chore: import upstream snapshot with attribution

This commit is contained in:
wehub-resource-sync
2026-07-13 12:38:36 +08:00
commit 8e2a6eb840
10194 changed files with 1593658 additions and 0 deletions
+101
View File
@@ -0,0 +1,101 @@
name: Banner Content Monitor
on:
schedule:
- cron: '*/15 * * * *'
workflow_dispatch: # Allow manual trigger
permissions: {}
env:
BANNER_URL: ${{ vars.BANNER_URL }}
jobs:
check-and-deploy:
if: ${{ github.repository_owner == 'nrwl' }}
runs-on: ubuntu-latest
steps:
- name: Fetch banner content and compute hash
id: banner
run: |
if [ -z "$BANNER_URL" ]; then
echo "BANNER_URL is not set"
exit 1
fi
# Fetch content and compute hash
CONTENT_HASH=$(curl -sf "$BANNER_URL" | sha256sum | cut -d' ' -f1)
if [ -z "$CONTENT_HASH" ]; then
echo "Failed to fetch banner content"
exit 1
fi
echo "current_hash=$CONTENT_HASH" >> $GITHUB_OUTPUT
echo "Current banner hash: $CONTENT_HASH"
- name: Restore cached hash
id: cache
uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: .banner-hash
key: banner-content-hash-
restore-keys: |
banner-content-hash-
- name: Compare hashes
id: compare
run: |
CURRENT_HASH="${{ steps.banner.outputs.current_hash }}"
if [ -f .banner-hash ]; then
CACHED_HASH=$(cat .banner-hash)
echo "Cached hash: $CACHED_HASH"
else
CACHED_HASH=""
echo "No cached hash found"
fi
if [ "$CURRENT_HASH" != "$CACHED_HASH" ]; then
echo "changed=true" >> $GITHUB_OUTPUT
echo "Banner content has changed!"
else
echo "changed=false" >> $GITHUB_OUTPUT
echo "Banner content unchanged"
fi
- name: Setup Node
if: steps.compare.outputs.changed == 'true'
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with:
node-version: '24'
- name: Trigger Netlify deploys
if: steps.compare.outputs.changed == 'true'
env:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
run: |
npm install -g netlify-cli
echo "Triggering nx-docs deploy..."
netlify deploy --trigger --prod -s nx-docs
echo "Triggering nx-dev deploy..."
netlify deploy --trigger --prod -s nx-dev
echo "Triggering nrwl-blog deploy..."
netlify deploy --trigger --prod -s nrwl-blog
echo "All deploys triggered successfully"
- name: Save new hash to cache
if: steps.compare.outputs.changed == 'true'
run: |
echo "${{ steps.banner.outputs.current_hash }}" > .banner-hash
- name: Update cache
if: steps.compare.outputs.changed == 'true'
uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: .banner-hash
key: banner-content-hash-${{ github.run_id }}
+329
View File
@@ -0,0 +1,329 @@
name: CI
on:
push:
branches:
- master
- '[0-9]+.[0-9]+.x'
pull_request:
branches:
- "**"
env:
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
NX_CLOUD_ENABLE_METRICS_COLLECTION: 'true'
PNPM_HOME: ~/.pnpm
# Pin corepack to the pnpm version from packageManager. Without this, corepack
# falls back to "latest" in directories that have no packageManager field
# (e.g. e2e temp dirs), pulling pnpm 11 and breaking install.
COREPACK_DEFAULT_TO_LATEST: '0'
jobs:
main-linux:
runs-on: ubuntu-latest
env:
NX_BATCH_MODE: 'true'
NX_E2E_CI_CACHE_KEY: e2e-github-linux
NX_DAEMON: 'true'
NX_PERF_LOGGING: 'false'
NX_VERBOSE_LOGGING: 'false'
NX_NATIVE_LOGGING: 'false'
NX_E2E_RUN_E2E: 'true'
NX_CI_EXECUTION_ENV: 'linux'
NX_CLOUD_NO_TIMEOUTS: 'true'
NX_ALLOW_NON_CACHEABLE_DTE: 'true'
NX_CLOUD_EXPERIMENTAL_POLLING: 'true'
NX_CLOUD_CONTINUOUS_ASSIGNMENT: 'true'
NX_CLOUD_VERBOSE_LOGGING: 'true'
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
filter: tree:0
- name: Set verbose logging from debug mode
if: runner.debug == '1'
run: echo "NX_VERBOSE_LOGGING=true" >> "$GITHUB_ENV"
- name: Fetch Master
run: git fetch origin master:master
if: ${{ github.event_name == 'pull_request' }}
- name: Set SHAs
uses: nrwl/nx-set-shas@310288c04d90696f9f1bc27c5e3caea6642b53d4 # v5.0.0
with:
main-branch-name: 'master'
- name: Start CI Run
run: npx nx-cloud@next start-ci-run --distribute-on="./.nx/workflows/dynamic-changesets.yaml" --stop-agents-after="e2e"
- name: Setup dev tools with mise
uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3
- name: Enable corepack and install pnpm
run: |
corepack enable
corepack prepare --activate
- name: Get pnpm store directory
id: pnpm-cache
run: echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
- name: Cache pnpm store
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Setup Gradle
uses: gradle/actions/setup-gradle@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4.4.3
- name: Install project dependencies
run: pnpm install --frozen-lockfile
- name: Restore .NET analyzer projects
run: dotnet restore nx.sln
- name: Nx Report
run:
pnpm nx report
- name: Run Checks/Lint/Test/Build
run: |
pids=()
pnpm nx record -- nx format:check &
pids+=($!)
pnpm nx record -- nx sync:check
pids+=($!)
pnpm nx build workspace-plugin && pnpm nx record -- pnpm nx-cloud conformance:check
pids+=($!)
pnpm nx run-many -t check-imports check-lock-files check-codeowners --parallel=1 --no-dte &
pids+=($!)
pnpm nx affected --targets=lint,test,build,e2e,e2e-ci,format-native,lint-native,gradle:build-ci,vale,run &
pids+=($!)
for pid in "${pids[@]}"; do
wait "$pid"
done
timeout-minutes: 100
- name: Fix CI
run: pnpm nx fix-ci
if: failure()
main-macos:
runs-on: macos-latest
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}${{ contains(github.event_name, 'push') && format('-{0}', github.sha) || '' }}
cancel-in-progress: true
env:
NX_E2E_CI_CACHE_KEY: e2e-github-macos
NX_PERF_LOGGING: 'false'
NX_CI_EXECUTION_ENV: 'macos'
SELECTED_PM: 'npm'
steps:
- name: Log concurrency info
run: |
echo "Concurrency group: ${{ github.workflow }}-${{ github.ref }}${{ contains(github.event_name, 'push') && format('-{0}', github.sha) || '' }}"
echo "Concurrency cancel-in-progress: ${{ !contains(github.event_name, 'push') }}"
echo "Concurrency cancel-event-name: ${{ github.event_name }}"
if: always()
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
filter: tree:0
- name: Set verbose logging from debug mode
if: runner.debug == '1'
run: echo "NX_VERBOSE_LOGGING=true" >> "$GITHUB_ENV"
- name: Fetch Master
run: git fetch origin master:master
if: ${{ github.event_name == 'pull_request' }}
- name: Setup dev tools with mise
uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3
- name: Enable corepack and install pnpm
run: |
corepack enable
corepack prepare --activate
- name: Set SHAs
uses: nrwl/nx-set-shas@310288c04d90696f9f1bc27c5e3caea6642b53d4 # v5.0.0
with:
main-branch-name: 'master'
- name: Check for React Native changes
id: check-changes
run: |
HAS_CHANGED=$(node ./scripts/check-react-native-changes.js $NX_BASE $NX_HEAD);
if $HAS_CHANGED; then
echo "has_changes=true" >> $GITHUB_OUTPUT
echo "React Native projects are affected, will run macOS tests"
else
echo "has_changes=false" >> $GITHUB_OUTPUT
echo "No React Native projects affected, skipping macOS tests"
fi
- name: Restore Homebrew packages
if: steps.check-changes.outputs.has_changes == 'true'
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
/opt/homebrew
~/Library/Caches/Homebrew
key: nrwl-nx-homebrew-packages
- name: Configure Detox Environment, Install applesimutils
if: steps.check-changes.outputs.has_changes == 'true'
run: |
# Ensure Xcode command line tools are installed and configured
xcode-select --print-path || sudo xcode-select --reset
sudo xcode-select -s /Applications/Xcode.app
# Install or update applesimutils with error handling
if ! brew list applesimutils &>/dev/null; then
echo "Installing applesimutils..."
HOMEBREW_NO_AUTO_UPDATE=1 brew tap wix/brew >/dev/null
# Homebrew now refuses to load formulae from third-party taps unless trusted
brew trust wix/brew
HOMEBREW_NO_AUTO_UPDATE=1 brew install applesimutils >/dev/null || {
echo "Failed to install applesimutils, retrying with update..."
brew update
brew trust wix/brew
HOMEBREW_NO_AUTO_UPDATE=1 brew install applesimutils
}
else
echo "Updating applesimutils..."
HOMEBREW_NO_AUTO_UPDATE=1 brew upgrade applesimutils || true
fi
# Verify applesimutils installation
applesimutils --version || (echo "applesimutils installation failed" && exit 1)
# Configure environment for M-series Mac
echo "DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer" >> $GITHUB_ENV
echo "PLATFORM_NAME=iOS Simulator" >> $GITHUB_ENV
# Set additional environment variables for better debugging
echo "DETOX_DISABLE_TELEMETRY=1" >> $GITHUB_ENV
echo "DETOX_LOG_LEVEL=trace" >> $GITHUB_ENV
# Verify Xcode installation
xcodebuild -version
# List available simulators
xcrun simctl list devices available
timeout-minutes: 10
continue-on-error: false
- name: Reset iOS Simulators
if: steps.check-changes.outputs.has_changes == 'true'
id: reset-simulators
run: |
echo "Resetting iOS Simulators..."
# Kill simulator processes
sudo killall -9 com.apple.CoreSimulator.CoreSimulatorService 2>/dev/null || true
killall "Simulator" 2>/dev/null || true
killall "iOS Simulator" 2>/dev/null || true
# Wait for processes to terminate
sleep 3
# Shutdown and erase all simulators (ignore failures)
xcrun simctl shutdown all 2>/dev/null || true
sleep 5
xcrun simctl erase all 2>/dev/null || true
# If erase failed, try the nuclear option
if xcrun simctl list devices | grep -q "Booted" 2>/dev/null; then
echo "Standard reset failed, using nuclear option..."
rm -rf ~/Library/Developer/CoreSimulator/Devices/* 2>/dev/null || true
launchctl remove com.apple.CoreSimulator.CoreSimulatorService 2>/dev/null || true
sleep 3
fi
# Clean up additional directories
rm -rf ~/Library/Developer/CoreSimulator/Caches/* 2>/dev/null || true
rm -rf ~/Library/Logs/CoreSimulator/* 2>/dev/null || true
rm -rf ~/Library/Developer/Xcode/DerivedData/* 2>/dev/null || true
echo "Simulator reset completed"
timeout-minutes: 5
continue-on-error: true
- name: Verify Simulator Reset
if: steps.check-changes.outputs.has_changes == 'true' && steps.reset-simulators.outcome == 'success'
run: |
# Verify CoreSimulator service restarted
pgrep -fl "CoreSimulator" || (echo "CoreSimulator service not running" && exit 1)
# Check simulator list is clean
xcrun simctl list devices
# Verify simulator runtime paths exist and are writable
test -d ~/Library/Developer/CoreSimulator/Devices || (echo "Simulator devices directory missing" && exit 1)
touch ~/Library/Developer/CoreSimulator/Devices/test || (echo "Simulator devices directory not writable" && exit 1)
rm ~/Library/Developer/CoreSimulator/Devices/test
timeout-minutes: 5
- name: Diagnose Simulator Reset Failure
if: steps.check-changes.outputs.has_changes == 'true' && steps.reset-simulators.outcome == 'failure'
run: |
echo "Simulator reset failed. Collecting diagnostic information..."
xcrun simctl list
echo "Checking simulator logs..."
ls -la ~/Library/Logs/CoreSimulator/ || echo "No simulator logs found"
- name: Save Homebrew Cache
if: steps.check-changes.outputs.has_changes == 'true'
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
/opt/homebrew
~/Library/Caches/Homebrew
key: nrwl-nx-homebrew-packages
- name: Get pnpm store directory
if: steps.check-changes.outputs.has_changes == 'true'
id: pnpm-cache-macos
run: echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
- name: Cache pnpm store
if: steps.check-changes.outputs.has_changes == 'true'
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: ${{ steps.pnpm-cache-macos.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install project dependencies
if: steps.check-changes.outputs.has_changes == 'true'
run: |
pnpm install --frozen-lockfile
pnpm playwright install --with-deps
- name: Restore .NET packages
if: steps.check-changes.outputs.has_changes == 'true'
run: dotnet restore nx.sln
- name: Run E2E Tests for macOS
if: steps.check-changes.outputs.has_changes == 'true'
run: |
pnpm nx affected -t e2e-macos-local --parallel=1 --base=$NX_BASE --head=$NX_HEAD
+114
View File
@@ -0,0 +1,114 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ "master" ]
schedule:
- cron: '20 14 * * 6'
jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
# We would like to test our Java / Kotlin... but its currently failing. We can follow up.
# - language: java-kotlin
# build-mode: autobuild
- language: javascript-typescript
build-mode: none
- language: rust
build-mode: none
- language: csharp
build-mode: autobuild
# CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
# Use `c-cpp` to analyze code written in C, C++ or both
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Language Tooling
uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3
- name: Enable corepack and install pnpm
run: |
corepack enable
corepack prepare --activate
# Add any setup steps before running the `github/codeql-action/init` action.
# This includes steps like installing compilers or runtimes (`actions/setup-node`
# or others). This is typically only required for manual builds.
# - name: Setup runtime (example)
# uses: actions/setup-example@v1
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@15403aac29bd91419968e066cded66bde56b0283 # v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# If the analyze step fails for one of the languages you are analyzing with
# "We were unable to automatically build your code", modify the matrix above
# to set the build mode to "manual" for that language. Then modify this step
# to build your code.
# ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
- if: matrix.build-mode == 'manual'
shell: bash
run: |
echo 'If you are using a "manual" build mode for one or more of the' \
'languages you are analyzing, replace this with the commands to build' \
'your code, for example:'
echo ' make bootstrap'
echo ' make release'
exit 1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@15403aac29bd91419968e066cded66bde56b0283 # v3
with:
category: "/language:${{matrix.language}}"
+111
View File
@@ -0,0 +1,111 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
pull_request:
branches: [ "**" ]
jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
permissions:
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
# See comment in @./codeql-master.yml about Java / Kotlin
# - language: java-kotlin
# build-mode: autobuild
- language: javascript-typescript
build-mode: none
- language: rust
build-mode: none
- language: csharp
build-mode: autobuild
# CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
# Use `c-cpp` to analyze code written in C, C++ or both
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Language Tooling
uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3
- name: Enable corepack and install pnpm
run: |
corepack enable
corepack prepare --activate
# Add any setup steps before running the `github/codeql-action/init` action.
# This includes steps like installing compilers or runtimes (`actions/setup-node`
# or others). This is typically only required for manual builds.
# - name: Setup runtime (example)
# uses: actions/setup-example@v1
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@15403aac29bd91419968e066cded66bde56b0283 # v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# If the analyze step fails for one of the languages you are analyzing with
# "We were unable to automatically build your code", modify the matrix above
# to set the build mode to "manual" for that language. Then modify this step
# to build your code.
# ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
- if: matrix.build-mode == 'manual'
shell: bash
run: |
echo 'If you are using a "manual" build mode for one or more of the' \
'languages you are analyzing, replace this with the commands to build' \
'your code, for example:'
echo ' make bootstrap'
echo ' make release'
exit 1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@15403aac29bd91419968e066cded66bde56b0283 # v3
with:
category: "/language:${{matrix.language}}"
upload: 'never'
upload-database: false
+21
View File
@@ -0,0 +1,21 @@
name: Unmergeable Labels Check
on:
pull_request:
types: [synchronize, opened, reopened, labeled, unlabeled]
jobs:
do-not-merge:
if: ${{ github.repository_owner == 'nrwl' }}
name: Prevent Merging
runs-on: ubuntu-latest
steps:
- name: Check for label
run: |
echo "${{ toJSON(github.event.*.labels.*.name) }}"
node -e 'const forbidden = ["target: next major version", "pr status: needs tests", "pr status: in-progress", "blocked: needs rebase", "pr status: do not merge"];
const match = ${{ toJSON(github.event.*.labels.*.name) }}.find(l => forbidden.includes(l.toLowerCase()));
if (match) {
console.log("Cannot merge PRs that are labeled with " + match);
process.exit(1)
}'
+510
View File
@@ -0,0 +1,510 @@
name: E2E matrix
on:
schedule:
- cron: '0 5 * * *'
workflow_dispatch:
inputs:
debug_enabled:
type: boolean
description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
required: false
default: false
env:
CYPRESS_CACHE_FOLDER: ${{ github.workspace }}/.cypress
# Pin corepack to the pnpm version from packageManager. Without this, corepack
# falls back to "latest" in directories that have no packageManager field
# (e.g. e2e temp dirs), pulling pnpm 11 and breaking install.
COREPACK_DEFAULT_TO_LATEST: '0'
permissions: {}
jobs:
preinstall:
if: ${{ github.repository_owner == 'nrwl' }}
runs-on: ${{ matrix.os }}
timeout-minutes: 20
env:
NODE_VERSION: ${{ matrix.node_version }}
strategy:
matrix:
os:
- ubuntu-latest
- macos-latest
# - windows-latest Windows fails to build gradle wrapper which always runs when we build nx.
## https://staging.nx.app/runs/LgD4vxGn8w?utm_source=pull-request&utm_medium=comment
node_version:
- 22
- 24
- 26
exclude:
# macos skips the oldest node to keep the macos matrix slim
- os: macos-latest
node_version: 22
# - os: windows-latest TODO(Jack): Windows fails to build gradle wrapper which always runs when we build nx. Re-enable when we fix this.
# node_version: 22
name: Cache install (${{ matrix.os }}, node v${{ matrix.node_version }})
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
filter: tree:0
- name: Setup dev tools with mise
uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3
- name: Enable corepack and install pnpm
run: |
npm install -g corepack@latest
corepack enable
corepack prepare --activate
- name: Get pnpm store directory
id: pnpm-cache
run: echo "path=$(pnpm store path)" >> $GITHUB_OUTPUT
- name: Cache pnpm store
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: ${{ steps.pnpm-cache.outputs.path }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Ensure Python setuptools Installed on Macos
if: ${{ matrix.os == 'macos-latest' }}
id: brew-install-python-setuptools
run: brew install python-setuptools
- name: Install pnpm packages
run: pnpm install --frozen-lockfile
- name: Install Playwright
run: pnpm playwright install --with-deps
- name: Restore .NET packages
run: dotnet restore nx.sln
- name: Homebrew cache directory path
if: ${{ matrix.os == 'macos-latest' }}
id: homebrew-cache-dir-path
run: echo "dir=$(brew --cache)" >> $GITHUB_OUTPUT
- name: Cache Homebrew
if: ${{ matrix.os == 'macos-latest' }}
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
lookup-only: true
path: ${{ steps.homebrew-cache-dir-path.outputs.dir }}
key: brew-${{ matrix.node_version }}
restore-keys: |
brew-
- name: Cache Cypress
id: cache-cypress
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
lookup-only: true
path: '${{ github.workspace }}/.cypress'
key: ${{ runner.os }}-cypress
- name: Install Cypress
if: steps.cache-cypress.outputs.cache-hit != 'true'
run: npx cypress install
prepare-matrix:
name: Prepare matrix combinations
if: ${{ github.repository_owner == 'nrwl' }}
timeout-minutes: 5
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.process-json.outputs.MATRIX }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
filter: tree:0
- name: Process matrix data
id: process-json
run: echo "MATRIX=$(npx tsx .github/workflows/nightly/process-matrix.ts | jq -c .)" >> $GITHUB_OUTPUT
e2e:
if: ${{ github.repository_owner == 'nrwl' }}
needs:
- preinstall
- prepare-matrix
permissions:
contents: read
runs-on: ${{ matrix.os }}
timeout-minutes: 200 # <- cap each job to 200 minutes
env:
NODE_VERSION: ${{ matrix.node_version }}
strategy:
matrix: ${{fromJson(needs.prepare-matrix.outputs.matrix)}} # Load matrix from previous job
fail-fast: false
name: ${{ matrix.os_name }}/${{ matrix.package_manager }}/${{ matrix.node_version }} ${{ join(matrix.project) }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
filter: tree:0
- name: Prepare dir for output
run: mkdir -p outputs
- name: Setup dev tools with mise
uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3
- name: Enable corepack and install pnpm
run: |
npm install -g corepack@latest
corepack enable
corepack prepare --activate
- name: Install pnpm packages
run: pnpm install --frozen-lockfile
- name: Install Playwright
run: pnpm playwright install --with-deps
- name: Restore .NET packages
run: dotnet restore nx.sln
- name: Cleanup
if: ${{ matrix.os == 'ubuntu-latest' }}
run: |
# Workaround to provide additional free space for testing.
# https://github.com/actions/virtual-environments/issues/2840
sudo rm -rf /usr/share/dotnet
sudo rm -rf /opt/ghc
sudo rm -rf '/usr/local/share/boost'
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
sudo apt-get install lsof
echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p
- name: Homebrew cache directory path
if: ${{ matrix.os == 'macos-latest' }}
id: homebrew-cache-dir-path
run: echo "dir=$(brew --cache)" >> $GITHUB_OUTPUT
- name: Cache Homebrew
if: ${{ matrix.os == 'macos-latest' }}
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: ${{ steps.homebrew-cache-dir-path.outputs.dir }}
key: brew-${{ matrix.node_version }}
restore-keys: |
brew-
- name: Cache Cypress
id: cache-cypress
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: '${{ github.workspace }}/.cypress'
key: ${{ runner.os }}-cypress
- name: Install Cypress
if: steps.cache-cypress.outputs.cache-hit != 'true'
run: npx cypress install
- name: Configure Detox Environment, Install applesimutils
if: ${{ matrix.os == 'macos-latest' }}
run: |
# Ensure Xcode command line tools are installed and configured
xcode-select --print-path || sudo xcode-select --reset
sudo xcode-select -s /Applications/Xcode.app
# Install or update applesimutils with error handling
if ! brew list applesimutils &>/dev/null; then
echo 'Installing applesimutils...'
HOMEBREW_NO_AUTO_UPDATE=1 brew tap wix/brew >/dev/null
# Homebrew now refuses to load formulae from third-party taps unless trusted
brew trust wix/brew
HOMEBREW_NO_AUTO_UPDATE=1 brew install applesimutils >/dev/null || {
echo 'Failed to install applesimutils, retrying with update...'
brew update
brew trust wix/brew
HOMEBREW_NO_AUTO_UPDATE=1 brew install applesimutils
}
else
echo 'Updating applesimutils...'
HOMEBREW_NO_AUTO_UPDATE=1 brew upgrade applesimutils || true
fi
# Verify applesimutils installation
applesimutils --version || (echo 'applesimutils installation failed' && exit 1)
# Configure environment for M-series Mac
echo 'DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer' >> $GITHUB_ENV
echo 'PLATFORM_NAME=iOS Simulator' >> $GITHUB_ENV
# Set additional environment variables for better debugging
echo 'DETOX_DISABLE_TELEMETRY=1' >> $GITHUB_ENV
echo 'DETOX_LOG_LEVEL=trace' >> $GITHUB_ENV
# Verify Xcode installation
xcodebuild -version
timeout-minutes: 10
continue-on-error: false
- name: Reset iOS Simulators
if: ${{ matrix.os == 'macos-latest' }}
id: reset-simulators
run: |
echo 'Resetting iOS Simulators...'
# Kill simulator processes
sudo killall -9 com.apple.CoreSimulator.CoreSimulatorService 2>/dev/null || true
killall 'Simulator' 2>/dev/null || true
killall 'iOS Simulator' 2>/dev/null || true
# Wait for processes to terminate
sleep 3
# Shutdown and erase all simulators (ignore failures)
xcrun simctl shutdown all 2>/dev/null || true
sleep 5
xcrun simctl erase all 2>/dev/null || true
# If erase failed, try the nuclear option
if xcrun simctl list devices | grep -q 'Booted' 2>/dev/null; then
echo 'Standard reset failed, using nuclear option...'
rm -rf ~/Library/Developer/CoreSimulator/Devices/* 2>/dev/null || true
launchctl remove com.apple.CoreSimulator.CoreSimulatorService 2>/dev/null || true
sleep 3
fi
# Clean up additional directories
rm -rf ~/Library/Developer/CoreSimulator/Caches/* 2>/dev/null || true
rm -rf ~/Library/Logs/CoreSimulator/* 2>/dev/null || true
rm -rf ~/Library/Developer/Xcode/DerivedData/* 2>/dev/null || true
echo 'Simulator reset completed'
timeout-minutes: 5
continue-on-error: true
- name: Verify Simulator Reset
if: ${{ matrix.os == 'macos-latest' && steps.reset-simulators.outcome == 'success' }}
run: |
# Verify CoreSimulator service restarted
pgrep -fl 'CoreSimulator' || (echo 'CoreSimulator service not running' && exit 1)
# Verify simulator runtime paths exist and are writable
test -d ~/Library/Developer/CoreSimulator/Devices || (echo 'Simulator devices directory missing' && exit 1)
touch ~/Library/Developer/CoreSimulator/Devices/test || (echo 'Simulator devices directory not writable' && exit 1)
rm ~/Library/Developer/CoreSimulator/Devices/test
timeout-minutes: 5
- name: Diagnose Simulator Reset Failure
if: ${{ matrix.os == 'macos-latest' && steps.reset-simulators.outcome == 'failure' }}
run: |
echo 'Simulator reset failed. Collecting diagnostic information...'
xcrun simctl list
echo 'Checking simulator logs...'
ls -la ~/Library/Logs/CoreSimulator/ || echo 'No simulator logs found'
- name: Configure git metadata (needed for lerna smoke tests)
if: ${{ (matrix.os != 'macos-latest') || (matrix.os == 'macos-latest' && steps.reset-simulators.outcome == 'success') }}
run: |
git config --global user.email test@test.com
git config --global user.name 'Test Test'
- name: Set starting timestamp
if: ${{ (matrix.os != 'macos-latest') || (matrix.os == 'macos-latest' && steps.reset-simulators.outcome == 'success') }}
id: before-e2e
shell: bash
run: |
echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT
- name: Run e2e tests with pnpm (Linux/Windows)
id: e2e-run-pnpm
if: ${{ matrix.os != 'macos-latest' }}
run: pnpm nx run ${{ matrix.project }}:e2e-local
shell: bash
timeout-minutes: ${{ matrix.os_timeout }}
env:
NX_E2E_CI_CACHE_KEY: e2e-gha-${{ matrix.os }}-${{ matrix.node_version }}-${{ matrix.package_manager }}
NX_DAEMON: 'true'
NX_PERF_LOGGING: 'false'
NX_E2E_VERBOSE_LOGGING: 'true'
NX_NATIVE_LOGGING: 'false'
NX_E2E_RUN_E2E: 'true'
NX_CLOUD_NO_TIMEOUTS: 'true'
NX_E2E_SKIP_GLOBAL_CLEANUP: 'true'
NODE_OPTIONS: --max_old_space_size=8192
SELECTED_PM: ${{ matrix.package_manager }}
npm_config_registry: http://localhost:4872
YARN_REGISTRY: http://localhost:4872
CI: true
- name: Run e2e tests with npm (macOS)
id: e2e-run-npm
if: ${{ matrix.os == 'macos-latest' && steps.reset-simulators.outcome == 'success' }}
run: |
# Run the tests
if [[ '${{ matrix.project }}' == 'e2e-detox' ]] || [[ '${{ matrix.project }}' == 'e2e-react-native' ]] || [[ '${{ matrix.project }}' == 'e2e-expo' ]]; then
NX_E2E_VERBOSE_DEBUG=1 pnpm nx run ${{ matrix.project }}:e2e-macos-local
else
NX_E2E_VERBOSE_DEBUG=1 pnpm nx run ${{ matrix.project }}:e2e-local
fi
env:
NX_E2E_CI_CACHE_KEY: e2e-gha-${{ matrix.os }}-${{ matrix.node_version }}-${{ matrix.package_manager }}
NX_PERF_LOGGING: 'false'
NX_CI_EXECUTION_ENV: 'macos'
NX_E2E_VERBOSE_LOGGING: 'true'
NX_NATIVE_LOGGING: 'false'
NX_E2E_RUN_E2E: 'true'
NX_E2E_SKIP_GLOBAL_CLEANUP: 'true'
NODE_OPTIONS: --max_old_space_size=8192
SELECTED_PM: 'npm'
npm_config_registry: http://localhost:4872
YARN_REGISTRY: http://localhost:4872
DEVELOPER_DIR: '/Applications/Xcode.app/Contents/Developer'
CI: true
- name: Save matrix config in file
if: ${{ always() }}
id: save-matrix
shell: bash
run: |
before=${{ steps.before-e2e.outputs.timestamp }}
now=$(date +%s)
delta=$(($now - $before))
# Determine the outcome based on which step ran
outcome='${{ matrix.os == 'macos-latest' && steps.e2e-run-npm.outcome || steps.e2e-run-pnpm.outcome }}'
matrix=$((
echo '${{ toJSON(matrix) }}'
) | jq --argjson delta $delta -c '. + { "status": "'"$outcome"'", "duration": $delta }')
echo "$matrix" > 'outputs/matrix.json'
- name: Upload matrix config
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: ${{ always() }}
with:
name: ${{ matrix.os_name}}-${{ matrix.node_version}}-${{ matrix.package_manager}}-${{ matrix.project }}
overwrite: true
if-no-files-found: 'ignore'
path: 'outputs/matrix.json'
- name: Setup tmate session
if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled && failure() }}
uses: mxschmitt/action-tmate@1fb8b1023602bf1fd0e2994d7f1e93015cb5bbec # v3.22
timeout-minutes: 15
with:
sudo: ${{ matrix.os != 'windows-latest' }} # disable sudo for windows debugging
process-result:
if: ${{ always() && github.repository_owner == 'nrwl' && github.event_name != 'workflow_dispatch' }}
runs-on: ubuntu-latest
needs: e2e
timeout-minutes: 15
outputs:
message: ${{ steps.process-json.outputs.slack_message }}
proj_duration: ${{ steps.process-json.outputs.slack_proj_duration }}
pm_duration: ${{ steps.process-json.outputs.slack_pm_duration }}
codeowners: ${{ steps.process-json.outputs.codeowners }}
has_golden_failures: ${{ steps.process-json.outputs.has_golden_failures }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
filter: tree:0
- name: Prepare dir for output
run: mkdir -p outputs
- name: Load outputs
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
path: outputs
- name: Join and stringify matrix configs
id: combine-json
run: |
combined=$(jq -sc . outputs/*/matrix.json)
echo "combined=$combined" >> $GITHUB_OUTPUT
- name: Process results and collect failure details
id: process-json
env:
GH_TOKEN: ${{ github.token }}
run: |
echo '${{ steps.combine-json.outputs.combined }}' | npx tsx .github/workflows/nightly/process-result.ts
report-failure:
if: ${{ always() && needs.process-result.outputs.has_golden_failures == 'true' && github.repository_owner == 'nrwl' && github.event_name != 'workflow_dispatch' }}
needs: process-result
runs-on: ubuntu-latest
name: Report failure
timeout-minutes: 10
steps:
- name: Send notification
uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2 # v11
with:
status: 'failure'
message_format: '${{ needs.process-result.outputs.message }}'
notification_title: 'Golden Test Failure'
footer: '<{run_url}|View Run> / Last commit <{commit_url}|{commit_sha}>'
mention_groups: ${{ needs.process-result.outputs.codeowners }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }}
report-success:
if: ${{ always() && needs.process-result.outputs.has_golden_failures == 'false' && github.repository_owner == 'nrwl' && github.event_name != 'workflow_dispatch' }}
needs: process-result
runs-on: ubuntu-latest
name: Report status
timeout-minutes: 10
steps:
- name: Send notification
uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2 # v11
with:
status: 'success'
message_format: '${{ needs.process-result.outputs.message }}'
notification_title: '✅ Golden Tests: All Passed!'
footer: '<{run_url}|View Run> / Last commit <{commit_url}|{commit_sha}>'
env:
SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }}
report-pm-time:
if: ${{ always() && github.repository_owner == 'nrwl' && github.event_name != 'workflow_dispatch' }}
needs: process-result
runs-on: ubuntu-latest
timeout-minutes: 10
name: Report duration per package manager
steps:
- name: Send notification
uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2 # v11
with:
status: 'skipped'
message_format: '${{ needs.process-result.outputs.pm_duration }}'
notification_title: '⌛ Total duration per package manager (ubuntu only)'
env:
SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }}
report-proj-time:
if: ${{ always() && github.repository_owner == 'nrwl' && github.event_name != 'workflow_dispatch' }}
needs: process-result
runs-on: ubuntu-latest
timeout-minutes: 10
name: Report duration per project
steps:
- name: Send notification
uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2 # v11
with:
status: 'skipped'
message_format: '${{ needs.process-result.outputs.proj_duration }}'
notification_title: '⌛ E2E Project duration stats'
env:
SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }}
+57
View File
@@ -0,0 +1,57 @@
name: Generate embeddings
on:
schedule:
- cron: "0 5 * * 0,4" # sunday, thursday 5AM
jobs:
cache-and-install:
if: github.repository == 'nrwl/nx'
runs-on: ubuntu-latest
strategy:
matrix:
node-version: ['24']
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Install Node.js
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with:
node-version: '24'
package-manager-cache: false
- name: Install pnpm
uses: pnpm/action-setup@7088e561eb65bb68695d245aa206f005ef30921d # v4.1.0
id: pnpm-install
with:
version: 11.2.2
run_install: false
- name: Get pnpm store directory
id: pnpm-cache
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
- name: Setup pnpm cache
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --no-frozen-lockfile
- name: Build docs
run: npx nx build astro-docs
- name: Run embeddings script
run: node --import tsx tools/documentation/create-embeddings/src/main.mts --mode=astro
env:
NX_NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.NX_NEXT_PUBLIC_SUPABASE_URL }}
NX_SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.NX_SUPABASE_SERVICE_ROLE_KEY }}
NX_OPENAI_KEY: ${{ secrets.NX_OPENAI_KEY }}
+69
View File
@@ -0,0 +1,69 @@
name: Issue Statistics
on:
schedule:
- cron: "0 0 * * 0"
workflow_dispatch:
permissions:
issues: read
pull-requests: read
jobs:
issues-report:
if: ${{ github.repository_owner == 'nrwl' }}
runs-on: ubuntu-latest
name: Report status
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: pnpm/action-setup@7088e561eb65bb68695d245aa206f005ef30921d # v4.1.0
with:
version: 11.2.2
- name: Use Node.js ${{ matrix.node_version }}
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with:
node-version: '24'
cache: 'pnpm'
- name: Cache node_modules
id: cache-modules
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
lookup-only: true
path: '**/node_modules'
key: pnpm-${{ hashFiles('pnpm-lock.yaml') }}
- name: Install packages
run: pnpm install --frozen-lockfile
- name: Download artifact
id: download-artifact
uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # v2 # Needed since we are downloading artifact from a different workflow run, official actions/download-artifact doesn't support this.
with:
name: cached-issue-data
path: ${{ github.workspace }}/scripts/issues-scraper/cached
search_artifacts: true
allow_forks: false
continue-on-error: true
- name: Collect Issue Data
id: collect
run: npx tsx ./scripts/issues-scraper/index.ts
env:
GITHUB_TOKEN: ${{ github.token }}
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: cached-issue-data
path: ./scripts/issues-scraper/cached/data.json
- name: Send GitHub Action trigger data to Slack workflow
id: slack
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
with:
webhook: ${{ secrets.SLACK_ISSUES_REPORT_URL }}
webhook-type: incoming-webhook
payload: ${{ steps.collect.outputs.SLACK_MESSAGE }}
+31
View File
@@ -0,0 +1,31 @@
name: "Lock Threads"
on:
schedule:
- cron: "0 0 * * *" # Once a day, at midnight UTC
workflow_dispatch:
permissions:
issues: write
pull-requests: write
concurrency:
group: lock
jobs:
action:
if: ${{ github.repository_owner == 'nrwl' }}
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@6548363a2d763e3a4a3a0dc04ca4a10481d8e536 # v6.0.0
id: lockthreads
with:
process-only: 'issues, prs'
github-token: ${{ github.token }}
issue-inactive-days: "30" # Lock issues after 30 days of being closed
pr-inactive-days: "5" # Lock closed PRs after 5 days. This ensures that issues that stem from a PR are opened as issues, rather than comments on the recently merged PR.
add-issue-labels: "outdated"
issue-comment: >
This issue has been closed for more than 30 days. If this issue is still occuring, please open a new issue with more recent context.
pr-comment: >
This pull request has already been merged/closed. If you experience issues related to these changes, please open a new issue referencing this pull request.
@@ -0,0 +1,415 @@
import { exec } from 'child_process';
import { execSync } from 'child_process';
const MAX_CONCURRENCY = 8;
interface MatrixResult {
project: string;
codeowners: string;
node_version: number | string;
package_manager: string;
os: string;
os_name: string;
os_timeout: number;
is_golden?: boolean;
status: 'success' | 'failure' | 'cancelled';
duration: number;
}
const REPO = process.env.GITHUB_REPOSITORY || 'nrwl/nx';
const RUN_ID = process.env.GITHUB_RUN_ID || '0';
function gh(args: string): string {
try {
return execSync(`gh ${args}`, {
encoding: 'utf-8',
timeout: 60_000,
maxBuffer: 10 * 1024 * 1024,
stdio: ['pipe', 'pipe', 'pipe'],
}).trim();
} catch {
return '';
}
}
function ghAsync(args: string): Promise<string> {
return new Promise((resolve) => {
exec(
`gh ${args}`,
{ encoding: 'utf-8', timeout: 60_000, maxBuffer: 10 * 1024 * 1024 },
(err, stdout) => resolve(err ? '' : (stdout || '').trim())
);
});
}
async function ghParallel<T>(
items: T[],
fn: (item: T) => string,
concurrency = MAX_CONCURRENCY
): Promise<Map<T, string>> {
const results = new Map<T, string>();
const queue = [...items];
async function worker() {
while (queue.length > 0) {
const item = queue.shift()!;
results.set(item, await ghAsync(fn(item)));
}
}
await Promise.all(
Array.from({ length: Math.min(concurrency, items.length) }, () => worker())
);
return results;
}
function extractJestBlocks(raw: string): string {
const lines = raw
.replace(/^\d{4}-\d{2}-\d{2}T[\d:.]+Z /gm, '')
.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, '')
.split('\n');
const blocks: string[] = [];
let capturing = false;
for (const line of lines) {
if (line.startsWith(' FAIL ')) capturing = true;
if (capturing) blocks.push(line);
if (line.startsWith('Ran all test suites')) capturing = false;
}
return blocks.slice(0, 50).join('\n');
}
function extractTestFiles(block: string): string[] {
const matches = block.match(/FAIL\s+\S+\s+(src\/[^\s]+\.test\.ts)/g) || [];
return [...new Set(matches.map((m) => m.replace(/FAIL\s+\S+\s+/, '')))];
}
// Extract a normalized error signature for a test file from a Jest block.
// Used to distinguish different root causes for the same test file across runs.
function extractErrorSignature(block: string, testFile: string): string {
const lines = block.split('\n');
let afterBullet = false;
let inFile = false;
for (const l of lines) {
if (l.includes('FAIL') && l.includes(testFile)) { inFile = true; continue; }
if (inFile && /●/.test(l)) { afterBullet = true; continue; }
if (!inFile || !afterBullet) continue;
const trimmed = l.trim();
if (!trimmed) continue;
// Skip generic "Command failed" and warnings — find the actual error
if (/^Command failed:|^warning /i.test(trimmed)) continue;
// Normalize dynamic parts
return trimmed
.replace(/\/tmp\/[^\s]+/g, '<tmpdir>')
.replace(/\/Users\/[^\s]+/g, '<path>')
.replace(/\/home\/[^\s]+/g, '<path>')
.replace(/[a-z]+\d{5,}/gi, '<id>')
.replace(/\d{4}-\d{2}-\d{2}T[\d:._Z-]+/g, '<ts>')
.replace(/\d+\.\d+\.\d+/g, '<ver>')
.trim();
}
return '';
}
// Extract signatures for all test files in a block
function extractSignatures(
block: string,
testFiles: string[]
): Map<string, string> {
const sigs = new Map<string, string>();
for (const tf of testFiles) {
sigs.set(tf, extractErrorSignature(block, tf));
}
return sigs;
}
function extractBlockForFile(fullBlock: string, testFile: string): string {
const lines = fullBlock.split('\n');
const result: string[] = [];
let capturing = false;
for (const line of lines) {
if (line.includes('FAIL') && line.includes(testFile)) capturing = true;
else if (capturing && line.match(/^ FAIL /)) capturing = false;
if (capturing) result.push(line);
}
return result.slice(0, 20).join('\n');
}
export interface JobLink {
combo: string;
url: string;
}
export interface FailureDetailsResult {
report: string;
goldenJobLinks: Map<string, JobLink[]>; // project -> [{combo, url}]
}
/**
* Collects detailed failure information for golden projects.
* Called by process-result.ts when golden failures exist.
* Returns Slack mrkdwn report + job links for the summary section.
*/
export async function collectFailureDetails(
combined: MatrixResult[],
failedGoldenProjectNames: string[]
): Promise<FailureDetailsResult> {
const projectNames = failedGoldenProjectNames;
if (projectNames.length === 0) {
return { report: '', goldenJobLinks: new Map() };
}
// Group failures by project for combo info
const failuresByProject = new Map<string, MatrixResult[]>();
for (const r of combined) {
if (r.is_golden && (r.status === 'failure' || r.status === 'cancelled')) {
if (!failuresByProject.has(r.project))
failuresByProject.set(r.project, []);
failuresByProject.get(r.project)!.push(r);
}
}
// Step 1: Fetch failure logs (one per OS/PM combo per project)
const failedJobsRaw = gh(
`run view ${RUN_ID} --repo ${REPO} --json jobs --jq '[.jobs[] | select(.conclusion == "failure") | {id: .databaseId, name: .name, project: (.name | split(" ") | last), combo: (.name | split(" ")[0])}]'`
);
const failedJobs: Array<{
id: number;
name: string;
project: string;
combo: string;
}> = failedJobsRaw ? JSON.parse(failedJobsRaw) : [];
const jobsToFetch: Array<{ id: number; project: string }> = [];
for (const project of projectNames) {
const seen = new Set<string>();
for (const job of failedJobs.filter((j) => j.project === project)) {
const key = job.combo.split('/').slice(0, 2).join('/');
if (!seen.has(key)) {
seen.add(key);
jobsToFetch.push({ id: job.id, project: job.project });
}
}
}
const logResults = await ghParallel(
jobsToFetch,
(job) => `api repos/${REPO}/actions/jobs/${job.id}/logs`
);
// Keep per-combo logs separate AND a merged block per project
interface ComboLog {
combo: string;
block: string;
testFiles: string[];
signatures: Map<string, string>; // testFile -> error signature
}
const projectComboLogs = new Map<string, ComboLog[]>();
const projectLogs = new Map<string, string>(); // merged block for backwards compat
for (const [job, raw] of logResults) {
if (!raw) continue;
const cleaned = raw
.replace(/^\d{4}-\d{2}-\d{2}T[\d:.]+Z /gm, '')
.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, '');
const block = extractJestBlocks(raw);
const testFiles = extractTestFiles(cleaned);
const sigs = extractSignatures(cleaned, testFiles);
const combo =
failedJobs.find((j) => j.id === job.id)?.combo || 'unknown';
if (!projectComboLogs.has(job.project))
projectComboLogs.set(job.project, []);
projectComboLogs.get(job.project)!.push({
combo,
block,
testFiles,
signatures: sigs,
});
projectLogs.set(
job.project,
(projectLogs.get(job.project) || '') + '\n' + block
);
}
// Step 2: Build distinct failures per project — each (testFile, signature, combos) is a "failure"
interface DistinctFailure {
testFile: string;
signature: string;
combos: string[];
block: string; // the Jest block from the first combo that has this signature
}
const projectDistinctFailures = new Map<string, DistinctFailure[]>();
for (const project of projectNames) {
const comboLogs = projectComboLogs.get(project) || [];
const seen = new Map<string, DistinctFailure>(); // "testFile|signature" -> failure
for (const cl of comboLogs) {
for (const tf of cl.testFiles) {
const sig = cl.signatures.get(tf) || '';
const key = `${tf}|${sig}`;
if (seen.has(key)) {
seen.get(key)!.combos.push(cl.combo);
} else {
seen.set(key, {
testFile: tf,
signature: sig,
combos: [cl.combo],
block: extractBlockForFile(cl.block, tf),
});
}
}
}
projectDistinctFailures.set(project, [...seen.values()]);
}
// Step 3: Format report
const lines: string[] = ['', '🔍 *Failure Details*', ''];
const sorted = [...projectNames].sort(
(a, b) =>
(failuresByProject.get(b)?.length || 0) -
(failuresByProject.get(a)?.length || 0) || a.localeCompare(b)
);
for (const project of sorted) {
const projResults = failuresByProject.get(project) || [];
const distinctFailures = projectDistinctFailures.get(project) || [];
const block = projectLogs.get(project) || '';
const pms = [...new Set(projResults.map((r) => r.package_manager))];
const pattern =
pms.length === 1
? `${pms[0]}-only`
: pms.length >= 3
? 'all PMs'
: pms.join('+');
const uniqueCombos = [
...new Set(
failedJobs.filter((j) => j.project === project).map((j) => j.combo)
),
];
lines.push('———————————————————————————');
lines.push(`*${project}* — ${projResults.length} combos (${pattern})`);
lines.push('');
if (distinctFailures.length > 0) {
for (const failure of distinctFailures) {
const comboStr = failure.combos.join(', ');
lines.push(`📋 \`${failure.testFile}\` (${comboStr})`);
if (failure.block) {
lines.push('```');
lines.push(failure.block);
lines.push('```');
}
}
const summaryMatch = block.match(/^Test Suites:.*$/m);
if (summaryMatch) lines.push(`_${summaryMatch[0]}_`);
} else {
// No Jest blocks — find which step failed and extract its error output
const firstJob = failedJobs.find((j) => j.project === project);
if (firstJob) {
// Get the failed step name from the jobs API
const stepsRaw = gh(
`run view ${RUN_ID} --repo ${REPO} --json jobs --jq '[.jobs[] | select(.databaseId == ${firstJob.id})][0].steps[] | select(.conclusion == "failure") | .name'`
);
const failedStep = stepsRaw || 'unknown step';
// Get the log and extract error lines
const raw = gh(`api repos/${REPO}/actions/jobs/${firstJob.id}/logs`);
const cleaned = raw
.split('\n')
.map((l) => l.replace(/^\d{4}-\d{2}-\d{2}T[\d:.]+Z /, ''))
.map((l) => l.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, ''));
// Extract the failed Nx task output block (❌ > nx run <task> ... until next ##[group] or NX summary)
const failedTaskBlock: string[] = [];
let capturingTask = false;
for (const l of cleaned) {
if (/❌.*> nx run /i.test(l)) {
capturingTask = true;
failedTaskBlock.push(l);
continue;
}
if (capturingTask) {
if (/^##\[group\]|NX.*Running target/i.test(l) || failedTaskBlock.length >= 15) {
capturingTask = false;
} else {
failedTaskBlock.push(l);
}
}
}
// Extract the Nx failure summary block ("Running target...failed" + "Failed tasks:" + task list)
const nxFailureBlock: string[] = [];
let capturingNx = false;
for (const l of cleaned) {
if (/NX.*Running target.*failed/i.test(l)) capturingNx = true;
if (capturingNx) {
nxFailureBlock.push(l);
if (/^Hint:/i.test(l.trim()) || nxFailureBlock.length >= 10) {
capturingNx = false;
}
}
}
// Fallback: if no Nx blocks or task blocks found, extract generic error lines
let fallbackErrors: string[] = [];
if (nxFailureBlock.length === 0 && failedTaskBlock.length === 0) {
fallbackErrors = cleaned.filter((l) => {
const t = l.trim();
if (t.length < 10) return false;
if (/warning|warn\b|deprecated|orphan|Node\.js 20|FORCE_JAVASCRIPT|\* \[new branch\]|\* \[new tag\]/i.test(t)) return false;
return (
/error TS\d+:|^Error:|^\s*error\b[:\s]|ERR!|ERESOLVE|##\[error\]/i.test(t) ||
/Cannot find module|ENOENT|EACCES|permission denied/i.test(t) ||
/Segmentation fault|killed|OOM|out of memory/i.test(t) ||
/command not found|No such file or directory/i.test(t) ||
/Process completed with exit code [^0]/i.test(t)
);
}).slice(0, 5);
}
// Combine: Nx summary first, then task output, then fallback errors
const relevantErrors = [
...nxFailureBlock,
...(failedTaskBlock.length > 0 ? ['', ...failedTaskBlock] : []),
...(fallbackErrors.length > 0 ? ['', ...fallbackErrors] : []),
];
lines.push(`⚠️ Tests did not run — failed at step: *${failedStep}*`);
if (relevantErrors.length > 0) {
lines.push('```');
lines.push(relevantErrors.join('\n'));
lines.push('```');
}
lines.push(`Failing combos: ${uniqueCombos.join(', ')}`);
} else {
lines.push('⏱️ No job data available');
}
}
lines.push('');
}
// Build job links for the summary section
const runUrl = `https://github.com/${REPO}/actions/runs/${RUN_ID}`;
const goldenJobLinks = new Map<string, JobLink[]>();
for (const project of projectNames) {
const projectJobs = failedJobs.filter((j) => j.project === project);
goldenJobLinks.set(
project,
projectJobs.map((j) => ({
combo: j.combo,
url: `${runUrl}/job/${j.id}`,
}))
);
}
return { report: lines.join('\n'), goldenJobLinks };
}
+140
View File
@@ -0,0 +1,140 @@
type MatrixDataProject = {
name: string,
codeowners: string,
is_golden?: boolean, // true if this is a golden project, false otherwise
};
type MatrixDataOS = {
os: string, // GH runner machine name: e.g. ubuntu-latest
os_name: string, // short name that will be printed in the report and on the action
os_timeout: number, // 60
package_managers: string[], // package managers to run on this OS
node_versions: Array<number | string>, // node versions to run on this OS
excluded?: string[], // projects to exclude from running on this OS
};
type MatrixData = {
coreProjects: MatrixDataProject[],
projects: MatrixDataProject[],
lowestNodeLTS: number,
setup: MatrixDataOS[],
}
export type MatrixItem = {
project: string,
codeowners: string,
node_version: number | string,
package_manager: string,
os: string,
os_name: string,
os_timeout: number,
is_golden?: boolean,
};
// TODO: Extract Slack groups into named groups for easier maintenance
const matrixData: MatrixData = {
coreProjects: [
{ name: 'e2e-lerna-smoke-tests', codeowners: 'S04TNCVEETS', is_golden: true },
{ name: 'e2e-js', codeowners: 'S04SJ6HHP0X', is_golden: true },
{ name: 'e2e-nx-init', codeowners: 'S04SYHYKGNP', is_golden: true },
{ name: 'e2e-nx', codeowners: 'S04SYHYKGNP' },
{ name: 'e2e-release', codeowners: 'S04SYHYKGNP' },
{ name: 'e2e-workspace-create', codeowners: 'S04SYHYKGNP' }
],
projects: [
{ name: 'e2e-cypress', codeowners: 'S04T16BTJJY', is_golden: true },
{ name: 'e2e-docker', codeowners: 'S04SJ6HHP0X', is_golden: true },
{ name: 'e2e-detox', codeowners: 'S04TNCNJG5N', is_golden: true },
{ name: 'e2e-esbuild', codeowners: 'S04SJ6HHP0X', is_golden: true },
{ name: 'e2e-gradle', codeowners: 'S04TNCNJG5N', is_golden: true },
{ name: 'e2e-eslint', codeowners: 'S04SYJGKSCT', is_golden: true },
{ name: 'e2e-node', codeowners: 'S04SJ6HHP0X', is_golden: true },
{ name: 'e2e-playwright', codeowners: 'S04SVQ8H0G5', is_golden: true },
{ name: 'e2e-remix', codeowners: 'S04SVQ8H0G5', is_golden: true },
{ name: 'e2e-rspack', codeowners: 'S04SJ6HHP0X', is_golden: true },
{ name: 'e2e-vite', codeowners: 'S04SJ6PL98X', is_golden: true },
{ name: 'e2e-vue', codeowners: 'S04SJ6PL98X', is_golden: true },
{ name: 'e2e-web', codeowners: 'S04SJ6PL98X', is_golden: true },
{ name: 'e2e-webpack', codeowners: 'S04SJ6PL98X', is_golden: true },
{ name: 'e2e-jest', codeowners: 'S04T16BTJJY', is_golden: true },
{ name: 'e2e-expo', codeowners: 'S04TNCNJG5N', is_golden: true },
{ name: 'e2e-react-native', codeowners: 'S04TNCNJG5N', is_golden: true },
{ name: 'e2e-angular', codeowners: 'S04SS457V38' },
{ name: 'e2e-next', codeowners: 'S04TNCNJG5N' },
{ name: 'e2e-plugin', codeowners: 'S04SYHYKGNP' },
{ name: 'e2e-react', codeowners: 'S04TNCNJG5N' },
{ name: 'e2e-rollup', codeowners: 'S04SJ6PL98X' },
{ name: 'e2e-storybook', codeowners: 'S04SVQ8H0G5' },
{ name: 'e2e-nuxt', codeowners: 'S04SJ6PL98X' }
],
// Non-core plugins only run on the lowest LTS. Plugin-level changes are
// less Node-version-sensitive than core, so single-version coverage is enough.
lowestNodeLTS: 22,
setup: [
{
os: 'ubuntu-latest',
os_name: 'Linux',
os_timeout: 60,
package_managers: ['npm', 'pnpm', 'yarn'],
// TODO: re-add '26.0.0' once playwright ships the yauzl fix for node 26 extract hang.
// See https://github.com/microsoft/playwright/issues/40724
node_versions: ['22.13.0', '24.0.0'],
excluded: ['e2e-detox', 'e2e-react-native', 'e2e-expo']
},
// Docker is not supported on ARM-based macOS runners (no nested virtualization)
// See: https://github.com/docker/setup-docker-action and https://github.com/douglascamata/setup-docker-macos-action
// We may want to look into adding intel only for this docker case, at least until vm-in-vm works on latest macos
// TODO: re-add '26.0.0' once playwright ships the yauzl fix for node 26 extract hang.
// See https://github.com/microsoft/playwright/issues/40724
{ os: 'macos-latest', os_name: 'MacOS', os_timeout: 90, package_managers: ['npm'], node_versions: ['24.0.0'], excluded: ['e2e-docker'] }
// TODO (Jack): Fix Windows support as gradle fails when running nx build https://staging.nx.app/runs/LgD4vxGn8w?utm_source=pull-request&utm_medium=comment
// { os: 'windows-latest', os_name: 'WinOS', os_timeout: 180, package_managers: ['npm'], node_versions: ['24.0.0'], excluded: ['e2e-detox', 'e2e-react-native', 'e2e-expo'] }
]
};
const matrix: Array<MatrixItem> = [];
function addMatrixCombo(project: MatrixDataProject, nodeVersion: number | string, pm: number, os: number) {
matrix.push({
project: project.name,
codeowners: project.codeowners,
node_version: nodeVersion,
package_manager: matrixData.setup[os].package_managers[pm],
os: matrixData.setup[os].os,
os_name: matrixData.setup[os].os_name,
os_timeout: matrixData.setup[os].os_timeout,
is_golden: !!project.is_golden // Mark golden projects as true, others as false
});
}
function processProject(project: MatrixDataProject, nodeVersion?: number) {
for (let os = 0; os < matrixData.setup.length; os++) {
for (let pm = 0; pm < matrixData.setup[os].package_managers.length; pm++) {
if (!matrixData.setup[os].excluded || !matrixData.setup[os].excluded?.includes(project.name)) {
if (nodeVersion) {
addMatrixCombo(project, nodeVersion, pm, os);
} else {
for (let n = 0; n < matrixData.setup[os].node_versions.length; n++) {
addMatrixCombo(project, matrixData.setup[os].node_versions[n], pm, os);
}
}
}
}
}
}
// process core projects
for (let p = 0; p < matrixData.coreProjects.length; p++) {
processProject(matrixData.coreProjects[p]);
}
// process other projects
for (let p = 0; p < matrixData.projects.length; p++) {
processProject(matrixData.projects[p], matrixData.lowestNodeLTS);
}
if (matrix.length > 256) {
throw new Error('You have exceeded the size of the matrix. GitHub allows only 256 jobs in a matrix. Found ${matrix.length} jobs.');
}
// print result to stdout for pipeline to consume
process.stdout.write(JSON.stringify({ include: matrix }, null, 0));
+229
View File
@@ -0,0 +1,229 @@
import * as fs from 'fs';
import { MatrixItem } from './process-matrix';
import { collectFailureDetails, JobLink } from './analyze-failures';
interface MatrixResult extends MatrixItem {
status: 'success' | 'failure' | 'cancelled';
duration: number;
}
interface ProcessedResults {
codeowners: string;
slack_message: string;
slack_proj_duration: string;
slack_pm_duration: string;
has_golden_failures: string;
}
function trimSpace(res: string): string {
return res.split('\n').map((l) => l.trim()).join('\n');
}
function humanizeDuration(num: number): string {
let res = '';
const hours = Math.floor(num / 3600);
if (hours) res += `${hours}h `;
const mins = Math.floor((num % 3600) / 60);
if (mins) res += `${mins}m `;
const sec = num % 60;
if (sec) res += `${sec}s`;
return res;
}
function processResults(combined: MatrixResult[]): ProcessedResults {
const failedProjects = combined.filter(c => c.status === 'failure' || c.status === 'cancelled').sort((a, b) => a.project.localeCompare(b.project));
const failedGoldenProjects = failedProjects.filter(c => c.is_golden);
const hasGoldenFailures = failedGoldenProjects.length > 0;
const codeowners = new Set<string>();
failedGoldenProjects.forEach(c => codeowners.add(c.codeowners));
let result = '';
const allGoldenProjects = combined.filter(c => c.is_golden);
const uniqueGoldenProjects = new Set(allGoldenProjects.map(c => c.project));
const uniqueFailedGoldenProjects = new Set(failedGoldenProjects.map(c => c.project));
const goldenPassingCount = uniqueGoldenProjects.size - uniqueFailedGoldenProjects.size;
const goldenFailingCount = uniqueFailedGoldenProjects.size;
const allOtherProjects = combined.filter(c => !c.is_golden);
const uniqueOtherProjects = new Set(allOtherProjects.map(c => c.project));
const failedRegularProjects = failedProjects.filter(c => !c.is_golden);
const uniqueFailedOtherProjects = new Set(failedRegularProjects.map(c => c.project));
const otherPassingCount = uniqueOtherProjects.size - uniqueFailedOtherProjects.size;
const otherFailingCount = uniqueFailedOtherProjects.size;
result += `\n🌟 *Golden Projects*`;
result += `\n✅ Passing: ${goldenPassingCount} | ❌ Failing: ${goldenFailingCount}`;
if (failedGoldenProjects.length > 0) {
result += `\n\n🚨 *Failed Golden Projects*`;
// Project names listed here — combo links added later by main() with job data
const seenProjects = new Set<string>();
failedGoldenProjects.forEach(matrix => {
if (!seenProjects.has(matrix.project)) {
seenProjects.add(matrix.project);
result += `\n\n*${matrix.project}*`;
// Placeholder — main() will replace with linked combos
result += `\n {{COMBOS:${matrix.project}}}`;
}
});
}
if (otherFailingCount > 0) {
const otherProjectCounts = new Map<string, number>();
failedRegularProjects.forEach(m => {
otherProjectCounts.set(m.project, (otherProjectCounts.get(m.project) || 0) + 1);
});
const otherSummary = [...otherProjectCounts.entries()]
.map(([p, c]) => `${p} (${c})`)
.join(', ');
result += `\n\n⚠️ *Failed Other Projects:* ${otherSummary}`;
}
if (failedProjects.length === 0) {
result = '🎉 *No test failures detected!* All systems green! 🟢';
}
const timeReport: Record<string, { min: number; max: number; minEnv: string; maxEnv: string }> = {};
const pmReport = { npm: 0, yarn: 0, pnpm: 0 };
const macosProjects = ['e2e-detox', 'e2e-expo', 'e2e-react-native'];
combined.forEach(matrix => {
const nodeVersion = parseInt(matrix.node_version.toString());
if (matrix.os_name === 'Linux' && nodeVersion === 20 && matrix.package_manager in pmReport) {
pmReport[matrix.package_manager as keyof typeof pmReport] += matrix.duration;
}
if (matrix.os_name === 'Linux' || macosProjects.includes(matrix.project)) {
if (timeReport[matrix.project]) {
if (matrix.duration > timeReport[matrix.project].max) {
timeReport[matrix.project].max = matrix.duration;
timeReport[matrix.project].maxEnv = `${matrix.os_name}, ${matrix.package_manager}`;
}
if (matrix.duration < timeReport[matrix.project].min) {
timeReport[matrix.project].min = matrix.duration;
timeReport[matrix.project].minEnv = `${matrix.os_name}, ${matrix.package_manager}`;
}
} else {
timeReport[matrix.project] = {
min: matrix.duration,
max: matrix.duration,
minEnv: `${matrix.os_name}, ${matrix.package_manager}`,
maxEnv: `${matrix.os_name}, ${matrix.package_manager}`,
};
}
}
});
let resultPkg = `
\`\`\`
| Project | Time |
|--------------------------------|---------------------------|`;
function mapProjectTime(proj: string, section: 'min' | 'max'): string {
return `${humanizeDuration(timeReport[proj][section])} (${timeReport[proj][`${section}Env`]})`;
}
function durationIcon(proj: string, section: 'min' | 'max'): string {
const duration = timeReport[proj][section];
if (duration < 12 * 60) return `${section}`;
if (duration < 15 * 60) return `${section}`;
return `${section}`;
}
Object.keys(timeReport).forEach(proj => {
resultPkg += `\n| ${proj.padEnd(30)} | |`;
resultPkg += `\n| ${durationIcon(proj, 'min').padStart(29)} | ${mapProjectTime(proj, 'min').padEnd(25)} |`;
resultPkg += `\n| ${durationIcon(proj, 'max').padStart(29)} | ${mapProjectTime(proj, 'max').padEnd(25)} |`;
});
resultPkg += `\`\`\``;
let resultPm = `
\`\`\`
| PM | Total time |
|------|-------------|`;
Object.keys(pmReport).forEach(pm => {
resultPm += `\n| ${pm.padEnd(4)} | ${humanizeDuration(pmReport[pm as keyof typeof pmReport]).padEnd(11)} |`;
});
resultPm += `\`\`\``;
return {
codeowners: Array.from(codeowners).join(','),
slack_message: trimSpace(result),
slack_proj_duration: trimSpace(resultPkg),
slack_pm_duration: trimSpace(resultPm),
has_golden_failures: hasGoldenFailures.toString(),
};
}
function setOutput(key: string, value: string) {
const outputPath = process.env.GITHUB_OUTPUT;
if (!outputPath) {
console.warn(`GITHUB_OUTPUT not set. Skipping output for "${key}".`);
return;
}
if (value.includes('\n')) {
const delimiter = `EOF_${key}_${Date.now()}`;
fs.appendFileSync(outputPath, `${key}<<${delimiter}\n${value}\n${delimiter}\n`);
} else {
fs.appendFileSync(outputPath, `${key}=${value}\n`);
}
}
async function main() {
const combinedInput = process.argv[2]
? process.argv[2]
: fs.readFileSync(0, 'utf-8').trim();
const combined: MatrixResult[] = JSON.parse(combinedInput);
const results = processResults(combined);
// Collect detailed failure info if golden failures exist
if (results.has_golden_failures === 'true') {
try {
const failedProjects = [
...new Set(
combined
.filter((c) => c.is_golden && (c.status === 'failure' || c.status === 'cancelled'))
.map((c) => c.project)
),
];
const { report, goldenJobLinks } = await collectFailureDetails(combined, failedProjects);
// Replace combo placeholders in the summary with linked combos
for (const [project, links] of goldenJobLinks) {
const placeholder = `{{COMBOS:${project}}}`;
const linkedCombos =
links.length > 0
? links.map((l) => ` · <${l.url}|${l.combo}>`).join('\n')
: ' (no job data)';
results.slack_message = results.slack_message.replace(
placeholder,
linkedCombos
);
}
// Remove any unreplaced placeholders (if collectFailureDetails didn't have data for a project)
results.slack_message = results.slack_message.replace(
/ \{\{COMBOS:[^}]+\}\}/g,
' (no job data)'
);
if (report) {
results.slack_message += '\n\n' + report;
}
} catch (e) {
console.error('Failed to collect failure details (brief report will still be posted):', e);
results.slack_message += '\n\n⚠️ _Failed to collect detailed failure information_';
}
}
Object.entries(results).forEach(([key, value]) => {
setOutput(key, value);
});
}
main().catch((error) => {
console.error('Error processing results:', error);
process.exit(1);
});
+42
View File
@@ -0,0 +1,42 @@
name: NPM Audit
on:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
permissions: {}
jobs:
audit:
if: ${{ github.repository_owner == 'nrwl' }}
permissions:
contents: read # to fetch code (actions/checkout)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: pnpm/action-setup@7088e561eb65bb68695d245aa206f005ef30921d # v4.1.0
with:
version: 11.2.2 # Aligned with root package.json (pnpm/action-setup will helpfully error if out of sync)
- name: Run a security audit
run: pnpm dlx audit-ci --critical --report-type summary
report:
if: ${{ always() && github.repository_owner == 'nrwl' && github.event_name != 'workflow_dispatch' }}
needs: audit
runs-on: ubuntu-latest
name: Report status
steps:
- name: Send notification
uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2 # v11
with:
status: ${{ needs.audit.result }}
message_format: '{emoji} Audit has {status_message}'
notification_title: '{workflow}'
footer: '<{run_url}|View Run> / Last commit <{commit_url}|{commit_sha}>'
mention_users: 'U01UELKLYF2,U9NPA6C90'
mention_users_when: 'failure,warnings'
env:
SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }}
+30
View File
@@ -0,0 +1,30 @@
name: PR Title Validation
on:
pull_request:
types: [opened, edited, synchronize, reopened]
permissions: read-all
jobs:
validate-pr-title:
name: Validate PR Title
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
# Ensure's validate-pr-title.js is the copy from master
ref: master
- name: Setup Node.js
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with:
node-version: 24
package-manager-cache: false
- name: Validate PR title
env:
PR_TITLE: ${{ github.event.pull_request.title }}
PR_BODY: ${{ github.event.pull_request.body }}
run: node ./scripts/validate-pr-title.js
+714
View File
@@ -0,0 +1,714 @@
name: publish
on:
# Automated schedule - canary releases from master
schedule:
- cron: "0 19 * * 1-5" # Monday - Friday, at 19:00 UTC (7pm UTC)
# Manual trigger - PR releases or dry-runs (based on workflow inputs)
workflow_dispatch:
inputs:
pr:
description: "PR Number - If set, a real release will be created for the branch associated with the given PR number. If blank, a dry-run of the currently selected branch will be performed."
required: false
type: number
release:
types: [ published ]
# Dynamically generate the display name for the GitHub UI based on the event type and inputs
run-name: ${{ github.event.inputs.pr && format('PR Release for {0}', github.event.inputs.pr) || github.event_name == 'schedule' && 'Canary Release' || github.event_name == 'workflow_dispatch' && !github.event.inputs.pr && 'Release Dry-Run' || github.ref_name }}
env:
DEBUG: napi:*
NX_RUN_GROUP: ${{ github.run_id }}-${{ github.run_attempt }}
CYPRESS_INSTALL_BINARY: 0
NODE_VERSION: 26.3.0
PNPM_VERSION: 11.2.2 # Aligned with root package.json (pnpm/action-setup will helpfully error if out of sync)
NX_GRADLE_PROJECT_GRAPH_TIMEOUT: 600
jobs:
# We first need to determine the version we are releasing, and if we need a custom repo or ref to use for the git checkout in subsequent steps.
# These values depend upon the event type that triggered the workflow:
#
# - schedule:
# - We are running a canary release which always comes from the master branch, we can use default ref resolution
# in actions/checkout. The exact version will be generated within scripts/nx-release.ts.
#
# - release:
# - We are running a full release which is based on the tag that triggered the release event, we can use default
# ref resolution in actions/checkout. The exact version will be generated within scripts/nx-release.ts.
#
# - workflow_dispatch:
# - We are either running a dry-run on the current branch, in which case the version will be static and we can use
# default ref resolution in actions/checkout, or we are creating a PR release for the given PR number, in which case
# we should generate an applicable version number within publish-resolve-data.js and use a custom ref of the PR branch name.
resolve-required-data:
name: Resolve Required Data
if: ${{ github.repository_owner == 'nrwl' }}
runs-on: ubuntu-latest
outputs:
version: ${{ steps.script.outputs.version }}
dry_run_flag: ${{ steps.script.outputs.dry_run_flag }}
success_comment: ${{ steps.script.outputs.success_comment }}
publish_branch: ${{ steps.script.outputs.publish_branch }}
ref: ${{ steps.script.outputs.ref }}
repo: ${{ steps.script.outputs.repo }}
pr_number: ${{ steps.script.outputs.pr_number }}
pr_author: ${{ steps.script.outputs.pr_author }}
steps:
# Default checkout on the triggering branch so that the latest publish-resolve-data.js script is available
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup node
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with:
node-version: ${{ env.NODE_VERSION }}
registry-url: 'https://registry.npmjs.org'
check-latest: true
package-manager-cache: false
- name: Resolve and set checkout and version data to use for release
id: script
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
env:
PR_NUMBER: ${{ github.event.inputs.pr }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const script = require('${{ github.workspace }}/scripts/publish-resolve-data.js');
await script({ github, context, core });
- name: (PR Release Only) Check out latest master
if: ${{ steps.script.outputs.ref != '' }}
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
# Check out the latest master branch to get its copy of nx-release.ts
repository: nrwl/nx
ref: master
path: latest-master-checkout
- name: (PR Release Only) Check out PR branch
if: ${{ steps.script.outputs.ref != '' }}
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
# Check out the PR branch to get its copy of nx-release.ts
repository: ${{ steps.script.outputs.repo }}
ref: ${{ steps.script.outputs.ref }}
path: pr-branch-checkout
- name: (PR Release Only) Ensure that release scripts have not changed in the PR being released
if: ${{ steps.script.outputs.ref != '' }}
run: |
# List of files that must not change in PR releases
FILES_TO_CHECK=(
"scripts/nx-release.ts"
"scripts/publish-resolve-data.js"
)
for FILE in "${FILES_TO_CHECK[@]}"; do
if ! cmp -s "latest-master-checkout/$FILE" "pr-branch-checkout/$FILE"; then
echo "🛑 Error: The file $FILE is different on the ${{ steps.script.outputs.ref }} branch on ${{ steps.script.outputs.repo }} vs latest master on nrwl/nx, cancelling workflow."
echo "If you did not modify the file, then you likely just need to rebase/merge latest master."
exit 1
else
echo "✅ The file $FILE is identical between the ${{ steps.script.outputs.ref }} branch on ${{ steps.script.outputs.repo }} and latest master on nrwl/nx."
fi
done
build:
needs: [ resolve-required-data ]
if: ${{ github.repository_owner == 'nrwl' }}
strategy:
fail-fast: false
matrix:
settings:
- host: macos-latest
target: x86_64-apple-darwin
setup: |-
rustup target add x86_64-apple-darwin
build: |
pnpm nx run-many --target=build-native -- --target=x86_64-apple-darwin
- host: windows-latest
setup: |-
choco install openjdk --version=21.0.0 -y
choco install dotnet-9.0-sdk -y
rustup target add aarch64-pc-windows-msvc
build: |
export JAVA_HOME="C:\Program Files\OpenJDK\jdk-21"
export PATH="$JAVA_HOME\bin:$PATH"
java -version
pnpm nx run-many --target=build-native -- --target=x86_64-pc-windows-msvc
target: x86_64-pc-windows-msvc
# Windows 32bit (not needed)
# - host: windows-latest
# build: |
# yarn nx -- run-many --target=build-native -- --target=i686-pc-windows-msvc
# target: i686-pc-windows-msvc
- host: ubuntu-latest
target: x86_64-unknown-linux-gnu
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-debian
build: |
set -e
apt-get update
apt-get install -y curl ca-certificates git xz-utils gpg
# Install mise from the signed apt repo
install -dm 755 /etc/apt/keyrings
curl -fsSL https://mise.jdx.dev/gpg-key.pub | gpg --dearmor -o /etc/apt/keyrings/mise-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/mise-archive-keyring.gpg arch=$(dpkg --print-architecture)] https://mise.jdx.dev/deb stable main" > /etc/apt/sources.list.d/mise.list
apt-get update
apt-get install -y mise
# Provision Node, Java, .NET, Maven, corepack from mise.toml
cd /build
mise trust mise.toml
mise install
eval "$(mise env -s bash)"
corepack enable
corepack prepare --activate
pnpm install --frozen-lockfile
rustup target add x86_64-unknown-linux-gnu
pnpm nx run-many --verbose --target=build-native -- --target=x86_64-unknown-linux-gnu
- host: ubuntu-latest
target: x86_64-unknown-linux-musl
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-alpine
build: |
bash -c "
set -e
# mise's core node/java backends don't ship musl binaries and fall back to
# compile-from-source on Alpine, which fails. Install via apk + tarball instead.
echo 'https://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories
apk add --no-cache curl xz openjdk21 build-base lld dotnet9-sdk
# Java 21
export JAVA_HOME=/usr/lib/jvm/java-21-openjdk
export PATH=\"\$JAVA_HOME/bin:\$PATH\"
java --version
# .NET 9 SDK (needed by @nx/dotnet plugin)
dotnet --version
# Node.js musl build from unofficial-builds.nodejs.org
curl -fsSL https://unofficial-builds.nodejs.org/download/release/v\${NODE_VERSION}/node-v\${NODE_VERSION}-linux-x64-musl.tar.xz -o node.tar.xz
tar -xJf node.tar.xz
mv node-v\${NODE_VERSION}-linux-x64-musl /usr/local/node
export PATH=\"/usr/local/node/bin:\$PATH\"
node --version
npm i -g pnpm@\${PNPM_VERSION} --force
# Help clang find GCC runtime (crtbeginS.o, libgcc) and use lld for jemalloc build
GCC_DIR=\$(dirname \$(find /usr/lib/gcc -name crtbeginS.o | head -1))
export CFLAGS=\"\${CFLAGS} -fuse-ld=lld --gcc-install-dir=\${GCC_DIR}\"
pnpm install --frozen-lockfile
rustup target add x86_64-unknown-linux-musl
pnpm nx run-many --verbose --target=build-native -- --target=x86_64-unknown-linux-musl
"
- host: macos-latest
target: aarch64-apple-darwin
setup: |-
rustup target add aarch64-apple-darwin
build: |
sudo rm -Rf /Library/Developer/CommandLineTools/SDKs/*;
export CC=$(xcrun -f clang);
export CXX=$(xcrun -f clang++);
SYSROOT=$(xcrun --sdk macosx --show-sdk-path);
export CFLAGS="-isysroot $SYSROOT -isystem $SYSROOT";
pnpm nx run-many --target=build-native -- --target=aarch64-apple-darwin
- host: ubuntu-latest
target: aarch64-unknown-linux-gnu
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-debian-aarch64
build: |
set -e
apt-get update
apt-get install -y curl ca-certificates git xz-utils gpg
# Install mise from the signed apt repo
install -dm 755 /etc/apt/keyrings
curl -fsSL https://mise.jdx.dev/gpg-key.pub | gpg --dearmor -o /etc/apt/keyrings/mise-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/mise-archive-keyring.gpg arch=$(dpkg --print-architecture)] https://mise.jdx.dev/deb stable main" > /etc/apt/sources.list.d/mise.list
apt-get update
apt-get install -y mise
# Provision Node, Java, .NET, Maven, corepack from mise.toml
cd /build
mise trust mise.toml
mise install
eval "$(mise env -s bash)"
# Help clang find GCC runtime (crtbeginS.o, libgcc) and use lld for jemalloc build
export CFLAGS="${CFLAGS} -fuse-ld=lld --gcc-toolchain=/usr/aarch64-unknown-linux-gnu"
# Build jemalloc with 64 KiB allocator page so the binary works on aarch64
# Linux kernels with 4K/16K/64K pages (Asahi, Ampere, Graviton, etc.).
export JEMALLOC_SYS_WITH_LG_PAGE=16
corepack enable
corepack prepare --activate
pnpm install --frozen-lockfile
rustup target add aarch64-unknown-linux-gnu
pnpm nx run-many --verbose --target=build-native -- --target=aarch64-unknown-linux-gnu
- host: ubuntu-latest
target: armv7-unknown-linux-gnueabihf
setup: |
sudo apt-get update
sudo apt-get install gcc-arm-linux-gnueabihf -y
rustup target add armv7-unknown-linux-gnueabihf
build: |
CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER=/usr/bin/arm-linux-gnueabihf-gcc pnpm nx run-many --target=build-native -- --target=armv7-unknown-linux-gnueabihf
# Android (not needed)
# - host: ubuntu-latest
# target: aarch64-linux-android
# build: |
# pnpm nx run-many --target=build-native -- --target=aarch64-linux-android
# - host: ubuntu-latest
# target: armv7-linux-androideabi
# build: |
# pnpm nx run-many --target=build-native -- --target=armv7-linux-androideabi
- host: ubuntu-latest
target: aarch64-unknown-linux-musl
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-alpine
build: |
bash -c "
set -e
# mise's core node/java backends don't ship musl binaries and fall back to
# compile-from-source on Alpine, which fails. Install via apk + tarball instead.
echo 'https://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories
apk add --no-cache curl xz openjdk21 build-base lld dotnet9-sdk
# Java 21
export JAVA_HOME=/usr/lib/jvm/java-21-openjdk
export PATH=\"\$JAVA_HOME/bin:\$PATH\"
java --version
# .NET 9 SDK (needed by @nx/dotnet plugin)
dotnet --version
# Node.js musl build from unofficial-builds.nodejs.org. Container is x64;
# rust cross-compiles to aarch64-unknown-linux-musl, so the host node binary
# is x64-musl regardless of the build target.
curl -fsSL https://unofficial-builds.nodejs.org/download/release/v\${NODE_VERSION}/node-v\${NODE_VERSION}-linux-x64-musl.tar.xz -o node.tar.xz
tar -xJf node.tar.xz
mv node-v\${NODE_VERSION}-linux-x64-musl /usr/local/node
export PATH=\"/usr/local/node/bin:\$PATH\"
node --version
npm i -g pnpm@\${PNPM_VERSION} --force
# Help clang find GCC runtime (crtbeginS.o, libgcc) and use lld for jemalloc build
GCC_DIR=\$(dirname \$(find /aarch64-linux-musl-cross/lib/gcc -name crtbeginS.o | head -1))
export CFLAGS=\"\${CFLAGS} -fuse-ld=lld --gcc-install-dir=\${GCC_DIR}\"
# Build jemalloc with 64 KiB allocator page so the binary works on aarch64
# Linux kernels with 4K/16K/64K pages (Asahi, Ampere, Graviton, etc.).
export JEMALLOC_SYS_WITH_LG_PAGE=16
pnpm install --frozen-lockfile
rustup target add aarch64-unknown-linux-musl
pnpm nx run-many --verbose --target=build-native -- --target=aarch64-unknown-linux-musl
"
- host: windows-latest
target: aarch64-pc-windows-msvc
setup: |-
choco install openjdk --version=21.0.0 -y
choco install dotnet-9.0-sdk -y
rustup target add aarch64-pc-windows-msvc
build: |
export JAVA_HOME="C:\Program Files\OpenJDK\jdk-21"
export PATH="$JAVA_HOME\bin:$PATH"
java -version
pnpm nx run-many --target=build-native -- --target=aarch64-pc-windows-msvc
name: stable - ${{ matrix.settings.target }} - node@26.3.0
runs-on: ${{ matrix.settings.host }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: ${{ needs.resolve-required-data.outputs.repo || github.repository }}
ref: ${{ needs.resolve-required-data.outputs.ref || github.ref }}
- name: Set verbose logging from debug mode
if: runner.debug == '1'
run: echo "NX_VERBOSE_LOGGING=true" >> "$GITHUB_ENV"
- name: Setup dev tools with mise
uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3
if: ${{ !matrix.settings.docker }}
- name: Enable corepack and install pnpm
if: ${{ !matrix.settings.docker }}
run: |
corepack enable
corepack prepare --activate
- name: Cache cargo
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
.cargo-cache
target/
key: ${{ matrix.settings.target }}-cargo-registry
- name: Setup toolchain
run: ${{ matrix.settings.setup }}
if: ${{ matrix.settings.setup }}
shell: bash
- name: Setup node x86
if: matrix.settings.target == 'i686-pc-windows-msvc'
run: yarn config set supportedArchitectures.cpu "ia32"
shell: bash
- name: Install dependencies
if: ${{ !matrix.settings.docker }}
run: pnpm install --frozen-lockfile
timeout-minutes: 30
- name: Setup node x86
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
if: matrix.settings.target == 'i686-pc-windows-msvc'
with:
node-version: ${{ env.NODE_VERSION }}
check-latest: true
cache: pnpm
architecture: x86
- name: Build in docker
if: ${{ matrix.settings.docker }}
shell: bash
env:
BUILD_SCRIPT: ${{ matrix.settings.build }}
run: |
SCRIPT_FILE=$(mktemp)
echo "$BUILD_SCRIPT" > "$SCRIPT_FILE"
docker run --rm \
--user 0:0 \
-e NODE_VERSION \
-e PNPM_VERSION \
-e NX_GRADLE_PROJECT_GRAPH_TIMEOUT \
-e NX_VERBOSE_LOGGING \
-v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db \
-v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache \
-v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index \
-v ${{ github.workspace }}:/build \
-v "$SCRIPT_FILE:/build-script.sh" \
-w /build \
${{ matrix.settings.docker }} \
bash /build-script.sh
- name: Build
run: ${{ matrix.settings.build }}
if: ${{ !matrix.settings.docker }}
shell: bash
- name: Upload artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: bindings-${{ matrix.settings.target }}
path: |
packages/nx/src/native/*.node
packages/nx/src/native/*.wasm
if-no-files-found: error
build-freebsd:
needs: [ resolve-required-data ]
if: ${{ github.repository_owner == 'nrwl' }}
runs-on: ubuntu-latest
name: Build FreeBSD
timeout-minutes: 45
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: ${{ needs.resolve-required-data.outputs.repo || github.repository }}
ref: ${{ needs.resolve-required-data.outputs.ref || github.ref }}
- name: Build
id: build
uses: cross-platform-actions/action@462ed697694d2ac9aa49e1225f395f7bb6dd49fe # v0.29.0
env:
DEBUG: napi:*
RUSTUP_IO_THREADS: 1
PLAYWRIGHT_BROWSERS_PATH: 0
NODE_VERSION: 26.3.0
NX_GRADLE_DISABLE: 'true'
NX_DOTNET_DISABLE: 'true'
NODE_OPTIONS: '--max-old-space-size=4096'
with:
operating_system: freebsd
version: '14.0'
architecture: x86-64
environment_variables: DEBUG RUSTUP_IO_THREADS CI PLAYWRIGHT_BROWSERS_PATH NODE_VERSION NX_GRADLE_DISABLE NX_DOTNET_DISABLE NODE_OPTIONS
shell: bash
run: |
env
whoami
sudo pkg install -y -f node libnghttp2 www/npm git ca_root_nss
sudo npm install --location=global --ignore-scripts pnpm@11.2.2
curl https://sh.rustup.rs -sSf --output rustup.sh
sh rustup.sh -y --profile minimal --default-toolchain stable
source "$HOME/.cargo/env"
echo "~~~~ rustc --version ~~~~"
rustc --version
echo "~~~~ node -v ~~~~"
node -v
echo "~~~~ pnpm --version ~~~~"
pnpm --version
pwd
ls -lah
whoami
env
freebsd-version
echo "Installing dependencies"
pnpm install --frozen-lockfile --ignore-scripts
echo "Checking disk space before cleanup"
df -h
echo "Removing unnecessary preinstalled packages"
# List all packages first to see what's installed
sudo pkg info -a
echo "Cleaning up to free disk space"
# Clean package caches
sudo pkg clean -a -y
sudo pkg autoremove -y
# Remove unnecessary system files
sudo rm -rf /usr/local/lib/*.a
sudo rm -rf /usr/local/share/doc/*
sudo rm -rf /usr/local/share/man/*
sudo rm -rf /usr/local/share/examples/*
sudo rm -rf /usr/local/share/locale/*
sudo rm -rf /usr/local/share/gtk-doc/*
sudo rm -rf /usr/local/share/info/*
sudo rm -rf /usr/src/*
sudo rm -rf /usr/obj/*
sudo rm -rf /usr/tests/*
sudo rm -rf /usr/lib/debug/*
# Clean var directories
sudo rm -rf /var/cache/pkg/*
sudo rm -rf /var/db/pkg/*.tbz
sudo rm -rf /var/log/*.log
sudo rm -rf /var/log/*.old
# Clean temporary files
sudo rm -rf /tmp/*
sudo rm -rf /var/tmp/*
# Remove Python cache if present
sudo find /usr/local -type d -name "__pycache__" -exec rm -rf {} + 2>/dev/null || true
sudo find /usr/local -name "*.pyc" -delete 2>/dev/null || true
sudo find /usr/local -name "*.pyo" -delete 2>/dev/null || true
# Clean npm/pnpm caches
npm cache clean --force || true
pnpm store prune || true
rm -rf ~/.npm || true
rm -rf ~/.pnpm-store || true
# Clean Rust extras but keep registry/git (needed for cargo to resolve deps)
rm -rf ~/.rustup/toolchains/*/share || true
# Remove other development tool caches
rm -rf ~/.cache/* || true
# Remove unnecessary workspace directories
rm -rf docs astro-docs nx-dev || true
echo "Checking disk space after cleanup"
df -h
# Disable core dumps - OOM'd Node processes write multi-GB core files that fill the disk
ulimit -c 0
echo "Building FreeBSD bindings"
BUILD_EXIT=0
pnpm nx run-many --verbose --outputStyle stream --target=build-native -- --target=x86_64-unknown-freebsd || BUILD_EXIT=$?
echo "=== Disk usage after build ==="
df -h
if [ "$BUILD_EXIT" -ne 0 ]; then
echo "Build failed with exit code $BUILD_EXIT"
echo "=== Disk usage by top-level directories ==="
du -sh /* 2>/dev/null | sort -rh | head -20
echo "=== Disk usage in home directory ==="
du -sh ~/* 2>/dev/null | sort -rh | head -20
echo "=== Disk usage in workspace ==="
du -sh /home/runner/work/nx/nx/* 2>/dev/null | sort -rh | head -20
echo "=== Disk usage in .nx ==="
du -sh /home/runner/work/nx/nx/.nx/* 2>/dev/null | sort -rh | head -20
echo "=== Disk usage in cargo/rustup ==="
du -sh ~/.cargo/* ~/.rustup/* 2>/dev/null | sort -rh | head -20
echo "=== Core dumps ==="
find / -name "*.core" -o -name "core.*" -o -name "core" 2>/dev/null | head -10
exit $BUILD_EXIT
fi
echo "Build succeeded"
echo "Cleaning up"
pnpm nx reset
rm -rf node_modules
rm -rf dist
echo "KILL ALL NODE PROCESSES"
killall node || true
echo "COMPLETE"
- name: Upload artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: bindings-freebsd
path: |
packages/nx/src/native/*.node
if-no-files-found: error
publish:
if: ${{ github.repository_owner == 'nrwl' }}
name: Publish
runs-on: ubuntu-latest
environment: npm-registry
permissions:
id-token: write
contents: write
pull-requests: write
needs:
- resolve-required-data
- build-freebsd
- build
env:
GH_TOKEN: ${{ github.token }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: ${{ needs.resolve-required-data.outputs.repo || github.repository }}
ref: ${{ needs.resolve-required-data.outputs.ref || github.ref }}
- name: Set verbose logging from debug mode
if: runner.debug == '1'
run: echo "NX_VERBOSE_LOGGING=true" >> "$GITHUB_ENV"
- name: Setup dev tools with mise
uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3
- name: Enable corepack and install pnpm
run: |
corepack enable
corepack prepare --activate
- name: Use npm 11.5.2
run: npm install -g npm@11.5.2
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Restore .NET packages
run: dotnet restore nx.sln
- name: Download all artifacts
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
path: artifacts
# This command will appropriately fail if no artifacts are available
- name: List artifacts
run: ls -R artifacts
shell: bash
- name: Build Wasm
run: |
wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-23/wasi-sdk-23.0-x86_64-linux.tar.gz
tar -xvf wasi-sdk-23.0-x86_64-linux.tar.gz
rustup toolchain install nightly-2025-05-09
pnpm build:wasm
- name: Publish
env:
# Not named `VERSION` to avoid MSBuild adopting it as $(Version).
NX_PUBLISH_VERSION: ${{ needs.resolve-required-data.outputs.version }}
DRY_RUN: ${{ needs.resolve-required-data.outputs.dry_run_flag }}
PUBLISH_BRANCH: ${{ needs.resolve-required-data.outputs.publish_branch }}
run: |
echo ""
# Create and check out the publish branch
git checkout -b $PUBLISH_BRANCH
echo ""
echo "Version set to: $NX_PUBLISH_VERSION"
echo "DRY_RUN set to: $DRY_RUN"
echo ""
pnpm nx-release --local=false $NX_PUBLISH_VERSION $DRY_RUN
- name: (Stable Release Only) Trigger Docs Release
# Publish docs only on a full release
if: ${{ !github.event.release.prerelease && github.event_name == 'release' }}
run: npx tsx ./scripts/release-docs.ts
- name: (PR Release Only) Create comment for successful PR release
if: success() && github.event.inputs.pr
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
env:
SUCCESS_COMMENT: ${{ needs.resolve-required-data.outputs.success_comment }}
with:
# github-token defaults to ${{ github.token }} so we don't need to specify it
script: |
const successComment = JSON.parse(process.env.SUCCESS_COMMENT);
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: ${{ github.event.inputs.pr }},
body: successComment
});
report-pending-publish:
name: Report Pending Publish to Slack
if: ${{ github.repository_owner == 'nrwl' }}
needs:
- resolve-required-data
- build-freebsd
- build
runs-on: ubuntu-latest
timeout-minutes: 10
continue-on-error: true # Don't fail the workflow if notification fails
steps:
- name: Send Slack notification
uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2 # v11
with:
status: ${{ job.status }}
notification_title: >-
${{ needs.resolve-required-data.outputs.pr_number &&
format('📦 PR #{0} Publish Pending Review', needs.resolve-required-data.outputs.pr_number) ||
'📦 Publish Pending Review' }}
message_format: >-
${{ needs.resolve-required-data.outputs.pr_number &&
format('Version {0} from PR #{1} by @{2} is being published to NPM - manual review is required',
needs.resolve-required-data.outputs.version,
needs.resolve-required-data.outputs.pr_number,
needs.resolve-required-data.outputs.pr_author) ||
format('Version {0} is being published to NPM - manual review is required',
needs.resolve-required-data.outputs.version) }}
footer: '<{run_url}|View Workflow Run>'
mention_users: 'U9NPA6C90' # Jason
env:
SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }}
pr_failure_comment:
# Run this job if it is a PR release, running on the nrwl origin, and any of the required jobs failed
if: ${{ github.repository_owner == 'nrwl' && github.event.inputs.pr && always() && contains(needs.*.result, 'failure') }}
needs: [ resolve-required-data, build, build-freebsd, publish ]
name: (PR Release Failure Only) Create comment for failed PR release
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Create comment for failed PR release
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
# This script is intentionally kept inline (and e.g. not generated in publish-resolve-data.js)
# to ensure that an error within the data generation itself is not missed.
script: |
const message = `
Failed to publish a PR release of this pull request, triggered by @${{ github.triggering_actor }}.
See the failed workflow run at: https://github.com/nrwl/nx/actions/runs/${{ github.run_id }}
`;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: ${{ github.event.inputs.pr }},
body: message
});
+111
View File
@@ -0,0 +1,111 @@
on:
schedule:
- cron: "0 0 * * *"
name: Stale Bot workflow
permissions: { }
jobs:
build:
if: ${{ github.repository_owner == 'nrwl' }}
permissions:
issues: write # to close stale issues (actions/stale)
pull-requests: write # to close stale PRs (actions/stale)
name: stale
runs-on: ubuntu-latest
steps:
# This handles issues that need more info
- name: stale-more-info-needed
id: stale-more-info-needed
uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 7
days-before-close: 21
stale-issue-label: "stale"
operations-per-run: 300
remove-stale-when-updated: true
only-labels: "blocked: more info needed"
stale-issue-message: |
This issue has been automatically marked as stale because more information has not been provided within 7 days.
It will be closed in 21 days if no information is provided.
If information has been provided, please reply to keep it active.
Thanks for being a part of the Nx community! 🙏
# This handles PRs that need to be rebased
- name: stale-needs-rebase
id: stale-needs-rebase
uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 7
days-before-close: 21
stale-issue-label: "stale"
operations-per-run: 300
remove-stale-when-updated: true
only-labels: "blocked: needs rebased"
stale-issue-message: |
This PR has been automatically marked as stale because it has not been rebased in 7 days.
It will be closed in 21 days if it is not rebased.
If the PR has been rebased or you are working on rebasing it, please reply to keep it active.
If you do not have time, please let us know and we can rebase it.
Thanks for being a part of the Nx community! 🙏
# This handles issues that do not have a repro
- name: stale-repro-needed
id: stale-repro-needed
uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 7
days-before-close: 21
stale-issue-label: "stale"
operations-per-run: 300
remove-stale-when-updated: true
only-labels: "blocked: repro needed"
stale-issue-message: |
This issue has been automatically marked as stale because no reproduction was provided within 7 days.
Please help us help you. Providing a repository exhibiting the issue helps us diagnose and fix the issue.
Any time that we spend reproducing this issue is time taken away from addressing this issue and other issues.
This issue will be closed in 21 days if a reproduction is not provided.
If a reproduction has been provided, please reply to keep it active.
Thanks for being a part of the Nx community! 🙏
- name: stale-retry-with-latest
id: stale-retry-with-latest
uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 7
days-before-close: 21
stale-issue-label: "stale"
operations-per-run: 300
remove-stale-when-updated: true
only-labels: "blocked: retry with latest"
stale-issue-message: |
This issue has been automatically marked as stale because no results of retrying on the latest version of Nx was provided within 7 days.
It will be closed in 21 days if no results are provided.
If the issue is still present, please reply to keep it active.
If the issue was not present, please close this issue.
Thanks for being a part of the Nx community! 🙏
# This handles issues are really old and were made with a previous major
- name: stale-bug
id: stale-bug
uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 180
days-before-close: 21
stale-issue-label: "stale"
operations-per-run: 300
remove-stale-when-updated: true
stale-issue-message: |
This issue has been automatically marked as stale because it hasn't had any activity for 6 months.
Many things may have changed within this time. The issue may have already been fixed or it may not be relevant anymore.
If at this point, this is still an issue, please respond with updated information.
It will be closed in 21 days if no further activity occurs.
Thanks for being a part of the Nx community! 🙏