chore: import upstream snapshot with attribution
i18n - Build Validation / Validate i18n Builds (24) (push) Has been cancelled
CI - Node.js / Lint (24) (push) Has been cancelled
CI - Node.js / Build (24) (push) Has been cancelled
CI - Node.js / Test (24) (push) Has been cancelled
CI - Node.js / Test - Upcoming Changes (24) (push) Has been cancelled
CI - Node.js / Test - i18n (italian, 24) (push) Has been cancelled
CI - Node.js / Test - i18n (portuguese, 24) (push) Has been cancelled
CD - Docker - GHCR Images / Build and Push Images (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 11:55:53 +08:00
commit dde272c4b8
19405 changed files with 2730632 additions and 0 deletions
@@ -0,0 +1 @@
https://www.freecodecamp.org/funding.json
+36
View File
@@ -0,0 +1,36 @@
# -------------------------------------------------
# CODEOWNERS - For automated review request for
# high impact files.
#
# Important: The order in this file cascades.
#
# https://help.github.com/articles/about-codeowners
# -------------------------------------------------
# -------------------------------------------------
# Files that need attention from primary teams
# -------------------------------------------------
# --- All files
* @freecodecamp/dev-team @freecodecamp/curriculum
# --- Package files for negation ---
**/package.json @freecodecamp/none
**/pnpm-lock.yaml @freecodecamp/none
# -------------------------------------------------
# Files that need attention from i18n & dev team
# -------------------------------------------------
# i18n Quotes
**/motivation.json @freeCodeCamp/dev-team @freeCodeCamp/i18n
# -------------------------------------------------
# Files that need attention from the mobile team
# -------------------------------------------------
/client/src/redux/prop-types.ts @freeCodeCamp/dev-team @freeCodeCamp/mobile
/client/tools/external-curriculum/* @freeCodeCamp/dev-team @freeCodeCamp/mobile
/curriculum/schema/challenge-schema.js @freeCodeCamp/dev-team @freeCodeCamp/mobile
+3
View File
@@ -0,0 +1,3 @@
github: freecodecamp
patreon: freecodecamp
custom: [www.freecodecamp.org/donate]
@@ -0,0 +1,61 @@
name: Issue - Content in our Coding Challenges
description: Report issues with a specific challenge, like broken tests, unclear instructions, etc.
type: Bug
labels: ['scope: curriculum', 'status: waiting triage']
body:
- type: markdown
attributes:
value: If you're reporting a security issue, don't create a GitHub issue. Instead, visit https://contribute.freecodecamp.org/#/security.
- type: textarea
attributes:
label: Describe the Issue
description: A clear and concise description of the issue you encountered.
validations:
required: true
- type: input
attributes:
label: Affected Page
description: Add a link to the coding challenge with the problem.
validations:
required: true
- type: textarea
attributes:
label: Your code
description: Copy and paste the code from the editor that you used in between the back-ticks.
value: |
```
```
validations:
required: true
- type: textarea
attributes:
label: Expected behavior
description: Add a clear and concise description of what you expected to happen.
validations:
required: true
- type: textarea
attributes:
label: Screenshots
description: If applicable, add screenshots to help explain your problem. You can drag and drop `png`, `jpg`, `gif`, etc. in this box.
validations:
required: false
- type: textarea
attributes:
label: System
description: Please complete the following information.
value: |
- Device: [e.g. iPhone 6, Laptop]
- OS: [e.g. iOS 14, Windows 10, Ubuntu 20.04]
- Browser: [e.g. Chrome, Safari]
- Version: [e.g. 22]
validations:
required: true
- type: textarea
attributes:
label: Additional context
description: Add any other context about the problem here.
validations:
required: false
@@ -0,0 +1,60 @@
name: Issue - User Interface on our Platforms
description: Report a software bug on /learn, /news, Community Forum, Code Radio, or any of the platforms.
type: Bug
labels: ['status: waiting triage']
body:
- type: markdown
attributes:
value: If you're reporting a security issue, don't create a GitHub issue. Instead, visit https://contribute.freecodecamp.org/#/security.
- type: textarea
attributes:
label: Describe the Issue
description: A clear and concise description of the issue you encountered.
validations:
required: true
- type: input
attributes:
label: Affected Page
description: Add a link to the page with the problem.
validations:
required: true
- type: textarea
attributes:
label: Steps to Reproduce
description: Please provide the steps to reproduce the issue.
value: |
1. Go to '...'
2. Click on '...'
3. Scroll down to '...'
4. See error
validations:
required: true
- type: textarea
attributes:
label: Expected behavior
description: Add a clear and concise description of what you expected to happen.
validations:
required: true
- type: textarea
attributes:
label: Screenshots
description: If applicable, add screenshots to help explain your problem. You can drag and drop `png`, `jpg`, `gif`, etc. in this box.
validations:
required: false
- type: textarea
attributes:
label: System
description: Please complete the following information.
value: |
- Device: [e.g. iPhone 6, Laptop]
- OS: [e.g. iOS 14, Windows 10, Ubuntu 20.04]
- Browser: [e.g. Chrome, Safari]
- Version: [e.g. 22]
validations:
required: true
- type: textarea
attributes:
label: Additional context
description: Add any other context about the problem here.
validations:
required: false
@@ -0,0 +1,41 @@
name: Issues - Content in our Articles and other Documentation
description: Report issues with content on a specific article, like broken links, typos, missing parts, etc.
type: Bug
labels: ['status: waiting triage']
body:
- type: markdown
attributes:
value: 'NOTE: If you want to become an author on freeCodeCamp, you can find everything here: https://www.freecodecamp.org/news/developer-news-style-guide'
- type: markdown
attributes:
value: If you are reporting an issue with an article on our news publication, please follow this link to send an email to our editorial team https://mailxto.com/lkj5n7
- type: textarea
attributes:
label: Describe the Issue
description: A clear and concise description of the issue you encountered.
validations:
required: true
- type: input
attributes:
label: Affected Page
description: Add a link to the article or documentation page with the problem.
validations:
required: true
- type: textarea
attributes:
label: Steps to Reproduce
description: Please describe the problem and provide the steps to reproduce the issue.
validations:
required: true
- type: textarea
attributes:
label: Recommended fix or suggestions
description: A clear and concise description of how you want to update it.
validations:
required: true
- type: textarea
attributes:
label: Screenshots
description: If applicable, add screenshots to help explain your problem. You can drag and drop `png`, `jpg`, `gif`, etc. in this box.
validations:
required: false
@@ -0,0 +1,29 @@
name: New Feature - Request a new feature for our Platforms
description: Suggest an idea for freeCodeCamp.org's /learn, /news, Community Forum, Code Radio, or other platforms.
type: Enhancement
labels: ['status: waiting triage']
body:
- type: textarea
attributes:
label: Is your feature request related to a problem? Please describe.
description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
validations:
required: true
- type: textarea
attributes:
label: Describe the solution you'd like
description: A clear and concise description of what you want to happen.
validations:
required: true
- type: textarea
attributes:
label: Describe alternatives you've considered
description: A clear and concise description of any alternative solutions or features you've considered.
validations:
required: true
- type: textarea
attributes:
label: Additional context
description: Add any other context or screenshots about the feature request here.
validations:
required: false
+11
View File
@@ -0,0 +1,11 @@
blank_issues_enabled: true
contact_links:
- name: Request programming help with coding challenges
url: https://forum.freecodecamp.org
about: Please visit this page for general support and programming help on coding challenges.
- name: Report issues with content on /news articles
url: https://mailxto.com/lkj5n7
about: Please fill out an email to our editorial team to report issues on specific articles on our technical publication (link opens an email template)
- name: Request technical support for your freeCodeCamp account
url: https://www.freecodecamp.org/support
about: Please visit this page for requesting technical support related to your freeCodeCamp account.
+14
View File
@@ -0,0 +1,14 @@
Checklist:
<!-- Please follow this checklist and put an x in each of the boxes, like this: [x]. It will ensure that our team takes your pull request seriously. -->
- [ ] I have read and followed the [contribution guidelines](https://contribute.freecodecamp.org).
- [ ] I have read and followed the [how to open a pull request guide](https://contribute.freecodecamp.org/how-to-open-a-pull-request/).
- [ ] My pull request targets the `main` branch of freeCodeCamp.
- [ ] I have tested these changes either locally on my machine, or GitHub Codespaces.
<!--If your pull request closes a GitHub issue, replace the XXXXX below with the issue number.-->
Closes #XXXXX
<!-- Feel free to add any additional description of changes below this line -->
@@ -0,0 +1,75 @@
# Caching Behaviour:
# ┌─────────────────────────┬─────────────────┬──────────────────┐
# │ Context │ Can Read Cache? │ Can Write Cache? │
# ├─────────────────────────┼─────────────────┼──────────────────┤
# │ main (push) │ YES │ YES │
# ├─────────────────────────┼─────────────────┼──────────────────┤
# │ PRs / temp-* / hotfix-* │ YES │ NO │
# ├─────────────────────────┼─────────────────┼──────────────────┤
# │ prod-* │ NO │ NO │
# ├─────────────────────────┼─────────────────┼──────────────────┤
# │ Fork PRs │ NO │ NO │
# └─────────────────────────┴─────────────────┴──────────────────┘
name: 'Setup Turbo Remote Cache'
description: 'Conditionally configure Turbo remote cache based on branch and event context'
inputs:
turbo-token:
description: 'Turbo remote cache authentication token'
required: true
turbo-signature-key:
description: 'Turbo remote cache signature key for artifact signing/verification'
required: true
runs:
using: 'composite'
steps:
- name: Configure Turbo Remote Cache
shell: bash
env:
TURBO_TOKEN: ${{ inputs.turbo-token }}
TURBO_SIGNATURE_KEY: ${{ inputs.turbo-signature-key }}
GITHUB_REF_NAME: ${{ github.ref_name }}
GITHUB_EVENT_NAME: ${{ github.event_name }}
GITHUB_BASE_REF: ${{ github.base_ref }}
run: |
echo "::group::Turbo Cache Configuration"
echo "Branch: $GITHUB_REF_NAME"
echo "Event: $GITHUB_EVENT_NAME"
echo "Base ref: $GITHUB_BASE_REF"
# Skip for deployment branches (pure builds)
if [[ "$GITHUB_REF_NAME" == prod-* ]]; then
echo "::notice::Deployment branch detected - Turbo cache DISABLED for pure build"
echo "::endgroup::"
exit 0
fi
# Skip if secrets are not available (fork PRs)
if [[ -z "$TURBO_TOKEN" || -z "$TURBO_SIGNATURE_KEY" ]]; then
echo "::notice::Turbo secrets not available (likely a fork PR) - Turbo cache DISABLED"
echo "::endgroup::"
exit 0
fi
# Base configuration for all other contexts
echo "TURBO_API=https://turbo-cache.freecodecamp.net" >> $GITHUB_ENV
echo "TURBO_TEAM=team_freecodecamp" >> $GITHUB_ENV
echo "TURBO_TOKEN=$TURBO_TOKEN" >> $GITHUB_ENV
echo "TURBO_REMOTE_CACHE_SIGNATURE_KEY=$TURBO_SIGNATURE_KEY" >> $GITHUB_ENV
echo "TURBO_TELEMETRY_DISABLED=1" >> $GITHUB_ENV
# Determine if this context should have write access
# Write access: main branch push
# Read-only: PRs and other branches (can read from cache, can't pollute it)
if [[ "$GITHUB_REF_NAME" == "main" && "$GITHUB_EVENT_NAME" == "push" ]]; then
echo "::notice::Main branch push - Turbo cache READ/WRITE enabled"
else
# All other contexts: read-only
# Use TURBO_CACHE=remote:r for read-only remote cache (local still read/write)
echo "TURBO_CACHE=local:rw,remote:r" >> $GITHUB_ENV
echo "::notice::PR/other branch - Turbo cache READ-ONLY enabled"
fi
echo "::endgroup::"
+186
View File
@@ -0,0 +1,186 @@
# GitHub Copilot Code Review Instructions
## Core Principles
**BE EXTREMELY MINIMAL.** Only provide actionable feedback.
**Skip all non-essential content:**
- Do not generate "Pull request overview" sections
- Do not create "Changes:" lists describing what was changed
- Do not create "Reviewed changes" sections or tables
- Do not list files with change descriptions
- Do not count how many files were reviewed
- Do not summarize what the PR does (visible in the diff)
**Focus only on problems:**
- Comment ONLY on actual issues that need fixing
- Keep each comment 1-3 sentences
- If everything is correct, provide no output
**Bad example (from PR 65578):**
```
## Pull request overview
This PR addresses issue 65331 by replacing em dash characters...
### Reviewed changes
Copilot reviewed 4 out of 4 changed files...
| File | Description |
| ---- | ----------- |
| file1.md | Updated em dash in seed content |
```
**Good example (actionable feedback only):**
```
Line 46: Test will fail - `innerText` returns rendered `—`, not `&mdash;`.
```
---
## Focus Areas
1. **Test Coverage** - Ensuring adequate testing for code changes
2. **Pull Request Guidelines** - Compliance with contribution standards
---
## Focus Area 1: Test Coverage
When reviewing pull requests, ensure adequate test coverage for code changes in JavaScript, TypeScript, JSX, and TSX files.
> Detailed test coverage rules are in `.github/instructions/testing.instructions.md`
### Quick Reference
| Location | Framework | File Pattern |
|----------|-----------|--------------|
| `api/` | Vitest | `*.test.ts` |
| `client/` | Vitest | `*.test.{ts,tsx}` |
| `e2e/` | Playwright | `*.spec.ts` |
### When to Comment
Only leave a comment if:
- The PR modifies JavaScript/TypeScript/JSX/TSX code (bug fixes or new features)
- AND there are no corresponding test additions or updates
### When NOT to Comment
Do not comment if:
- Changes are only to documentation, configuration, or non-JS/TS files
- The PR includes appropriate test coverage for the changes
- Changes are test-only modifications
### Comment Style
If tests are missing, provide ONE brief comment:
```
Missing tests for [specific file]. Consider:
- [specific scenario]
- [edge case]
```
If test coverage is sufficient, **DO NOT COMMENT**. No "LGTM" needed.
---
## Focus Area 2: Pull Request Guidelines
When reviewing pull requests, verify compliance with [freeCodeCamp's contribution standards](https://contribute.freecodecamp.org/how-to-open-a-pull-request).
### PR Title Format
Check that the title follows conventional commits format:
`<type>([optional scope]): <description>`
**Valid types:** `fix`, `feat`, `refactor`, `docs`, `test`
**Common scopes:** `curriculum`, `client`, `api`, `i18n`, `a11y`, `tools`
Flag if:
- Title is vague (e.g., "Update file", "Fix bug", "Changes")
- Missing type prefix
- Description exceeds ~50 characters
- Type doesn't match the actual changes
Example of good title:
```
fix(client): resolve login button alignment on mobile
```
Example of bad title:
```
Fixed stuff
```
### PR Description & Issue Linking
Check for:
- Meaningful description explaining what changes were made and why
- Proper issue linking using `Closes #XXXXX` format (not just `#XXXXX`)
- Screenshots included for UI/visual changes
Flag if:
- Description is empty or only contains template boilerplate
- Issue reference uses incorrect format (e.g., `fixes XXXXX` without `#`)
- UI changes lack screenshots
### Checklist Completion
Verify the PR template checklist items are completed:
- Boxes should be checked (`[x]`) not left unchecked (`[ ]`)
- Placeholder text like `#XXXXX` should be replaced with actual issue numbers
Flag if:
- Checklist boxes are left unchecked
- Placeholder issue number `#XXXXX` remains unchanged
### Comment Style
Keep feedback minimal (one line when possible):
```
Update PR title to format: `<type>(scope): description`
See: https://contribute.freecodecamp.org/how-to-open-a-pull-request
```
```
Link issue using: `Closes #XXXXX`
```
If PR guidelines are followed, **DO NOT COMMENT**. No "LGTM" needed.
---
## General Guidelines
**Focus on Actionable Issues Only**
### Strict Rules
- NO summaries, overviews, or descriptions of changes
- NO tables or file listings
- NO "LGTM" or affirmative comments when everything is fine
- Only comment when action is required
- Keep each comment brief and actionable
### Prioritization
When multiple issues exist, address them in order of severity:
1. Security vulnerabilities or critical bugs
2. Missing test coverage for new functionality
3. Outdated tests for modified functionality
4. PR title/description compliance
Comment on all legitimate issues, but keep each comment concise.
@@ -0,0 +1,98 @@
---
applyTo: "**/*.{ts,tsx,js,jsx}"
---
# Test Coverage Review Instructions
Review code changes for adequate test coverage using freeCodeCamp's testing conventions.
## Testing Framework Reference
| Location | Framework | File Pattern | Notes |
|----------|-----------|--------------|-------|
| `api/` | Vitest | `*.test.ts` | Co-located with source |
| `client/` | Vitest | `*.test.{ts,tsx}` | Co-located with source |
| `e2e/` | Playwright | `*.spec.ts` | Dedicated directory |
## When to Flag Missing Tests
Comment on missing tests if ALL of these are true:
- PR modifies functional code (bug fix or new feature)
- No corresponding test additions or modifications exist
- Changes are not test-only or config-only
### Examples Requiring Tests
- New utility functions in `api/src/utils/` or `client/src/utils/`
- New API route handlers in `api/src/routes/`
- New React components with logic in `client/src/components/`
- Bug fixes that change application behavior
- New validation logic or data transformations
## When NOT to Flag
Do not comment on test coverage if:
- Changes are documentation, configuration, or non-functional
- PR already includes appropriate test coverage
- Changes are to test files themselves
- Changes are trivial:
- Import reorganization
- Formatting changes
- Type-only changes (interfaces, type definitions)
- Comment updates
- Changes are in areas without existing test patterns:
- Curriculum markdown files
- Configuration files
- Build scripts
## Detecting Outdated Tests
Flag if existing tests may be outdated:
- Test file exists for modified source but doesn't cover the changed functionality
- Test assertions reference behavior that is being changed
- Mock data doesn't reflect new data structures or API responses
- Test descriptions no longer match actual test behavior
### Example Comment for Outdated Tests
```
Tests in `src/utils/validate.test.ts` need updates for new validation rules.
```
## Comment Format
### Missing Tests
Brief, actionable feedback only:
```
Missing tests for `src/utils/validate.ts`:
- Valid input case
- Invalid input error
- Empty string edge case
```
### Sufficient Coverage
**DO NOT COMMENT.** Silence means approval.
### Outdated Tests
```
Tests in `[test file]` need updates for `[source file]` changes:
- [specific change]
```
## Test Quality Indicators
When tests are present, briefly verify:
- Tests cover the happy path
- Tests cover at least one error/edge case
- Test descriptions are meaningful (not just "test 1", "test 2")
- Mocks are appropriate (not mocking the thing being tested)
Do not block PRs for test style preferences if coverage is adequate.
+26
View File
@@ -0,0 +1,26 @@
'scope: curriculum':
- changed-files:
- any-glob-to-any-file: curriculum/challenges/**/*
'platform: learn':
- changed-files:
- any-glob-to-any-file: client/**/*
'platform: api':
- changed-files:
- any-glob-to-any-file: api/**/*
'scope: tools/scripts':
- changed-files:
- any-glob-to-any-file:
- tools/**/*
- .github/**/*
- utils/**/*
- e2e/**/*
'scope: i18n':
- changed-files:
- any-glob-to-any-file:
- client/i18n/**/*
- config/crowdin/**/*
- shared/config/i18n/**/*
@@ -0,0 +1,24 @@
'use strict';
module.exports = async ({ github, context, core }) => {
const prAuthor = context.payload.pull_request.user.login;
const teamSlugs = ['dev-team', 'curriculum', 'staff', 'moderators'];
const membershipChecks = teamSlugs.map(team_slug =>
github.rest.teams
.getMembershipForUserInOrg({
org: 'freeCodeCamp',
team_slug,
username: prAuthor
})
.then(({ data }) => data.state === 'active')
.catch(() => false)
);
const results = await Promise.all(membershipChecks);
const isOrgTeamMember = results.some(Boolean);
const isAllowListed =
isOrgTeamMember || ['camperbot', 'renovate[bot]'].includes(prAuthor);
core.setOutput('is_allow_listed', isAllowListed);
};
@@ -0,0 +1,84 @@
'use strict';
async function addDeprioritizedLabel(github, context) {
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
labels: ['deprioritized']
});
}
module.exports = async ({ github, context, core, isAllowListed }) => {
if (isAllowListed === 'true') return;
const result = await github.graphql(
`query($owner: String!, $repo: String!, $number: Int!) {
repository(owner: $owner, name: $repo) {
pullRequest(number: $number) {
closingIssuesReferences(first: 10) {
nodes {
number
labels(first: 10) { nodes { name } }
assignees(first: 10) { nodes { login } }
}
}
}
}
}`,
{
owner: context.repo.owner,
repo: context.repo.repo,
number: context.payload.pull_request.number
}
);
const pr = result.repository?.pullRequest;
if (!pr) return;
const linkedIssues = pr.closingIssuesReferences.nodes;
if (linkedIssues.length === 0) {
core.setOutput('failure_reason', 'no_linked_issue');
core.setFailed('No linked issue found.');
await addDeprioritizedLabel(github, context);
return;
}
const hasWaitingTriage = linkedIssues.some(issue =>
issue.labels.nodes.some(l => l.name === 'status: waiting triage')
);
if (hasWaitingTriage) {
core.setOutput('failure_reason', 'waiting_triage');
core.setFailed('Linked issue has not been triaged yet.');
await addDeprioritizedLabel(github, context);
return;
}
const prAuthor = context.payload.pull_request.user.login;
const isNaomiSprintAssignee = linkedIssues.some(
issue =>
issue.labels.nodes.some(l => l.name === "Naomi's Sprints") &&
issue.assignees.nodes.some(a => a.login === prAuthor)
);
if (isNaomiSprintAssignee) {
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
labels: ["Naomi's Sprints"]
});
return;
}
const isOpenForContribution = linkedIssues.some(issue =>
issue.labels.nodes.some(
l => l.name === 'help wanted' || l.name === 'first timers only'
)
);
if (!isOpenForContribution) {
core.setOutput('failure_reason', 'not_open_for_contribution');
core.setFailed('Linked issue is not open for contribution.');
await addDeprioritizedLabel(github, context);
}
};
@@ -0,0 +1,39 @@
'use strict';
module.exports = async ({ github, context, core, isAllowListed }) => {
if (isAllowListed === 'true') return;
const body = (context.payload.pull_request.body || '').toLowerCase();
// The template must be present and the first 3 checkboxes must be
// ticked. The last checkbox (tested locally) is acceptable to leave
// unticked.
const templatePresent = body.includes('checklist:');
const requiredTicked = [
'i have read and followed the contribution guidelines',
'i have read and followed the how to open a pull request guide',
'my pull request targets the'
];
// Strip markdown links ([text](url) → text) before matching so contributors
// who omit the link syntax (e.g. type plain text) still pass the check.
const normalizedBody = body
.replace(/\[\s*x\s*\]/g, '[x]')
.replace(/\[([^\]]+)\]\([^)]+\)/g, '$1');
const allRequiredTicked = requiredTicked.every(item =>
normalizedBody.includes(`[x] ${item}`)
);
if (templatePresent && allRequiredTicked) return;
core.setOutput('failure_reason', 'incomplete_checklist');
core.setFailed(
'PR description is missing the required checklist or some items are incomplete.'
);
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
labels: ['deprioritized']
});
};
@@ -0,0 +1,79 @@
'use strict';
// Returns the minimum number of single-character edits (insert, delete, substitute)
// needed to turn string `a` into string `b`.
function levenshtein(a, b) {
const dp = Array.from({ length: a.length + 1 }, (_, i) =>
Array.from({ length: b.length + 1 }, (_, j) =>
i === 0 ? j : j === 0 ? i : 0
)
);
for (let i = 1; i <= a.length; i++) {
for (let j = 1; j <= b.length; j++) {
dp[i][j] =
a[i - 1] === b[j - 1]
? dp[i - 1][j - 1]
: 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1]);
}
}
return dp[a.length][b.length];
}
module.exports = async ({ github, context }) => {
const title = context.payload.pull_request.title;
const ccRegex =
/^(feat|fix|refactor|docs|chore|build|ci|test|perf|revert)(\([^)]+\))?: .+/;
if (ccRegex.test(title)) return;
const types = [
'feat',
'fix',
'refactor',
'docs',
'chore',
'build',
'ci',
'test',
'perf',
'revert'
];
let newTitle = title;
// Fix 1: space between type and scope — "feat (scope):" → "feat(scope):"
newTitle = newTitle.replace(/^(\w+)\s+(\([^)]+\):)/, '$1$2');
// Fix 2: missing colon after scope — "feat(scope) desc" → "feat(scope): desc"
newTitle = newTitle.replace(/^(\w+\([^)]+\)) ([^:])/, '$1: $2');
// Fix 3: typo in type — "refator(scope):" → "refactor(scope):" (distance ≤ 2)
const typoMatch = newTitle.match(/^(\w+)(\([^)]+\))?:/);
if (typoMatch) {
const candidate = typoMatch[1];
if (!types.includes(candidate)) {
const closest = types
.map(t => ({ t, d: levenshtein(candidate, t) }))
.filter(x => x.d <= 2)
.sort((a, b) => a.d - b.d)[0];
if (closest) newTitle = newTitle.replace(candidate, closest.t);
}
}
// Fix 4: missing space after colon — "fix:desc" → "fix: desc"
newTitle = newTitle.replace(/^(\w+(?:\([^)]+\))?):(\S)/, '$1: $2');
// Catch-all: prefix with "fix: " if still not a valid CC title
if (!ccRegex.test(newTitle)) {
newTitle = `fix: ${newTitle}`;
}
if (newTitle !== title) {
await github.rest.pulls.update({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.payload.pull_request.number,
title: newTitle
});
}
};
@@ -0,0 +1,107 @@
'use strict';
const FOOTER =
'\n\n---\nJoin us in our [chat room](https://discord.gg/PRyKn3Vbay) or our [forum](https://forum.freecodecamp.org/c/contributors/3) if you have any questions or need help with contributing.';
const TEMPLATE_BLOCK = [
'```md',
'Checklist:',
'',
'<!-- Please follow this checklist and put an x in each of the boxes, like this: [x]. It will ensure that our team takes your pull request seriously. -->',
'',
'- [ ] I have read and followed the [contribution guidelines](https://contribute.freecodecamp.org).',
'- [ ] I have read and followed the [how to open a pull request guide](https://contribute.freecodecamp.org/how-to-open-a-pull-request/).',
"- [ ] My pull request targets the `main` branch of freeCodeCamp.",
'- [ ] I have tested these changes either locally on my machine, or GitHub Codespaces.',
'',
'<!--If your pull request closes a GitHub issue, replace the XXXXX below with the issue number.-->',
'',
'Closes #XXXXX',
'',
'<!-- Feel free to add any additional description of changes below this line -->',
'```'
].join('\n');
const MESSAGES = {
incomplete_checklist: [
'**Checklist:** The PR description is missing the required checklist or some of its items are not completed:',
'',
'1. The `Checklist:` heading is present in the PR description.',
'2. The checkbox items are ticked (changed from `[ ]` to `[x]`).',
'3. You have actually completed the items in the checklist.',
'',
'Please edit your PR description to include the following template with the checklist items completed.',
'',
TEMPLATE_BLOCK
].join('\n'),
no_linked_issue: [
'**Linked Issue:** We kindly ask that contributors open an issue before submitting a PR so the change can be discussed and approved before work begins. This helps avoid situations where significant effort goes into something we ultimately cannot merge.',
'',
'Please open an issue first and allow it to be triaged. Once the issue is open for contribution, you are welcome to update this pull request to reflect the issue consensus. Until then, we will not be able to review your pull request.'
].join('\n'),
waiting_triage: [
'**Linked Issue:** The linked issue has not been triaged yet, and a solution has not been agreed upon. Once the issue is open for contribution, you are welcome to update this pull request to reflect the issue consensus. Until then, we will not be able to review your pull request.'
].join('\n'),
not_open_for_contribution:
'**Linked Issue:** The linked issue is not open for contribution. If you are looking for issues to contribute to, please check out issues labeled [`help wanted`](https://github.com/freeCodeCamp/freeCodeCamp/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) or [`first timers only`](https://github.com/freeCodeCamp/freeCodeCamp/issues?q=is%3Aissue+is%3Aopen+label%3A%22first+timers+only%22).'
};
module.exports = async ({
github,
context,
templateResult,
templateReason,
linkedIssueResult,
linkedIssueReason
}) => {
const allPassed =
templateResult === 'success' && linkedIssueResult === 'success';
if (allPassed) {
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
name: 'deprioritized'
});
} catch {
// Label may not exist — ignore.
}
return;
}
// On edit, don't re-comment — the original comment is already there.
if (context.payload.action === 'edited') return;
const sections = [];
if (templateResult === 'failure' && MESSAGES[templateReason]) {
sections.push(MESSAGES[templateReason]);
}
if (linkedIssueResult === 'failure' && MESSAGES[linkedIssueReason]) {
sections.push(MESSAGES[linkedIssueReason]);
}
if (sections.length === 0) return;
const body =
[
'Hi there,',
'',
'Thanks for opening this pull request.',
'',
'The automated checks found some issues:',
'',
sections.join('\n\n')
].join('\n') + FOOTER;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body
});
};
@@ -0,0 +1,342 @@
name: i18n - Download Client UI
on:
workflow_dispatch:
schedule:
# runs Monday and Wednesday at 12:15 PM UTC
- cron: '15 12 * * 1,3'
env:
GITHUB_TOKEN: ${{ secrets.CROWDIN_CAMPERBOT_PAT }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_CAMPERBOT_SERVICE_TOKEN }}
CROWDIN_API_URL: 'https://freecodecamp.crowdin.com/api/v2/'
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID_CLIENT }}
permissions:
contents: read
jobs:
i18n-download-client-ui-translations:
name: Client
runs-on: ubuntu-24.04
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
token: ${{ secrets.CROWDIN_CAMPERBOT_PAT }}
- name: Generate Crowdin Config
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'generate-config'
PROJECT_NAME: 'client'
##### Download Chinese #####
- name: Crowdin Download Chinese Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: zh-CN
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
# Convert Simplified Chinese to Traditional #
- name: Convert Chinese
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'convert-chinese'
FILE_PATHS: '["client/i18n/locales/chinese"]'
##### Download Espanol #####
- name: Crowdin Download Espanol Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: es-EM
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Italian #####
- name: Crowdin Download Italian Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: it
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Brazilian Portuguese #####
- name: Crowdin Download Portuguese (Brazilian) Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: pt-BR
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Ukrainian #####
- name: Crowdin Download Ukrainian Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: uk
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Japanese #####
- name: Crowdin Download Japanese Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: ja
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download German #####
- name: Crowdin Download German Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: de
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Swahili #####
- name: Crowdin Download Swahili Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: sw
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Korean #####
- name: Crowdin Download Korean Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: ko
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
###### Format JSON #####
# Crowdin gives the files read-only permissions, so we first have to allow
# writes.
- name: Format JSON
run: |
sudo chown -R $(whoami): client/i18n/locales
npx --yes prettier --write client/i18n/locales/**/*.json
###### Lowercase directory names #####
- name: Lowercase Directories
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'lowercase-directories'
FILE_PATH: 'client/i18n/locales'
# Crowdin translators might have the directories
# Create Commit
- name: Commit Changes
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'commit-changes'
GH_USERNAME: 'camperbot'
GH_EMAIL: ${{ secrets.ACTIONS_CAMPERBOT_EMAIL }}
GH_BRANCH: 'i18n-sync-client'
GH_MESSAGE: 'chore(i18n,client): processed translations'
# Generate PR #
# All languages should go ABOVE this. #
- name: Create PR
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'pull-request'
GH_TOKEN: ${{ secrets.CROWDIN_CAMPERBOT_PAT }}
BRANCH: 'i18n-sync-client'
REPOSITORY: 'freecodecamp/freecodecamp'
BASE: 'main'
TITLE: 'chore(i18n,client): processed translations'
BODY: 'This PR was opened auto-magically by Crowdin.'
LABELS: 'crowdin-sync'
TEAM_REVIEWERS: 'i18n'
@@ -0,0 +1,55 @@
name: i18n - Upload Client UI
on:
workflow_dispatch:
schedule:
# runs every weekday at 7:15 AM UTC
- cron: '15 7 * * 1-5'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_CAMPERBOT_SERVICE_TOKEN }}
CROWDIN_API_URL: 'https://freecodecamp.crowdin.com/api/v2/'
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID_ClIENT }}
permissions:
contents: read
jobs:
i18n-upload-client-ui-files:
name: Client
runs-on: ubuntu-24.04
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Generate Crowdin Config
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'generate-config'
PROJECT_NAME: 'client'
- name: Crowdin Upload
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: true
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
@@ -0,0 +1,80 @@
name: i18n - Upload Curriculum
on:
workflow_dispatch:
schedule:
# runs every weekday at 7:30 AM UTC
- cron: '30 7 * * 1-5'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_CAMPERBOT_SERVICE_TOKEN }}
CROWDIN_API_URL: 'https://freecodecamp.crowdin.com/api/v2/'
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID_CURRICULUM }}
permissions:
contents: read
jobs:
i18n-upload-curriculum-files:
name: Learn
runs-on: ubuntu-24.04
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Generate Crowdin Config
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'generate-config'
PROJECT_NAME: 'curriculum'
- name: Crowdin Upload
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: true
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
- name: Remove deleted files
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'remove-deleted-files'
FILE_PATHS: '["curriculum/challenges/english", "curriculum/dictionaries/english"]'
- name: Hide Non-Translated Strings
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'hide-curriculum-strings'
- name: Hide a String
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'hide-string'
FILE_NAME: 'basic-html-and-html5/nest-an-anchor-element-within-a-paragraph.md'
STRING_CONTENT: Here's a <a href="https://www.freecodecamp.org" target="_blank" mark="crwd-mark">link to www.freecodecamp.org</a> for you to follow.
- name: Unhide Title of Use && For a More Concise Conditional
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'unhide-string'
FILE_NAME: 'react/use--for-a-more-concise-conditional.md'
STRING_CONTENT: 'Use &amp;&amp; for a More Concise Conditional'
@@ -0,0 +1,77 @@
name: CI - Node.js - i18n - Submodule
on:
# Run on push events, but only for the below branches
push:
branches:
- 'chore/update-i18n-curriculum-submodule'
workflow_dispatch:
permissions:
contents: read
jobs:
test-curriculum:
name: Test Curriculum
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
node-version: [24]
# Exclude the languages that we currently run in the full CI suite.
locale:
- 'chinese'
- 'espanol'
- 'ukrainian'
- 'japanese'
- 'german'
- 'swahili'
- 'korean'
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set Environment variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install node_modules
run: pnpm install
# DONT REMOVE THIS STEP.
# TODO: Refactor and use re-usable workflow and shared artifacts
- name: Build Client in ${{ matrix.locale }}
env:
CURRICULUM_LOCALE: ${{ matrix.locale }}
CLIENT_LOCALE: ${{ matrix.locale }}
run: |
pnpm run build
- name: Install Chrome for Puppeteer
run: pnpm -F=curriculum install-puppeteer
- name: Run Tests
env:
CURRICULUM_LOCALE: ${{ matrix.locale }}
CLIENT_LOCALE: ${{ matrix.locale }}
run: pnpm -F=curriculum test-content
+332
View File
@@ -0,0 +1,332 @@
name: CD - Deploy - API
on:
workflow_dispatch:
inputs:
api_log_lvl:
description: 'Log level for the API'
type: choice
options:
- debug
- info
- warn
default: info
show_upcoming_changes:
description: 'Show upcoming changes (enables upcoming certifications and challenges)'
type: boolean
default: false
concurrency:
group: deploy-api-${{ github.ref_name }}
cancel-in-progress: false
jobs:
setup-jobs:
name: Setup Jobs
runs-on: ubuntu-24.04
outputs:
site_tld: ${{ steps.setup.outputs.site_tld }}
tgt_env_short: ${{ steps.setup.outputs.tgt_env_short }}
tgt_env_long: ${{ steps.setup.outputs.tgt_env_long }}
api_log_lvl: ${{ steps.setup.outputs.api_log_lvl }}
show_upcoming_changes: ${{ steps.setup.outputs.show_upcoming_changes }}
steps:
- name: Setup
id: setup
env:
BRANCH: ${{ github.ref_name }}
SHOW_UPCOMING_CHANGES: ${{ inputs.show_upcoming_changes }}
API_LOG_LVL: ${{ inputs.api_log_lvl || 'info' }}
run: |
echo "Current branch: $BRANCH"
# Convert boolean input to string 'true' or 'false'
if [[ "$SHOW_UPCOMING_CHANGES" == "true" ]]; then
echo "show_upcoming_changes=true" >> "$GITHUB_OUTPUT"
else
echo "show_upcoming_changes=false" >> "$GITHUB_OUTPUT"
fi
case "$BRANCH" in
"prod-current")
echo "site_tld=org" >> "$GITHUB_OUTPUT"
echo "tgt_env_short=prd" >> "$GITHUB_OUTPUT"
echo "tgt_env_long=production" >> "$GITHUB_OUTPUT"
echo "api_log_lvl=$API_LOG_LVL" >> "$GITHUB_OUTPUT"
;;
*)
echo "site_tld=dev" >> "$GITHUB_OUTPUT"
echo "tgt_env_short=stg" >> "$GITHUB_OUTPUT"
echo "tgt_env_long=staging" >> "$GITHUB_OUTPUT"
echo "api_log_lvl=$API_LOG_LVL" >> "$GITHUB_OUTPUT"
;;
esac
build:
name: Build & Push
needs: setup-jobs
uses: ./.github/workflows/docker-docr.yml
with:
site_tld: ${{ needs.setup-jobs.outputs.site_tld }}
app: api
show_upcoming_changes: ${{ needs.setup-jobs.outputs.show_upcoming_changes }}
secrets:
DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
DOCR_NAME: ${{ secrets.DOCR_NAME }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
deploy:
name: Deploy to Docker Swarm -- ${{ needs.setup-jobs.outputs.tgt_env_short }}
runs-on: ubuntu-24.04
needs: [setup-jobs, build]
env:
TS_USERNAME: ${{ secrets.TS_USERNAME }}
TS_MACHINE_NAME: ${{ secrets.TS_MACHINE_NAME }}
permissions:
deployments: write
environment:
name: ${{ needs.setup-jobs.outputs.tgt_env_short }}-api
steps:
- name: Setup and connect to Tailscale network
uses: tailscale/github-action@306e68a486fd2350f2bfc3b19fcd143891a4a2d8 # v4
with:
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
hostname: gha-${{needs.setup-jobs.outputs.tgt_env_short}}-api-ci-${{ github.run_id }}
tags: tag:ci
version: latest
- name: Wait for Tailscale Network Readiness
run: |
echo "Waiting for Tailscale network to be ready..."
max_wait=60
elapsed=0
while [ $elapsed -lt $max_wait ]; do
if tailscale status --json | jq -e '.BackendState == "Running"' > /dev/null 2>&1; then
echo "Tailscale network is ready"
break
fi
sleep 2
elapsed=$((elapsed + 2))
done
if [ $elapsed -ge $max_wait ]; then
echo "Tailscale network not ready after ${max_wait}s"
exit 1
fi
- name: Configure SSH & Check Connection
run: |
mkdir -p ~/.ssh
echo "Host *
UserKnownHostsFile=/dev/null
StrictHostKeyChecking no" > ~/.ssh/config
chmod 644 ~/.ssh/config
validate_connection() {
local machine_name=$1
local max_retries=3
local retry_delay=5
for attempt in $(seq 1 $max_retries); do
echo "Connection attempt $attempt/$max_retries to $machine_name"
if ! tailscale status | grep -q "$machine_name"; then
echo "Machine $machine_name not found in Tailscale network"
if [ "$attempt" -eq "$max_retries" ]; then
return 1
fi
sleep "$retry_delay"
continue
fi
MACHINE_IP=$(tailscale ip -4 "$machine_name")
if ssh -o ConnectTimeout=10 -o BatchMode=yes "$TS_USERNAME@$MACHINE_IP" "echo 'Connection test'; docker --version" > /dev/null 2>&1; then
echo "Successfully validated connection to $machine_name"
return 0
fi
echo "SSH validation failed for $machine_name"
if [ "$attempt" -lt "$max_retries" ]; then
sleep "$retry_delay"
fi
done
echo "Failed to establish connection to $machine_name after $max_retries attempts"
return 1
}
echo -e "\nLOG:Validating connection to $TS_MACHINE_NAME..."
if ! validate_connection "$TS_MACHINE_NAME"; then
echo "Error: Failed to establish reliable connection to $TS_MACHINE_NAME"
exit 1
fi
- name: Deploy with Docker Stack
env:
AGE_ENCRYPTED_ASC_SECRETS: ${{ secrets.AGE_ENCRYPTED_ASC_SECRETS }}
AGE_SECRET_KEY: ${{ secrets.AGE_SECRET_KEY }}
# Variable set from GitHub "Environment" secrets (AGE encrypted)
# DOCKER_REGISTRY
# MONGOHQ_URL
# SENTRY_DSN
# SENTRY_ENVIRONMENT
# AUTH0_CLIENT_ID
# AUTH0_CLIENT_SECRET
# AUTH0_DOMAIN
# JWT_SECRET
# COOKIE_SECRET
# COOKIE_DOMAIN
# SES_ID
# SES_SECRET
# SES_SMTP_USERNAME
# SES_SMTP_PASSWORD
# GROWTHBOOK_FASTIFY_API_HOST
# GROWTHBOOK_FASTIFY_CLIENT_KEY
# HOME_LOCATION
# API_LOCATION
# SOCRATES_API_KEY
# SOCRATES_ENDPOINT
# STRIPE_SECRET_KEY
# Variables set from SetupJob
DEPLOYMENT_VERSION: ${{ needs.build.outputs.tagname }}
DEPLOYMENT_ENV: ${{ needs.setup-jobs.outputs.tgt_env_long }}
DEPLOYMENT_TLD: ${{ needs.setup-jobs.outputs.site_tld }}
FCC_API_LOG_LEVEL: ${{ needs.setup-jobs.outputs.api_log_lvl }}
SHOW_UPCOMING_CHANGES: ${{ needs.setup-jobs.outputs.show_upcoming_changes }}
# Stack name
STACK_NAME: ${{ needs.setup-jobs.outputs.tgt_env_short }}-api
run: |
REMOTE_SCRIPT="
set -e
trap 'rm -f .env age.key secrets.age.asc .env.tmp' EXIT
echo -e '\nLOG:Deploying API to $TS_MACHINE_NAME...'
cd /home/$TS_USERNAME/docker-swarm-config/stacks/api
echo -e '\nLOG:Checking if age is installed...'
which age > /dev/null
echo -e '\nLOG:Decrypting secrets...'
echo \"$AGE_ENCRYPTED_ASC_SECRETS\" > secrets.age.asc
echo \"$AGE_SECRET_KEY\" > age.key && chmod 600 age.key
age --identity age.key --decrypt secrets.age.asc > .env
rm -f age.key secrets.age.asc
echo -e '\nLOG:Cleaning up .env file...'
touch .env.tmp
while IFS= read -r line; do
if [[ \$line =~ ^[A-Za-z0-9_]+=.*$ ]]; then
# Extract the key (part before the first =)
key=\${line%%=*}
# Remove any previous line with this key
sed -i \"/^\${key}=/d\" .env.tmp
fi
# Append the current line
echo \"\$line\" >> .env.tmp
done < .env
mv .env.tmp .env
echo -e '\nLOG:Adding deployment variables...'
{
echo \"DEPLOYMENT_VERSION=$DEPLOYMENT_VERSION\"
echo \"DEPLOYMENT_TLD=$DEPLOYMENT_TLD\"
echo \"DEPLOYMENT_ENV=$DEPLOYMENT_ENV\"
echo \"FCC_API_LOG_LEVEL=$FCC_API_LOG_LEVEL\"
echo \"SHOW_UPCOMING_CHANGES=$SHOW_UPCOMING_CHANGES\"
} >> .env
echo -e '\nLOG:Sourcing environment...'
REQUIRED_VARS=(
\"DOCKER_REGISTRY\"
\"MONGOHQ_URL\"
\"SENTRY_DSN\"
\"SENTRY_ENVIRONMENT\"
\"AUTH0_CLIENT_ID\"
\"AUTH0_CLIENT_SECRET\"
\"AUTH0_DOMAIN\"
\"JWT_SECRET\"
\"COOKIE_SECRET\"
\"COOKIE_DOMAIN\"
\"SES_ID\"
\"SES_SECRET\"
\"SES_SMTP_USERNAME\"
\"SES_SMTP_PASSWORD\"
\"GROWTHBOOK_FASTIFY_API_HOST\"
\"GROWTHBOOK_FASTIFY_CLIENT_KEY\"
\"HOME_LOCATION\"
\"API_LOCATION\"
\"SOCRATES_API_KEY\"
\"SOCRATES_ENDPOINT\"
\"STRIPE_SECRET_KEY\"
\"DEPLOYMENT_VERSION\"
\"DEPLOYMENT_TLD\"
\"DEPLOYMENT_ENV\"
\"FCC_API_LOG_LEVEL\"
)
while IFS='=' read -r key value; do
if [[ -n \"\$key\" && ! \"\$key\" =~ ^# ]]; then
export \"\${key}=\${value}\"
fi
done < .env
MISSING_VARS=()
for var in \"\${REQUIRED_VARS[@]}\"; do
if [[ -z \"\${!var}\" ]]; then
MISSING_VARS+=(\"\$var\")
fi
done
if [[ \${#MISSING_VARS[@]} -gt 0 ]]; then
echo \"ERROR: The following required environment variables are missing or empty:\"
for var in \"\${MISSING_VARS[@]}\"; do
echo \" - \$var\"
done
exit 1
fi
rm -rf .env
echo -e '\nLOG:Validating deployment version...'
if [[ \"\$DEPLOYMENT_VERSION\" != \"$DEPLOYMENT_VERSION\" ]]; then
echo \"Error: Version mismatch. Expected: $DEPLOYMENT_VERSION, Got: \$DEPLOYMENT_VERSION\"
exit 1
fi
env | grep -E 'DEPLOYMENT_VERSION'
echo -e '\nLOG:Checking stack configuration...'
CONFIG_OUTPUT=\"/dev/null\"
if [[ \"\$FCC_API_LOG_LEVEL\" == \"debug\" ]]; then
CONFIG_FILENAME=\"debug-docker-stack-config-\${DEPLOYMENT_VERSION}.yml\"
echo -e '\nLOG:Saving stack configuration for debugging...'
CONFIG_OUTPUT=\"\$CONFIG_FILENAME\"
fi
docker stack config -c stack-api.yml > \$CONFIG_OUTPUT
echo -e '\nLOG:Deploying stack...'
docker stack deploy -c stack-api.yml --prune --with-registry-auth --detach=false $STACK_NAME
echo -e '\nLOG:Finished deployment.'
"
MACHINE_IP=$(tailscale ip -4 "$TS_MACHINE_NAME")
# shellcheck disable=SC2029 # client-side expansion of REMOTE_SCRIPT is intended
ssh "$TS_USERNAME@$MACHINE_IP" "$REMOTE_SCRIPT"
# TODO(o11y): Sentry release finalize disabled pending a follow-up PR with
# a stable release-id scheme (source-map upload in docker-docr.yml is
# disabled alongside). Re-enabling should also gate on a rollback-safe
# convergence check (docker service state) before finalizing, since
# `docker stack deploy --detach=false` exits 0 through a healthcheck
# rollback. See .scratchpad/o11y-cutover-review-2026-07-10.md.
# - name: Finalize Sentry release
# env:
# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
# SENTRY_ORG: freecodecamp
# SENTRY_PROJECT: api-fastify
# RELEASE: ${{ needs.build.outputs.tagname }}
# DEPLOY_ENV: ${{ needs.setup-jobs.outputs.tgt_env_long }}
# run: |
# npx --yes @sentry/cli@3.6.0 releases finalize "$RELEASE"
# npx --yes @sentry/cli@3.6.0 releases deploys "$RELEASE" new -e "$DEPLOY_ENV"
+381
View File
@@ -0,0 +1,381 @@
name: CD - Deploy - Clients
on:
workflow_dispatch:
inputs:
target_language:
description: 'Target language (or "all" for all languages)'
type: choice
options:
- all
- english
- chinese
- espanol
- chinese-traditional
- italian
- portuguese
- ukrainian
- japanese
- german
- swahili
- korean
default: all
show_upcoming_changes:
description: 'Show upcoming changes (enables upcoming certifications and challenges)'
type: boolean
default: false
concurrency:
group: deploy-client-${{ github.ref_name }}
cancel-in-progress: false
jobs:
setup-jobs:
name: Setup Jobs
runs-on: ubuntu-24.04
outputs:
site_tld: ${{ steps.setup.outputs.site_tld }} # org, dev
tgt_env_short: ${{ steps.setup.outputs.tgt_env_short }} # prd, stg
tgt_env_long: ${{ steps.setup.outputs.tgt_env_long }} # production, staging
tgt_env_branch: ${{ steps.setup.outputs.tgt_env_branch }} # prod-current, prod-staging
show_upcoming_changes: ${{ steps.setup.outputs.show_upcoming_changes }}
steps:
- name: Setup
id: setup
env:
BRANCH: ${{ github.ref_name }}
SHOW_UPCOMING_CHANGES: ${{ inputs.show_upcoming_changes }}
run: |
echo "Current branch: $BRANCH"
# Convert boolean input to string 'true' or 'false'
if [[ "$SHOW_UPCOMING_CHANGES" == "true" ]]; then
echo "show_upcoming_changes=true" >> $GITHUB_OUTPUT
else
echo "show_upcoming_changes=false" >> $GITHUB_OUTPUT
fi
case "$BRANCH" in
"prod-current")
echo "site_tld=org" >> $GITHUB_OUTPUT
echo "tgt_env_short=prd" >> $GITHUB_OUTPUT
echo "tgt_env_long=production" >> $GITHUB_OUTPUT
echo "tgt_env_branch=prod-current" >> $GITHUB_OUTPUT
;;
*)
echo "site_tld=dev" >> $GITHUB_OUTPUT
echo "tgt_env_short=stg" >> $GITHUB_OUTPUT
echo "tgt_env_long=staging" >> $GITHUB_OUTPUT
echo "tgt_env_branch=prod-staging" >> $GITHUB_OUTPUT
;;
esac
setup-matrix:
name: Setup Matrix
runs-on: ubuntu-24.04
needs: setup-jobs
outputs:
matrix: ${{ steps.matrix.outputs.matrix }}
steps:
- name: Setup Matrix
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
id: matrix
env:
TARGET_LANG: ${{ inputs.target_language }}
with:
script: |
// Constants
const NODE_VERSION = 24;
// Input sanitization and validation
const rawTargetLang = process.env.TARGET_LANG || 'all';
const targetLang = rawTargetLang.trim().toLowerCase();
console.log(`Target language: ${targetLang}`);
// Language mappings (single source of truth)
const languageMap = {
'english': 'eng',
'chinese': 'chn',
'espanol': 'esp',
'chinese-traditional': 'cnt',
'italian': 'ita',
'portuguese': 'por',
'ukrainian': 'ukr',
'japanese': 'jpn',
'german': 'ger',
'swahili': 'swa',
'korean': 'kor'
};
const allLanguages = Object.keys(languageMap);
let matrix;
if (targetLang === 'all') {
console.log('Building matrix for all languages');
console.log(`Available languages: ${allLanguages.join(', ')}`);
// Build include array for all languages
const include = allLanguages.map(lang => ({
'node-version': NODE_VERSION,
'lang-name-full': lang,
'lang-name-short': languageMap[lang]
}));
matrix = {
include: include
};
} else {
console.log(`Building matrix for single language: ${targetLang}`);
// Validate language selection
if (!languageMap[targetLang]) {
const errorMsg = `Unknown language '${targetLang}'. Available: ${allLanguages.join(', ')}`;
console.error(errorMsg);
core.setFailed(errorMsg);
return;
}
console.log(`Processing: ${targetLang} -> ${languageMap[targetLang]}`);
// Create single language matrix
matrix = {
include: [{
'node-version': NODE_VERSION,
'lang-name-full': targetLang,
'lang-name-short': languageMap[targetLang]
}]
};
}
// Final validation
if (!matrix || !matrix.include || matrix.include.length === 0) {
core.setFailed('Generated matrix is empty or invalid');
return;
}
console.log('Generated matrix:');
console.log(JSON.stringify(matrix, null, 2));
console.log(`Matrix will create ${matrix.include.length} job(s)`);
// Set output for GitHub Actions
core.setOutput('matrix', JSON.stringify(matrix));
client:
name: Clients - [${{ needs.setup-jobs.outputs.tgt_env_short }}] [${{ matrix.lang-name-short }}]
needs: [setup-jobs, setup-matrix]
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
permissions:
deployments: write
contents: read
environment:
name: ${{ needs.setup-jobs.outputs.tgt_env_short }}-clients
env:
TS_USERNAME: ${{ secrets.TS_USERNAME }}
TS_MACHINE_NAME_PREFIX: ${{ secrets.TS_MACHINE_NAME_PREFIX }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Language specific ENV - [${{ matrix.lang-name-full }}]
run: |
if [ "${{ matrix.lang-name-full }}" = "english" ]; then
echo "HOME_LOCATION=https://www.freecodecamp.${{ needs.setup-jobs.outputs.site_tld }}" >> $GITHUB_ENV
echo "NEWS_LOCATION=https://www.freecodecamp.${{ needs.setup-jobs.outputs.site_tld }}/news" >> $GITHUB_ENV
else
echo "HOME_LOCATION=https://www.freecodecamp.${{ needs.setup-jobs.outputs.site_tld }}/${{ matrix.lang-name-full }}" >> $GITHUB_ENV
echo "NEWS_LOCATION=https://www.freecodecamp.${{ needs.setup-jobs.outputs.site_tld }}/${{ matrix.lang-name-full }}/news" >> $GITHUB_ENV
fi
echo "CLIENT_LOCALE=${{ matrix.lang-name-full }}" >> $GITHUB_ENV
echo "CURRICULUM_LOCALE=${{ matrix.lang-name-full }}" >> $GITHUB_ENV
- name: Create deployment version
id: deployment-version
run: |
DEPLOYMENT_VERSION=$(git rev-parse --short HEAD)-$(date +%Y%m%d)-$(date +%H%M)
echo "DEPLOYMENT_VERSION=$DEPLOYMENT_VERSION" >> $GITHUB_ENV
echo "DEPLOYMENT_VERSION=$DEPLOYMENT_VERSION" >> $GITHUB_OUTPUT
- name: Install and Build
env:
API_LOCATION: 'https://api.freecodecamp.${{ needs.setup-jobs.outputs.site_tld }}'
ALGOLIA_API_KEY: ${{ secrets.ALGOLIA_API_KEY }}
ALGOLIA_APP_ID: ${{ secrets.ALGOLIA_APP_ID }}
GROWTHBOOK_URI: ${{ secrets.GROWTHBOOK_URI }}
FORUM_LOCATION: 'https://forum.freecodecamp.org'
PATREON_CLIENT_ID: ${{ secrets.PATREON_CLIENT_ID }}
PAYPAL_CLIENT_ID: ${{ secrets.PAYPAL_CLIENT_ID }}
STRIPE_PUBLIC_KEY: ${{ secrets.STRIPE_PUBLIC_KEY }}
SHOW_UPCOMING_CHANGES: ${{ needs.setup-jobs.outputs.show_upcoming_changes }}
FREECODECAMP_NODE_ENV: production
# The below is used in ecosystem.config.js file for the API -- to be removed later
DEPLOYMENT_ENV: ${{ needs.setup-jobs.outputs.tgt_env_long }}
# The above is used in ecosystem.config.js file for the API -- to be removed later
run: |
pnpm install
pnpm run build
- name: Tar Files
run: tar -czf client-${{ matrix.lang-name-short }}.tar client/public
- name: Setup and connect to Tailscale network
uses: tailscale/github-action@306e68a486fd2350f2bfc3b19fcd143891a4a2d8 # v4
with:
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
hostname: gha-${{needs.setup-jobs.outputs.tgt_env_short}}-clients-ci-${{ github.run_id }}
tags: tag:ci
version: latest
- name: Wait for Tailscale Network Readiness
run: |
echo "Waiting for Tailscale network to be ready..."
max_wait=60
elapsed=0
while [ $elapsed -lt $max_wait ]; do
if tailscale status --json | jq -e '.BackendState == "Running"' > /dev/null 2>&1; then
echo "Tailscale network is ready"
break
fi
sleep 2
elapsed=$((elapsed + 2))
done
if [ $elapsed -ge $max_wait ]; then
echo "Tailscale network not ready after ${max_wait}s"
exit 1
fi
- name: Configure SSH & Check Connection
run: |
mkdir -p ~/.ssh
echo "Host *
UserKnownHostsFile=/dev/null
StrictHostKeyChecking no" > ~/.ssh/config
chmod 644 ~/.ssh/config
validate_connection() {
local machine_name=$1
local max_retries=3
local retry_delay=5
for attempt in $(seq 1 $max_retries); do
echo "Connection attempt $attempt/$max_retries to $machine_name"
if ! tailscale status | grep -q "$machine_name"; then
echo "Machine $machine_name not found in Tailscale network"
if [ $attempt -eq $max_retries ]; then
return 1
fi
sleep $retry_delay
continue
fi
MACHINE_IP=$(tailscale ip -4 $machine_name)
if ssh -o ConnectTimeout=10 -o BatchMode=yes $TS_USERNAME@$MACHINE_IP "echo 'Connection test'; uptime" > /dev/null 2>&1; then
echo "Successfully validated connection to $machine_name"
return 0
fi
echo "SSH validation failed for $machine_name"
if [ $attempt -lt $max_retries ]; then
sleep $retry_delay
fi
done
echo "Failed to establish connection to $machine_name after $max_retries attempts"
return 1
}
echo -e "\nLOG:Validating connections to all machines..."
for i in {0..1}; do
TS_MACHINE_NAME=${TS_MACHINE_NAME_PREFIX}-${{ matrix.lang-name-short }}-${i}
echo "Validating connection to $TS_MACHINE_NAME"
if ! validate_connection "$TS_MACHINE_NAME"; then
echo "Error: Failed to establish reliable connection to $TS_MACHINE_NAME"
exit 1
fi
done
echo "All machine connections validated successfully"
- name: Upload and Deploy
run: |
for i in {0..1}; do
TS_MACHINE_NAME=${TS_MACHINE_NAME_PREFIX}-${{ matrix.lang-name-short }}-${i}
CURRENT_DATE=$(date +%Y%m%d)
CLIENT_SRC=client-${{ matrix.lang-name-short }}.tar
CLIENT_DST=/tmp/client-${{ matrix.lang-name-short }}-${CURRENT_DATE}-${{ github.run_id }}.tar
CLIENT_BINARIES=${{needs.setup-jobs.outputs.tgt_env_short}}-release-$CURRENT_DATE-${{ github.run_id }}
echo -e "\nLOG:Uploading client archive to $TS_MACHINE_NAME..."
MACHINE_IP=$(tailscale ip -4 $TS_MACHINE_NAME)
scp $CLIENT_SRC $TS_USERNAME@$MACHINE_IP:$CLIENT_DST
REMOTE_SCRIPT="
set -e
echo -e '\nLOG: Deploying client - $CLIENT_BINARIES to $TS_MACHINE_NAME...'
echo -e '\nLOG:Extracting client archive...'
mkdir -p /home/$TS_USERNAME/client/releases/$CLIENT_BINARIES
tar -xzf $CLIENT_DST -C /home/$TS_USERNAME/client/releases/$CLIENT_BINARIES --strip-components=2
echo -e '\nLOG:Cleaning up client archive...'
rm $CLIENT_DST
echo -e '\nLOG:Checking client archive size...'
du -sh /home/$TS_USERNAME/client/releases/$CLIENT_BINARIES
echo -e '\nLOG:Environment setup...'
cd /home/$TS_USERNAME/client
export NVM_DIR=\$HOME/.nvm && [ -s "\$NVM_DIR/nvm.sh" ] && source "\$NVM_DIR/nvm.sh"
echo -e '\nLOG:Checking available Node.js versions...'
nvm ls | grep 'default'
echo -e '\nLOG:Checking Node.js version...'
node --version
echo -e '\nLOG:Installing serve...'
npm install -g serve@13
echo -e '\nLOG:Primary client setup...'
rm -f client-start-primary.sh
echo \"serve -c ../../serve.json releases/$CLIENT_BINARIES -p 50505\" >> client-start-primary.sh
chmod +x client-start-primary.sh
pm2 delete client-primary || true
pm2 start ./client-start-primary.sh --name client-primary
echo -e '\nLOG:Primary client setup completed.'
pm2 ls
echo -e '\nLOG:Secondary client setup...'
rm -f client-start-secondary.sh
echo \"serve -c ../../serve.json releases/$CLIENT_BINARIES -p 52525\" >> client-start-secondary.sh
chmod +x client-start-secondary.sh
pm2 delete client-secondary || true
pm2 start ./client-start-secondary.sh --name client-secondary
echo -e '\nLOG:Secondary client setup completed.'
pm2 ls
pm2 save
echo -e '\nLOG:Finished deployment.'
"
ssh $TS_USERNAME@$MACHINE_IP "$REMOTE_SCRIPT"
done
+63
View File
@@ -0,0 +1,63 @@
name: CI - Devcontainer
on:
pull_request:
paths:
- '.devcontainer/**'
- 'docker/devcontainer/**'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
packages: read
jobs:
validate:
name: Validate
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Login to GHCR
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Install devcontainer CLI
# renovate: datasource=npm depName=@devcontainers/cli
run: npm install -g @devcontainers/cli@0.83.0
- name: Build devcontainer
run: devcontainer build --workspace-folder .
- name: Start devcontainer
run: devcontainer up --workspace-folder .
- name: Validate required tools
run: |
devcontainer exec --workspace-folder . pnpm --version
devcontainer exec --workspace-folder . rsync --version
devcontainer exec --workspace-folder . mongosh --version
devcontainer exec --workspace-folder . node --version
devcontainer exec --workspace-folder . git --version
- name: Validate MongoDB replica set
run: |
for i in $(seq 1 30); do
if devcontainer exec --workspace-folder . mongosh --eval "rs.status().ok" 2>/dev/null; then
echo "Replica set is ready"
exit 0
fi
echo "Waiting for replica set... (attempt $i/30)"
sleep 2
done
echo "Replica set failed to initialize"
exit 1
+35
View File
@@ -0,0 +1,35 @@
name: CD - Docker - DOCR Cleanup Container Images
on:
workflow_dispatch:
schedule:
- cron: '5 0 * * 3,6' # 12:05 UTC on Wednesdays and Saturdays (6 hour maintenance window)
jobs:
remove:
name: Delete Old Images
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
repos:
- learn-api
variants:
- dev
- org
steps:
- name: Install doctl
uses: digitalocean/action-doctl@3cb3953159719656269e044e0e24ca16dd2a690f # v2.5.2
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: Log in to DigitalOcean Container Registry with short-lived credentials
run: doctl registry login --expiry-seconds 1200
- name: Delete Images
uses: raisedadead/action-docr-cleanup@1c7d87369bccfdf5da03a9ae3b00eacc3f2a9b51 # v1
with:
repository_name: '${{ matrix.variants }}/${{ matrix.repos }}'
days: '7'
keep_last: '3'
+125
View File
@@ -0,0 +1,125 @@
name: CD - Docker - DOCR
on:
workflow_dispatch:
inputs:
site_tld:
required: true
type: choice
description: 'Input: The site tld (variant) to build'
options:
- dev
- org
default: 'dev'
app:
required: true
type: string
description: 'Input: The app (component) to build'
default: 'api'
show_upcoming_changes:
required: false
type: string
description: 'Input: Show upcoming changes flag (true/false)'
default: 'false'
workflow_call:
inputs:
site_tld:
required: true
type: string
description: 'Input: The site tld (variant) to build'
app:
required: true
type: string
description: 'Input: The app (component) to build'
show_upcoming_changes:
required: false
type: string
description: 'Input: Show upcoming changes flag (true/false)'
default: 'false'
secrets:
DIGITALOCEAN_ACCESS_TOKEN:
required: true
description: 'DigitalOcean API token for registry authentication'
DOCR_NAME:
required: true
description: 'DigitalOcean Container Registry name'
SENTRY_AUTH_TOKEN:
required: false
description: 'Sentry auth token for source map upload (api app only)'
outputs:
tagname:
description: 'Output: The tagname for the image built'
value: ${{ jobs.build.outputs.tagname }}
jobs:
build:
name: Build & Push
runs-on: ubuntu-24.04
permissions:
contents: read
outputs:
tagname: ${{ steps.tagname.outputs.tagname }}
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Create a tagname
id: tagname
run: |
tagname=$(git rev-parse --short HEAD)-$(date +%Y%m%d)-$(date +%H%M)
echo "tagname=$tagname" >> "$GITHUB_ENV"
echo "tagname=$tagname" >> "$GITHUB_OUTPUT"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
- name: Install doctl
uses: digitalocean/action-doctl@3cb3953159719656269e044e0e24ca16dd2a690f # v2.5.2
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: Log in to DigitalOcean Container Registry with short-lived credentials
run: doctl registry login --expiry-seconds 1200
- name: Build & Push Image
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
with:
context: .
file: docker/${{ inputs.app }}/Dockerfile
push: true
build-args: |
SHOW_UPCOMING_CHANGES=${{ inputs.show_upcoming_changes }}
tags: |
registry.digitalocean.com/${{ secrets.DOCR_NAME }}/${{ inputs.site_tld }}/learn-${{ inputs.app }}:${{ env.tagname }}
registry.digitalocean.com/${{ secrets.DOCR_NAME }}/${{ inputs.site_tld }}/learn-${{ inputs.app }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
# TODO(o11y): source-map upload + release marking disabled pending a
# follow-up PR with a stable release-id scheme. Also fix the upload path
# when re-enabling: the image ships /home/node/fcc/api/src (dist flattened
# by the COPY in docker/api/Dockerfile), so `docker cp .../fcc/api` yields
# sentry-dist/api/src — the old upload pointed at sentry-dist/api/dist,
# which never exists (silent no-op, so maps never uploaded). Path below is
# pre-corrected to sentry-dist/api/src. See
# .scratchpad/o11y-cutover-review-2026-07-10.md.
# - name: Extract API dist for Sentry source maps
# if: inputs.app == 'api'
# run: |
# IMAGE="registry.digitalocean.com/${{ secrets.DOCR_NAME }}/${{ inputs.site_tld }}/learn-${{ inputs.app }}:${{ env.tagname }}"
# docker pull "$IMAGE"
# container_id=$(docker create "$IMAGE")
# mkdir -p sentry-dist
# docker cp "$container_id:/home/node/fcc/api" sentry-dist/
# docker rm "$container_id"
#
# - name: Upload source maps to Sentry (unfinalized)
# if: inputs.app == 'api'
# env:
# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
# SENTRY_ORG: freecodecamp
# SENTRY_PROJECT: api-fastify
# run: |
# npx --yes @sentry/cli@3.6.0 releases new "${{ env.tagname }}"
# npx --yes @sentry/cli@3.6.0 sourcemaps upload --release "${{ env.tagname }}" sentry-dist/api/src
+49
View File
@@ -0,0 +1,49 @@
name: CD - Docker - GHCR Images
on:
workflow_dispatch:
push:
branches:
- main
paths:
- 'pnpm-lock.yaml'
- 'docker/devcontainer/**'
- '.github/workflows/docker-ghcr.yml'
permissions:
contents: read
packages: write
jobs:
build-and-push:
name: Build and Push Images
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
- name: Log in to GHCR
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push images
uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7
with:
files: docker/devcontainer/docker-bake.hcl
targets: devcontainer
push: true
env:
TAG: ${{ github.sha }}
TAG_LATEST: ${{ github.ref_name == 'main' }}
+190
View File
@@ -0,0 +1,190 @@
name: CI - E2E - Playwright
on:
workflow_dispatch:
# workflow_run:
# workflows: ['CI - Node.js']
# types:
# - completed
# TODO: refactor with a workflow_call
pull_request:
branches:
- 'main'
- 'temp-**' # Temporary branches allowed on Upstream
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: ${{ !contains(github.ref, 'main') && !contains(github.ref, 'prod-') }}
permissions:
contents: read
jobs:
build-client:
name: Build Client
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
submodules: 'recursive'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Checkout client-config
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
repository: freeCodeCamp/client-config
path: client-config
persist-credentials: false
- name: Set freeCodeCamp Environment Variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install and Build
run: |
pnpm install
pnpm run build
- name: Move serve.json to Public Folder
run: cp client-config/serve.json client/public/serve.json
- name: Upload Client Artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: client-artifact
path: client/public
- name: Upload Webpack Stats
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: webpack-stats
path: client/public/stats.json
build-api:
name: Build API (Container)
runs-on: ubuntu-24.04
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
submodules: 'recursive'
- name: Create Image
run: |
docker build \
-t fcc-api \
-f docker/api/Dockerfile .
- name: Save Image
run: docker save fcc-api > api-artifact.tar
- name: Upload API Artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: api-artifact
path: api-artifact.tar
playwright-run:
name: Run Playwright Tests
runs-on: ubuntu-24.04
needs: [build-client, build-api]
strategy:
fail-fast: false
matrix:
# Extend this to include firefox and webkit once chromium is working.
browsers: [chromium]
node-version: [24]
steps:
- name: Set Action Environment Variables
run: |
echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Download Client Artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: client-artifact
path: client/public
- name: Download Api Artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: api-artifact
path: api-artifact
- name: Load API Image
run: |
docker load < api-artifact/api-artifact.tar
rm api-artifact/api-artifact.tar
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Install Dependencies
run: pnpm install
- name: Set freeCodeCamp Environment Variables (needed by api)
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
cp sample.env .env # for docker compose
- name: Install playwright dependencies
run: npx playwright install --with-deps
- name: Install
run: pnpm install
- name: Start apps
run: |
docker compose -f docker/docker-compose.yml -f docker/docker-compose.e2e.yml up -d
pnpm run serve:client-ci &
sleep 10
- name: Seed Database with Certified User
run: pnpm run seed:certified-user
- name: Run playwright tests
run: pnpm run playwright:run --project=${{ matrix.browsers }} --grep-invert 'third-party-donation.spec.ts'
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
if: ${{ !cancelled() }}
with:
name: playwright-report-${{ matrix.browsers }}
path: e2e/playwright/reporter
retention-days: 7
+166
View File
@@ -0,0 +1,166 @@
name: CI - E2E - 3rd party donation tests
on:
workflow_dispatch:
push:
branches:
- 'prod-**'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: ${{ !contains(github.ref, 'main') && !contains(github.ref, 'prod-') }}
permissions:
contents: read
jobs:
build-client:
name: Build Client
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
submodules: 'recursive'
- name: Checkout client-config
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
repository: freeCodeCamp/client-config
path: client-config
- name: Setup pnpm
uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: ${{ matrix.node-version }}
- name: Set freeCodeCamp Environment Variables
run: |
sed '/STRIPE/d; /PAYPAL/d; /PATREON/d;' sample.env > .env
echo 'STRIPE_PUBLIC_KEY=${{ secrets.STRIPE_PUBLIC_KEY }}' >> .env
echo 'PAYPAL_CLIENT_ID=${{ secrets.PAYPAL_CLIENT_ID }}' >> .env
echo 'PATREON_CLIENT_ID=${{ secrets.PATREON_CLIENT_ID }}' >> .env
- name: Install and Build
run: |
pnpm install
pnpm run build
- name: Move serve.json to Public Folder
run: cp client-config/serve.json client/public/serve.json
- name: Tar Files
run: tar -cf client-artifact.tar client/public
- name: Upload Client Artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: client-artifact
path: client-artifact.tar
build-api:
name: Build API (Container)
runs-on: ubuntu-24.04
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
submodules: 'recursive'
- name: Create Image
run: |
docker build \
-t fcc-api \
-f docker/api/Dockerfile .
- name: Save Image
run: docker save fcc-api > api-artifact.tar
- name: Upload API Artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: api-artifact
path: api-artifact.tar
playwright-run-api:
name: Run Playwright 3rd Party Donation Tests
runs-on: ubuntu-24.04
needs: [build-client, build-api]
strategy:
fail-fast: false
matrix:
browsers: [chromium]
node-version: [24]
steps:
- name: Set Action Environment Variables
run: |
echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
- name: Unpack Client Artifact
run: |
tar -xf client-artifact/client-artifact.tar
rm client-artifact/client-artifact.tar
- name: Load API Image
run: |
docker load < api-artifact/api-artifact.tar
rm api-artifact/api-artifact.tar
- name: Setup pnpm
uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: ${{ matrix.node-version }}
- name: Install Dependencies
run: pnpm install
- name: Set freeCodeCamp Environment Variables (needed by api)
run: |
sed '/STRIPE/d; /PAYPAL/d; /PATREON/d;' sample.env > .env
echo 'STRIPE_PUBLIC_KEY=${{ secrets.STRIPE_PUBLIC_KEY }}' >> .env
echo 'PAYPAL_CLIENT_ID=${{ secrets.PAYPAL_CLIENT_ID }}' >> .env
echo 'PATREON_CLIENT_ID=${{ secrets.PATREON_CLIENT_ID }}' >> .env
- name: Install playwright dependencies
run: npx playwright install --with-deps
- name: Install
run: pnpm install
- name: Start apps
run: |
docker compose -f docker/docker-compose.yml -f docker/docker-compose.e2e.yml up -d
pnpm run serve:client-ci &
sleep 10
- name: Seed Database with Certified User
run: pnpm run seed:certified-user
- name: Run playwright tests
run: pnpm run playwright:run third-party-donation.spec.ts --project=${{ matrix.browsers }}
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
if: ${{ !cancelled() }}
with:
name: playwright-report-${{ matrix.browsers }}
path: e2e/playwright/reporter
retention-days: 7
+71
View File
@@ -0,0 +1,71 @@
name: GitHub - Autoclose Invalid PRs
on:
pull_request_target:
branches:
- 'main'
paths:
- '.gitignore'
jobs:
autoclose:
runs-on: ubuntu-24.04
steps:
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const files = await github.rest.pulls.listFiles({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
pull_number: context.payload.pull_request.number,
});
if (
files.data.length !== 1 ||
(files.data[0].filename !== ".gitignore" &&
// We've had four PRs make this same (irrelevant) change already.
!(files.data[0].filename === "664ef4623946e65e18d59764.md" &&
files.data[0].patch.includes("return re.sub('(?<!\d)1', '', equation_string.strip('+'))")
)
)
) {
return;
}
const creator = context.payload.sender.login;
const opts = github.rest.issues.listForRepo.endpoint.merge({
...context.issue,
creator,
state: 'all'
});
const issues = await github.paginate(opts);
// iterate through issues
for (const issue of issues) {
// if the issue is this one, keep looking
if (issue.number === context.issue.number) {
continue;
}
// if the issue is actually a PR, they're not a first timer
if (issue.pull_request) {
return // Creator is already a contributor.
}
}
core.setFailed("Invalid PR detected.");
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "Thank you for opening this pull request.\n\nThis is a standard message notifying you that we've reviewed your pull request and have decided not to merge it. We would welcome future pull requests from you.\n\nThank you and happy coding.",
});
await github.rest.pulls.update({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
pull_number: context.payload.pull_request.number,
state: "closed"
});
await github.rest.issues.addLabels({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
issue_number: context.issue.number,
labels: ["spam"]
});
+24
View File
@@ -0,0 +1,24 @@
name: GitHub - Label PRs
on:
- pull_request_target
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: true
jobs:
triage:
permissions:
# for actions/labeler to determine modified files
contents: read
# for actions/labeler to add labels to PRs
pull-requests: write
runs-on: ubuntu-24.04
steps:
- uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6
with:
repo-token: '${{ secrets.GITHUB_TOKEN }}'
sync-labels: true
@@ -0,0 +1,21 @@
name: GitHub - Lock Closed PRs
on:
pull_request_target:
types: [closed]
jobs:
lock:
name: Lock Closed PR
runs-on: ubuntu-24.04
steps:
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
await github.rest.issues.lock({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
lock_reason: 'resolved'
});
@@ -0,0 +1,34 @@
name: GitHub - No translations via PRs
on:
pull_request_target:
branches:
- 'main'
paths:
- 'client/i18n/locales/**/intro.json'
- 'client/i18n/locales/**/translations.json'
- '!client/i18n/locales/english/**'
jobs:
has-translation:
runs-on: ubuntu-24.04
steps:
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{secrets.CAMPERBOT_NO_TRANSLATE}}
script: |
const isDev = await github.rest.teams.getMembershipForUserInOrg({
org: "freeCodeCamp",
team_slug: "dev-team",
username: context.payload.pull_request.user.login
}).catch(() => ({status: 404}));
if (context.payload.pull_request.user.login !== "camperbot" && isDev.status !== 200) {
core.setFailed('This PR appears to touch translated curriculum files.')
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "Thanks for your pull request.\n\n**Please remove the changes made to the non-English versions of the files. No need to close this pull request; just add more commits as needed.**\n\nWe require you to change **only English** versions of files in the codebase. Translations to corresponding files in other world languages are managed on our translation platform. Once your pull request is merged, changes will be synced automatically to other world languages.\n\nPlease visit [our contributing guidelines](https://contribute.freecodecamp.org) to learn more about translating freeCodeCamp's resources.\n\nAs always, we value all of your contributions.\n\nHappy contributing!\n\n---\n_**Note:** This message was automatically generated by a bot. If you feel this message is in error or would like help resolving it, feel free to reach us [in our contributor chat](https://discord.gg/PRyKn3Vbay)._"
})
} else if (isDev.status === 200) {
core.setFailed('This PR appears to touch translated curriculum files, but since you are on the dev team there is no message.');
}
+170
View File
@@ -0,0 +1,170 @@
name: GitHub - PR Contribution Guidelines
on:
pull_request_target:
types: [opened, reopened, edited]
jobs:
# Ensures PR commits were not added via the GitHub Web UI, which typically indicates
# the contributor hasn't tested their changes in a local development environment.
no-web-commits:
name: No Commits on GitHub Web
runs-on: ubuntu-24.04
outputs:
is_allow_listed: ${{ steps.pr_author.outputs.is_allow_listed }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: .github/scripts/pr-guidelines
sparse-checkout-cone-mode: false
- name: Check if PR author is allow-listed
id: pr_author
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
# GITHUB_TOKEN does not have the read:org permission needed for this call
# while CAMPERBOT_NO_TRANSLATE does, since it is a PAT for the camperbot account with read:org scope
github-token: ${{ secrets.CAMPERBOT_NO_TRANSLATE }}
script: |
const fn = require('./.github/scripts/pr-guidelines/check-allow-list.js');
await fn({ github, context, core });
- name: Check if commits are made on GitHub Web UI
id: check-commits
if: steps.pr_author.outputs.is_allow_listed == 'false' && github.event.action != 'edited'
env:
HEAD_REF: ${{ github.head_ref }}
run: |
PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
COMMITS_URL="https://api.github.com/repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/commits"
HAS_GITHUB_SIGNED_COMMIT=$(curl --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "$COMMITS_URL" | jq '[.[] | select(.commit.committer.name == "GitHub") | select(.commit.message | test("revert"; "i") | not)] | length > 0')
# GitHub Codespaces also produces GitHub-signed commits, but Codespaces users
# work on descriptively named branches. The web editor defaults to patch-N branches.
IS_PATCH_BRANCH=false
if [[ "$HEAD_REF" =~ ^patch-[0-9]+$ ]]; then
IS_PATCH_BRANCH=true
fi
if [ "$HAS_GITHUB_SIGNED_COMMIT" = "true" ] && [ "$IS_PATCH_BRANCH" = "true" ]; then
echo "IS_GITHUB_COMMIT=true" >> $GITHUB_ENV
fi
- name: Add comment on PR if commits are made on GitHub Web UI
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
if: steps.pr_author.outputs.is_allow_listed == 'false' && env.IS_GITHUB_COMMIT == 'true' && github.event.action != 'edited'
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
core.setFailed("Commits were added via the GitHub Web UI.");
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "Thanks for your pull request.\n\n**Please do not add commits via the GitHub Web UI.**\n\nIt generally means you have yet to test these changes in a development setup or complete any prerequisites. We need you to follow the guides mentioned in the checklist. Please revalidate these changes in a developer environment and confirm how you validated your changes.\n\nHappy contributing!\n\n---\n_**Note:** This message was automatically generated by a bot. If you feel this message is in error or would like help resolving it, feel free to reach us [in our contributor chat](https://discord.gg/PRyKn3Vbay)._"
});
- name: Add deprioritized label
if: failure()
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
labels: ['deprioritized']
});
# Normalizes PR titles to follow Conventional Commits format, applying fuzzy fixes
# for common mistakes like typos, missing colons, or incorrect spacing.
fix-pr-title:
name: Fix PR Title
runs-on: ubuntu-24.04
needs: no-web-commits
if: needs.no-web-commits.result == 'success' && github.event.action != 'edited'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: .github/scripts/pr-guidelines
sparse-checkout-cone-mode: false
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fn = require('./.github/scripts/pr-guidelines/fix-pr-title.js');
await fn({ github, context });
# Checks that the PR description still contains the required template.
# The first 3 checkboxes must be ticked ([x] or [X]).
# The last checkbox (tested locally) is acceptable to leave unticked
# but removing the entire template is not.
check-pr-template:
name: Check PR Template
runs-on: ubuntu-24.04
needs: no-web-commits
if: needs.no-web-commits.result == 'success'
outputs:
failure_reason: ${{ steps.check.outputs.failure_reason }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: .github/scripts/pr-guidelines
sparse-checkout-cone-mode: false
- id: check
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fn = require('./.github/scripts/pr-guidelines/check-pr-template.js');
await fn({ github, context, core, isAllowListed: '${{ needs.no-web-commits.outputs.is_allow_listed }}' });
# Verifies that each PR references a linked, triaged issue before it can be reviewed.
check-linked-issue:
name: Check Linked Issue
runs-on: ubuntu-24.04
needs: no-web-commits
if: needs.no-web-commits.result == 'success'
outputs:
failure_reason: ${{ steps.check.outputs.failure_reason }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: .github/scripts/pr-guidelines
sparse-checkout-cone-mode: false
- id: check
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fn = require('./.github/scripts/pr-guidelines/check-linked-issue.js');
await fn({ github, context, core, isAllowListed: '${{ needs.no-web-commits.outputs.is_allow_listed }}' });
# Coordinates reporting: posts a single combined comment when checks fail,
# or removes the deprioritized label when all checks pass.
report:
name: Report
runs-on: ubuntu-24.04
needs: [no-web-commits, check-pr-template, check-linked-issue]
if: always() && needs.no-web-commits.result == 'success'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: .github/scripts/pr-guidelines
sparse-checkout-cone-mode: false
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fn = require('./.github/scripts/pr-guidelines/report-results.js');
await fn({
github,
context,
templateResult: '${{ needs.check-pr-template.result }}',
templateReason: '${{ needs.check-pr-template.outputs.failure_reason }}',
linkedIssueResult: '${{ needs.check-linked-issue.result }}',
linkedIssueReason: '${{ needs.check-linked-issue.outputs.failure_reason }}'
});
+26
View File
@@ -0,0 +1,26 @@
name: GitHub - Spam PR
on:
pull_request_target:
types:
- labeled
jobs:
is-spam:
runs-on: ubuntu-24.04
steps:
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{secrets.CAMPERBOT_NO_TRANSLATE}}
script: |
if (context.payload.label.name === "spam") {
try {
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "We are marking this pull request as spam. Please note that if you are participating in Hacktoberfest, two or more PRs marked as spam will result in your permanent disqualification.\n\nIf you are interested in making quality and genuine contributions to our projects, check out our [contributing guidelines](https://contribute.freecodecamp.org)."
});
} catch {
// Conversation may already be locked — ignore.
}
}
@@ -0,0 +1,50 @@
name: i18n - Build Validation
on:
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: true
jobs:
ci:
name: Validate i18n Builds
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set freeCodeCamp Environment Variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install Dependencies
run: pnpm install
- name: Validate Challenge Files
run: pnpm run audit-challenges
+61
View File
@@ -0,0 +1,61 @@
name: i18n - Curriculum PR Validation
on:
pull_request:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: true
jobs:
ci:
name: Validate i18n Builds
# run only on PRs that camperbot opens with title that matches the curriculum sync
if: ${{ github.event.pull_request.user.login == 'camperbot' && contains(github.event.pull_request.title, 'chore(i18n,learn)') }}
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Set freeCodeCamp Environment Variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install Dependencies
run: pnpm install
- name: Validate Challenge Files
id: validate
run: pnpm run audit-challenges
- name: Create Comment
# Run if the validate challenge files step fails, specifically. Note that we need the failure() call for this step to trigger if the action fails.
if: ${{ failure() && steps.validate.conclusion == 'failure' }}
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{secrets.CAMPERBOT_NO_TRANSLATE}}
script: |
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "Hey @freecodecamp/i18n, it looks like we have new English curriculum files that need to be translated."
})
+316
View File
@@ -0,0 +1,316 @@
name: CI - Node.js
on:
push:
branches:
- 'main'
- 'prod-**'
- 'renovate/**'
- 'hotfix-**'
- 'temp-**'
pull_request:
branches:
- 'main'
- 'temp-**' # Temporary branches allowed on Upstream
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: ${{ !contains(github.ref, 'main') && !contains(github.ref, 'prod-') }}
permissions:
contents: read
jobs:
lint:
name: Lint
# Skip PR runs for Renovate since push already triggered CI
if: github.event_name != 'pull_request' || github.event.pull_request.user.login != 'renovate[bot]'
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
fail-fast: false
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
persist-credentials: false
- name: Check number of lockfiles
run: |
if [ $(find . -name 'package-lock.json' | grep -vc -e 'node_modules') -gt 0 ]
then
echo -e 'Error: found package-lock files in the repository.\nWe use pnpm workspaces to manage packages so all dependencies should be added via pnpm add'
exit 1
fi
- name: Check format of sample.env
run: docker run --rm -v `pwd`:/app -w /app dotenvlinter/dotenv-linter check --ignore-checks UnorderedKey sample.env
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set Environment variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install node_modules
run: pnpm install
- name: Check formatting
run: |
pnpm prettier --check . || [ $? -eq 1 ] && printf "\nTip: Run 'pnpm run format' in your terminal to fix this.\n\n"
- name: Lint Source Files
run: |
echo pnpm version $(pnpm -v)
pnpm lint
# This is populate the cache, otherwise local runs with upcoming changes
# will not benefit.
- name: Set UPCOMING_CHANGES
run: |
echo 'SHOW_UPCOMING_CHANGES=true' >> $GITHUB_ENV
- name: Lint Upcoming Changes
run: |
pnpm lint
# DONT REMOVE THIS JOB.
# TODO: Refactor and use re-usable workflow and shared artifacts
build:
name: Build
needs: lint
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
persist-credentials: false
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set freeCodeCamp Environment Variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install and Build
run: |
pnpm install
pnpm run build
test:
name: Test
needs: build
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
persist-credentials: false
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set Environment variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
cat sample.env
- name: Start MongoDB
run: docker compose -f docker/docker-compose.yml up -d
- name: Install Dependencies
run: |
echo pnpm version $(pnpm -v)
pnpm install
- name: Install Chrome for Puppeteer
run: pnpm -F=curriculum install-puppeteer
- name: Run Tests
run: pnpm test
test-upcoming:
name: Test - Upcoming Changes
needs: build
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
persist-credentials: false
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set Environment variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
echo 'SHOW_UPCOMING_CHANGES=true' >> $GITHUB_ENV
- name: Start MongoDB
run: docker compose -f docker/docker-compose.yml up -d
- name: Install Dependencies
run: |
echo pnpm version $(pnpm -v)
pnpm install
- name: Install Chrome for Puppeteer
run: pnpm -F=curriculum install-puppeteer
- name: Run Tests
run: pnpm test
test-localization:
name: Test - i18n
needs: build
runs-on: ubuntu-24.04
if: github.event.pull_request.user.login == 'camperbot' && github.head_ref == 'chore/update-i18n-curriculum-submodule'
strategy:
fail-fast: false
matrix:
node-version: [24]
locale: [portuguese, italian]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
persist-credentials: false
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set Environment variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
cat sample.env
- name: Start MongoDB
uses: supercharge/mongodb-github-action@315db7fe45ac2880b7758f1933e6e5d59afd5e94 # 1.12.1
with:
mongodb-version: 8.0
mongodb-replica-set: test-rs
mongodb-port: 27017
- name: Install Dependencies
env:
CURRICULUM_LOCALE: ${{ matrix.locale }}
CLIENT_LOCALE: ${{ matrix.locale }}
run: |
echo pnpm version $(pnpm -v)
pnpm install
# DONT REMOVE THIS STEP.
# TODO: Refactor and use re-usable workflow and shared artifacts
- name: Build Client in ${{ matrix.locale }}
env:
CURRICULUM_LOCALE: ${{ matrix.locale }}
CLIENT_LOCALE: ${{ matrix.locale }}
run: |
pnpm run build
- name: Install Chrome for Puppeteer
run: pnpm -F=curriculum install-puppeteer
- name: Run Tests
env:
CURRICULUM_LOCALE: ${{ matrix.locale }}
CLIENT_LOCALE: ${{ matrix.locale }}
run: pnpm test