
description: 'Creates or updates a secret in the repository'
inputs:
secret_name:
description: 'Secret name'
required: true
secret_value:
description: 'Secret value'
required: true
sync_secret_app_id:
description: 'Sync secret app id'
required: true
sync_secret_app_private_key:
description: 'Sync secret app private key'
required: true
runs:
using: 'composite'
steps:
- name: Generate a token
id: generate-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ inputs.sync_secret_app_id }}
private-key: ${{ inputs.sync_secret_app_private_key }}
- name: Set secret
shell: bash
env:
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
SECRET_NAME: ${{ inputs.secret_name }}
SECRET_VALUE: ${{ inputs.secret_value }}
run: |
gh secret set "$SECRET_NAME" --body "$SECRET_VALUE"
@@ -0,0 +1,135 @@
name: Deploy Integrations
description: Deploys integrations
inputs:
environment:
type: choice
description: 'Environment to deploy to'
required: true
options:
- staging
- production
extra_filter:
type: string
description: 'Pnpm additional filters to select integrations to deploy'
required: false
default: ''
force:
type: boolean
description: 'Force re-deploying integrations'
default: false
required: false
dry_run:
type: boolean
description: 'Ask the backend to perform validation without actually deploying'
default: false
required: false
token_cloud_ops_account:
description: 'Cloud Ops account token'
required: true
cloud_ops_workspace_id:
description: 'Cloud Ops workspace id'
required: true
shopify_admin_automation_token:
description: 'Shopify app automation token for the Shopify Admin app (app-scoped, env-specific)'
required: false
default: ''
shopify_storefront_automation_token:
description: 'Shopify app automation token for the Shopify Storefront app (app-scoped, env-specific)'
required: false
default: ''
runs:
using: 'composite'
steps:
- name: Deploys Integrations
env:
INPUT_ENVIRONMENT: ${{ inputs.environment }}
INPUT_FORCE: ${{ inputs.force }}
INPUT_DRY_RUN: ${{ inputs.dry_run }}
INPUT_EXTRA_FILTER: ${{ inputs.extra_filter }}
TOKEN_CLOUD_OPS_ACCOUNT: ${{ inputs.token_cloud_ops_account }}
CLOUD_OPS_WORKSPACE_ID: ${{ inputs.cloud_ops_workspace_id }}
SHOPIFY_ADMIN_AUTOMATION_TOKEN: ${{ inputs.shopify_admin_automation_token }}
SHOPIFY_STOREFRONT_AUTOMATION_TOKEN: ${{ inputs.shopify_storefront_automation_token }}
COMMIT_URL: ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}
shell: bash
run: |
if [ "$INPUT_ENVIRONMENT" = "staging" ]; then
api_url="https://api.botpress.dev"
else
api_url="https://api.botpress.cloud"
fi
# login
echo "### Logging in to $api_url ###"
pnpm bp login -y --api-url "$api_url" --workspaceId "$CLOUD_OPS_WORKSPACE_ID" --token "$TOKEN_CLOUD_OPS_ACCOUNT"
# deploy
if [ "$INPUT_FORCE" = "true" ]; then
redeploy=1
else
redeploy=0
fi
if [ "$INPUT_DRY_RUN" = "true" ]; then
dryrun="--dryRun"
is_dry_run=1
else
dryrun=""
is_dry_run=0
fi
all_filters="-F '{integrations/*}' $INPUT_EXTRA_FILTER"
list_integrations_cmd="pnpm list $all_filters --json"
integration_paths=$(eval "$list_integrations_cmd" | jq -r 'map(.path) | .[]')
for integration_path in $integration_paths; do
integration=$(basename "$integration_path")
exists=$(./.github/scripts/integration-exists.sh "$integration")
base_command="bp deploy -v -y --noBuild --visibility public --allowDeprecated $dryrun"
integration_deployed=false
if [ "$exists" -eq 0 ]; then
echo -e "\nDeploying integration: ### $integration ###\n"
pnpm retry -n 2 -- pnpm -F "{integrations/$integration}" -c exec -- "$base_command"
integration_deployed=true
elif [ "$redeploy" -eq 1 ]; then
echo -e "\nRe-deploying integration: ### $integration ###\n"
pnpm retry -n 2 -- pnpm -F "{integrations/$integration}" -c exec -- "$base_command"
integration_deployed=true
else
echo -e "\nSkipping integration: ### $integration ###\n"
fi
# upload sandbox scripts
integration_implements_sandbox=$(./.github/scripts/integration-implements-sandbox.sh "$integration")
if [ "$integration_implements_sandbox" = "true" ] && [ "$integration_deployed" = "true" ] && [ "$is_dry_run" -eq 0 ]; then
echo -e "\nUploading integration sandbox scripts\n"
base_upload_command="uploadSandboxScripts --apiUrl=$api_url --workspaceId=$CLOUD_OPS_WORKSPACE_ID --token=$TOKEN_CLOUD_OPS_ACCOUNT --userEmail=cloud-ops@botpress.com"
# shellcheck disable=SC2086 # base_upload_command contains multiple space-separated arguments
pnpm retry -n 2 -- pnpm -F "{integrations/$integration}" run -- $base_upload_command
fi
# deploy shopify app manifest (config-as-code) for the current environment
manifest_file="$integration_path/shopify.app.$INPUT_ENVIRONMENT.toml"
if [ "$integration_deployed" = "true" ] && [ "$is_dry_run" -eq 0 ] && [ -f "$manifest_file" ]; then
case "$integration" in
shopify-admin) shopify_token="$SHOPIFY_ADMIN_AUTOMATION_TOKEN" ;;
shopify-storefront) shopify_token="$SHOPIFY_STOREFRONT_AUTOMATION_TOKEN" ;;
*) shopify_token="" ;;
esac
if [ -z "$shopify_token" ]; then
echo "::warning::Found $manifest_file but no Shopify automation token for $integration - skipping manifest deploy"
else
echo -e "\nDeploying Shopify app manifest ($INPUT_ENVIRONMENT): ### $integration ###\n"
shopify_deploy_command="pnpm shopify app deploy --config $INPUT_ENVIRONMENT --allow-updates --source-control-url $COMMIT_URL"
SHOPIFY_APP_AUTOMATION_TOKEN="$shopify_token" \
pnpm retry -n 2 -- pnpm -F "{integrations/$integration}" -c exec -- "$shopify_deploy_command"
fi
fi
done
@@ -0,0 +1,78 @@
name: Deploy Interfaces
description: Deploys interfaces
inputs:
environment:
type: choice
description: 'Environment to deploy to'
required: true
options:
- staging
- production
extra_filter:
type: string
description: 'Pnpm additional filters to select interfaces to deploy'
required: false
default: ''
force:
type: boolean
description: 'Force re-deploying interfaces'
default: false
required: false
token_cloud_ops_account:
description: 'Cloud Ops account token'
required: true
cloud_ops_workspace_id:
description: 'Cloud Ops workspace id'
required: true
runs:
using: 'composite'
steps:
- name: Deploys Interfaces
shell: bash
env:
INPUT_ENVIRONMENT: ${{ inputs.environment }}
INPUT_FORCE: ${{ inputs.force }}
INPUT_EXTRA_FILTER: ${{ inputs.extra_filter }}
TOKEN_CLOUD_OPS_ACCOUNT: ${{ inputs.token_cloud_ops_account }}
CLOUD_OPS_WORKSPACE_ID: ${{ inputs.cloud_ops_workspace_id }}
run: |
if [ "$INPUT_ENVIRONMENT" = "staging" ]; then
api_url="https://api.botpress.dev"
else
api_url="https://api.botpress.cloud"
fi
# login
echo "### Logging in to $api_url ###"
pnpm bp login -y --api-url "$api_url" --workspaceId "$CLOUD_OPS_WORKSPACE_ID" --token "$TOKEN_CLOUD_OPS_ACCOUNT"
# deploy
if [ "$INPUT_FORCE" = "true" ]; then
redeploy=1
else
redeploy=0
fi
all_filters="-F '{interfaces/*}' $INPUT_EXTRA_FILTER"
list_interfaces_cmd="pnpm list $all_filters --json"
interface_paths=$(eval "$list_interfaces_cmd" | jq -r 'map(.path) | .[]')
for interface_path in $interface_paths; do
interface=$(basename "$interface_path")
exists=$(./.github/scripts/interface-exists.sh "$interface")
base_command="bp deploy -v -y --visibility public"
if [ "$exists" -eq 0 ]; then
echo -e "\nDeploying interface: ### $interface ###\n"
pnpm retry -n 2 -- pnpm -F "{interfaces/$interface}" -c exec -- "$base_command"
elif [ "$redeploy" -eq 1 ]; then
echo -e "\nRe-deploying interface: ### $interface ###\n"
pnpm retry -n 2 -- pnpm -F "{interfaces/$interface}" -c exec -- "$base_command"
else
echo -e "\nSkipping interface: ### $interface ###\n"
fi
done
+79
View File
@@ -0,0 +1,79 @@
name: Deploy Plugins
description: Deploys plugins
inputs:
environment:
type: choice
description: 'Environment to deploy to'
required: true
options:
- staging
- production
extra_filter:
type: string
description: 'Pnpm additional filters to select plugins to deploy'
required: false
default: ''
force:
type: boolean
description: 'Force re-deploying plugins'
default: false
required: false
token_cloud_ops_account:
description: 'Cloud Ops account token'
required: true
cloud_ops_workspace_id:
description: 'Cloud Ops workspace id'
required: true
runs:
using: 'composite'
steps:
- name: Deploys Plugins
shell: bash
env:
INPUT_ENVIRONMENT: ${{ inputs.environment }}
INPUT_FORCE: ${{ inputs.force }}
INPUT_EXTRA_FILTER: ${{ inputs.extra_filter }}
TOKEN_CLOUD_OPS_ACCOUNT: ${{ inputs.token_cloud_ops_account }}
CLOUD_OPS_WORKSPACE_ID: ${{ inputs.cloud_ops_workspace_id }}
run: |
if [ "$INPUT_ENVIRONMENT" = "staging" ]; then
api_url="https://api.botpress.dev"
else
api_url="https://api.botpress.cloud"
fi
# login
echo "### Logging in to $api_url ###"
pnpm bp login -y --api-url "$api_url" --workspaceId "$CLOUD_OPS_WORKSPACE_ID" --token "$TOKEN_CLOUD_OPS_ACCOUNT"
# deploy
if [ "$INPUT_FORCE" = "true" ]; then
redeploy=1
else
redeploy=0
fi
all_filters="-F '{plugins/*}' $INPUT_EXTRA_FILTER"
list_plugins_cmd="pnpm list $all_filters --json"
plugin_paths=$(eval "$list_plugins_cmd" | jq -r 'map(.path) | .[]')
for plugin_path in $plugin_paths; do
plugin=$(basename "$plugin_path")
exists=$(./.github/scripts/plugin-exists.sh "$plugin")
base_command="bp deploy -v -y --visibility public"
if [ "$exists" -eq 0 ]; then
echo -e "\nDeploying plugin: ### $plugin ###\n"
pnpm retry -n 2 -- pnpm -F "{plugins/$plugin}" -c exec -- "$base_command"
elif [ "$redeploy" -eq 1 ]; then
echo -e "\nRe-deploying plugin: ### $plugin ###\n"
pnpm retry -n 2 -- pnpm -F "{plugins/$plugin}" -c exec -- "$base_command"
else
echo -e "\nSkipping plugin: ### $plugin ###\n"
fi
done
+85
View File
@@ -0,0 +1,85 @@
name: Docker Build
description: 'Build and push a Docker image to the registry'
inputs:
repository:
description: 'The name of the repository to build'
required: true
dockerfile:
description: 'The name of the Dockerfile to build'
required: true
push:
description: 'Whether to push the image to the registry'
required: false
default: false
minify:
description: 'Whether to minify the build'
required: false
default: true
tag:
description: 'Optional Docker tag'
required: false
default: ''
depot-project:
description: 'Depot project ID (required if no depot.json; get it from depot.dev)'
required: false
default: ''
runs:
using: 'composite'
steps:
- uses: aws-actions/configure-aws-credentials@v3
with:
role-session-name: container_pusher
role-to-assume: arn:aws:iam::986677156374:role/actions/build/container_pusher
aws-region: us-east-1
- uses: aws-actions/amazon-ecr-login@v1
id: ecr
with:
mask-password: true
- uses: docker/metadata-action@v4
id: meta
with:
images: ${{ steps.ecr.outputs.registry }}/${{ inputs.repository }}
flavor: |
latest=false
tags: |
type=raw,enable=${{ inputs.tag != '' }},value=${{ inputs.tag }}
type=semver,pattern={{version}}
type=sha,enable=${{ !startsWith(github.ref, 'refs/tags') }},prefix=,format=long
- name: Set BUILD_DATE
id: meta_date
shell: bash
run: |
export TZ=America/Toronto
echo "timestamp=$(date +"%Y-%m-%d %H:%M:%S")" >> "$GITHUB_OUTPUT"
- name: Create ECR Registry
shell: bash
env:
ECR_REPOSITORY: ${{ inputs.repository }}
ECR_REGISTRY: ${{ steps.ecr.outputs.registry }}
run: |
aws --version
aws ecr create-repository --repository-name "$ECR_REPOSITORY" || true
aws ssm get-parameter --name '/cloud/container-registry/ecr-policy-document' --query 'Parameter.Value' | jq -r > repository-policy.json
aws ecr set-repository-policy --repository-name "$ECR_REPOSITORY" --policy-text file://repository-policy.json &> /dev/null
- name: Set up Depot CLI
uses: depot/setup-action@v1
- uses: depot/build-push-action@v1
with:
project: ${{ inputs.depot-project }}
build-args: |
MINIFY=${{ inputs.minify }}
DOCKER_TAG=${{ inputs.tag }}
BUILD_DATE=${{ steps.meta_date.outputs.timestamp }}
file: ${{ inputs.dockerfile }}
context: .
push: ${{ inputs.push }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
@@ -0,0 +1,53 @@
name: 'Refresh Instagram Access Tokens'
description: 'Refreshes Instagram access token, updates the integrations secrets and update the token GitHub secrets'
inputs:
token_cloud_ops_account:
description: 'Cloud Ops account token'
required: true
cloud_ops_workspace_id:
description: 'Cloud Ops workspace id'
required: true
api_url:
description: 'API URL'
required: true
current_token:
description: 'Current token'
required: true
secret_name:
description: 'Secret name'
required: true
sync_secret_app_id:
description: 'Create or update secret app id'
required: true
sync_secret_app_private_key:
description: 'Create or update secret app private key'
required: true
runs:
using: 'composite'
steps:
- name: Refresh Access Tokens
id: refresh_tokens
shell: bash
env:
BP_API_URL: ${{ inputs.api_url }}
BP_WORKSPACE_ID: ${{ inputs.cloud_ops_workspace_id }}
BP_TOKEN: ${{ inputs.token_cloud_ops_account }}
run: |
refresh_result=$(pnpm -F 'instagram' exec -- pnpm run --silent refreshTokens --json --refreshToken "${{ inputs.current_token }}")
new_token=$(echo "$refresh_result" | jq -r '.refreshedToken')
if [ -z "$new_token" ]; then
echo "❌ Error: Failed to refresh token" >&2
exit 1
fi
echo "$refresh_result" | jq -r '.message'
echo "✅ Tokens refreshed successfully"
echo "::add-mask::$new_token"
echo "new_token=$new_token" >> "$GITHUB_OUTPUT"
- uses: ./.github/actions/create-or-update-secret
with:
secret_name: ${{ inputs.secret_name }}
secret_value: ${{ steps.refresh_tokens.outputs.new_token }}
sync_secret_app_id: ${{ inputs.sync_secret_app_id }}
sync_secret_app_private_key: ${{ inputs.sync_secret_app_private_key }}
+45
View File
@@ -0,0 +1,45 @@
name: Setup
description: install dependencies and build
inputs:
extra_filters:
description: 'Turbo additional filters to select packages to build'
required: false
runs:
using: 'composite'
steps:
- uses: pnpm/action-setup@v4 # uses the version from package.json
- uses: actions/setup-node@v6
with:
node-version-file: '.tool-versions'
package-manager-cache: false
- name: Install Node Gyp Build
shell: ${{ runner.os == 'Windows' && 'pwsh' || 'bash' }}
run: |
npm install -g node-gyp-build
- name: Install dependencies
shell: ${{ runner.os == 'Windows' && 'pwsh' || 'bash' }}
run: pnpm i --frozen-lockfile
- name: Cache Turbo
uses: actions/cache@v5
with:
path: |
.turbo
node_modules/.cache/turbo
key: turbo-${{ runner.os }}-${{ github.workflow_ref }}
restore-keys: |
turbo-${{ runner.os }}-
- name: Build
shell: ${{ runner.os == 'Windows' && 'pwsh' || 'bash' }}
env:
BP_VERBOSE: 'true'
EXTRA_FILTERS: ${{ inputs.extra_filters }}
run: |
# shellcheck disable=SC2086 # EXTRA_FILTERS contains multiple space-separated filter arguments
pnpm turbo run build $EXTRA_FILTERS
@@ -0,0 +1,26 @@
name: Update Linear Status
inputs:
linearApiKey:
required: true
teamName:
required: true
targetLabel:
required: true
runs:
using: 'composite'
steps:
- uses: actions/checkout@v4
- name: Install dependencies
shell: bash
run: pnpm install tsx -w --save-dev
- name: Update issues
shell: bash
run: npx tsx ./.github/scripts/update-linear.ts
env:
LINEAR_API_KEY: ${{inputs.linearApiKey}}
TEAM_NAME: ${{inputs.teamName}}
TARGET_LABEL: ${{inputs.targetLabel}}