build(deps): bump nokogiri from 1.19.0 to 1.19.1 in /config/release (… #3238
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file is generated by `script/update_ci_yaml` based on input from `config/tested_datastore_versions.yaml`. | |
| # To edit it, make changes to the template at the bottom of `script/update_ci_yaml` and run it. | |
| name: ElasticGraph CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| # Allows triggering CI manually or from other workflows. Used by the release workflow | |
| # to trigger CI on release PRs, since PRs created by GITHUB_TOKEN don't automatically | |
| # trigger the `pull_request` event (GitHub prevents this to avoid infinite loops). | |
| workflow_dispatch: | |
| env: | |
| # It's recommended to run ElasticGraph with this option to get better performance. We want to run | |
| # our CI builds with it to ensure that the option always works. | |
| RUBYOPT: "--enable-frozen-string-literal" | |
| # We use the VCR gem as a local "test accelerator" which caches datastore requests/responses for us. | |
| # But in our CI build we don't want to use it at all, so we disable it here. | |
| NO_VCR: "1" | |
| docker_platforms: linux/amd64,linux/arm64 | |
| jobs: | |
| ci-check: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build_part: | |
| - run_each_gem_spec | |
| ruby: | |
| - "3.4" | |
| - "4.0" | |
| datastore: | |
| - "elasticsearch:9.2.4" | |
| include: | |
| # Datastore-specific tests on non-primary datastores. | |
| # These run only `:uses_datastore` tagged tests since non-datastore tests don't vary by datastore. | |
| - build_part: "run_datastore_specs" | |
| ruby: "4.0" | |
| datastore: "elasticsearch:9.0.0" | |
| - build_part: "run_datastore_specs" | |
| ruby: "4.0" | |
| datastore: "opensearch:3.4.0" | |
| - build_part: "run_datastore_specs" | |
| ruby: "4.0" | |
| datastore: "opensearch:2.19.0" | |
| # We have a special build part for JRuby. | |
| - build_part: "run_specs_for_jruby" | |
| ruby: "jruby-10.0" | |
| datastore: "elasticsearch:9.2.4" | |
| # Other build parts run on max Ruby and primary datastore only. | |
| - build_part: "run_misc_checks" | |
| ruby: "4.0" | |
| datastore: "elasticsearch:9.2.4" | |
| - build_part: "run_specs_with_vcr" | |
| ruby: "4.0" | |
| datastore: "elasticsearch:9.2.4" | |
| - build_part: "run_specs_file_by_file" | |
| ruby: "4.0" | |
| datastore: "elasticsearch:9.2.4" | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0 | |
| with: | |
| ruby-version: ${{ matrix.ruby }} | |
| bundler-cache: true # runs 'bundle install' and caches installed gems automatically | |
| - name: Setup Docker Compose | |
| uses: KengoTODA/actions-setup-docker-compose@aa468051c6851848da9bfe114e7eac913c0bf59c # v1.2.3 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Configure Git | |
| run: | | |
| git config --global user.name "GitHub Action Bot" | |
| git config --global user.email "action@github.com" | |
| git config --global init.defaultBranch main | |
| - name: Run Build Part | |
| # Note: the `10` argument on the end is a number of seconds to sleep after booting the datastore. | |
| # We've found that there is a minor race condition where the shards aren't fully ready for the tests | |
| # to hit them if we don't wait a bit after booting. | |
| run: script/ci_parts/${{ matrix.build_part }} ${{ matrix.datastore }} 10 | |
| docker-demo: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| OPENSEARCH_VERSION: "3.4.0" | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0 | |
| with: | |
| ruby-version: "4.0" | |
| bundler-cache: true # runs 'bundle install' and caches installed gems automatically | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | |
| with: | |
| driver: docker-container | |
| - name: Build OpenSearch image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: elasticgraph-local/lib/elastic_graph/local/opensearch | |
| file: elasticgraph-local/lib/elastic_graph/local/opensearch/Dockerfile | |
| push: false | |
| load: true | |
| build-args: | | |
| VERSION=${{ env.OPENSEARCH_VERSION }} | |
| tags: | | |
| elasticgraph-opensearch-demo:latest | |
| - name: Build ElasticGraph image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: config/docker_demo/Dockerfile | |
| push: false | |
| load: true | |
| tags: | | |
| elasticgraph-demo:latest | |
| - name: Test docker images | |
| env: | |
| NO_BUILD: "true" | |
| run: config/docker_demo/test | |
| - name: Login to GitHub Container Registry | |
| if: success() && github.ref == 'refs/heads/main' | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push OpenSearch image | |
| if: success() && github.ref == 'refs/heads/main' | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: elasticgraph-local/lib/elastic_graph/local/opensearch | |
| file: elasticgraph-local/lib/elastic_graph/local/opensearch/Dockerfile | |
| push: true | |
| platforms: ${{ env.docker_platforms }} | |
| build-args: | | |
| VERSION=${{ env.OPENSEARCH_VERSION }} | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/elasticgraph-opensearch-demo:${{ github.sha }} | |
| ghcr.io/${{ github.repository_owner }}/elasticgraph-opensearch-demo:latest | |
| - name: Push ElasticGraph image | |
| if: success() && github.ref == 'refs/heads/main' | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: config/docker_demo/Dockerfile | |
| push: true | |
| platforms: ${{ env.docker_platforms }} | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/elasticgraph-demo:${{ github.sha }} | |
| ghcr.io/${{ github.repository_owner }}/elasticgraph-demo:latest | |
| lint-workflows: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Install action-validator with asdf | |
| uses: asdf-vm/actions/install@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4.0.1 | |
| with: | |
| tool_versions: | | |
| action-validator 0.5.1 | |
| - name: Lint Actions | |
| run: | | |
| find .github/workflows -type f \( -iname \*.yaml -o -iname \*.yml \) \ | |
| | xargs -I {} action-validator --verbose {} | |
| # An extra job that runs after all the others and provides a single summary status. | |
| # This is used by our branch protection rule to block merge until all CI checks passed, | |
| # without requiring us to individually list each CI check in the branch protection rule. | |
| # | |
| # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794 | |
| all-ci-checks-passed: | |
| if: ${{ always() }} # so it runs even if the workflow was cancelled | |
| runs-on: ubuntu-latest | |
| name: All CI Checks Passed | |
| needs: [ci-check, docker-demo, lint-workflows] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - run: | | |
| result="${{ needs.ci-check.result }}" | |
| docker_result="${{ needs.docker-demo.result }}" | |
| if [[ $result == "success" || $result == "skipped" ]] && [[ $docker_result == "success" || $docker_result == "skipped" ]]; then | |
| exit 0 | |
| else | |
| exit 1 | |
| fi |