Merge branch 'develop' into gsouquet/new-search-ordering

Author: Germain Souquet

.github/codecov.yml

@@ -8,13 +8,14 @@ on:
     branches: [ develop, master ]
   repository_dispatch:
     types: [ upstream-sdk-notify ]
+env:
+  # These must be set for fetchdep.sh to get the right branch
+  REPOSITORY: ${{ github.repository }}
+  PR_NUMBER: ${{ github.event.pull_request.number }}
 jobs:
   build:
     name: "Build Element-Web"
     runs-on: ubuntu-latest
-    env:
-      # This must be set for fetchdep.sh to get the right branch
-      PR_NUMBER: ${{github.event.number}}
     steps:
       - uses: actions/checkout@v2
 
@@ -90,9 +91,6 @@ jobs:
   app-tests:
     name: Element Web Integration Tests
     runs-on: ubuntu-latest
-    env:
-      # This must be set for fetchdep.sh to get the right branch
-      PR_NUMBER: ${{github.event.number}}
     steps:
       - uses: actions/checkout@v2
 

.github/workflows/element-build-and-test.yaml

@@ -9,12 +9,13 @@ on:
     branches: [ develop ]
   repository_dispatch:
     types: [ upstream-sdk-notify ]
+env:
+  # These must be set for fetchdep.sh to get the right branch
+  REPOSITORY: ${{ github.repository }}
+  PR_NUMBER: ${{ github.event.pull_request.number }}
 jobs:
   end-to-end:
     runs-on: ubuntu-latest
-    env:
-      # This must be set for fetchdep.sh to get the right branch
-      PR_NUMBER: ${{github.event.number}}
     container: vectorim/element-web-ci-e2etests-env:latest
     steps:
       - name: Checkout code

.github/workflows/end-to-end-tests.yaml

@@ -25,40 +25,40 @@ jobs:
           echo "PR number: $pr_number"
           echo "::set-output name=prnumber::$pr_number"
 
-      - name: Create Deployment ID
-        uses: altinukshini/deployment-action@v1.2.6
+      - name: Create Deployment
+        uses: bobheadxi/deployments@v1
         id: deployment
         with:
-          token: "${{ secrets.ELEMENT_BOT_TOKEN }}"
-          pr: true
-          pr_id: ${{ steps.readctx.outputs.prnumber }}
-          transient_environment: true
-          environment: Netlify
-          initial_status: in_progress
+          step: start
+          token: ${{ secrets.GITHUB_TOKEN }}
+          env: Netlify
           ref: ${{ github.event.workflow_run.head_sha }}
+          desc: |
+            Do you trust the author of this PR? Maybe this build will steal your keys or give you malware.
+            Exercise caution. Use test accounts.
 
-      # There's a 'download artifact' action but it hasn't been updated for the
+      # There's a 'download artifact' action, but it hasn't been updated for the
       # workflow_run action (https://github.com/actions/download-artifact/issues/60)
       # so instead we get this mess:
       - name: 'Download artifact'
         uses: actions/[email protected]
         with:
           script: |
-            var artifacts = await github.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: ${{github.event.workflow_run.id }},
+            const artifacts = await github.actions.listWorkflowRunArtifacts({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                run_id: ${{ github.event.workflow_run.id }},
             });
-            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "previewbuild"
+            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+                return artifact.name == "previewbuild"
             })[0];
-            var download = await github.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
+            const download = await github.actions.downloadArtifact({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                artifact_id: matchArtifact.id,
+                archive_format: 'zip',
             });
-            var fs = require('fs');
+            const fs = require('fs');
             fs.writeFileSync('${{github.workspace}}/previewbuild.zip', Buffer.from(download.data));
 
       - name: Extract Artifacts
@@ -79,25 +79,17 @@ jobs:
           NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
         timeout-minutes: 1
 
-      - name: Update deployment status (success)
-        if: success()
-        uses: altinukshini/[email protected]
+      - name: Update deployment status
+        uses: bobheadxi/deployments@v1
+        if: always()
         with:
-          token: "${{ secrets.ELEMENT_BOT_TOKEN }}"
-          environment_url: ${{ steps.netlify.outputs.deploy-url }}
-          state: "success"
+          step: finish
+          override: false
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: ${{ job.status }}
+          env: ${{ steps.deployment.outputs.env }}
           deployment_id: ${{ steps.deployment.outputs.deployment_id }}
-          pr: true
-          pr_id: ${{ steps.readctx.outputs.prnumber }}
-          description: |
+          env_url: ${{ steps.netlify.outputs.deploy-url }}
+          desc: |
             Do you trust the author of this PR? Maybe this build will steal your keys or give you malware.
             Exercise caution. Use test accounts.
-      - name: Update deployment status (failure)
-        if: failure()
-        uses: altinukshini/[email protected]
-        with:
-          token: "${{ secrets.ELEMENT_BOT_TOKEN }}"
-          state: "failure"
-          deployment_id: ${{ steps.deployment.outputs.deployment_id }}
-          pr: true
-          pr_id: ${{ steps.readctx.outputs.prnumber }}

.github/workflows/netlify.yaml

@@ -0,0 +1,24 @@
+name: Pull Request
+on:
+  pull_request_target:
+    types: [ opened, edited, labeled, unlabeled ]
+jobs:
+  changelog:
+    name: Preview Changelog
+    runs-on: ubuntu-latest
+    steps:
+      - uses: matrix-org/allchange@main
+        with:
+          ghToken: ${{ secrets.GITHUB_TOKEN }}
+
+  enforce-label:
+    name: Enforce Labels
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+    steps:
+      - uses: yogevbd/[email protected]
+        with:
+          REQUIRED_LABELS_ANY: "T-Defect,T-Enhancement,T-Task"
+          BANNED_LABELS: "X-Blocked"
+          BANNED_LABELS_DESCRIPTION: "Preventing merge whilst PR is marked blocked!"

.github/workflows/preview_changelog.yaml

@@ -0,0 +1,47 @@
+name: SonarQube
+on:
+  workflow_run:
+    workflows: [ "Tests" ]
+    types:
+      - completed
+jobs:
+  sonarqube:
+    name: SonarQube
+    runs-on: ubuntu-latest
+    if: github.event.workflow_run.conclusion == 'success'
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+
+      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
+      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
+      - name: Download Coverage Report
+        uses: actions/[email protected]
+        with:
+          script: |
+            const artifacts = await github.actions.listWorkflowRunArtifacts({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                run_id: ${{ github.event.workflow_run.id }},
+            });
+            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+                return artifact.name == "coverage"
+            })[0];
+            const download = await github.actions.downloadArtifact({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                artifact_id: matchArtifact.id,
+                archive_format: 'zip',
+            });
+            const fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/coverage.zip', Buffer.from(download.data));
+
+      - name: Extract Coverage Report
+        run: unzip -d coverage coverage.zip && rm coverage.zip
+
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/pull_request.yaml

@@ -5,13 +5,14 @@ on:
     branches: [ develop, master ]
   repository_dispatch:
     types: [ upstream-sdk-notify ]
+env:
+  # These must be set for fetchdep.sh to get the right branch
+  REPOSITORY: ${{ github.repository }}
+  PR_NUMBER: ${{ github.event.pull_request.number }}
 jobs:
   ts_lint:
     name: "Typescript Syntax Check"
     runs-on: ubuntu-latest
-    env:
-      # This must be set for fetchdep.sh to get the right branch
-      PR_NUMBER: ${{github.event.number}}
     steps:
       - uses: actions/checkout@v2
 
@@ -37,11 +38,32 @@ jobs:
         run: "yarn run lint:types"
 
   i18n_lint:
-    name: "i18n Diff Check"
+    name: "i18n Check"
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
     steps:
       - uses: actions/checkout@v2
 
+      - name: "Get modified files"
+        id: changed_files
+        if: github.event_name == 'pull_request' && github.actor != 'RiotTranslateBot'
+        uses: tj-actions/changed-files@v19
+        with:
+          files: |
+            src/i18n/strings/*
+          files_ignore: |
+            src/i18n/strings/en_EN.json
+
+      - name: "Assert only en_EN was modified"
+        if: |
+          github.event_name == 'pull_request' &&
+          github.actor != 'RiotTranslateBot' &&
+          steps.changed_files.outputs.any_modified == 'true'
+        run: |
+          echo "You can only modify en_EN.json, do not touch any of the other i18n files as Weblate will be confused"
+          exit 1
+
       - uses: actions/setup-node@v3
         with:
           cache: 'yarn'

.github/workflows/sonarqube.yml

@@ -5,21 +5,17 @@ on:
     branches: [ develop, master ]
   repository_dispatch:
     types: [ upstream-sdk-notify ]
+env:
+  # These must be set for fetchdep.sh to get the right branch
+  REPOSITORY: ${{ github.repository }}
+  PR_NUMBER: ${{ github.event.pull_request.number }}
 jobs:
   jest:
-    name: Jest with Codecov
+    name: Jest
     runs-on: ubuntu-latest
-    env:
-      # This must be set for fetchdep.sh to get the right branch
-      PR_NUMBER: ${{github.event.number}}
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-        with:
-          # If this is a pull request, make sure we check out its head rather than the
-          # automatically generated merge commit, so that the coverage diff excludes
-          # unrelated changes in the base branch
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || '' }}
 
       - name: Yarn cache
         uses: actions/setup-node@v3
@@ -30,11 +26,12 @@ jobs:
         run: "./scripts/ci/install-deps.sh --ignore-scripts"
 
       - name: Run tests with coverage
-        run: "yarn coverage"
+        run: "yarn coverage --ci"
 
-      - name: Upload coverage
-        uses: codecov/codecov-action@v2
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v2
         with:
-          fail_ci_if_error: false
-          verbose: true
-          override_commit: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || '' }}
+          name: coverage
+          path: |
+            coverage
+            !coverage/lcov-report

.github/workflows/static_analysis.yaml

@@ -0,0 +1,8 @@
+name: Upgrade Dependencies
+on:
+  workflow_dispatch: { }
+jobs:
+  upgrade:
+    uses: matrix-org/matrix-js-sdk/.github/workflows/upgrade_dependencies.yml@develop
+    secrets:
+      ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}

.github/workflows/tests.yml

@@ -1,3 +1,12 @@
+[![npm](https://img.shields.io/npm/v/matrix-react-sdk)](https://www.npmjs.com/package/matrix-react-sdk)
+![Tests](https://github.com/matrix-org/matrix-react-sdk/actions/workflows/tests.yml/badge.svg)
+![Static Analysis](https://github.com/matrix-org/matrix-react-sdk/actions/workflows/static_analysis.yaml/badge.svg)
+[![Weblate](https://translate.element.io/widgets/element-web/-/matrix-react-sdk/svg-badge.svg)](https://translate.element.io/engage/element-web/)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=matrix-react-sdk&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=matrix-react-sdk)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=matrix-react-sdk&metric=coverage)](https://sonarcloud.io/summary/new_code?id=matrix-react-sdk)
+[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=matrix-react-sdk&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=matrix-react-sdk)
+[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=matrix-react-sdk&metric=bugs)](https://sonarcloud.io/summary/new_code?id=matrix-react-sdk)
+
 matrix-react-sdk
 ================