Merge branch 'main' into cmpwrappers1

guardian · Jan 10, 2024 · e7c93a4 · e7c93a4 · github-actions · Jan 10, 2024
2 parents 33e70a3 + 38f9763
commit e7c93a4
Show file tree

Hide file tree

Showing 19 changed files with 1,068 additions and 1,028 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,21 +1,25 @@
 <!--
 
-If this PR should trigger a release, make sure your title is prefixed with one of these:
+### Production Release
 
-- fix: (patch release)
-- feat: (minor release)
+To add this PR to the next release:
+    - Run `yarn changeset add` locally to create a changeset and follow the instructions.
+    - Push these changes to your branch.
+    - Once merged, changeset will create a new PR titled 'Version Packages'
 
-These can be used but will not trigger a release:
+### Beta Release
 
-build: | chore: | ci: | docs: | style: | refactor: | perf: | test:
-
-To trigger a major release, add ! to the prefix. Any prefix can do this, e.g.:
-
-- refactor!: drop support for Node 6
-- fix!: remove old conflicting method
+To trigger a beta release:
 
+    - Run `yarn changeset add` locally to create a changeset and follow the instructions.
+    - Push these changes to your branch
+    - Apply the `[beta] @guardian/consent-management-platform` label to your pull request. This action will automatically trigger the [`cmp-beta-release-on-label.yml`](../.github/workflows/cmp-beta-release-on-label.yml) workflow.
+    - Upon completion, the beta version will be posted by the `github-actions bot` in your pull request.
+    - After testing the published beta, feel free to delete the generated .yml file if you decide not to update the cmp version.
 -->
 
 ## What does this change?
 
 ## Why?
+
+## Link to Trello
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,7 +9,47 @@ updates:
     directory: '/'
     schedule:
       interval: 'weekly'
+    labels:
+      - 'cmp_app_group'
+      - 'dependencies'
+      - 'javascript'
+    groups:
+      cmp-app:
+        patterns:
+          - '*'
+  - package-ecosystem: 'npm'
+    directory: '/cdk'
+    schedule:
+      interval: 'weekly'
+    labels:
+      - 'cdk_group'
+      - 'dependencies'
+      - 'javascript'
+    groups:
+      cdk:
+        patterns:
+          - '*'
+  - package-ecosystem: 'npm'
+    directory: '/monitoring'
+    schedule:
+      interval: 'weekly'
+    labels:
+      - 'monitoring_group'
+      - 'dependencies'
+      - 'javascript'
+    groups:
+      monitoring:
+        patterns:
+          - '*'
   - package-ecosystem: 'github-actions'
     directory: '/'
     schedule:
       interval: 'weekly'
+    labels:
+      - 'github_action_group'
+      - 'dependencies'
+      - 'github_actions'
+    groups:
+      github_action:
+        patterns:
+          - '*'
diff --git a/.github/workflows/cmp-beta-release-on-label.yml b/.github/workflows/cmp-beta-release-on-label.yml
@@ -7,7 +7,12 @@ on:
   pull_request:
     types: [labeled]
 
-permissions: write-all
+permissions:
+  checks: write
+  pull-requests: write
+  contents: write
+  id-token: write
+  issues: write
 
 jobs:
   run-tests:
@@ -21,8 +26,11 @@ jobs:
     name: Build CMP App
     needs: [run-tests]
     uses: ./.github/workflows/cmp-build-release.yml
+    secrets:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
     permissions:
       checks: write
       pull-requests: write
       contents: write
       id-token: write
+      issues: write
diff --git a/.github/workflows/cmp-build-release.yml b/.github/workflows/cmp-build-release.yml
@@ -2,17 +2,20 @@ name: Build and/or Release CMP
 
 on:
   workflow_call:
+    secrets:
+      NPM_TOKEN:
+        required: true
 
 jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: yarn
@@ -28,7 +31,7 @@ jobs:
 
       - name: Save build
         if: github.ref == 'refs/heads/main' || github.event.label.name == '[beta] @guardian/consent-management-platform'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: dist
           path: dist
@@ -44,13 +47,13 @@ jobs:
       id-token: write # to enable use of OIDC for npm provenance
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           persist-credentials: false
 
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: yarn
@@ -59,7 +62,7 @@ jobs:
         run: yarn --frozen-lockfile
 
       - name: Fetch build
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: dist
           path: dist
@@ -78,14 +81,21 @@ jobs:
     needs: [build]
     if: github.event.label.name == '[beta] @guardian/consent-management-platform'
     runs-on: ubuntu-latest
+    permissions:
+      contents: write # in order to write labels to main branch?
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+      issues: write
+      checks: write
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: 'yarn'
@@ -94,7 +104,7 @@ jobs:
         run: yarn --frozen-lockfile
 
       - name: Fetch build
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: dist
           path: dist
@@ -107,12 +117,14 @@ jobs:
         id: changeset
         with:
           publish: yarn changeset publish --tag beta
+          commit: Beta Release
+          title: Beta Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          HUSKY: 0
 
       - uses: actions/github-script@v6
+        if: steps.changeset.outputs.published == 'true'
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |

diff --git a/.github/workflows/cmp-ci.yml b/.github/workflows/cmp-ci.yml
@@ -19,8 +19,11 @@ jobs:
     name: Build CMP
     needs: [run-tests, run-checks]
     uses: ./.github/workflows/cmp-build-release.yml
+    secrets:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
     permissions:
+      contents: write # in order to write labels to main branch?
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+      issues: write
       checks: write
-      pull-requests: write
-      contents: write
-      id-token: write
diff --git a/.github/workflows/cmp-run-checks.yml b/.github/workflows/cmp-run-checks.yml
@@ -9,10 +9,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: yarn
@@ -28,10 +28,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: yarn

diff --git a/.github/workflows/cmp-run-tests.yml b/.github/workflows/cmp-run-tests.yml
@@ -13,10 +13,10 @@ jobs:
       contents: write
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: yarn
@@ -25,7 +25,7 @@ jobs:
         run: yarn --frozen-lockfile
 
       - name: Run unit tests
-        uses: ArtiomTr/jest-coverage-report-action@v2.2.4
+        uses: ArtiomTr/jest-coverage-report-action@v2.2.6
         with:
           package-manager: yarn
           test-script: yarn test:unit
@@ -41,10 +41,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: yarn

diff --git a/.github/workflows/daily-test.yml b/.github/workflows/daily-test.yml
@@ -7,9 +7,9 @@ jobs:
   run-test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: yarn

diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml
@@ -12,10 +12,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: yarn

diff --git a/.github/workflows/monitoring-CI.yml b/.github/workflows/monitoring-CI.yml
@@ -10,18 +10,19 @@ jobs:
     permissions:
       id-token: write
       contents: read
+      pull-requests: write # to be able to comment on released pull requests
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       # Setup AWS credentials to enable uploading to S3 for Riff-Raff.
       # See https://github.com/aws-actions/configure-aws-credentials
-      - uses: aws-actions/configure-aws-credentials@v2
+      - uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
           aws-region: eu-west-1
 
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: yarn

diff --git a/docs/01-development-instructions.md b/docs/01-development-instructions.md
@@ -126,6 +126,12 @@ To release a new version with your changes, run `yarn changeset add` and follow
 
 When your PR is merged, changeset will analyse the changes and create a PR to release the new version.
 
+### Beta
+
+To trigger a beta release, apply the `[beta] @guardian/consent-management-platform` label to your pull request. This action will automatically trigger the [`cmp-beta-release-on-label.yml`](../.github/workflows/cmp-beta-release-on-label.yml) workflow. Upon completion, the beta version will be posted by the `github-actions bot` in your pull request.
+
+To re-trigger a beta-release on the same branch, remove the label and then reapply it.
+
 ### CI/CD
 
 This project also uses [github action workflow](../.github/workflows/README.md) to manage it's CI/CD.

diff --git a/monitoring/package.json b/monitoring/package.json
@@ -13,29 +13,29 @@
     "validate": "npm-run-all test lint build"
   },
   "dependencies": {
-    "@aws-sdk/client-cloudwatch": "^3.428.0",
+    "@aws-sdk/client-cloudwatch": "^3.484.0",
     "commander": "^11.1.0",
     "dotenv": "^16.3.1",
-    "inquirer": "^8.2.3",
+    "inquirer": "^8.2.6",
     "playwright-aws-lambda": "^0.10.0",
-    "playwright-core": "^1.39.0",
+    "playwright-core": "^1.40.1",
     "tslib": "^2.6.2",
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@aws-sdk/client-lambda": "^3.428.0",
-		"@babel/parser": "^7.23.3",
-    "@guardian/eslint-config-typescript": "^7.0.0",
-    "@guardian/prettier": "^5.0.0",
+    "@aws-sdk/client-lambda": "^3.484.0",
+		"@babel/parser": "^7.23.6",
+    "@guardian/eslint-config-typescript": "^9.0.0",
+    "@guardian/prettier": "^7.0.0",
     "@guardian/tsconfig": "^0.2.0",
     "@tsconfig/node18": "^18.2.2",
-    "@types/aws-lambda": "^8.10.124",
-    "@types/inquirer": "^8.2.3",
-    "@types/jest": "^29.5.5",
-    "@types/node": "^20.8.6",
-    "@vercel/ncc": "^0.38.0",
+    "@types/aws-lambda": "^8.10.130",
+    "@types/inquirer": "^8.2.7",
+    "@types/jest": "^29.5.11",
+    "@types/node": "^20.10.6",
+    "@vercel/ncc": "^0.38.1",
     "aws-lambda": "^1.0.7",
-    "eslint": "^8.51.0",
+    "eslint": "^8.56.0",
     "jest": "^29.7.0",
     "markdown-toc": "^1.2.0",
     "npm-run-all": "^4.1.5",
St.^❔	Category	Percentage	Covered / Total
🟢	Statements	80.35%	278/346
🟡	Branches	67.76%	103/152
🟡	Functions	78.02%	71/91
🟡	Lines	79.82%	269/337