chore: import upstream snapshot with attribution
CD - Docker - GHCR Images / Build and Push Images (push) Waiting to run
i18n - Build Validation / Validate i18n Builds (24) (push) Has been cancelled
CI - Node.js / Lint (24) (push) Has been cancelled
CI - Node.js / Build (24) (push) Has been cancelled
CI - Node.js / Test (24) (push) Has been cancelled
CI - Node.js / Test - Upcoming Changes (24) (push) Has been cancelled
CI - Node.js / Test - i18n (italian, 24) (push) Has been cancelled
CI - Node.js / Test - i18n (portuguese, 24) (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 11:55:53 +08:00
commit dde272c4b8
19405 changed files with 2730632 additions and 0 deletions
@@ -0,0 +1,342 @@
name: i18n - Download Client UI
on:
workflow_dispatch:
schedule:
# runs Monday and Wednesday at 12:15 PM UTC
- cron: '15 12 * * 1,3'
env:
GITHUB_TOKEN: ${{ secrets.CROWDIN_CAMPERBOT_PAT }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_CAMPERBOT_SERVICE_TOKEN }}
CROWDIN_API_URL: 'https://freecodecamp.crowdin.com/api/v2/'
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID_CLIENT }}
permissions:
contents: read
jobs:
i18n-download-client-ui-translations:
name: Client
runs-on: ubuntu-24.04
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
token: ${{ secrets.CROWDIN_CAMPERBOT_PAT }}
- name: Generate Crowdin Config
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'generate-config'
PROJECT_NAME: 'client'
##### Download Chinese #####
- name: Crowdin Download Chinese Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: zh-CN
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
# Convert Simplified Chinese to Traditional #
- name: Convert Chinese
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'convert-chinese'
FILE_PATHS: '["client/i18n/locales/chinese"]'
##### Download Espanol #####
- name: Crowdin Download Espanol Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: es-EM
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Italian #####
- name: Crowdin Download Italian Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: it
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Brazilian Portuguese #####
- name: Crowdin Download Portuguese (Brazilian) Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: pt-BR
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Ukrainian #####
- name: Crowdin Download Ukrainian Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: uk
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Japanese #####
- name: Crowdin Download Japanese Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: ja
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download German #####
- name: Crowdin Download German Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: de
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Swahili #####
- name: Crowdin Download Swahili Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: sw
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
##### Download Korean #####
- name: Crowdin Download Korean Translations
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: false
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: true
download_language: ko
skip_untranslated_files: false
export_only_approved: true
push_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
###### Format JSON #####
# Crowdin gives the files read-only permissions, so we first have to allow
# writes.
- name: Format JSON
run: |
sudo chown -R $(whoami): client/i18n/locales
npx --yes prettier --write client/i18n/locales/**/*.json
###### Lowercase directory names #####
- name: Lowercase Directories
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'lowercase-directories'
FILE_PATH: 'client/i18n/locales'
# Crowdin translators might have the directories
# Create Commit
- name: Commit Changes
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'commit-changes'
GH_USERNAME: 'camperbot'
GH_EMAIL: ${{ secrets.ACTIONS_CAMPERBOT_EMAIL }}
GH_BRANCH: 'i18n-sync-client'
GH_MESSAGE: 'chore(i18n,client): processed translations'
# Generate PR #
# All languages should go ABOVE this. #
- name: Create PR
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'pull-request'
GH_TOKEN: ${{ secrets.CROWDIN_CAMPERBOT_PAT }}
BRANCH: 'i18n-sync-client'
REPOSITORY: 'freecodecamp/freecodecamp'
BASE: 'main'
TITLE: 'chore(i18n,client): processed translations'
BODY: 'This PR was opened auto-magically by Crowdin.'
LABELS: 'crowdin-sync'
TEAM_REVIEWERS: 'i18n'
@@ -0,0 +1,55 @@
name: i18n - Upload Client UI
on:
workflow_dispatch:
schedule:
# runs every weekday at 7:15 AM UTC
- cron: '15 7 * * 1-5'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_CAMPERBOT_SERVICE_TOKEN }}
CROWDIN_API_URL: 'https://freecodecamp.crowdin.com/api/v2/'
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID_ClIENT }}
permissions:
contents: read
jobs:
i18n-upload-client-ui-files:
name: Client
runs-on: ubuntu-24.04
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Generate Crowdin Config
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'generate-config'
PROJECT_NAME: 'client'
- name: Crowdin Upload
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: true
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
@@ -0,0 +1,80 @@
name: i18n - Upload Curriculum
on:
workflow_dispatch:
schedule:
# runs every weekday at 7:30 AM UTC
- cron: '30 7 * * 1-5'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_CAMPERBOT_SERVICE_TOKEN }}
CROWDIN_API_URL: 'https://freecodecamp.crowdin.com/api/v2/'
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID_CURRICULUM }}
permissions:
contents: read
jobs:
i18n-upload-curriculum-files:
name: Learn
runs-on: ubuntu-24.04
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Generate Crowdin Config
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'generate-config'
PROJECT_NAME: 'curriculum'
- name: Crowdin Upload
uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2
# options: https://github.com/crowdin/github-action/blob/master/action.yml
with:
# uploads
upload_sources: true
upload_translations: false
auto_approve_imported: false
import_eq_suggestions: false
# downloads
download_translations: false
# pull-request
create_pull_request: false
# global options
config: './crowdin-config.yml'
base_url: ${{ secrets.CROWDIN_BASE_URL_FCC }}
# Uncomment below to debug
# dryrun_action: true
- name: Remove deleted files
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'remove-deleted-files'
FILE_PATHS: '["curriculum/challenges/english", "curriculum/dictionaries/english"]'
- name: Hide Non-Translated Strings
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'hide-curriculum-strings'
- name: Hide a String
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'hide-string'
FILE_NAME: 'basic-html-and-html5/nest-an-anchor-element-within-a-paragraph.md'
STRING_CONTENT: Here's a <a href="https://www.freecodecamp.org" target="_blank" mark="crwd-mark">link to www.freecodecamp.org</a> for you to follow.
- name: Unhide Title of Use && For a More Concise Conditional
uses: freecodecamp/crowdin-action@36a78cbf92f5a6c05a3a32dc8bf434a19a7c59e2 # main
env:
PLUGIN: 'unhide-string'
FILE_NAME: 'react/use--for-a-more-concise-conditional.md'
STRING_CONTENT: 'Use &amp;&amp; for a More Concise Conditional'
@@ -0,0 +1,77 @@
name: CI - Node.js - i18n - Submodule
on:
# Run on push events, but only for the below branches
push:
branches:
- 'chore/update-i18n-curriculum-submodule'
workflow_dispatch:
permissions:
contents: read
jobs:
test-curriculum:
name: Test Curriculum
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
node-version: [24]
# Exclude the languages that we currently run in the full CI suite.
locale:
- 'chinese'
- 'espanol'
- 'ukrainian'
- 'japanese'
- 'german'
- 'swahili'
- 'korean'
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set Environment variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install node_modules
run: pnpm install
# DONT REMOVE THIS STEP.
# TODO: Refactor and use re-usable workflow and shared artifacts
- name: Build Client in ${{ matrix.locale }}
env:
CURRICULUM_LOCALE: ${{ matrix.locale }}
CLIENT_LOCALE: ${{ matrix.locale }}
run: |
pnpm run build
- name: Install Chrome for Puppeteer
run: pnpm -F=curriculum install-puppeteer
- name: Run Tests
env:
CURRICULUM_LOCALE: ${{ matrix.locale }}
CLIENT_LOCALE: ${{ matrix.locale }}
run: pnpm -F=curriculum test-content
+332
View File
@@ -0,0 +1,332 @@
name: CD - Deploy - API
on:
workflow_dispatch:
inputs:
api_log_lvl:
description: 'Log level for the API'
type: choice
options:
- debug
- info
- warn
default: info
show_upcoming_changes:
description: 'Show upcoming changes (enables upcoming certifications and challenges)'
type: boolean
default: false
concurrency:
group: deploy-api-${{ github.ref_name }}
cancel-in-progress: false
jobs:
setup-jobs:
name: Setup Jobs
runs-on: ubuntu-24.04
outputs:
site_tld: ${{ steps.setup.outputs.site_tld }}
tgt_env_short: ${{ steps.setup.outputs.tgt_env_short }}
tgt_env_long: ${{ steps.setup.outputs.tgt_env_long }}
api_log_lvl: ${{ steps.setup.outputs.api_log_lvl }}
show_upcoming_changes: ${{ steps.setup.outputs.show_upcoming_changes }}
steps:
- name: Setup
id: setup
env:
BRANCH: ${{ github.ref_name }}
SHOW_UPCOMING_CHANGES: ${{ inputs.show_upcoming_changes }}
API_LOG_LVL: ${{ inputs.api_log_lvl || 'info' }}
run: |
echo "Current branch: $BRANCH"
# Convert boolean input to string 'true' or 'false'
if [[ "$SHOW_UPCOMING_CHANGES" == "true" ]]; then
echo "show_upcoming_changes=true" >> "$GITHUB_OUTPUT"
else
echo "show_upcoming_changes=false" >> "$GITHUB_OUTPUT"
fi
case "$BRANCH" in
"prod-current")
echo "site_tld=org" >> "$GITHUB_OUTPUT"
echo "tgt_env_short=prd" >> "$GITHUB_OUTPUT"
echo "tgt_env_long=production" >> "$GITHUB_OUTPUT"
echo "api_log_lvl=$API_LOG_LVL" >> "$GITHUB_OUTPUT"
;;
*)
echo "site_tld=dev" >> "$GITHUB_OUTPUT"
echo "tgt_env_short=stg" >> "$GITHUB_OUTPUT"
echo "tgt_env_long=staging" >> "$GITHUB_OUTPUT"
echo "api_log_lvl=$API_LOG_LVL" >> "$GITHUB_OUTPUT"
;;
esac
build:
name: Build & Push
needs: setup-jobs
uses: ./.github/workflows/docker-docr.yml
with:
site_tld: ${{ needs.setup-jobs.outputs.site_tld }}
app: api
show_upcoming_changes: ${{ needs.setup-jobs.outputs.show_upcoming_changes }}
secrets:
DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
DOCR_NAME: ${{ secrets.DOCR_NAME }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
deploy:
name: Deploy to Docker Swarm -- ${{ needs.setup-jobs.outputs.tgt_env_short }}
runs-on: ubuntu-24.04
needs: [setup-jobs, build]
env:
TS_USERNAME: ${{ secrets.TS_USERNAME }}
TS_MACHINE_NAME: ${{ secrets.TS_MACHINE_NAME }}
permissions:
deployments: write
environment:
name: ${{ needs.setup-jobs.outputs.tgt_env_short }}-api
steps:
- name: Setup and connect to Tailscale network
uses: tailscale/github-action@306e68a486fd2350f2bfc3b19fcd143891a4a2d8 # v4
with:
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
hostname: gha-${{needs.setup-jobs.outputs.tgt_env_short}}-api-ci-${{ github.run_id }}
tags: tag:ci
version: latest
- name: Wait for Tailscale Network Readiness
run: |
echo "Waiting for Tailscale network to be ready..."
max_wait=60
elapsed=0
while [ $elapsed -lt $max_wait ]; do
if tailscale status --json | jq -e '.BackendState == "Running"' > /dev/null 2>&1; then
echo "Tailscale network is ready"
break
fi
sleep 2
elapsed=$((elapsed + 2))
done
if [ $elapsed -ge $max_wait ]; then
echo "Tailscale network not ready after ${max_wait}s"
exit 1
fi
- name: Configure SSH & Check Connection
run: |
mkdir -p ~/.ssh
echo "Host *
UserKnownHostsFile=/dev/null
StrictHostKeyChecking no" > ~/.ssh/config
chmod 644 ~/.ssh/config
validate_connection() {
local machine_name=$1
local max_retries=3
local retry_delay=5
for attempt in $(seq 1 $max_retries); do
echo "Connection attempt $attempt/$max_retries to $machine_name"
if ! tailscale status | grep -q "$machine_name"; then
echo "Machine $machine_name not found in Tailscale network"
if [ "$attempt" -eq "$max_retries" ]; then
return 1
fi
sleep "$retry_delay"
continue
fi
MACHINE_IP=$(tailscale ip -4 "$machine_name")
if ssh -o ConnectTimeout=10 -o BatchMode=yes "$TS_USERNAME@$MACHINE_IP" "echo 'Connection test'; docker --version" > /dev/null 2>&1; then
echo "Successfully validated connection to $machine_name"
return 0
fi
echo "SSH validation failed for $machine_name"
if [ "$attempt" -lt "$max_retries" ]; then
sleep "$retry_delay"
fi
done
echo "Failed to establish connection to $machine_name after $max_retries attempts"
return 1
}
echo -e "\nLOG:Validating connection to $TS_MACHINE_NAME..."
if ! validate_connection "$TS_MACHINE_NAME"; then
echo "Error: Failed to establish reliable connection to $TS_MACHINE_NAME"
exit 1
fi
- name: Deploy with Docker Stack
env:
AGE_ENCRYPTED_ASC_SECRETS: ${{ secrets.AGE_ENCRYPTED_ASC_SECRETS }}
AGE_SECRET_KEY: ${{ secrets.AGE_SECRET_KEY }}
# Variable set from GitHub "Environment" secrets (AGE encrypted)
# DOCKER_REGISTRY
# MONGOHQ_URL
# SENTRY_DSN
# SENTRY_ENVIRONMENT
# AUTH0_CLIENT_ID
# AUTH0_CLIENT_SECRET
# AUTH0_DOMAIN
# JWT_SECRET
# COOKIE_SECRET
# COOKIE_DOMAIN
# SES_ID
# SES_SECRET
# SES_SMTP_USERNAME
# SES_SMTP_PASSWORD
# GROWTHBOOK_FASTIFY_API_HOST
# GROWTHBOOK_FASTIFY_CLIENT_KEY
# HOME_LOCATION
# API_LOCATION
# SOCRATES_API_KEY
# SOCRATES_ENDPOINT
# STRIPE_SECRET_KEY
# Variables set from SetupJob
DEPLOYMENT_VERSION: ${{ needs.build.outputs.tagname }}
DEPLOYMENT_ENV: ${{ needs.setup-jobs.outputs.tgt_env_long }}
DEPLOYMENT_TLD: ${{ needs.setup-jobs.outputs.site_tld }}
FCC_API_LOG_LEVEL: ${{ needs.setup-jobs.outputs.api_log_lvl }}
SHOW_UPCOMING_CHANGES: ${{ needs.setup-jobs.outputs.show_upcoming_changes }}
# Stack name
STACK_NAME: ${{ needs.setup-jobs.outputs.tgt_env_short }}-api
run: |
REMOTE_SCRIPT="
set -e
trap 'rm -f .env age.key secrets.age.asc .env.tmp' EXIT
echo -e '\nLOG:Deploying API to $TS_MACHINE_NAME...'
cd /home/$TS_USERNAME/docker-swarm-config/stacks/api
echo -e '\nLOG:Checking if age is installed...'
which age > /dev/null
echo -e '\nLOG:Decrypting secrets...'
echo \"$AGE_ENCRYPTED_ASC_SECRETS\" > secrets.age.asc
echo \"$AGE_SECRET_KEY\" > age.key && chmod 600 age.key
age --identity age.key --decrypt secrets.age.asc > .env
rm -f age.key secrets.age.asc
echo -e '\nLOG:Cleaning up .env file...'
touch .env.tmp
while IFS= read -r line; do
if [[ \$line =~ ^[A-Za-z0-9_]+=.*$ ]]; then
# Extract the key (part before the first =)
key=\${line%%=*}
# Remove any previous line with this key
sed -i \"/^\${key}=/d\" .env.tmp
fi
# Append the current line
echo \"\$line\" >> .env.tmp
done < .env
mv .env.tmp .env
echo -e '\nLOG:Adding deployment variables...'
{
echo \"DEPLOYMENT_VERSION=$DEPLOYMENT_VERSION\"
echo \"DEPLOYMENT_TLD=$DEPLOYMENT_TLD\"
echo \"DEPLOYMENT_ENV=$DEPLOYMENT_ENV\"
echo \"FCC_API_LOG_LEVEL=$FCC_API_LOG_LEVEL\"
echo \"SHOW_UPCOMING_CHANGES=$SHOW_UPCOMING_CHANGES\"
} >> .env
echo -e '\nLOG:Sourcing environment...'
REQUIRED_VARS=(
\"DOCKER_REGISTRY\"
\"MONGOHQ_URL\"
\"SENTRY_DSN\"
\"SENTRY_ENVIRONMENT\"
\"AUTH0_CLIENT_ID\"
\"AUTH0_CLIENT_SECRET\"
\"AUTH0_DOMAIN\"
\"JWT_SECRET\"
\"COOKIE_SECRET\"
\"COOKIE_DOMAIN\"
\"SES_ID\"
\"SES_SECRET\"
\"SES_SMTP_USERNAME\"
\"SES_SMTP_PASSWORD\"
\"GROWTHBOOK_FASTIFY_API_HOST\"
\"GROWTHBOOK_FASTIFY_CLIENT_KEY\"
\"HOME_LOCATION\"
\"API_LOCATION\"
\"SOCRATES_API_KEY\"
\"SOCRATES_ENDPOINT\"
\"STRIPE_SECRET_KEY\"
\"DEPLOYMENT_VERSION\"
\"DEPLOYMENT_TLD\"
\"DEPLOYMENT_ENV\"
\"FCC_API_LOG_LEVEL\"
)
while IFS='=' read -r key value; do
if [[ -n \"\$key\" && ! \"\$key\" =~ ^# ]]; then
export \"\${key}=\${value}\"
fi
done < .env
MISSING_VARS=()
for var in \"\${REQUIRED_VARS[@]}\"; do
if [[ -z \"\${!var}\" ]]; then
MISSING_VARS+=(\"\$var\")
fi
done
if [[ \${#MISSING_VARS[@]} -gt 0 ]]; then
echo \"ERROR: The following required environment variables are missing or empty:\"
for var in \"\${MISSING_VARS[@]}\"; do
echo \" - \$var\"
done
exit 1
fi
rm -rf .env
echo -e '\nLOG:Validating deployment version...'
if [[ \"\$DEPLOYMENT_VERSION\" != \"$DEPLOYMENT_VERSION\" ]]; then
echo \"Error: Version mismatch. Expected: $DEPLOYMENT_VERSION, Got: \$DEPLOYMENT_VERSION\"
exit 1
fi
env | grep -E 'DEPLOYMENT_VERSION'
echo -e '\nLOG:Checking stack configuration...'
CONFIG_OUTPUT=\"/dev/null\"
if [[ \"\$FCC_API_LOG_LEVEL\" == \"debug\" ]]; then
CONFIG_FILENAME=\"debug-docker-stack-config-\${DEPLOYMENT_VERSION}.yml\"
echo -e '\nLOG:Saving stack configuration for debugging...'
CONFIG_OUTPUT=\"\$CONFIG_FILENAME\"
fi
docker stack config -c stack-api.yml > \$CONFIG_OUTPUT
echo -e '\nLOG:Deploying stack...'
docker stack deploy -c stack-api.yml --prune --with-registry-auth --detach=false $STACK_NAME
echo -e '\nLOG:Finished deployment.'
"
MACHINE_IP=$(tailscale ip -4 "$TS_MACHINE_NAME")
# shellcheck disable=SC2029 # client-side expansion of REMOTE_SCRIPT is intended
ssh "$TS_USERNAME@$MACHINE_IP" "$REMOTE_SCRIPT"
# TODO(o11y): Sentry release finalize disabled pending a follow-up PR with
# a stable release-id scheme (source-map upload in docker-docr.yml is
# disabled alongside). Re-enabling should also gate on a rollback-safe
# convergence check (docker service state) before finalizing, since
# `docker stack deploy --detach=false` exits 0 through a healthcheck
# rollback. See .scratchpad/o11y-cutover-review-2026-07-10.md.
# - name: Finalize Sentry release
# env:
# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
# SENTRY_ORG: freecodecamp
# SENTRY_PROJECT: api-fastify
# RELEASE: ${{ needs.build.outputs.tagname }}
# DEPLOY_ENV: ${{ needs.setup-jobs.outputs.tgt_env_long }}
# run: |
# npx --yes @sentry/cli@3.6.0 releases finalize "$RELEASE"
# npx --yes @sentry/cli@3.6.0 releases deploys "$RELEASE" new -e "$DEPLOY_ENV"
+381
View File
@@ -0,0 +1,381 @@
name: CD - Deploy - Clients
on:
workflow_dispatch:
inputs:
target_language:
description: 'Target language (or "all" for all languages)'
type: choice
options:
- all
- english
- chinese
- espanol
- chinese-traditional
- italian
- portuguese
- ukrainian
- japanese
- german
- swahili
- korean
default: all
show_upcoming_changes:
description: 'Show upcoming changes (enables upcoming certifications and challenges)'
type: boolean
default: false
concurrency:
group: deploy-client-${{ github.ref_name }}
cancel-in-progress: false
jobs:
setup-jobs:
name: Setup Jobs
runs-on: ubuntu-24.04
outputs:
site_tld: ${{ steps.setup.outputs.site_tld }} # org, dev
tgt_env_short: ${{ steps.setup.outputs.tgt_env_short }} # prd, stg
tgt_env_long: ${{ steps.setup.outputs.tgt_env_long }} # production, staging
tgt_env_branch: ${{ steps.setup.outputs.tgt_env_branch }} # prod-current, prod-staging
show_upcoming_changes: ${{ steps.setup.outputs.show_upcoming_changes }}
steps:
- name: Setup
id: setup
env:
BRANCH: ${{ github.ref_name }}
SHOW_UPCOMING_CHANGES: ${{ inputs.show_upcoming_changes }}
run: |
echo "Current branch: $BRANCH"
# Convert boolean input to string 'true' or 'false'
if [[ "$SHOW_UPCOMING_CHANGES" == "true" ]]; then
echo "show_upcoming_changes=true" >> $GITHUB_OUTPUT
else
echo "show_upcoming_changes=false" >> $GITHUB_OUTPUT
fi
case "$BRANCH" in
"prod-current")
echo "site_tld=org" >> $GITHUB_OUTPUT
echo "tgt_env_short=prd" >> $GITHUB_OUTPUT
echo "tgt_env_long=production" >> $GITHUB_OUTPUT
echo "tgt_env_branch=prod-current" >> $GITHUB_OUTPUT
;;
*)
echo "site_tld=dev" >> $GITHUB_OUTPUT
echo "tgt_env_short=stg" >> $GITHUB_OUTPUT
echo "tgt_env_long=staging" >> $GITHUB_OUTPUT
echo "tgt_env_branch=prod-staging" >> $GITHUB_OUTPUT
;;
esac
setup-matrix:
name: Setup Matrix
runs-on: ubuntu-24.04
needs: setup-jobs
outputs:
matrix: ${{ steps.matrix.outputs.matrix }}
steps:
- name: Setup Matrix
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
id: matrix
env:
TARGET_LANG: ${{ inputs.target_language }}
with:
script: |
// Constants
const NODE_VERSION = 24;
// Input sanitization and validation
const rawTargetLang = process.env.TARGET_LANG || 'all';
const targetLang = rawTargetLang.trim().toLowerCase();
console.log(`Target language: ${targetLang}`);
// Language mappings (single source of truth)
const languageMap = {
'english': 'eng',
'chinese': 'chn',
'espanol': 'esp',
'chinese-traditional': 'cnt',
'italian': 'ita',
'portuguese': 'por',
'ukrainian': 'ukr',
'japanese': 'jpn',
'german': 'ger',
'swahili': 'swa',
'korean': 'kor'
};
const allLanguages = Object.keys(languageMap);
let matrix;
if (targetLang === 'all') {
console.log('Building matrix for all languages');
console.log(`Available languages: ${allLanguages.join(', ')}`);
// Build include array for all languages
const include = allLanguages.map(lang => ({
'node-version': NODE_VERSION,
'lang-name-full': lang,
'lang-name-short': languageMap[lang]
}));
matrix = {
include: include
};
} else {
console.log(`Building matrix for single language: ${targetLang}`);
// Validate language selection
if (!languageMap[targetLang]) {
const errorMsg = `Unknown language '${targetLang}'. Available: ${allLanguages.join(', ')}`;
console.error(errorMsg);
core.setFailed(errorMsg);
return;
}
console.log(`Processing: ${targetLang} -> ${languageMap[targetLang]}`);
// Create single language matrix
matrix = {
include: [{
'node-version': NODE_VERSION,
'lang-name-full': targetLang,
'lang-name-short': languageMap[targetLang]
}]
};
}
// Final validation
if (!matrix || !matrix.include || matrix.include.length === 0) {
core.setFailed('Generated matrix is empty or invalid');
return;
}
console.log('Generated matrix:');
console.log(JSON.stringify(matrix, null, 2));
console.log(`Matrix will create ${matrix.include.length} job(s)`);
// Set output for GitHub Actions
core.setOutput('matrix', JSON.stringify(matrix));
client:
name: Clients - [${{ needs.setup-jobs.outputs.tgt_env_short }}] [${{ matrix.lang-name-short }}]
needs: [setup-jobs, setup-matrix]
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
permissions:
deployments: write
contents: read
environment:
name: ${{ needs.setup-jobs.outputs.tgt_env_short }}-clients
env:
TS_USERNAME: ${{ secrets.TS_USERNAME }}
TS_MACHINE_NAME_PREFIX: ${{ secrets.TS_MACHINE_NAME_PREFIX }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Language specific ENV - [${{ matrix.lang-name-full }}]
run: |
if [ "${{ matrix.lang-name-full }}" = "english" ]; then
echo "HOME_LOCATION=https://www.freecodecamp.${{ needs.setup-jobs.outputs.site_tld }}" >> $GITHUB_ENV
echo "NEWS_LOCATION=https://www.freecodecamp.${{ needs.setup-jobs.outputs.site_tld }}/news" >> $GITHUB_ENV
else
echo "HOME_LOCATION=https://www.freecodecamp.${{ needs.setup-jobs.outputs.site_tld }}/${{ matrix.lang-name-full }}" >> $GITHUB_ENV
echo "NEWS_LOCATION=https://www.freecodecamp.${{ needs.setup-jobs.outputs.site_tld }}/${{ matrix.lang-name-full }}/news" >> $GITHUB_ENV
fi
echo "CLIENT_LOCALE=${{ matrix.lang-name-full }}" >> $GITHUB_ENV
echo "CURRICULUM_LOCALE=${{ matrix.lang-name-full }}" >> $GITHUB_ENV
- name: Create deployment version
id: deployment-version
run: |
DEPLOYMENT_VERSION=$(git rev-parse --short HEAD)-$(date +%Y%m%d)-$(date +%H%M)
echo "DEPLOYMENT_VERSION=$DEPLOYMENT_VERSION" >> $GITHUB_ENV
echo "DEPLOYMENT_VERSION=$DEPLOYMENT_VERSION" >> $GITHUB_OUTPUT
- name: Install and Build
env:
API_LOCATION: 'https://api.freecodecamp.${{ needs.setup-jobs.outputs.site_tld }}'
ALGOLIA_API_KEY: ${{ secrets.ALGOLIA_API_KEY }}
ALGOLIA_APP_ID: ${{ secrets.ALGOLIA_APP_ID }}
GROWTHBOOK_URI: ${{ secrets.GROWTHBOOK_URI }}
FORUM_LOCATION: 'https://forum.freecodecamp.org'
PATREON_CLIENT_ID: ${{ secrets.PATREON_CLIENT_ID }}
PAYPAL_CLIENT_ID: ${{ secrets.PAYPAL_CLIENT_ID }}
STRIPE_PUBLIC_KEY: ${{ secrets.STRIPE_PUBLIC_KEY }}
SHOW_UPCOMING_CHANGES: ${{ needs.setup-jobs.outputs.show_upcoming_changes }}
FREECODECAMP_NODE_ENV: production
# The below is used in ecosystem.config.js file for the API -- to be removed later
DEPLOYMENT_ENV: ${{ needs.setup-jobs.outputs.tgt_env_long }}
# The above is used in ecosystem.config.js file for the API -- to be removed later
run: |
pnpm install
pnpm run build
- name: Tar Files
run: tar -czf client-${{ matrix.lang-name-short }}.tar client/public
- name: Setup and connect to Tailscale network
uses: tailscale/github-action@306e68a486fd2350f2bfc3b19fcd143891a4a2d8 # v4
with:
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
hostname: gha-${{needs.setup-jobs.outputs.tgt_env_short}}-clients-ci-${{ github.run_id }}
tags: tag:ci
version: latest
- name: Wait for Tailscale Network Readiness
run: |
echo "Waiting for Tailscale network to be ready..."
max_wait=60
elapsed=0
while [ $elapsed -lt $max_wait ]; do
if tailscale status --json | jq -e '.BackendState == "Running"' > /dev/null 2>&1; then
echo "Tailscale network is ready"
break
fi
sleep 2
elapsed=$((elapsed + 2))
done
if [ $elapsed -ge $max_wait ]; then
echo "Tailscale network not ready after ${max_wait}s"
exit 1
fi
- name: Configure SSH & Check Connection
run: |
mkdir -p ~/.ssh
echo "Host *
UserKnownHostsFile=/dev/null
StrictHostKeyChecking no" > ~/.ssh/config
chmod 644 ~/.ssh/config
validate_connection() {
local machine_name=$1
local max_retries=3
local retry_delay=5
for attempt in $(seq 1 $max_retries); do
echo "Connection attempt $attempt/$max_retries to $machine_name"
if ! tailscale status | grep -q "$machine_name"; then
echo "Machine $machine_name not found in Tailscale network"
if [ $attempt -eq $max_retries ]; then
return 1
fi
sleep $retry_delay
continue
fi
MACHINE_IP=$(tailscale ip -4 $machine_name)
if ssh -o ConnectTimeout=10 -o BatchMode=yes $TS_USERNAME@$MACHINE_IP "echo 'Connection test'; uptime" > /dev/null 2>&1; then
echo "Successfully validated connection to $machine_name"
return 0
fi
echo "SSH validation failed for $machine_name"
if [ $attempt -lt $max_retries ]; then
sleep $retry_delay
fi
done
echo "Failed to establish connection to $machine_name after $max_retries attempts"
return 1
}
echo -e "\nLOG:Validating connections to all machines..."
for i in {0..1}; do
TS_MACHINE_NAME=${TS_MACHINE_NAME_PREFIX}-${{ matrix.lang-name-short }}-${i}
echo "Validating connection to $TS_MACHINE_NAME"
if ! validate_connection "$TS_MACHINE_NAME"; then
echo "Error: Failed to establish reliable connection to $TS_MACHINE_NAME"
exit 1
fi
done
echo "All machine connections validated successfully"
- name: Upload and Deploy
run: |
for i in {0..1}; do
TS_MACHINE_NAME=${TS_MACHINE_NAME_PREFIX}-${{ matrix.lang-name-short }}-${i}
CURRENT_DATE=$(date +%Y%m%d)
CLIENT_SRC=client-${{ matrix.lang-name-short }}.tar
CLIENT_DST=/tmp/client-${{ matrix.lang-name-short }}-${CURRENT_DATE}-${{ github.run_id }}.tar
CLIENT_BINARIES=${{needs.setup-jobs.outputs.tgt_env_short}}-release-$CURRENT_DATE-${{ github.run_id }}
echo -e "\nLOG:Uploading client archive to $TS_MACHINE_NAME..."
MACHINE_IP=$(tailscale ip -4 $TS_MACHINE_NAME)
scp $CLIENT_SRC $TS_USERNAME@$MACHINE_IP:$CLIENT_DST
REMOTE_SCRIPT="
set -e
echo -e '\nLOG: Deploying client - $CLIENT_BINARIES to $TS_MACHINE_NAME...'
echo -e '\nLOG:Extracting client archive...'
mkdir -p /home/$TS_USERNAME/client/releases/$CLIENT_BINARIES
tar -xzf $CLIENT_DST -C /home/$TS_USERNAME/client/releases/$CLIENT_BINARIES --strip-components=2
echo -e '\nLOG:Cleaning up client archive...'
rm $CLIENT_DST
echo -e '\nLOG:Checking client archive size...'
du -sh /home/$TS_USERNAME/client/releases/$CLIENT_BINARIES
echo -e '\nLOG:Environment setup...'
cd /home/$TS_USERNAME/client
export NVM_DIR=\$HOME/.nvm && [ -s "\$NVM_DIR/nvm.sh" ] && source "\$NVM_DIR/nvm.sh"
echo -e '\nLOG:Checking available Node.js versions...'
nvm ls | grep 'default'
echo -e '\nLOG:Checking Node.js version...'
node --version
echo -e '\nLOG:Installing serve...'
npm install -g serve@13
echo -e '\nLOG:Primary client setup...'
rm -f client-start-primary.sh
echo \"serve -c ../../serve.json releases/$CLIENT_BINARIES -p 50505\" >> client-start-primary.sh
chmod +x client-start-primary.sh
pm2 delete client-primary || true
pm2 start ./client-start-primary.sh --name client-primary
echo -e '\nLOG:Primary client setup completed.'
pm2 ls
echo -e '\nLOG:Secondary client setup...'
rm -f client-start-secondary.sh
echo \"serve -c ../../serve.json releases/$CLIENT_BINARIES -p 52525\" >> client-start-secondary.sh
chmod +x client-start-secondary.sh
pm2 delete client-secondary || true
pm2 start ./client-start-secondary.sh --name client-secondary
echo -e '\nLOG:Secondary client setup completed.'
pm2 ls
pm2 save
echo -e '\nLOG:Finished deployment.'
"
ssh $TS_USERNAME@$MACHINE_IP "$REMOTE_SCRIPT"
done
+63
View File
@@ -0,0 +1,63 @@
name: CI - Devcontainer
on:
pull_request:
paths:
- '.devcontainer/**'
- 'docker/devcontainer/**'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
packages: read
jobs:
validate:
name: Validate
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Login to GHCR
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Install devcontainer CLI
# renovate: datasource=npm depName=@devcontainers/cli
run: npm install -g @devcontainers/cli@0.83.0
- name: Build devcontainer
run: devcontainer build --workspace-folder .
- name: Start devcontainer
run: devcontainer up --workspace-folder .
- name: Validate required tools
run: |
devcontainer exec --workspace-folder . pnpm --version
devcontainer exec --workspace-folder . rsync --version
devcontainer exec --workspace-folder . mongosh --version
devcontainer exec --workspace-folder . node --version
devcontainer exec --workspace-folder . git --version
- name: Validate MongoDB replica set
run: |
for i in $(seq 1 30); do
if devcontainer exec --workspace-folder . mongosh --eval "rs.status().ok" 2>/dev/null; then
echo "Replica set is ready"
exit 0
fi
echo "Waiting for replica set... (attempt $i/30)"
sleep 2
done
echo "Replica set failed to initialize"
exit 1
+35
View File
@@ -0,0 +1,35 @@
name: CD - Docker - DOCR Cleanup Container Images
on:
workflow_dispatch:
schedule:
- cron: '5 0 * * 3,6' # 12:05 UTC on Wednesdays and Saturdays (6 hour maintenance window)
jobs:
remove:
name: Delete Old Images
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
repos:
- learn-api
variants:
- dev
- org
steps:
- name: Install doctl
uses: digitalocean/action-doctl@3cb3953159719656269e044e0e24ca16dd2a690f # v2.5.2
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: Log in to DigitalOcean Container Registry with short-lived credentials
run: doctl registry login --expiry-seconds 1200
- name: Delete Images
uses: raisedadead/action-docr-cleanup@1c7d87369bccfdf5da03a9ae3b00eacc3f2a9b51 # v1
with:
repository_name: '${{ matrix.variants }}/${{ matrix.repos }}'
days: '7'
keep_last: '3'
+125
View File
@@ -0,0 +1,125 @@
name: CD - Docker - DOCR
on:
workflow_dispatch:
inputs:
site_tld:
required: true
type: choice
description: 'Input: The site tld (variant) to build'
options:
- dev
- org
default: 'dev'
app:
required: true
type: string
description: 'Input: The app (component) to build'
default: 'api'
show_upcoming_changes:
required: false
type: string
description: 'Input: Show upcoming changes flag (true/false)'
default: 'false'
workflow_call:
inputs:
site_tld:
required: true
type: string
description: 'Input: The site tld (variant) to build'
app:
required: true
type: string
description: 'Input: The app (component) to build'
show_upcoming_changes:
required: false
type: string
description: 'Input: Show upcoming changes flag (true/false)'
default: 'false'
secrets:
DIGITALOCEAN_ACCESS_TOKEN:
required: true
description: 'DigitalOcean API token for registry authentication'
DOCR_NAME:
required: true
description: 'DigitalOcean Container Registry name'
SENTRY_AUTH_TOKEN:
required: false
description: 'Sentry auth token for source map upload (api app only)'
outputs:
tagname:
description: 'Output: The tagname for the image built'
value: ${{ jobs.build.outputs.tagname }}
jobs:
build:
name: Build & Push
runs-on: ubuntu-24.04
permissions:
contents: read
outputs:
tagname: ${{ steps.tagname.outputs.tagname }}
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Create a tagname
id: tagname
run: |
tagname=$(git rev-parse --short HEAD)-$(date +%Y%m%d)-$(date +%H%M)
echo "tagname=$tagname" >> "$GITHUB_ENV"
echo "tagname=$tagname" >> "$GITHUB_OUTPUT"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
- name: Install doctl
uses: digitalocean/action-doctl@3cb3953159719656269e044e0e24ca16dd2a690f # v2.5.2
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: Log in to DigitalOcean Container Registry with short-lived credentials
run: doctl registry login --expiry-seconds 1200
- name: Build & Push Image
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
with:
context: .
file: docker/${{ inputs.app }}/Dockerfile
push: true
build-args: |
SHOW_UPCOMING_CHANGES=${{ inputs.show_upcoming_changes }}
tags: |
registry.digitalocean.com/${{ secrets.DOCR_NAME }}/${{ inputs.site_tld }}/learn-${{ inputs.app }}:${{ env.tagname }}
registry.digitalocean.com/${{ secrets.DOCR_NAME }}/${{ inputs.site_tld }}/learn-${{ inputs.app }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
# TODO(o11y): source-map upload + release marking disabled pending a
# follow-up PR with a stable release-id scheme. Also fix the upload path
# when re-enabling: the image ships /home/node/fcc/api/src (dist flattened
# by the COPY in docker/api/Dockerfile), so `docker cp .../fcc/api` yields
# sentry-dist/api/src — the old upload pointed at sentry-dist/api/dist,
# which never exists (silent no-op, so maps never uploaded). Path below is
# pre-corrected to sentry-dist/api/src. See
# .scratchpad/o11y-cutover-review-2026-07-10.md.
# - name: Extract API dist for Sentry source maps
# if: inputs.app == 'api'
# run: |
# IMAGE="registry.digitalocean.com/${{ secrets.DOCR_NAME }}/${{ inputs.site_tld }}/learn-${{ inputs.app }}:${{ env.tagname }}"
# docker pull "$IMAGE"
# container_id=$(docker create "$IMAGE")
# mkdir -p sentry-dist
# docker cp "$container_id:/home/node/fcc/api" sentry-dist/
# docker rm "$container_id"
#
# - name: Upload source maps to Sentry (unfinalized)
# if: inputs.app == 'api'
# env:
# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
# SENTRY_ORG: freecodecamp
# SENTRY_PROJECT: api-fastify
# run: |
# npx --yes @sentry/cli@3.6.0 releases new "${{ env.tagname }}"
# npx --yes @sentry/cli@3.6.0 sourcemaps upload --release "${{ env.tagname }}" sentry-dist/api/src
+49
View File
@@ -0,0 +1,49 @@
name: CD - Docker - GHCR Images
on:
workflow_dispatch:
push:
branches:
- main
paths:
- 'pnpm-lock.yaml'
- 'docker/devcontainer/**'
- '.github/workflows/docker-ghcr.yml'
permissions:
contents: read
packages: write
jobs:
build-and-push:
name: Build and Push Images
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
- name: Log in to GHCR
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push images
uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7
with:
files: docker/devcontainer/docker-bake.hcl
targets: devcontainer
push: true
env:
TAG: ${{ github.sha }}
TAG_LATEST: ${{ github.ref_name == 'main' }}
+190
View File
@@ -0,0 +1,190 @@
name: CI - E2E - Playwright
on:
workflow_dispatch:
# workflow_run:
# workflows: ['CI - Node.js']
# types:
# - completed
# TODO: refactor with a workflow_call
pull_request:
branches:
- 'main'
- 'temp-**' # Temporary branches allowed on Upstream
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: ${{ !contains(github.ref, 'main') && !contains(github.ref, 'prod-') }}
permissions:
contents: read
jobs:
build-client:
name: Build Client
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
submodules: 'recursive'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Checkout client-config
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
repository: freeCodeCamp/client-config
path: client-config
persist-credentials: false
- name: Set freeCodeCamp Environment Variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install and Build
run: |
pnpm install
pnpm run build
- name: Move serve.json to Public Folder
run: cp client-config/serve.json client/public/serve.json
- name: Upload Client Artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: client-artifact
path: client/public
- name: Upload Webpack Stats
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: webpack-stats
path: client/public/stats.json
build-api:
name: Build API (Container)
runs-on: ubuntu-24.04
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
submodules: 'recursive'
- name: Create Image
run: |
docker build \
-t fcc-api \
-f docker/api/Dockerfile .
- name: Save Image
run: docker save fcc-api > api-artifact.tar
- name: Upload API Artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: api-artifact
path: api-artifact.tar
playwright-run:
name: Run Playwright Tests
runs-on: ubuntu-24.04
needs: [build-client, build-api]
strategy:
fail-fast: false
matrix:
# Extend this to include firefox and webkit once chromium is working.
browsers: [chromium]
node-version: [24]
steps:
- name: Set Action Environment Variables
run: |
echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Download Client Artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: client-artifact
path: client/public
- name: Download Api Artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: api-artifact
path: api-artifact
- name: Load API Image
run: |
docker load < api-artifact/api-artifact.tar
rm api-artifact/api-artifact.tar
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Install Dependencies
run: pnpm install
- name: Set freeCodeCamp Environment Variables (needed by api)
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
cp sample.env .env # for docker compose
- name: Install playwright dependencies
run: npx playwright install --with-deps
- name: Install
run: pnpm install
- name: Start apps
run: |
docker compose -f docker/docker-compose.yml -f docker/docker-compose.e2e.yml up -d
pnpm run serve:client-ci &
sleep 10
- name: Seed Database with Certified User
run: pnpm run seed:certified-user
- name: Run playwright tests
run: pnpm run playwright:run --project=${{ matrix.browsers }} --grep-invert 'third-party-donation.spec.ts'
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
if: ${{ !cancelled() }}
with:
name: playwright-report-${{ matrix.browsers }}
path: e2e/playwright/reporter
retention-days: 7
+166
View File
@@ -0,0 +1,166 @@
name: CI - E2E - 3rd party donation tests
on:
workflow_dispatch:
push:
branches:
- 'prod-**'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: ${{ !contains(github.ref, 'main') && !contains(github.ref, 'prod-') }}
permissions:
contents: read
jobs:
build-client:
name: Build Client
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
submodules: 'recursive'
- name: Checkout client-config
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
repository: freeCodeCamp/client-config
path: client-config
- name: Setup pnpm
uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: ${{ matrix.node-version }}
- name: Set freeCodeCamp Environment Variables
run: |
sed '/STRIPE/d; /PAYPAL/d; /PATREON/d;' sample.env > .env
echo 'STRIPE_PUBLIC_KEY=${{ secrets.STRIPE_PUBLIC_KEY }}' >> .env
echo 'PAYPAL_CLIENT_ID=${{ secrets.PAYPAL_CLIENT_ID }}' >> .env
echo 'PATREON_CLIENT_ID=${{ secrets.PATREON_CLIENT_ID }}' >> .env
- name: Install and Build
run: |
pnpm install
pnpm run build
- name: Move serve.json to Public Folder
run: cp client-config/serve.json client/public/serve.json
- name: Tar Files
run: tar -cf client-artifact.tar client/public
- name: Upload Client Artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: client-artifact
path: client-artifact.tar
build-api:
name: Build API (Container)
runs-on: ubuntu-24.04
steps:
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
submodules: 'recursive'
- name: Create Image
run: |
docker build \
-t fcc-api \
-f docker/api/Dockerfile .
- name: Save Image
run: docker save fcc-api > api-artifact.tar
- name: Upload API Artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: api-artifact
path: api-artifact.tar
playwright-run-api:
name: Run Playwright 3rd Party Donation Tests
runs-on: ubuntu-24.04
needs: [build-client, build-api]
strategy:
fail-fast: false
matrix:
browsers: [chromium]
node-version: [24]
steps:
- name: Set Action Environment Variables
run: |
echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV
- name: Checkout Source Files
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
- name: Unpack Client Artifact
run: |
tar -xf client-artifact/client-artifact.tar
rm client-artifact/client-artifact.tar
- name: Load API Image
run: |
docker load < api-artifact/api-artifact.tar
rm api-artifact/api-artifact.tar
- name: Setup pnpm
uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: ${{ matrix.node-version }}
- name: Install Dependencies
run: pnpm install
- name: Set freeCodeCamp Environment Variables (needed by api)
run: |
sed '/STRIPE/d; /PAYPAL/d; /PATREON/d;' sample.env > .env
echo 'STRIPE_PUBLIC_KEY=${{ secrets.STRIPE_PUBLIC_KEY }}' >> .env
echo 'PAYPAL_CLIENT_ID=${{ secrets.PAYPAL_CLIENT_ID }}' >> .env
echo 'PATREON_CLIENT_ID=${{ secrets.PATREON_CLIENT_ID }}' >> .env
- name: Install playwright dependencies
run: npx playwright install --with-deps
- name: Install
run: pnpm install
- name: Start apps
run: |
docker compose -f docker/docker-compose.yml -f docker/docker-compose.e2e.yml up -d
pnpm run serve:client-ci &
sleep 10
- name: Seed Database with Certified User
run: pnpm run seed:certified-user
- name: Run playwright tests
run: pnpm run playwright:run third-party-donation.spec.ts --project=${{ matrix.browsers }}
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
if: ${{ !cancelled() }}
with:
name: playwright-report-${{ matrix.browsers }}
path: e2e/playwright/reporter
retention-days: 7
+71
View File
@@ -0,0 +1,71 @@
name: GitHub - Autoclose Invalid PRs
on:
pull_request_target:
branches:
- 'main'
paths:
- '.gitignore'
jobs:
autoclose:
runs-on: ubuntu-24.04
steps:
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const files = await github.rest.pulls.listFiles({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
pull_number: context.payload.pull_request.number,
});
if (
files.data.length !== 1 ||
(files.data[0].filename !== ".gitignore" &&
// We've had four PRs make this same (irrelevant) change already.
!(files.data[0].filename === "664ef4623946e65e18d59764.md" &&
files.data[0].patch.includes("return re.sub('(?<!\d)1', '', equation_string.strip('+'))")
)
)
) {
return;
}
const creator = context.payload.sender.login;
const opts = github.rest.issues.listForRepo.endpoint.merge({
...context.issue,
creator,
state: 'all'
});
const issues = await github.paginate(opts);
// iterate through issues
for (const issue of issues) {
// if the issue is this one, keep looking
if (issue.number === context.issue.number) {
continue;
}
// if the issue is actually a PR, they're not a first timer
if (issue.pull_request) {
return // Creator is already a contributor.
}
}
core.setFailed("Invalid PR detected.");
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "Thank you for opening this pull request.\n\nThis is a standard message notifying you that we've reviewed your pull request and have decided not to merge it. We would welcome future pull requests from you.\n\nThank you and happy coding.",
});
await github.rest.pulls.update({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
pull_number: context.payload.pull_request.number,
state: "closed"
});
await github.rest.issues.addLabels({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
issue_number: context.issue.number,
labels: ["spam"]
});
+24
View File
@@ -0,0 +1,24 @@
name: GitHub - Label PRs
on:
- pull_request_target
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: true
jobs:
triage:
permissions:
# for actions/labeler to determine modified files
contents: read
# for actions/labeler to add labels to PRs
pull-requests: write
runs-on: ubuntu-24.04
steps:
- uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6
with:
repo-token: '${{ secrets.GITHUB_TOKEN }}'
sync-labels: true
@@ -0,0 +1,21 @@
name: GitHub - Lock Closed PRs
on:
pull_request_target:
types: [closed]
jobs:
lock:
name: Lock Closed PR
runs-on: ubuntu-24.04
steps:
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
await github.rest.issues.lock({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
lock_reason: 'resolved'
});
@@ -0,0 +1,34 @@
name: GitHub - No translations via PRs
on:
pull_request_target:
branches:
- 'main'
paths:
- 'client/i18n/locales/**/intro.json'
- 'client/i18n/locales/**/translations.json'
- '!client/i18n/locales/english/**'
jobs:
has-translation:
runs-on: ubuntu-24.04
steps:
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{secrets.CAMPERBOT_NO_TRANSLATE}}
script: |
const isDev = await github.rest.teams.getMembershipForUserInOrg({
org: "freeCodeCamp",
team_slug: "dev-team",
username: context.payload.pull_request.user.login
}).catch(() => ({status: 404}));
if (context.payload.pull_request.user.login !== "camperbot" && isDev.status !== 200) {
core.setFailed('This PR appears to touch translated curriculum files.')
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "Thanks for your pull request.\n\n**Please remove the changes made to the non-English versions of the files. No need to close this pull request; just add more commits as needed.**\n\nWe require you to change **only English** versions of files in the codebase. Translations to corresponding files in other world languages are managed on our translation platform. Once your pull request is merged, changes will be synced automatically to other world languages.\n\nPlease visit [our contributing guidelines](https://contribute.freecodecamp.org) to learn more about translating freeCodeCamp's resources.\n\nAs always, we value all of your contributions.\n\nHappy contributing!\n\n---\n_**Note:** This message was automatically generated by a bot. If you feel this message is in error or would like help resolving it, feel free to reach us [in our contributor chat](https://discord.gg/PRyKn3Vbay)._"
})
} else if (isDev.status === 200) {
core.setFailed('This PR appears to touch translated curriculum files, but since you are on the dev team there is no message.');
}
+170
View File
@@ -0,0 +1,170 @@
name: GitHub - PR Contribution Guidelines
on:
pull_request_target:
types: [opened, reopened, edited]
jobs:
# Ensures PR commits were not added via the GitHub Web UI, which typically indicates
# the contributor hasn't tested their changes in a local development environment.
no-web-commits:
name: No Commits on GitHub Web
runs-on: ubuntu-24.04
outputs:
is_allow_listed: ${{ steps.pr_author.outputs.is_allow_listed }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: .github/scripts/pr-guidelines
sparse-checkout-cone-mode: false
- name: Check if PR author is allow-listed
id: pr_author
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
# GITHUB_TOKEN does not have the read:org permission needed for this call
# while CAMPERBOT_NO_TRANSLATE does, since it is a PAT for the camperbot account with read:org scope
github-token: ${{ secrets.CAMPERBOT_NO_TRANSLATE }}
script: |
const fn = require('./.github/scripts/pr-guidelines/check-allow-list.js');
await fn({ github, context, core });
- name: Check if commits are made on GitHub Web UI
id: check-commits
if: steps.pr_author.outputs.is_allow_listed == 'false' && github.event.action != 'edited'
env:
HEAD_REF: ${{ github.head_ref }}
run: |
PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
COMMITS_URL="https://api.github.com/repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/commits"
HAS_GITHUB_SIGNED_COMMIT=$(curl --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "$COMMITS_URL" | jq '[.[] | select(.commit.committer.name == "GitHub") | select(.commit.message | test("revert"; "i") | not)] | length > 0')
# GitHub Codespaces also produces GitHub-signed commits, but Codespaces users
# work on descriptively named branches. The web editor defaults to patch-N branches.
IS_PATCH_BRANCH=false
if [[ "$HEAD_REF" =~ ^patch-[0-9]+$ ]]; then
IS_PATCH_BRANCH=true
fi
if [ "$HAS_GITHUB_SIGNED_COMMIT" = "true" ] && [ "$IS_PATCH_BRANCH" = "true" ]; then
echo "IS_GITHUB_COMMIT=true" >> $GITHUB_ENV
fi
- name: Add comment on PR if commits are made on GitHub Web UI
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
if: steps.pr_author.outputs.is_allow_listed == 'false' && env.IS_GITHUB_COMMIT == 'true' && github.event.action != 'edited'
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
core.setFailed("Commits were added via the GitHub Web UI.");
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "Thanks for your pull request.\n\n**Please do not add commits via the GitHub Web UI.**\n\nIt generally means you have yet to test these changes in a development setup or complete any prerequisites. We need you to follow the guides mentioned in the checklist. Please revalidate these changes in a developer environment and confirm how you validated your changes.\n\nHappy contributing!\n\n---\n_**Note:** This message was automatically generated by a bot. If you feel this message is in error or would like help resolving it, feel free to reach us [in our contributor chat](https://discord.gg/PRyKn3Vbay)._"
});
- name: Add deprioritized label
if: failure()
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
labels: ['deprioritized']
});
# Normalizes PR titles to follow Conventional Commits format, applying fuzzy fixes
# for common mistakes like typos, missing colons, or incorrect spacing.
fix-pr-title:
name: Fix PR Title
runs-on: ubuntu-24.04
needs: no-web-commits
if: needs.no-web-commits.result == 'success' && github.event.action != 'edited'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: .github/scripts/pr-guidelines
sparse-checkout-cone-mode: false
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fn = require('./.github/scripts/pr-guidelines/fix-pr-title.js');
await fn({ github, context });
# Checks that the PR description still contains the required template.
# The first 3 checkboxes must be ticked ([x] or [X]).
# The last checkbox (tested locally) is acceptable to leave unticked
# but removing the entire template is not.
check-pr-template:
name: Check PR Template
runs-on: ubuntu-24.04
needs: no-web-commits
if: needs.no-web-commits.result == 'success'
outputs:
failure_reason: ${{ steps.check.outputs.failure_reason }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: .github/scripts/pr-guidelines
sparse-checkout-cone-mode: false
- id: check
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fn = require('./.github/scripts/pr-guidelines/check-pr-template.js');
await fn({ github, context, core, isAllowListed: '${{ needs.no-web-commits.outputs.is_allow_listed }}' });
# Verifies that each PR references a linked, triaged issue before it can be reviewed.
check-linked-issue:
name: Check Linked Issue
runs-on: ubuntu-24.04
needs: no-web-commits
if: needs.no-web-commits.result == 'success'
outputs:
failure_reason: ${{ steps.check.outputs.failure_reason }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: .github/scripts/pr-guidelines
sparse-checkout-cone-mode: false
- id: check
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fn = require('./.github/scripts/pr-guidelines/check-linked-issue.js');
await fn({ github, context, core, isAllowListed: '${{ needs.no-web-commits.outputs.is_allow_listed }}' });
# Coordinates reporting: posts a single combined comment when checks fail,
# or removes the deprioritized label when all checks pass.
report:
name: Report
runs-on: ubuntu-24.04
needs: [no-web-commits, check-pr-template, check-linked-issue]
if: always() && needs.no-web-commits.result == 'success'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: .github/scripts/pr-guidelines
sparse-checkout-cone-mode: false
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fn = require('./.github/scripts/pr-guidelines/report-results.js');
await fn({
github,
context,
templateResult: '${{ needs.check-pr-template.result }}',
templateReason: '${{ needs.check-pr-template.outputs.failure_reason }}',
linkedIssueResult: '${{ needs.check-linked-issue.result }}',
linkedIssueReason: '${{ needs.check-linked-issue.outputs.failure_reason }}'
});
+26
View File
@@ -0,0 +1,26 @@
name: GitHub - Spam PR
on:
pull_request_target:
types:
- labeled
jobs:
is-spam:
runs-on: ubuntu-24.04
steps:
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{secrets.CAMPERBOT_NO_TRANSLATE}}
script: |
if (context.payload.label.name === "spam") {
try {
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "We are marking this pull request as spam. Please note that if you are participating in Hacktoberfest, two or more PRs marked as spam will result in your permanent disqualification.\n\nIf you are interested in making quality and genuine contributions to our projects, check out our [contributing guidelines](https://contribute.freecodecamp.org)."
});
} catch {
// Conversation may already be locked — ignore.
}
}
@@ -0,0 +1,50 @@
name: i18n - Build Validation
on:
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: true
jobs:
ci:
name: Validate i18n Builds
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set freeCodeCamp Environment Variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install Dependencies
run: pnpm install
- name: Validate Challenge Files
run: pnpm run audit-challenges
+61
View File
@@ -0,0 +1,61 @@
name: i18n - Curriculum PR Validation
on:
pull_request:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: true
jobs:
ci:
name: Validate i18n Builds
# run only on PRs that camperbot opens with title that matches the curriculum sync
if: ${{ github.event.pull_request.user.login == 'camperbot' && contains(github.event.pull_request.title, 'chore(i18n,learn)') }}
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Set freeCodeCamp Environment Variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install Dependencies
run: pnpm install
- name: Validate Challenge Files
id: validate
run: pnpm run audit-challenges
- name: Create Comment
# Run if the validate challenge files step fails, specifically. Note that we need the failure() call for this step to trigger if the action fails.
if: ${{ failure() && steps.validate.conclusion == 'failure' }}
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{secrets.CAMPERBOT_NO_TRANSLATE}}
script: |
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "Hey @freecodecamp/i18n, it looks like we have new English curriculum files that need to be translated."
})
+316
View File
@@ -0,0 +1,316 @@
name: CI - Node.js
on:
push:
branches:
- 'main'
- 'prod-**'
- 'renovate/**'
- 'hotfix-**'
- 'temp-**'
pull_request:
branches:
- 'main'
- 'temp-**' # Temporary branches allowed on Upstream
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: ${{ !contains(github.ref, 'main') && !contains(github.ref, 'prod-') }}
permissions:
contents: read
jobs:
lint:
name: Lint
# Skip PR runs for Renovate since push already triggered CI
if: github.event_name != 'pull_request' || github.event.pull_request.user.login != 'renovate[bot]'
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
fail-fast: false
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
persist-credentials: false
- name: Check number of lockfiles
run: |
if [ $(find . -name 'package-lock.json' | grep -vc -e 'node_modules') -gt 0 ]
then
echo -e 'Error: found package-lock files in the repository.\nWe use pnpm workspaces to manage packages so all dependencies should be added via pnpm add'
exit 1
fi
- name: Check format of sample.env
run: docker run --rm -v `pwd`:/app -w /app dotenvlinter/dotenv-linter check --ignore-checks UnorderedKey sample.env
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set Environment variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install node_modules
run: pnpm install
- name: Check formatting
run: |
pnpm prettier --check . || [ $? -eq 1 ] && printf "\nTip: Run 'pnpm run format' in your terminal to fix this.\n\n"
- name: Lint Source Files
run: |
echo pnpm version $(pnpm -v)
pnpm lint
# This is populate the cache, otherwise local runs with upcoming changes
# will not benefit.
- name: Set UPCOMING_CHANGES
run: |
echo 'SHOW_UPCOMING_CHANGES=true' >> $GITHUB_ENV
- name: Lint Upcoming Changes
run: |
pnpm lint
# DONT REMOVE THIS JOB.
# TODO: Refactor and use re-usable workflow and shared artifacts
build:
name: Build
needs: lint
runs-on: ubuntu-24.04
strategy:
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
persist-credentials: false
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set freeCodeCamp Environment Variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
- name: Install and Build
run: |
pnpm install
pnpm run build
test:
name: Test
needs: build
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
persist-credentials: false
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set Environment variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
cat sample.env
- name: Start MongoDB
run: docker compose -f docker/docker-compose.yml up -d
- name: Install Dependencies
run: |
echo pnpm version $(pnpm -v)
pnpm install
- name: Install Chrome for Puppeteer
run: pnpm -F=curriculum install-puppeteer
- name: Run Tests
run: pnpm test
test-upcoming:
name: Test - Upcoming Changes
needs: build
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
node-version: [24]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
persist-credentials: false
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set Environment variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
echo 'SHOW_UPCOMING_CHANGES=true' >> $GITHUB_ENV
- name: Start MongoDB
run: docker compose -f docker/docker-compose.yml up -d
- name: Install Dependencies
run: |
echo pnpm version $(pnpm -v)
pnpm install
- name: Install Chrome for Puppeteer
run: pnpm -F=curriculum install-puppeteer
- name: Run Tests
run: pnpm test
test-localization:
name: Test - i18n
needs: build
runs-on: ubuntu-24.04
if: github.event.pull_request.user.login == 'camperbot' && github.head_ref == 'chore/update-i18n-curriculum-submodule'
strategy:
fail-fast: false
matrix:
node-version: [24]
locale: [portuguese, italian]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: 'recursive'
persist-credentials: false
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: ${{ matrix.node-version }}
- name: Install pnpm
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6
id: pnpm-install
with:
run_install: false
- name: Setup Turbo Cache
uses: ./.github/actions/setup-turbo-cache
with:
turbo-token: ${{ secrets.TURBO_TOKEN }}
turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
- name: Set Environment variables
run: |
sed '/^[[:space:]]*#/d; /^$/d' sample.env >> $GITHUB_ENV
cat sample.env
- name: Start MongoDB
uses: supercharge/mongodb-github-action@315db7fe45ac2880b7758f1933e6e5d59afd5e94 # 1.12.1
with:
mongodb-version: 8.0
mongodb-replica-set: test-rs
mongodb-port: 27017
- name: Install Dependencies
env:
CURRICULUM_LOCALE: ${{ matrix.locale }}
CLIENT_LOCALE: ${{ matrix.locale }}
run: |
echo pnpm version $(pnpm -v)
pnpm install
# DONT REMOVE THIS STEP.
# TODO: Refactor and use re-usable workflow and shared artifacts
- name: Build Client in ${{ matrix.locale }}
env:
CURRICULUM_LOCALE: ${{ matrix.locale }}
CLIENT_LOCALE: ${{ matrix.locale }}
run: |
pnpm run build
- name: Install Chrome for Puppeteer
run: pnpm -F=curriculum install-puppeteer
- name: Run Tests
env:
CURRICULUM_LOCALE: ${{ matrix.locale }}
CLIENT_LOCALE: ${{ matrix.locale }}
run: pnpm test