Permalink
Switch branches/tags
Commits on Oct 12, 2018
  1. Enforce lockfile is kept up to date (#21739)

    hramos authored and facebook-github-bot committed Oct 12, 2018
    Summary:
    Adds a new script that runs Yarn with --frozen-lockfile, and fails if Yarn finds the lockfile is out of sync.
    
    Keeping the lockfile in sync with package.json will ensure our internal open source tests can run offline, as our offline mirror is updated whenever the lockfile changes.
    
    Reverted yarn.lock to https://raw.githubusercontent.com/facebook/react-native/6eeff75849c9b8bf91592c1b7906b4dab8fba518/yarn.lock, then ran `scripts/circleci/validate_yarn_lockfile.sh`, and verified the script failed as expected.
    
    I then ran Yarn without the --frozen-lockfile flag, and reran the validation script. This time, the script finished successfully.
    Pull Request resolved: #21739
    
    Differential Revision: D10365642
    
    Pulled By: hramos
    
    fbshipit-source-id: 9ab7f03919427a86b12901d4c422ef04dd0839f6
Commits on Oct 11, 2018
  1. Ensure React Native lockfile is up to date

    hramos authored and facebook-github-bot committed Oct 11, 2018
    Summary: Updates React Native yarn lockfile.
    
    Reviewed By: zertosh, yungsters
    
    Differential Revision: D10261430
    
    fbshipit-source-id: a99266cf720641bb779fc264d9d4745bfe0b8599
Commits on Oct 5, 2018
  1. Flag code analysis issues once per converter used (#21503)

    hramos authored and facebook-github-bot committed Oct 5, 2018
    Summary:
    Fixes issue where the bot would leave multiple lines in the top review comment if, say, eslint found 30 issues, there would be 30 mentions of eslint having found issues.
    
    See #21492 for an example of such a case, where `analysis-bot` left a spammy review at #21492 (review).
    Pull Request resolved: #21503
    
    Differential Revision: D10219439
    
    Pulled By: hramos
    
    fbshipit-source-id: 75d32ef3bfeaa91ab614763a19494659ad1be0dd
  2. Run publish_npm_package job on tagged commits without any pre-reqs (#…

    hramos authored and facebook-github-bot committed Oct 5, 2018
    …21495)
    
    Summary:
    This PR gets master back on sync with fixes made to 0.57-stable.
    Pull Request resolved: #21495
    
    Differential Revision: D10209745
    
    Pulled By: hramos
    
    fbshipit-source-id: bc4d859adade820eac30e947514b6c6c2a27083f
Commits on Oct 1, 2018
  1. Update path to code analysis script (#21443)

    hramos authored and facebook-github-bot committed Oct 1, 2018
    Summary:
    The script was moved after the original ShellCheck PR was opened, and this was lost during the rebase.
    Pull Request resolved: #21443
    
    Differential Revision: D10133498
    
    Pulled By: hramos
    
    fbshipit-source-id: da61b782362ab2d13cb6f0bca3fb1c9a0af08ae5
Commits on Sep 29, 2018
  1. Fix copyright headers

    hramos authored and facebook-github-bot committed Sep 29, 2018
    Summary:
    Update several files to use the proper copyright header:
    
    ```
    //  Copyright (c) Facebook, Inc. and its affiliates.
    //
    // This source code is licensed under the MIT license found in the
    // LICENSE file in the root directory of this source tree.
    ```
    
    In the case of Xcode project files, I used the shortform version, `Copyright (c) Facebook, Inc. and its affiliates.`
    
    Reviewed By: axe-fb
    
    Differential Revision: D10114529
    
    fbshipit-source-id: a1f2d5a46d04797c1cf281ea9ab80d3a2caa6fb4
  2. Use ShellCheck (#19681)

    hramos authored and facebook-github-bot committed Sep 29, 2018
    Summary:
    As recommended in https://circleci.com/docs/2.0/using-shell-scripts/#use-shellcheck
    
    It will only run on PRs for now.
    Pull Request resolved: #19681
    
    Differential Revision: D10111711
    
    Pulled By: hramos
    
    fbshipit-source-id: e980a526561dced79e5197a11cfb41a3eba9be8b
Commits on Sep 26, 2018
  1. Test Xcode 10 (#21324)

    hramos authored and facebook-github-bot committed Sep 26, 2018
    Summary:
    This also fixes an issue with tagged commit Circle CI jobs, and avoids running the `publish_npm_package` on every commit. The new config ignores commits on *all branches*, but should still catch git tags.
    Pull Request resolved: #21324
    
    Differential Revision: D10041629
    
    Pulled By: hramos
    
    fbshipit-source-id: 9b3295b5fcd614c67a8838ffd49c6a5d6ae7fd86
Commits on Sep 22, 2018
  1. Deploy to npm on tagged commits only (#21250)

    hramos authored and facebook-github-bot committed Sep 22, 2018
    Summary:
    This PR applies some fixes I made to the 0.57-stable branch to ensure we only run on commits tagged as "v0.57.1", as an example. This also ensures we only deploy after all tests pass.
    Pull Request resolved: #21250
    
    Differential Revision: D10003666
    
    Pulled By: hramos
    
    fbshipit-source-id: 22d5e674ca925dce53d0ddf0e12c64dc82ec7aa1
Commits on Sep 21, 2018
  1. Add test case suggestion to PR template

    hramos authored and facebook-github-bot committed Sep 21, 2018
    Summary: Pull Request resolved: #21234
    
    Differential Revision: D9982500
    
    Pulled By: hramos
    
    fbshipit-source-id: 585d4a8292ac7f53f26adf53a36e766a49fdc5b6
Commits on Sep 20, 2018
  1. Use Android SDK 27 in React Native

    hramos authored and facebook-github-bot committed Sep 20, 2018
    Summary:
    Upgrade React Native to Android SDK 27 again, following the reversal in D9886607 (68c7999).
    
    The SDK 27 is actually available internally in an alternate location that is suitable for use cases like React Native's. For future reference, SDK 28 is also available for use in this location.
    
    Reviewed By: axe-fb
    
    Differential Revision: D9929066
    
    fbshipit-source-id: 9413f891d5587293a30544351340e9407a2dce55
Commits on Sep 18, 2018
  1. Fix Appveyor badge url

    hramos authored and facebook-github-bot committed Sep 18, 2018
    Summary: Pull Request resolved: #21159
    
    Differential Revision: D9928127
    
    Pulled By: hramos
    
    fbshipit-source-id: e6cf099186fffc79ebf463897b55e0c3e728f3f5
  2. Downgrade to compileSdkVersion 26

    hramos authored and facebook-github-bot committed Sep 18, 2018
    Summary:
    Go back to using compileSdkVersion 26 and targetSdkVersion 26, temporarily. We can re-add this once Android SDK 27 becomes available in Facebook's internal repository.
    
    The Android SDK Build Tools 27.0.3 **are** available, so we can continue using those.
    
    Reviewed By: axe-fb
    
    Differential Revision: D9886607
    
    fbshipit-source-id: 6c1c9c1e1309c3a0483cc4c0bd8dcb4a5f29fc7e
Commits on Sep 13, 2018
  1. Remove tokens from Circle CI config (#21058)

    hramos authored and facebook-github-bot committed Sep 13, 2018
    Summary:
    While these were intentionally used in the open, and never were abused, it has become a distraction whenever they are flagged.
    
    We'll have to move this functionality to a service outside of Circle CI, as we cannot securely pass secrets to forks and PRs in Circle CI. By necessity, these PR analysis scripts must run alongside PRs.
    
    The The controller you requested could not be found. token has already been revoked. The The controller you requested could not be found. token is not under our control, and is still valid as of this writing. The eslint token has public_repo scope, with no access to any private repos. It's no different than having a random account commenting on any public repo.
    
    Unfortunately, revoking the The controller you requested could not be found. token affects React's use of this bot account as well.
    
     ---
    
    Q: What does the React team need this token for?
    A: It's used to analyze how a PR will impact the build size for React.
    
    Q: What does the React Native team need this token for?
    A: We do lightweight automated PR code reviews with it (eslint, flagging large PRs, etc)
    
    Q: What can someone do with the access token?
    A: The token was for the The controller you requested could not be found. GitHub account. The account has no privileged access to any organization, so in effect it's like having the token to a random GitHub account. The token has public_repo access scope, which allows it to interact with any public repository on GitHub. The attacker can leave comments on any issue, pull request, or commit, on any public open source repository on GitHub. They could spam or leave arbitrary messages. It's no different than using any random newly created GitHub account to do this, but the bot is named "React Linter", so people could have used it to make React look bad.
    
    Q: Why didn't we just remove the token from the open source repositories? CircleCI allows you to use environment variables to keep secrets out of the repo.
    A: We have configured CircleCI to hide environment variables from Circle CI jobs triggered by non-Facebook org forks and pull requests (otherwise, anyone could add a file to their fork that echoes $SUPER_SECRET and then read it from the Circle CI logs). This allows us to do things like publish to npm only on commits that actually land on the main repo, without letting random people do the same on their forks.
    
    Q: Why can't we run these scripts on Circle CI jobs that do have access to secret environment variables?
    A: It's by necessity. These scripts are meant to run on pull requests and forks. They're used to lint pull requests, after all.
    
    Q: Why can't we run these scripts on internal Facebook infrastructure?
    A: Automatic importing of arbitrary code from external sources into internal Facebook systems without a FB engineer's involvement  is disallowed. We're happy to let Circle CI run unvetted code in this manner.
    
    Q: What do other projects do in similar situations?
    A: A common solution for open source projects that need to run scripts with access to GitHub without exposing the access token on CI is to use a private cloud server (i.e. a droplet in Digital Ocean, an instance on AWS...).
    
    Q: Why don't we use the same infra used by react-native-bot to run react-linter?
    A: React-Native-Bot runs once an hour or so, querying for recent issues and PRs. It does not use webhooks, and instead performs the same kind of search queries you'd use on GitHub, therefore it's not great for picking up when a PR has been updated. Circle CI is great for running scripts whenever a PR is created or updated, as Circle outages aside, we can be fairly certain a script will run any time a PR is updated. If you want to track build sizes, you really want to make sure any new commit added to a PR will trigger a re-run.
    Pull Request resolved: #21058
    
    Differential Revision: D9809842
    
    Pulled By: hramos
    
    fbshipit-source-id: 6ca5d2f5b48e077ec822a3aea5237534bd828850
Commits on Sep 11, 2018
  1. Update copyright headers to yearless format

    hramos authored and facebook-github-bot committed Sep 11, 2018
    Summary: This change drops the year from the copyright headers and the LICENSE file.
    
    Reviewed By: yungsters
    
    Differential Revision: D9727774
    
    fbshipit-source-id: df4fc1e4390733fe774b1a160dd41b4a3d83302a
  2. Update repo documentation to match other Facebook projects

    hramos authored and facebook-github-bot committed Sep 11, 2018
    Summary: Pull Request resolved: #21046
    
    Differential Revision: D9762088
    
    Pulled By: hramos
    
    fbshipit-source-id: dd830dd0e1f38816d299065e0ca8a673e473c185
Commits on Sep 7, 2018
  1. Add missing copyright headers (#21000)

    hramos authored and facebook-github-bot committed Sep 7, 2018
    Summary:
    One of our automated project tools noted that these were all missing their copyright headers.
    Pull Request resolved: #21000
    
    Differential Revision: D9721495
    
    Pulled By: hramos
    
    fbshipit-source-id: 6ccf0f37165a0fe16cf06bd996d615f2286101dc
  2. Remove Node 10 check (#21001)

    hramos authored and facebook-github-bot committed Sep 7, 2018
    Summary:
    This script is not yet used. Regardless, Node 10 has been working fine for a while now.
    Pull Request resolved: #21001
    
    Differential Revision: D9721549
    
    Pulled By: hramos
    
    fbshipit-source-id: 44b5e2f9ec9b622a364491840f8bd8092f0399ff
Commits on Sep 5, 2018
  1. Close after 3 days

    hramos authored and facebook-github-bot committed Sep 5, 2018
    Summary: Pull Request resolved: #20990
    
    Differential Revision: D9664380
    
    Pulled By: hramos
    
    fbshipit-source-id: 63cc205b44ed7cfb55fef64ddce579a35e082300
Commits on Aug 31, 2018
  1. Bump lodash dependency (#20892)

    hramos authored and facebook-github-bot committed Aug 31, 2018
    Summary:
    Per [CVE](https://nvd.nist.gov/vuln/detail/CVE-2018-3721) warning.
    Pull Request resolved: #20892
    
    Differential Revision: D9616099
    
    Pulled By: hramos
    
    fbshipit-source-id: 245c09ca32934c5e5464f87bfca213f1b10f8fec
Commits on Aug 30, 2018
  1. Use PR reviews (#20927)

    hramos authored and facebook-github-bot committed Aug 30, 2018
    Summary:
    Use GitHub PR Reviews instead of individual comments. The result is similar to the existing implementation, but there will be a top level comment indicating possible next steps for the PR author.
    
    Verified on Circle.
    Pull Request resolved: #20927
    
    Differential Revision: D9596595
    
    Pulled By: hramos
    
    fbshipit-source-id: 3628b0097aa9a21a40089f2cbe1859bd64ccd8b7
Commits on Aug 24, 2018
  1. Fix eslint code analysis bot (#20822)

    hramos authored and facebook-github-bot committed Aug 24, 2018
    Summary:
    The eslint bot has not been working since the migration to Circle 2.0.
    Pull Request resolved: #20822
    
    Differential Revision: D9492680
    
    Pulled By: hramos
    
    fbshipit-source-id: 7f2f9ac125b6cab1750902c485a6d27d6c3cf302
Commits on Aug 23, 2018
  1. Gate failing steps behind a username check (#20818)

    hramos authored and facebook-github-bot committed Aug 23, 2018
    Summary:
    There are some steps known to be failing on master. This pollutes checks for unrelated PRs.
    
    This PR will make it so that PRs submitted by anyone other than myself will no-op on these steps.
    
    Future work: Have an array of whitelisted contributors, and make it much easier to turn individual tests on and off.
    Pull Request resolved: #20818
    
    Differential Revision: D9484946
    
    Pulled By: hramos
    
    fbshipit-source-id: d6c187b341f13552b33d0f1d569b65f6c66ae48f
  2. Bump iOS min in Readme (#20805)

    hramos authored and facebook-github-bot committed Aug 23, 2018
    Summary:
    iOS 8 was dropped as of 0.56.
    Pull Request resolved: #20805
    
    Differential Revision: D9481968
    
    Pulled By: hramos
    
    fbshipit-source-id: 23e74ac3145ba92e2c119be365f2435e290c3f61
  3. Use one time password when publishing to npm (#20701)

    hramos authored and facebook-github-bot committed Aug 23, 2018
    Summary:
    This pull request addresses the failing publish-npm.js script from earlier this week. For background, last month we reset all npm access tokens for any package related to Facebook, and we now require all accounts with publish permissions to have two factor enabled.
    
    The publish-npm.js script relied on one such token that is configured in Circle CI as a envvar. The token has been updated in Circle CI, but we now need a way of passing the one time password to npm.
    
    With this PR, we can now grab the otp from Circle CI's envvars. Considering otps are ephemeral, this requires the NPM_CONFIG_OTP envvar to be set by someone with publishing permissions anytime a new release will be pushed to npm. The token is short lived, but it would still be good to clear the envvar after the package is published. Circle CI envvars are not passed on to PR/forked builds.
    
    This PR is effectively a breaking change for the release process, as the publish step will not succeed if the OTP is not valid.
    
    OTPs are short-lived, and the publish_npm_package job will definitely outlive the token. Unfortunately this will require some timing to get right, but the alternative is to ssh into the Circle CI machine and re-run the `npm publish --otp` command, which again would still require someone with publish access to provide the otp.
    Pull Request resolved: #20701
    
    Differential Revision: D9478488
    
    Pulled By: hramos
    
    fbshipit-source-id: 6af631a9cb425271b98c03d158aec390ebc95304
  4. Update lock file for open source (#20800)

    hramos authored and facebook-github-bot committed Aug 23, 2018
    Summary:
    Should fix CI failure.
    Pull Request resolved: #20800
    
    Differential Revision: D9470366
    
    Pulled By: hramos
    
    fbshipit-source-id: 7269876be14f9260cc984ab0737a2e32218f4715
Commits on Aug 22, 2018
  1. Run failing tests in CI, without turning CI red (#20775)

    hramos authored and facebook-github-bot committed Aug 22, 2018
    Summary:
    We have several disabled tests in Circle, and they are not running at all.
    This prevents us from seeing when a disabled test might actually be fixed, as enabling the test requires uncommenting the correct line in Circle CI's config.
    
    In this PR, we use the existing swallow_error script to run known-failing steps, without failing the job. This will let us see the step's output in CI, without polluting PRs that have not introduced new failures to CI.
    Pull Request resolved: #20775
    
    Differential Revision: D9442412
    
    Pulled By: hramos
    
    fbshipit-source-id: 83c930811a559fdcf6d7b926b4073343e862d2b3
  2. Merge pull request #20796 from hramos/yarn-lock

    hramos committed Aug 22, 2018
    [ShipIt Sync] Add Yarn lockfile
  3. Add Yarn lockfile

    hramos committed Aug 22, 2018
Commits on Aug 21, 2018
  1. WIP: Add Node 10 job to workflow

    hramos authored and facebook-github-bot committed Aug 21, 2018
    Summary: Pull Request resolved: #19299
    
    Differential Revision: D9413583
    
    Pulled By: hramos
    
    fbshipit-source-id: 61ac48e46feaba5f1ec80362b5e1c7f2787ee167
Commits on Aug 20, 2018
  1. Disable Podspec tests

    hramos authored and facebook-github-bot committed Aug 20, 2018
    Summary: Pull Request resolved: #20755
    
    Differential Revision: D9408317
    
    Pulled By: hramos
    
    fbshipit-source-id: 7799cf8ee4c99662299ef9cf1a26913cdf0d8b39
Commits on Aug 17, 2018
  1. Link to Discuss as a lightweight discussion forum (#20697)

    hramos authored and facebook-github-bot committed Aug 17, 2018
    Summary:
    kelset should we link to Discuss more prominently? There are some lightweight discussions that probably don't belong in the discussions repo.
    Pull Request resolved: #20697
    
    Differential Revision: D9386345
    
    Pulled By: hramos
    
    fbshipit-source-id: 53d81bcc3d9b2570a094017cc134726140e1a3bb
  2. Fix old license that snuck into repo (#20702)

    hramos authored and facebook-github-bot committed Aug 17, 2018
    Summary:
    Quick trivial PR to add back a necessary header. Fixes CI as well.
    Pull Request resolved: #20702
    
    Differential Revision: D9374430
    
    Pulled By: hramos
    
    fbshipit-source-id: dba0f1d4fc80e39242d8c3e6d1e0007492d2860d
  3. Fix Flow errors (#20696)

    hramos authored and facebook-github-bot committed Aug 17, 2018
    Summary:
    Revert change to flow strict-local in OSS.
    Pull Request resolved: #20696
    
    Differential Revision: D9367630
    
    Pulled By: hramos
    
    fbshipit-source-id: 17e4d1ab6d00b2e14033b223d878d5fcd1c098f4
Commits on Aug 16, 2018
  1. Merge pull request #20700 from yns88/fixup-T32865179-master

    hramos committed Aug 16, 2018
    Re-sync with internal repository