2017-09-21 20:34:02 +00:00
|
|
|
aliases:
|
2018-02-01 01:08:06 +00:00
|
|
|
# Cache Management
|
2018-05-17 03:12:39 +00:00
|
|
|
- &restore-yarn-cache
|
2017-09-21 20:34:02 +00:00
|
|
|
keys:
|
2018-05-23 20:51:57 +00:00
|
|
|
- v1-yarn-cache-{{ arch }}-{{ checksum "package.json" }}
|
2018-05-17 03:12:39 +00:00
|
|
|
- v1-yarn-cache-{{ arch }}
|
|
|
|
|
- &save-yarn-cache
|
2017-09-21 20:34:02 +00:00
|
|
|
paths:
|
2018-01-30 21:49:01 +00:00
|
|
|
- ~/.cache/yarn
|
2018-05-23 20:51:57 +00:00
|
|
|
key: v1-yarn-cache-{{ arch }}-{{ checksum "package.json" }}
|
2018-05-17 03:12:39 +00:00
|
|
|
|
|
|
|
|
- &restore-node-modules
|
|
|
|
|
keys:
|
|
|
|
|
- v2-node-modules-{{ arch }}-{{ checksum "package.json" }}
|
|
|
|
|
- &save-node-modules
|
|
|
|
|
paths:
|
|
|
|
|
- node_modules
|
|
|
|
|
key: v2-node-modules-{{ arch }}-{{ checksum "package.json" }}
|
2017-09-21 20:34:02 +00:00
|
|
|
|
2017-10-16 18:52:48 +00:00
|
|
|
- &restore-cache-analysis
|
2017-09-21 20:34:02 +00:00
|
|
|
keys:
|
2018-03-27 21:31:42 +00:00
|
|
|
- v1-analysis-dependencies-{{ arch }}-{{ checksum "package.json" }}{{ checksum "bots/package.json" }}
|
2017-10-16 18:52:48 +00:00
|
|
|
- &save-cache-analysis
|
2017-09-21 20:34:02 +00:00
|
|
|
paths:
|
2018-02-01 00:22:27 +00:00
|
|
|
- bots/node_modules
|
2017-10-16 18:52:48 +00:00
|
|
|
- node_modules
|
2018-03-27 21:31:42 +00:00
|
|
|
key: v1-analysis-dependencies-{{ arch }}-{{ checksum "package.json" }}{{ checksum "bots/package.json" }}
|
2017-09-21 20:34:02 +00:00
|
|
|
|
|
|
|
|
- &restore-cache-android-packages
|
|
|
|
|
keys:
|
2018-08-23 06:07:33 +00:00
|
|
|
- v1-android-sdkmanager-packages-api-27-alpha-{{ checksum "scripts/.tests.env" }}
|
2017-09-21 20:34:02 +00:00
|
|
|
- &save-cache-android-packages
|
|
|
|
|
paths:
|
2017-12-22 19:07:48 +00:00
|
|
|
- /opt/android/sdk
|
2018-08-23 06:07:33 +00:00
|
|
|
key: v1-android-sdkmanager-packages-api-27-alpha-{{ checksum "scripts/.tests.env" }}
|
2017-09-21 20:34:02 +00:00
|
|
|
|
2018-03-27 16:15:54 +00:00
|
|
|
- &restore-cache-gradle
|
|
|
|
|
keys:
|
2018-07-23 20:28:17 +00:00
|
|
|
- v1-gradle-{{ .Branch }}-{{ checksum "build.gradle" }}-{{ checksum "ReactAndroid/build.gradle" }}
|
2018-03-27 16:15:54 +00:00
|
|
|
# Fallback in case checksum fails
|
2018-07-23 20:28:17 +00:00
|
|
|
- v1-gradle-{{ .Branch }}-{{ checksum "build.gradle" }}-
|
|
|
|
|
- v1-gradle-{{ .Branch }}-
|
2018-03-27 16:15:54 +00:00
|
|
|
# Fallback in case this is a first-time run on a fork
|
2018-07-23 20:28:17 +00:00
|
|
|
- v1-gradle-master-
|
2018-03-27 16:15:54 +00:00
|
|
|
- &save-cache-gradle
|
|
|
|
|
paths:
|
|
|
|
|
- ~/.gradle
|
2018-07-23 20:28:17 +00:00
|
|
|
key: v1-gradle-{{ .Branch }}-{{ checksum "build.gradle" }}-{{ checksum "ReactAndroid/build.gradle" }}
|
2018-03-27 16:15:54 +00:00
|
|
|
|
2017-09-21 20:34:02 +00:00
|
|
|
- &restore-cache-ndk
|
|
|
|
|
keys:
|
2018-07-30 20:54:03 +00:00
|
|
|
- v3-android-ndk-r17b-{{ checksum "scripts/android-setup.sh" }}
|
2017-09-21 20:34:02 +00:00
|
|
|
- &save-cache-ndk
|
|
|
|
|
paths:
|
|
|
|
|
- /opt/ndk
|
2018-07-30 20:54:03 +00:00
|
|
|
key: v3-android-ndk-r17b-{{ checksum "scripts/android-setup.sh" }}
|
2017-09-21 20:34:02 +00:00
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
- &restore-cache-downloads-buck
|
2017-09-21 20:34:02 +00:00
|
|
|
keys:
|
2018-07-30 20:54:03 +00:00
|
|
|
- v3-buck-v2018.07.23.01-{{ checksum "scripts/circleci/buck_fetch.sh" }}}
|
|
|
|
|
- v3-buck-v2018.07.23.01-
|
2018-07-23 20:28:17 +00:00
|
|
|
- &save-cache-downloads-buck
|
2017-09-21 20:34:02 +00:00
|
|
|
paths:
|
|
|
|
|
- ~/buck
|
2018-03-28 19:53:08 +00:00
|
|
|
- ~/okbuck
|
2018-07-30 20:54:03 +00:00
|
|
|
key: v3-buck-v2018.07.23.01-{{ checksum "scripts/circleci/buck_fetch.sh" }}
|
2017-09-21 20:34:02 +00:00
|
|
|
|
|
|
|
|
- &restore-cache-watchman
|
|
|
|
|
keys:
|
2017-10-13 23:11:53 +00:00
|
|
|
- v1-watchman-{{ arch }}-v4.9.0
|
2017-09-21 20:34:02 +00:00
|
|
|
- &save-cache-watchman
|
|
|
|
|
paths:
|
|
|
|
|
- ~/watchman
|
2017-10-13 23:11:53 +00:00
|
|
|
key: v1-watchman-{{ arch }}-v4.9.0
|
|
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
- &restore-cache-downloads-gradle
|
2018-03-27 21:31:42 +00:00
|
|
|
keys:
|
2018-07-23 20:28:17 +00:00
|
|
|
- v1-gradle-{{ checksum "ReactAndroid/build.gradle" }}-{{ checksum "scripts/circleci/gradle_download_deps.sh" }}
|
|
|
|
|
- v1-gradle-
|
|
|
|
|
- &save-cache-downloads-gradle
|
2018-03-27 21:31:42 +00:00
|
|
|
paths:
|
|
|
|
|
- ~/.gradle
|
|
|
|
|
- ReactAndroid/build/downloads
|
|
|
|
|
- ReactAndroid/build/third-party-ndk
|
2018-07-23 20:28:17 +00:00
|
|
|
key: v1-gradle-{{ checksum "ReactAndroid/build.gradle" }}-{{ checksum "scripts/circleci/gradle_download_deps.sh" }}
|
2018-03-27 21:31:42 +00:00
|
|
|
|
2018-02-01 01:08:06 +00:00
|
|
|
# Branch Filtering
|
|
|
|
|
- &filter-only-master-stable
|
|
|
|
|
branches:
|
|
|
|
|
only:
|
|
|
|
|
- /.*-stable/
|
|
|
|
|
- master
|
|
|
|
|
|
|
|
|
|
- &filter-only-stable
|
|
|
|
|
branches:
|
|
|
|
|
only:
|
|
|
|
|
- /.*-stable/
|
|
|
|
|
|
|
|
|
|
- &filter-ignore-gh-pages
|
|
|
|
|
branches:
|
|
|
|
|
ignore: gh-pages
|
|
|
|
|
|
|
|
|
|
- &filter-ignore-master-stable
|
|
|
|
|
branches:
|
|
|
|
|
ignore:
|
|
|
|
|
- master
|
|
|
|
|
- /.*-stable/
|
|
|
|
|
- gh-pages
|
|
|
|
|
|
|
|
|
|
# Dependency Management
|
|
|
|
|
- &install-ndk
|
2018-03-10 01:06:51 +00:00
|
|
|
name: Install Android NDK
|
2018-05-16 00:25:16 +00:00
|
|
|
command: source scripts/android-setup.sh && getAndroidNDK
|
2018-02-01 01:08:06 +00:00
|
|
|
|
2018-01-30 21:49:01 +00:00
|
|
|
- &yarn
|
2018-06-15 18:34:19 +00:00
|
|
|
name: Run Yarn
|
|
|
|
|
command: |
|
|
|
|
|
# Skip yarn install on metro bump commits as the package is not yet
|
|
|
|
|
# available on npm
|
|
|
|
|
if [[ $(echo "$GIT_COMMIT_DESC" | grep -c "Bump metro@") -eq 0 ]]; then
|
|
|
|
|
yarn install --non-interactive --cache-folder ~/.cache/yarn
|
|
|
|
|
fi
|
2018-01-30 21:49:01 +00:00
|
|
|
|
|
|
|
|
- &install-yarn
|
2018-03-27 16:15:54 +00:00
|
|
|
name: Install Yarn
|
|
|
|
|
command: |
|
2018-01-30 21:49:01 +00:00
|
|
|
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
|
|
|
|
|
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
|
|
|
|
|
sudo apt-get update && sudo apt-get install yarn
|
|
|
|
|
|
2017-11-27 18:54:22 +00:00
|
|
|
- &install-buck
|
2018-03-27 16:15:54 +00:00
|
|
|
name: Install BUCK
|
|
|
|
|
command: |
|
2017-11-27 18:54:22 +00:00
|
|
|
if [[ ! -e ~/buck ]]; then
|
2018-07-30 20:54:03 +00:00
|
|
|
git clone https://github.com/facebook/buck.git ~/buck --branch v2018.07.23.01 --depth=1
|
2017-11-27 18:54:22 +00:00
|
|
|
fi
|
|
|
|
|
cd ~/buck && ant
|
|
|
|
|
buck --version
|
2018-03-28 19:53:08 +00:00
|
|
|
# Install related tooling
|
|
|
|
|
if [[ ! -e ~/okbuck ]]; then
|
|
|
|
|
git clone https://github.com/uber/okbuck.git ~/okbuck --depth=1
|
|
|
|
|
fi
|
|
|
|
|
mkdir -p ~/react-native/tooling/junit
|
2018-05-07 21:24:32 +00:00
|
|
|
cp -R ~/okbuck/tooling/junit/* ~/react-native/tooling/junit/.
|
2018-03-28 19:53:08 +00:00
|
|
|
|
2017-11-27 18:54:22 +00:00
|
|
|
- &create-ndk-directory
|
2018-02-06 20:36:07 +00:00
|
|
|
name: Create Android NDK Directory
|
|
|
|
|
command: |
|
2017-11-27 18:54:22 +00:00
|
|
|
if [[ ! -e /opt/ndk ]]; then
|
|
|
|
|
sudo mkdir /opt/ndk
|
|
|
|
|
fi
|
|
|
|
|
sudo chown ${USER:=$(/usr/bin/id -run)}:$USER /opt/ndk
|
|
|
|
|
|
|
|
|
|
# CircleCI does not support interpolating env variables in the environment
|
|
|
|
|
# https://circleci.com/docs/2.0/env-vars/#interpolating-environment-variables-to-set-other-environment-variables
|
|
|
|
|
- &configure-android-path
|
2018-02-06 20:36:07 +00:00
|
|
|
name: Configure Environment Variables
|
|
|
|
|
command: |
|
2018-06-29 19:48:38 +00:00
|
|
|
echo 'export PATH=${ANDROID_NDK}:~/buck/bin:$PATH' >> $BASH_ENV
|
2017-11-27 18:54:22 +00:00
|
|
|
source $BASH_ENV
|
|
|
|
|
|
|
|
|
|
- &install-android-packages
|
2018-03-10 01:06:51 +00:00
|
|
|
name: Install Android SDK Packages
|
2018-05-16 00:25:16 +00:00
|
|
|
command: source scripts/android-setup.sh && getAndroidPackages
|
2017-11-27 18:54:22 +00:00
|
|
|
|
2018-02-06 20:36:07 +00:00
|
|
|
- &install-android-build-dependencies
|
|
|
|
|
name: Install Android Build Dependencies
|
2018-03-27 16:15:54 +00:00
|
|
|
command: ./scripts/circleci/apt-get-android-deps.sh
|
2017-11-27 18:54:22 +00:00
|
|
|
|
2018-03-10 01:06:51 +00:00
|
|
|
- &validate-android-sdk
|
|
|
|
|
name: Validate Android SDK Install
|
|
|
|
|
command: ./scripts/validate-android-sdk.sh
|
|
|
|
|
|
|
|
|
|
- &validate-android-test-env
|
|
|
|
|
name: Validate Android Test Environment
|
|
|
|
|
command: ./scripts/validate-android-test-env.sh
|
|
|
|
|
|
2018-02-01 01:08:06 +00:00
|
|
|
# Test Definitions
|
|
|
|
|
- &run-js-tests
|
|
|
|
|
name: JavaScript Test Suite
|
|
|
|
|
command: yarn test-ci
|
2018-03-16 23:48:36 +00:00
|
|
|
|
|
|
|
|
# eslint sometimes runs into trouble generating the reports
|
2018-02-01 01:08:06 +00:00
|
|
|
- &run-lint-checks
|
|
|
|
|
name: Lint code
|
2018-08-06 19:59:41 +00:00
|
|
|
command: scripts/circleci/exec_swallow_error.sh yarn lint --format junit -o ~/react-native/reports/junit/eslint/results.xml
|
2018-02-01 01:08:06 +00:00
|
|
|
|
|
|
|
|
- &run-flow-checks
|
|
|
|
|
name: Check for errors in code using Flow
|
2018-08-06 19:59:41 +00:00
|
|
|
command: yarn flow check
|
2018-02-01 01:08:06 +00:00
|
|
|
|
2018-03-09 22:42:13 +00:00
|
|
|
- &run-sanity-checks
|
|
|
|
|
name: Sanity checks
|
|
|
|
|
command: |
|
|
|
|
|
./scripts/circleci/check_license.sh
|
|
|
|
|
./scripts/circleci/check_cache.sh
|
2018-03-01 16:07:40 +00:00
|
|
|
when: always
|
2018-03-27 21:31:42 +00:00
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
- &download-dependencies-gradle
|
|
|
|
|
name: Download Dependencies Using Gradle
|
2018-03-27 21:31:42 +00:00
|
|
|
command: ./scripts/circleci/gradle_download_deps.sh
|
2018-05-07 21:24:32 +00:00
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
- &download-dependencies-buck
|
|
|
|
|
name: Download Dependencies Using Buck
|
|
|
|
|
command: ./scripts/circleci/buck_fetch.sh
|
|
|
|
|
|
2017-12-22 19:07:48 +00:00
|
|
|
- &build-android-app
|
|
|
|
|
name: Build Android App
|
|
|
|
|
command: |
|
|
|
|
|
buck build ReactAndroid/src/main/java/com/facebook/react
|
|
|
|
|
buck build ReactAndroid/src/main/java/com/facebook/react/shell
|
|
|
|
|
|
2018-01-22 19:56:36 +00:00
|
|
|
- &create-avd
|
|
|
|
|
name: Create Android Virtual Device
|
2018-05-16 00:25:16 +00:00
|
|
|
command: source scripts/android-setup.sh && createAVD
|
2018-05-07 21:24:32 +00:00
|
|
|
|
2018-01-22 19:56:36 +00:00
|
|
|
- &launch-avd
|
|
|
|
|
name: Launch Android Virtual Device in Background
|
2018-05-16 00:25:16 +00:00
|
|
|
command: source scripts/android-setup.sh && launchAVD
|
2018-01-22 19:56:36 +00:00
|
|
|
background: true
|
|
|
|
|
|
2017-12-22 19:07:48 +00:00
|
|
|
- &wait-for-avd
|
|
|
|
|
name: Wait for Android Virtual Device
|
2018-05-16 00:25:16 +00:00
|
|
|
command: source scripts/android-setup.sh && waitForAVD
|
2017-12-22 19:07:48 +00:00
|
|
|
|
2018-01-22 19:56:36 +00:00
|
|
|
- &build-js-bundle
|
|
|
|
|
name: Build JavaScript Bundle
|
|
|
|
|
command: node local-cli/cli.js bundle --max-workers 2 --platform android --dev true --entry-file ReactAndroid/src/androidTest/js/TestBundle.js --bundle-output ReactAndroid/src/androidTest/assets/AndroidTestBundle.js
|
2017-12-22 19:07:48 +00:00
|
|
|
|
|
|
|
|
- &compile-native-libs
|
|
|
|
|
name: Compile Native Libs for Unit and Integration Tests
|
|
|
|
|
command: ./gradlew :ReactAndroid:packageReactNdkLibsForBuck -Pjobs=$BUILD_THREADS -Pcom.android.build.threadPoolSize=1
|
|
|
|
|
no_output_timeout: 6m
|
|
|
|
|
|
|
|
|
|
- &run-android-unit-tests
|
2018-01-22 19:56:36 +00:00
|
|
|
name: Run Unit Tests
|
2018-03-28 19:53:08 +00:00
|
|
|
command: buck test ReactAndroid/src/test/... --config build.threads=$BUILD_THREADS --xml ~/react-native/reports/buck/all-results-raw.xml
|
2017-12-22 19:07:48 +00:00
|
|
|
|
2018-01-22 19:56:36 +00:00
|
|
|
- &run-android-instrumentation-tests
|
|
|
|
|
name: Run Instrumentation Tests
|
2018-02-06 20:36:07 +00:00
|
|
|
command: |
|
2018-05-07 21:24:32 +00:00
|
|
|
if [[ ! -e ReactAndroid/src/androidTest/assets/AndroidTestBundle.js ]]; then
|
2018-02-06 20:36:07 +00:00
|
|
|
echo "JavaScript bundle missing, cannot run instrumentation tests. Verify build-js-bundle step completed successfully."; exit 1;
|
|
|
|
|
fi
|
2018-05-16 00:25:16 +00:00
|
|
|
source scripts/android-setup.sh && NO_BUCKD=1 retry3 timeout 300 buck install ReactAndroid/src/androidTest/buck-runner:instrumentation-tests --config build.threads=$BUILD_THREADS
|
2018-05-07 21:24:32 +00:00
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
- &build-android-rntester-app
|
|
|
|
|
name: Build Android RNTester App
|
|
|
|
|
command: ./gradlew RNTester:android:app:assembleRelease -Pjobs=$BUILD_THREADS
|
|
|
|
|
|
2017-12-22 19:07:48 +00:00
|
|
|
- &collect-android-test-results
|
|
|
|
|
name: Collect Test Results
|
|
|
|
|
command: |
|
2018-03-28 19:53:08 +00:00
|
|
|
find . -type f -regex ".*/build/test-results/debug/.*xml" -exec cp {} ~/react-native/reports/build/ \;
|
|
|
|
|
find . -type f -regex ".*/outputs/androidTest-results/connected/.*xml" -exec cp {} ~/react-native/reports/outputs/ \;
|
|
|
|
|
find . -type f -regex ".*/buck-out/gen/ReactAndroid/src/test/.*/.*xml" -exec cp {} ~/react-native/reports/buck/ \;
|
|
|
|
|
./tooling/junit/buck_to_junit.sh ~/react-native/reports/buck/all-results-raw.xml ~/react-native/reports/junit/all-results-junit.xml
|
2017-12-22 19:07:48 +00:00
|
|
|
when: always
|
2017-11-27 18:54:22 +00:00
|
|
|
|
2018-01-31 22:48:51 +00:00
|
|
|
- &setup-artifacts
|
|
|
|
|
name: Initial Setup
|
2018-05-07 21:24:32 +00:00
|
|
|
command: |
|
2018-03-28 19:53:08 +00:00
|
|
|
mkdir -p ~/react-native/reports/buck/
|
|
|
|
|
mkdir -p ~/react-native/reports/build/
|
2018-02-08 22:57:36 +00:00
|
|
|
mkdir -p ~/react-native/reports/junit/
|
2018-03-28 19:53:08 +00:00
|
|
|
mkdir -p ~/react-native/reports/outputs/
|
2018-05-07 21:24:32 +00:00
|
|
|
|
2018-08-06 19:59:41 +00:00
|
|
|
- &brew-install-watchman
|
|
|
|
|
name: Install Watchman
|
|
|
|
|
command: |
|
|
|
|
|
brew install watchman
|
|
|
|
|
touch .watchmanconfig
|
|
|
|
|
|
2018-06-10 23:53:22 +00:00
|
|
|
- &boot-simulator-iphone
|
2018-08-06 19:59:41 +00:00
|
|
|
name: Boot iPhone Simulator
|
|
|
|
|
command: xcrun simctl boot "iPhone 5s" || true
|
|
|
|
|
|
2018-08-22 03:16:41 +00:00
|
|
|
- &boot-simulator-appletv
|
2018-06-10 23:53:22 +00:00
|
|
|
name: Boot Apple TV Simulator
|
2018-08-22 03:16:41 +00:00
|
|
|
command: xcrun simctl boot "Apple TV" || true
|
2018-06-10 23:53:22 +00:00
|
|
|
|
2018-08-22 03:16:41 +00:00
|
|
|
- &run-objc-ios-tests
|
2018-03-05 02:10:29 +00:00
|
|
|
name: iOS Test Suite
|
2018-08-22 03:16:41 +00:00
|
|
|
command: ./scripts/objc-test-ios.sh test
|
2018-02-13 16:08:18 +00:00
|
|
|
|
2018-08-22 03:16:41 +00:00
|
|
|
- &run-objc-tvos-tests
|
2018-03-05 02:10:29 +00:00
|
|
|
name: tvOS Test Suite
|
2018-08-22 03:16:41 +00:00
|
|
|
command: ./scripts/objc-test-tvos.sh test
|
2018-06-16 22:49:31 +00:00
|
|
|
|
2018-08-23 22:02:56 +00:00
|
|
|
- &display-broken-tests-warning
|
|
|
|
|
name: Running broken tests (Ignore any failures past this point)
|
2018-06-16 22:49:31 +00:00
|
|
|
command: |
|
2018-08-23 22:02:56 +00:00
|
|
|
echo 'The following steps are known to be failing on master.'
|
|
|
|
|
echo 'They will no-op for most users.'
|
|
|
|
|
echo 'PRs that bring these back to green are appreciated.'
|
|
|
|
|
|
|
|
|
|
- &run-podspec-tests
|
|
|
|
|
name: Test CocoaPods (Disabled)
|
|
|
|
|
command: ./scripts/circleci/exec_author_check.sh ./scripts/process-podspecs.sh
|
2018-02-01 01:08:06 +00:00
|
|
|
|
2018-06-10 23:53:22 +00:00
|
|
|
- &run-e2e-tests
|
2018-08-23 22:02:56 +00:00
|
|
|
name: End-to-End Test Suite (Disabled)
|
|
|
|
|
command: ./scripts/circleci/exec_author_check.sh node ./scripts/run-ci-e2e-tests.js --android --ios --tvos --js --retries 3;
|
2018-06-10 23:53:22 +00:00
|
|
|
|
2018-02-01 01:08:06 +00:00
|
|
|
- &run-objc-ios-e2e-tests
|
2018-08-23 22:02:56 +00:00
|
|
|
name: iOS End-to-End Test Suite (Disabled)
|
|
|
|
|
command: ./scripts/circleci/exec_author_check.sh node ./scripts/run-ci-e2e-tests.js --ios --retries 3;
|
2018-02-01 01:08:06 +00:00
|
|
|
|
|
|
|
|
- &run-objc-tvos-e2e-tests
|
2018-08-23 22:02:56 +00:00
|
|
|
name: tvOS End-to-End Test Suite (Disabled)
|
|
|
|
|
command: ./scripts/circleci/exec_author_check.sh node ./scripts/run-ci-e2e-tests.js --tvos --js --retries 3;
|
2018-06-16 22:49:31 +00:00
|
|
|
|
|
|
|
|
- &run-android-e2e-tests
|
2018-08-23 22:02:56 +00:00
|
|
|
name: Android End-to-End Test Suite (Disabled)
|
|
|
|
|
command: ./scripts/circleci/exec_author_check.sh node ./scripts/run-ci-e2e-tests.js --android --retries 3;
|
2018-06-16 22:49:31 +00:00
|
|
|
|
|
|
|
|
- &run-js-e2e-tests
|
|
|
|
|
name: JavaScript End-to-End Test Suite
|
|
|
|
|
command: node ./scripts/run-ci-e2e-tests.js --js --retries 3;
|
2018-02-01 01:08:06 +00:00
|
|
|
|
2017-09-21 20:34:02 +00:00
|
|
|
defaults: &defaults
|
|
|
|
|
working_directory: ~/react-native
|
2018-06-15 18:34:19 +00:00
|
|
|
environment:
|
|
|
|
|
- GIT_COMMIT_DESC: git log --format=oneline -n 1 $CIRCLE_SHA1
|
2017-09-21 20:34:02 +00:00
|
|
|
|
2018-02-08 22:57:36 +00:00
|
|
|
js_defaults: &js_defaults
|
|
|
|
|
<<: *defaults
|
|
|
|
|
docker:
|
|
|
|
|
- image: circleci/node:8
|
2018-03-16 23:48:36 +00:00
|
|
|
environment:
|
|
|
|
|
- PATH: "/opt/yarn/yarn-v1.5.1/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
2018-02-08 22:57:36 +00:00
|
|
|
|
2017-11-27 18:54:22 +00:00
|
|
|
android_defaults: &android_defaults
|
|
|
|
|
<<: *defaults
|
|
|
|
|
docker:
|
2018-08-23 06:07:33 +00:00
|
|
|
- image: circleci/android:api-27-node8-alpha
|
2017-11-27 18:54:22 +00:00
|
|
|
resource_class: "large"
|
|
|
|
|
environment:
|
|
|
|
|
- TERM: "dumb"
|
|
|
|
|
- ADB_INSTALL_TIMEOUT: 10
|
|
|
|
|
- _JAVA_OPTIONS: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
|
|
|
|
|
- GRADLE_OPTS: '-Dorg.gradle.daemon=false -Dorg.gradle.jvmargs="-XX:+HeapDumpOnOutOfMemoryError"'
|
2018-07-30 20:54:03 +00:00
|
|
|
- ANDROID_NDK: '/opt/ndk/android-ndk-r17b'
|
2017-11-27 18:54:22 +00:00
|
|
|
- BUILD_THREADS: 2
|
|
|
|
|
|
2018-02-08 22:57:36 +00:00
|
|
|
macos_defaults: &macos_defaults
|
|
|
|
|
<<: *defaults
|
|
|
|
|
macos:
|
2018-06-09 07:19:06 +00:00
|
|
|
xcode: "9.4.0"
|
2018-02-08 22:57:36 +00:00
|
|
|
|
2017-09-21 20:34:02 +00:00
|
|
|
version: 2
|
|
|
|
|
jobs:
|
2018-02-08 22:57:36 +00:00
|
|
|
# Set up a Node environment for downstream jobs
|
|
|
|
|
checkout_code:
|
|
|
|
|
<<: *js_defaults
|
2017-09-21 20:34:02 +00:00
|
|
|
steps:
|
|
|
|
|
- checkout
|
2018-01-31 22:48:51 +00:00
|
|
|
- run: *setup-artifacts
|
|
|
|
|
|
2018-05-17 03:12:39 +00:00
|
|
|
- restore-cache: *restore-yarn-cache
|
2018-01-30 21:49:01 +00:00
|
|
|
- run: *yarn
|
2018-05-17 03:12:39 +00:00
|
|
|
- save-cache: *save-yarn-cache
|
2018-02-01 01:08:06 +00:00
|
|
|
|
2018-03-09 22:42:13 +00:00
|
|
|
# Basic checks against the checkout, cache...
|
|
|
|
|
- run: *run-sanity-checks
|
|
|
|
|
|
2018-02-08 22:57:36 +00:00
|
|
|
- persist_to_workspace:
|
|
|
|
|
root: .
|
|
|
|
|
paths: .
|
|
|
|
|
|
|
|
|
|
# Runs JavaScript lint and flow checks.
|
|
|
|
|
# Currently will fail a PR if lint/flow raises issues.
|
2018-03-01 16:07:40 +00:00
|
|
|
analyze:
|
2018-02-08 22:57:36 +00:00
|
|
|
<<: *js_defaults
|
|
|
|
|
steps:
|
|
|
|
|
- attach_workspace:
|
|
|
|
|
at: ~/react-native
|
|
|
|
|
|
2017-12-20 19:29:33 +00:00
|
|
|
- run: *run-lint-checks
|
|
|
|
|
- run: *run-flow-checks
|
2017-09-21 20:34:02 +00:00
|
|
|
|
2018-02-01 01:08:06 +00:00
|
|
|
- store_test_results:
|
2018-02-08 22:57:36 +00:00
|
|
|
path: ~/react-native/reports/junit
|
2018-02-06 20:36:07 +00:00
|
|
|
- store_artifacts:
|
|
|
|
|
path: ~/react-native/yarn.lock
|
2018-02-01 01:08:06 +00:00
|
|
|
|
2017-12-20 19:29:33 +00:00
|
|
|
# Runs JavaScript tests on Node 8
|
2018-02-08 22:57:36 +00:00
|
|
|
test_javascript:
|
|
|
|
|
<<: *js_defaults
|
2017-09-21 20:34:02 +00:00
|
|
|
steps:
|
2018-02-08 22:57:36 +00:00
|
|
|
- attach_workspace:
|
|
|
|
|
at: ~/react-native
|
2018-02-01 01:08:06 +00:00
|
|
|
|
2018-01-30 21:49:01 +00:00
|
|
|
- run: *run-js-tests
|
2018-02-01 01:08:06 +00:00
|
|
|
|
2018-01-31 22:48:51 +00:00
|
|
|
- store_test_results:
|
2018-02-08 22:57:36 +00:00
|
|
|
path: ~/react-native/reports/junit
|
2017-09-21 20:34:02 +00:00
|
|
|
|
2018-08-21 00:31:59 +00:00
|
|
|
# Run JavaScript tests on Node 10
|
|
|
|
|
test_node10:
|
|
|
|
|
<<: *defaults
|
|
|
|
|
docker:
|
|
|
|
|
- image: circleci/node:10
|
|
|
|
|
environment:
|
|
|
|
|
- PATH: "/opt/yarn/yarn-v1.5.1/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
|
|
|
steps:
|
|
|
|
|
- checkout
|
|
|
|
|
- run: *setup-artifacts
|
|
|
|
|
- run: *yarn
|
|
|
|
|
- run: *run-js-tests
|
|
|
|
|
- store_test_results:
|
|
|
|
|
path: ~/react-native/reports/junit
|
|
|
|
|
|
2018-06-16 22:49:31 +00:00
|
|
|
# Runs unit tests on iOS and Apple TV devices
|
|
|
|
|
test_objc:
|
2018-02-08 22:57:36 +00:00
|
|
|
<<: *macos_defaults
|
2017-10-13 23:11:53 +00:00
|
|
|
steps:
|
2018-02-08 22:57:36 +00:00
|
|
|
- attach_workspace:
|
|
|
|
|
at: ~/react-native
|
2018-02-01 01:08:06 +00:00
|
|
|
|
2018-08-22 03:16:41 +00:00
|
|
|
- run: *boot-simulator-iphone
|
|
|
|
|
- run: *boot-simulator-appletv
|
2018-08-06 19:59:41 +00:00
|
|
|
- run: *brew-install-watchman
|
2018-06-16 22:49:31 +00:00
|
|
|
|
2018-08-22 03:16:41 +00:00
|
|
|
- run: *run-objc-ios-tests
|
|
|
|
|
- run: *run-objc-tvos-tests
|
2018-06-10 23:53:22 +00:00
|
|
|
|
2018-08-23 22:02:56 +00:00
|
|
|
# TODO: Fix these failing tests.
|
|
|
|
|
- run: *display-broken-tests-warning
|
2018-08-22 03:16:41 +00:00
|
|
|
- run: *run-podspec-tests
|
2018-08-06 19:59:41 +00:00
|
|
|
- run: *run-objc-ios-e2e-tests
|
2018-08-22 03:16:41 +00:00
|
|
|
- run: *run-objc-tvos-e2e-tests
|
2018-06-10 23:53:22 +00:00
|
|
|
|
2018-08-06 19:59:41 +00:00
|
|
|
- store_test_results:
|
|
|
|
|
path: ~/react-native/reports/junit
|
2018-06-10 23:53:22 +00:00
|
|
|
|
2018-08-06 19:59:41 +00:00
|
|
|
# Runs end to end tests (Detox)
|
|
|
|
|
test_detox_end_to_end:
|
|
|
|
|
<<: *macos_defaults
|
|
|
|
|
steps:
|
|
|
|
|
- attach_workspace:
|
|
|
|
|
at: ~/react-native
|
2018-08-22 03:16:41 +00:00
|
|
|
- run: xcrun simctl boot "iPhone 5s" || true
|
|
|
|
|
- run:
|
|
|
|
|
name: Configure Environment Variables
|
|
|
|
|
command: |
|
|
|
|
|
echo 'export PATH=/usr/local/opt/node@8/bin:$PATH' >> $BASH_ENV
|
|
|
|
|
source $BASH_ENV
|
|
|
|
|
- run:
|
|
|
|
|
name: Install Node 8
|
|
|
|
|
command: |
|
|
|
|
|
brew install node@8
|
|
|
|
|
brew link node@8
|
|
|
|
|
brew tap wix/brew
|
|
|
|
|
brew install applesimutils
|
|
|
|
|
node -v
|
|
|
|
|
- run: *yarn
|
2018-08-23 22:02:56 +00:00
|
|
|
|
2018-08-22 03:16:41 +00:00
|
|
|
- run:
|
2018-08-23 22:02:56 +00:00
|
|
|
name: Build iOS app for simulator
|
|
|
|
|
command: yarn run build-ios-e2e
|
2018-08-22 03:16:41 +00:00
|
|
|
- run:
|
2018-08-28 19:41:46 +00:00
|
|
|
name: Run Detox Tests
|
|
|
|
|
command: yarn run test-ios-e2e
|
2017-10-13 23:11:53 +00:00
|
|
|
|
2018-02-08 22:57:36 +00:00
|
|
|
# Set up an Android environment for downstream jobs
|
|
|
|
|
test_android:
|
2017-11-27 18:54:22 +00:00
|
|
|
<<: *android_defaults
|
2017-09-21 20:34:02 +00:00
|
|
|
steps:
|
2018-02-08 22:57:36 +00:00
|
|
|
- attach_workspace:
|
|
|
|
|
at: ~/react-native
|
2018-01-31 22:48:51 +00:00
|
|
|
|
2018-02-06 20:36:07 +00:00
|
|
|
# Configure Android SDK and related dependencies
|
2017-11-27 18:54:22 +00:00
|
|
|
- run: *configure-android-path
|
2018-07-24 18:35:40 +00:00
|
|
|
# Android build deps install from the network faster than cache
|
2018-02-06 20:36:07 +00:00
|
|
|
- run: *install-android-build-dependencies
|
2018-03-27 16:15:54 +00:00
|
|
|
|
2017-09-21 20:34:02 +00:00
|
|
|
- restore-cache: *restore-cache-android-packages
|
2017-11-27 18:54:22 +00:00
|
|
|
- run: *install-android-packages
|
2017-09-21 20:34:02 +00:00
|
|
|
- save-cache: *save-cache-android-packages
|
2017-11-27 18:54:22 +00:00
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
# Validate Android SDK installation and packages
|
2018-03-10 01:06:51 +00:00
|
|
|
- run: *validate-android-sdk
|
|
|
|
|
|
2018-05-07 21:24:32 +00:00
|
|
|
# Starting emulator in advance as it takes some time to boot.
|
2018-01-22 19:56:36 +00:00
|
|
|
- run: *create-avd
|
|
|
|
|
- run: *launch-avd
|
2018-02-08 22:57:36 +00:00
|
|
|
|
2017-11-27 18:54:22 +00:00
|
|
|
# Keep configuring Android dependencies while AVD boots up
|
2017-12-22 19:07:48 +00:00
|
|
|
|
2018-02-08 15:25:00 +00:00
|
|
|
# Install Android NDK
|
|
|
|
|
- run: *create-ndk-directory
|
|
|
|
|
- restore-cache: *restore-cache-ndk
|
|
|
|
|
- run: *install-ndk
|
|
|
|
|
- save-cache: *save-cache-ndk
|
2018-02-08 22:57:36 +00:00
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
# Install Buck
|
|
|
|
|
- restore-cache: *restore-cache-downloads-buck
|
2017-11-27 18:54:22 +00:00
|
|
|
- run: *install-buck
|
2018-07-23 20:28:17 +00:00
|
|
|
- save-cache: *save-cache-downloads-buck
|
2017-12-22 19:07:48 +00:00
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
# Validate Android test environment (including Buck)
|
2018-03-10 01:06:51 +00:00
|
|
|
- run: *validate-android-test-env
|
|
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
# Download dependencies using Buck
|
|
|
|
|
- run: *download-dependencies-buck
|
2018-03-27 16:15:54 +00:00
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
# Download dependencies using Gradle
|
|
|
|
|
- restore-cache: *restore-cache-downloads-gradle
|
|
|
|
|
- run: *download-dependencies-gradle
|
|
|
|
|
- save-cache: *save-cache-downloads-gradle
|
2017-12-22 19:07:48 +00:00
|
|
|
|
2018-02-06 20:36:07 +00:00
|
|
|
# Build and compile
|
2017-12-22 19:07:48 +00:00
|
|
|
- run: *build-android-app
|
|
|
|
|
- run: *compile-native-libs
|
|
|
|
|
|
2018-02-06 20:36:07 +00:00
|
|
|
# Build JavaScript Bundle for instrumentation tests
|
2018-01-22 19:56:36 +00:00
|
|
|
- run: *build-js-bundle
|
2017-12-22 19:07:48 +00:00
|
|
|
|
|
|
|
|
# Wait for AVD to finish booting before running tests
|
|
|
|
|
- run: *wait-for-avd
|
2018-03-10 01:06:51 +00:00
|
|
|
|
2018-02-06 20:36:07 +00:00
|
|
|
# Test Suite
|
2017-12-22 19:07:48 +00:00
|
|
|
- run: *run-android-unit-tests
|
2018-01-22 19:56:36 +00:00
|
|
|
- run: *run-android-instrumentation-tests
|
2018-07-23 20:28:17 +00:00
|
|
|
- run: *build-android-rntester-app
|
2018-06-15 00:59:05 +00:00
|
|
|
|
2018-06-16 22:49:31 +00:00
|
|
|
# Run Android end-to-end tests
|
2018-08-23 22:02:56 +00:00
|
|
|
# TODO: Fix these failing tests.
|
|
|
|
|
- run: *display-broken-tests-warning
|
2018-08-22 03:16:41 +00:00
|
|
|
- run: *run-android-e2e-tests
|
2018-06-16 22:49:31 +00:00
|
|
|
|
2018-03-28 19:53:08 +00:00
|
|
|
# Collect Results
|
2017-12-22 19:07:48 +00:00
|
|
|
- run: *collect-android-test-results
|
2017-09-21 20:34:02 +00:00
|
|
|
- store_test_results:
|
2018-02-08 22:57:36 +00:00
|
|
|
path: ~/react-native/reports/junit
|
|
|
|
|
|
2018-02-01 01:08:06 +00:00
|
|
|
# Analyze pull request and raise any lint/flow issues.
|
|
|
|
|
# Issues will be posted to the PR itself via GitHub bots.
|
|
|
|
|
# This workflow should only fail if the bots fail to run.
|
Remove tokens from Circle CI config (#21058)
Summary:
While these were intentionally used in the open, and never were abused, it has become a distraction whenever they are flagged.
We'll have to move this functionality to a service outside of Circle CI, as we cannot securely pass secrets to forks and PRs in Circle CI. By necessity, these PR analysis scripts must run alongside PRs.
The The controller you requested could not be found. token has already been revoked. The The controller you requested could not be found. token is not under our control, and is still valid as of this writing. The eslint token has public_repo scope, with no access to any private repos. It's no different than having a random account commenting on any public repo.
Unfortunately, revoking the The controller you requested could not be found. token affects React's use of this bot account as well.
---
Q: What does the React team need this token for?
A: It's used to analyze how a PR will impact the build size for React.
Q: What does the React Native team need this token for?
A: We do lightweight automated PR code reviews with it (eslint, flagging large PRs, etc)
Q: What can someone do with the access token?
A: The token was for the The controller you requested could not be found. GitHub account. The account has no privileged access to any organization, so in effect it's like having the token to a random GitHub account. The token has public_repo access scope, which allows it to interact with any public repository on GitHub. The attacker can leave comments on any issue, pull request, or commit, on any public open source repository on GitHub. They could spam or leave arbitrary messages. It's no different than using any random newly created GitHub account to do this, but the bot is named "React Linter", so people could have used it to make React look bad.
Q: Why didn't we just remove the token from the open source repositories? CircleCI allows you to use environment variables to keep secrets out of the repo.
A: We have configured CircleCI to hide environment variables from Circle CI jobs triggered by non-Facebook org forks and pull requests (otherwise, anyone could add a file to their fork that echoes $SUPER_SECRET and then read it from the Circle CI logs). This allows us to do things like publish to npm only on commits that actually land on the main repo, without letting random people do the same on their forks.
Q: Why can't we run these scripts on Circle CI jobs that do have access to secret environment variables?
A: It's by necessity. These scripts are meant to run on pull requests and forks. They're used to lint pull requests, after all.
Q: Why can't we run these scripts on internal Facebook infrastructure?
A: Automatic importing of arbitrary code from external sources into internal Facebook systems without a FB engineer's involvement is disallowed. We're happy to let Circle CI run unvetted code in this manner.
Q: What do other projects do in similar situations?
A: A common solution for open source projects that need to run scripts with access to GitHub without exposing the access token on CI is to use a private cloud server (i.e. a droplet in Digital Ocean, an instance on AWS...).
Q: Why don't we use the same infra used by react-native-bot to run react-linter?
A: React-Native-Bot runs once an hour or so, querying for recent issues and PRs. It does not use webhooks, and instead performs the same kind of search queries you'd use on GitHub, therefore it's not great for picking up when a PR has been updated. Circle CI is great for running scripts whenever a PR is created or updated, as Circle outages aside, we can be fairly certain a script will run any time a PR is updated. If you want to track build sizes, you really want to make sure any new commit added to a PR will trigger a re-run.
Pull Request resolved: https://github.com/facebook/react-native/pull/21058
Differential Revision: D9809842
Pulled By: hramos
fbshipit-source-id: 6ca5d2f5b48e077ec822a3aea5237534bd828850
2018-09-13 14:43:56 +00:00
|
|
|
# The public github tokens are publicly visible by design
|
2018-02-08 22:57:36 +00:00
|
|
|
analyze_pr:
|
2018-08-24 03:23:32 +00:00
|
|
|
<<: *defaults
|
|
|
|
|
docker:
|
|
|
|
|
- image: circleci/node:10
|
|
|
|
|
environment:
|
|
|
|
|
- PATH: "/opt/yarn/yarn-v1.5.1/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
Remove tokens from Circle CI config (#21058)
Summary:
While these were intentionally used in the open, and never were abused, it has become a distraction whenever they are flagged.
We'll have to move this functionality to a service outside of Circle CI, as we cannot securely pass secrets to forks and PRs in Circle CI. By necessity, these PR analysis scripts must run alongside PRs.
The The controller you requested could not be found. token has already been revoked. The The controller you requested could not be found. token is not under our control, and is still valid as of this writing. The eslint token has public_repo scope, with no access to any private repos. It's no different than having a random account commenting on any public repo.
Unfortunately, revoking the The controller you requested could not be found. token affects React's use of this bot account as well.
---
Q: What does the React team need this token for?
A: It's used to analyze how a PR will impact the build size for React.
Q: What does the React Native team need this token for?
A: We do lightweight automated PR code reviews with it (eslint, flagging large PRs, etc)
Q: What can someone do with the access token?
A: The token was for the The controller you requested could not be found. GitHub account. The account has no privileged access to any organization, so in effect it's like having the token to a random GitHub account. The token has public_repo access scope, which allows it to interact with any public repository on GitHub. The attacker can leave comments on any issue, pull request, or commit, on any public open source repository on GitHub. They could spam or leave arbitrary messages. It's no different than using any random newly created GitHub account to do this, but the bot is named "React Linter", so people could have used it to make React look bad.
Q: Why didn't we just remove the token from the open source repositories? CircleCI allows you to use environment variables to keep secrets out of the repo.
A: We have configured CircleCI to hide environment variables from Circle CI jobs triggered by non-Facebook org forks and pull requests (otherwise, anyone could add a file to their fork that echoes $SUPER_SECRET and then read it from the Circle CI logs). This allows us to do things like publish to npm only on commits that actually land on the main repo, without letting random people do the same on their forks.
Q: Why can't we run these scripts on Circle CI jobs that do have access to secret environment variables?
A: It's by necessity. These scripts are meant to run on pull requests and forks. They're used to lint pull requests, after all.
Q: Why can't we run these scripts on internal Facebook infrastructure?
A: Automatic importing of arbitrary code from external sources into internal Facebook systems without a FB engineer's involvement is disallowed. We're happy to let Circle CI run unvetted code in this manner.
Q: What do other projects do in similar situations?
A: A common solution for open source projects that need to run scripts with access to GitHub without exposing the access token on CI is to use a private cloud server (i.e. a droplet in Digital Ocean, an instance on AWS...).
Q: Why don't we use the same infra used by react-native-bot to run react-linter?
A: React-Native-Bot runs once an hour or so, querying for recent issues and PRs. It does not use webhooks, and instead performs the same kind of search queries you'd use on GitHub, therefore it's not great for picking up when a PR has been updated. Circle CI is great for running scripts whenever a PR is created or updated, as Circle outages aside, we can be fairly certain a script will run any time a PR is updated. If you want to track build sizes, you really want to make sure any new commit added to a PR will trigger a re-run.
Pull Request resolved: https://github.com/facebook/react-native/pull/21058
Differential Revision: D9809842
Pulled By: hramos
fbshipit-source-id: 6ca5d2f5b48e077ec822a3aea5237534bd828850
2018-09-13 14:43:56 +00:00
|
|
|
- PUBLIC_PULLBOT_GITHUB_TOKEN_A: "a6edf8e8d40ce4e8b11a"
|
|
|
|
|
- PUBLIC_PULLBOT_GITHUB_TOKEN_B: "150e1341f4dd9c944d2a"
|
|
|
|
|
- PUBLIC_ANALYSISBOT_GITHUB_TOKEN_A: "78a72af35445ca3f8180"
|
|
|
|
|
- PUBLIC_ANALYSISBOT_GITHUB_TOKEN_B: "b1a98e0bbd56ff1ccba1"
|
|
|
|
|
|
2017-10-16 18:52:48 +00:00
|
|
|
steps:
|
2018-08-24 03:23:32 +00:00
|
|
|
- checkout
|
|
|
|
|
- run: *setup-artifacts
|
2018-01-31 22:48:51 +00:00
|
|
|
|
2018-08-24 03:23:32 +00:00
|
|
|
- restore-cache: *restore-yarn-cache
|
2018-01-30 21:49:01 +00:00
|
|
|
- run: *yarn
|
2018-08-24 03:23:32 +00:00
|
|
|
|
2017-10-16 18:52:48 +00:00
|
|
|
- run:
|
2018-08-24 03:23:32 +00:00
|
|
|
name: Analyze Code
|
2017-10-16 18:52:48 +00:00
|
|
|
command: |
|
2018-01-31 22:48:51 +00:00
|
|
|
if [ -n "$CIRCLE_PR_NUMBER" ]; then
|
2018-08-24 03:23:32 +00:00
|
|
|
echo -e "\\x1B[36mInstalling additional dependencies\\x1B[0m"; yarn add @octokit/rest@15.10.0
|
Remove tokens from Circle CI config (#21058)
Summary:
While these were intentionally used in the open, and never were abused, it has become a distraction whenever they are flagged.
We'll have to move this functionality to a service outside of Circle CI, as we cannot securely pass secrets to forks and PRs in Circle CI. By necessity, these PR analysis scripts must run alongside PRs.
The The controller you requested could not be found. token has already been revoked. The The controller you requested could not be found. token is not under our control, and is still valid as of this writing. The eslint token has public_repo scope, with no access to any private repos. It's no different than having a random account commenting on any public repo.
Unfortunately, revoking the The controller you requested could not be found. token affects React's use of this bot account as well.
---
Q: What does the React team need this token for?
A: It's used to analyze how a PR will impact the build size for React.
Q: What does the React Native team need this token for?
A: We do lightweight automated PR code reviews with it (eslint, flagging large PRs, etc)
Q: What can someone do with the access token?
A: The token was for the The controller you requested could not be found. GitHub account. The account has no privileged access to any organization, so in effect it's like having the token to a random GitHub account. The token has public_repo access scope, which allows it to interact with any public repository on GitHub. The attacker can leave comments on any issue, pull request, or commit, on any public open source repository on GitHub. They could spam or leave arbitrary messages. It's no different than using any random newly created GitHub account to do this, but the bot is named "React Linter", so people could have used it to make React look bad.
Q: Why didn't we just remove the token from the open source repositories? CircleCI allows you to use environment variables to keep secrets out of the repo.
A: We have configured CircleCI to hide environment variables from Circle CI jobs triggered by non-Facebook org forks and pull requests (otherwise, anyone could add a file to their fork that echoes $SUPER_SECRET and then read it from the Circle CI logs). This allows us to do things like publish to npm only on commits that actually land on the main repo, without letting random people do the same on their forks.
Q: Why can't we run these scripts on Circle CI jobs that do have access to secret environment variables?
A: It's by necessity. These scripts are meant to run on pull requests and forks. They're used to lint pull requests, after all.
Q: Why can't we run these scripts on internal Facebook infrastructure?
A: Automatic importing of arbitrary code from external sources into internal Facebook systems without a FB engineer's involvement is disallowed. We're happy to let Circle CI run unvetted code in this manner.
Q: What do other projects do in similar situations?
A: A common solution for open source projects that need to run scripts with access to GitHub without exposing the access token on CI is to use a private cloud server (i.e. a droplet in Digital Ocean, an instance on AWS...).
Q: Why don't we use the same infra used by react-native-bot to run react-linter?
A: React-Native-Bot runs once an hour or so, querying for recent issues and PRs. It does not use webhooks, and instead performs the same kind of search queries you'd use on GitHub, therefore it's not great for picking up when a PR has been updated. Circle CI is great for running scripts whenever a PR is created or updated, as Circle outages aside, we can be fairly certain a script will run any time a PR is updated. If you want to track build sizes, you really want to make sure any new commit added to a PR will trigger a re-run.
Pull Request resolved: https://github.com/facebook/react-native/pull/21058
Differential Revision: D9809842
Pulled By: hramos
fbshipit-source-id: 6ca5d2f5b48e077ec822a3aea5237534bd828850
2018-09-13 14:43:56 +00:00
|
|
|
echo -e "\\x1B[36mAnalyzing code\\x1B[0m"; GITHUB_TOKEN="$PUBLIC_ANALYSISBOT_GITHUB_TOKEN_A""$PUBLIC_ANALYSISBOT_GITHUB_TOKEN_B" ./scripts/circleci/analyze_code.sh
|
2017-10-16 18:52:48 +00:00
|
|
|
else
|
2018-08-24 03:23:32 +00:00
|
|
|
echo "Skipping code analysis."
|
2017-10-16 18:52:48 +00:00
|
|
|
fi
|
2018-08-24 03:23:32 +00:00
|
|
|
when: always
|
2018-02-08 22:57:36 +00:00
|
|
|
|
2018-08-24 03:23:32 +00:00
|
|
|
- restore-cache: *restore-cache-analysis
|
2017-10-16 18:52:48 +00:00
|
|
|
- run:
|
|
|
|
|
name: Analyze Pull Request
|
|
|
|
|
command: |
|
2018-01-31 22:48:51 +00:00
|
|
|
if [ -n "$CIRCLE_PR_NUMBER" ]; then
|
2018-08-24 03:23:32 +00:00
|
|
|
cd bots
|
|
|
|
|
yarn install --non-interactive --cache-folder ~/.cache/yarn
|
Remove tokens from Circle CI config (#21058)
Summary:
While these were intentionally used in the open, and never were abused, it has become a distraction whenever they are flagged.
We'll have to move this functionality to a service outside of Circle CI, as we cannot securely pass secrets to forks and PRs in Circle CI. By necessity, these PR analysis scripts must run alongside PRs.
The The controller you requested could not be found. token has already been revoked. The The controller you requested could not be found. token is not under our control, and is still valid as of this writing. The eslint token has public_repo scope, with no access to any private repos. It's no different than having a random account commenting on any public repo.
Unfortunately, revoking the The controller you requested could not be found. token affects React's use of this bot account as well.
---
Q: What does the React team need this token for?
A: It's used to analyze how a PR will impact the build size for React.
Q: What does the React Native team need this token for?
A: We do lightweight automated PR code reviews with it (eslint, flagging large PRs, etc)
Q: What can someone do with the access token?
A: The token was for the The controller you requested could not be found. GitHub account. The account has no privileged access to any organization, so in effect it's like having the token to a random GitHub account. The token has public_repo access scope, which allows it to interact with any public repository on GitHub. The attacker can leave comments on any issue, pull request, or commit, on any public open source repository on GitHub. They could spam or leave arbitrary messages. It's no different than using any random newly created GitHub account to do this, but the bot is named "React Linter", so people could have used it to make React look bad.
Q: Why didn't we just remove the token from the open source repositories? CircleCI allows you to use environment variables to keep secrets out of the repo.
A: We have configured CircleCI to hide environment variables from Circle CI jobs triggered by non-Facebook org forks and pull requests (otherwise, anyone could add a file to their fork that echoes $SUPER_SECRET and then read it from the Circle CI logs). This allows us to do things like publish to npm only on commits that actually land on the main repo, without letting random people do the same on their forks.
Q: Why can't we run these scripts on Circle CI jobs that do have access to secret environment variables?
A: It's by necessity. These scripts are meant to run on pull requests and forks. They're used to lint pull requests, after all.
Q: Why can't we run these scripts on internal Facebook infrastructure?
A: Automatic importing of arbitrary code from external sources into internal Facebook systems without a FB engineer's involvement is disallowed. We're happy to let Circle CI run unvetted code in this manner.
Q: What do other projects do in similar situations?
A: A common solution for open source projects that need to run scripts with access to GitHub without exposing the access token on CI is to use a private cloud server (i.e. a droplet in Digital Ocean, an instance on AWS...).
Q: Why don't we use the same infra used by react-native-bot to run react-linter?
A: React-Native-Bot runs once an hour or so, querying for recent issues and PRs. It does not use webhooks, and instead performs the same kind of search queries you'd use on GitHub, therefore it's not great for picking up when a PR has been updated. Circle CI is great for running scripts whenever a PR is created or updated, as Circle outages aside, we can be fairly certain a script will run any time a PR is updated. If you want to track build sizes, you really want to make sure any new commit added to a PR will trigger a re-run.
Pull Request resolved: https://github.com/facebook/react-native/pull/21058
Differential Revision: D9809842
Pulled By: hramos
fbshipit-source-id: 6ca5d2f5b48e077ec822a3aea5237534bd828850
2018-09-13 14:43:56 +00:00
|
|
|
DANGER_GITHUB_API_TOKEN="$PUBLIC_PULLBOT_GITHUB_TOKEN_A""$PUBLIC_PULLBOT_GITHUB_TOKEN_B" yarn danger
|
2017-10-16 18:52:48 +00:00
|
|
|
else
|
2018-05-07 21:24:32 +00:00
|
|
|
echo "Skipping pull request analysis."
|
2017-10-16 18:52:48 +00:00
|
|
|
fi
|
|
|
|
|
when: always
|
2018-08-24 03:23:32 +00:00
|
|
|
- save-cache: *save-cache-analysis
|
2018-01-31 22:48:51 +00:00
|
|
|
|
2018-07-23 20:28:17 +00:00
|
|
|
# Publishes new version onto npm
|
|
|
|
|
# Only works on stable branches when a properly tagged commit is pushed
|
|
|
|
|
publish_npm_package:
|
|
|
|
|
<<: *android_defaults
|
|
|
|
|
steps:
|
Use one time password when publishing to npm (#20701)
Summary:
This pull request addresses the failing publish-npm.js script from earlier this week. For background, last month we reset all npm access tokens for any package related to Facebook, and we now require all accounts with publish permissions to have two factor enabled.
The publish-npm.js script relied on one such token that is configured in Circle CI as a envvar. The token has been updated in Circle CI, but we now need a way of passing the one time password to npm.
With this PR, we can now grab the otp from Circle CI's envvars. Considering otps are ephemeral, this requires the NPM_CONFIG_OTP envvar to be set by someone with publishing permissions anytime a new release will be pushed to npm. The token is short lived, but it would still be good to clear the envvar after the package is published. Circle CI envvars are not passed on to PR/forked builds.
This PR is effectively a breaking change for the release process, as the publish step will not succeed if the OTP is not valid.
OTPs are short-lived, and the publish_npm_package job will definitely outlive the token. Unfortunately this will require some timing to get right, but the alternative is to ssh into the Circle CI machine and re-run the `npm publish --otp` command, which again would still require someone with publish access to provide the otp.
Pull Request resolved: https://github.com/facebook/react-native/pull/20701
Differential Revision: D9478488
Pulled By: hramos
fbshipit-source-id: 6af631a9cb425271b98c03d158aec390ebc95304
2018-08-23 06:20:05 +00:00
|
|
|
- checkout
|
|
|
|
|
|
|
|
|
|
- restore-cache: *restore-yarn-cache
|
|
|
|
|
- run: *yarn
|
2018-07-23 20:28:17 +00:00
|
|
|
|
|
|
|
|
# Configure Android SDK and related dependencies
|
|
|
|
|
- run: *configure-android-path
|
|
|
|
|
- run: *install-android-build-dependencies
|
|
|
|
|
|
|
|
|
|
- restore-cache: *restore-cache-android-packages
|
|
|
|
|
- run: *install-android-packages
|
|
|
|
|
|
|
|
|
|
# Install Android NDK
|
|
|
|
|
- run: *create-ndk-directory
|
|
|
|
|
- restore-cache: *restore-cache-ndk
|
|
|
|
|
- run: *install-ndk
|
|
|
|
|
|
|
|
|
|
# Fetch dependencies using Buck
|
|
|
|
|
- restore-cache: *restore-cache-downloads-buck
|
|
|
|
|
- run: *install-buck
|
|
|
|
|
- run: *download-dependencies-buck
|
|
|
|
|
|
|
|
|
|
# Fetch dependencies using Gradle
|
|
|
|
|
- restore-cache: *restore-cache-downloads-gradle
|
|
|
|
|
- run: *download-dependencies-gradle
|
|
|
|
|
|
|
|
|
|
- restore-cache: *restore-yarn-cache
|
|
|
|
|
- run: *yarn
|
|
|
|
|
|
|
|
|
|
- run:
|
Use one time password when publishing to npm (#20701)
Summary:
This pull request addresses the failing publish-npm.js script from earlier this week. For background, last month we reset all npm access tokens for any package related to Facebook, and we now require all accounts with publish permissions to have two factor enabled.
The publish-npm.js script relied on one such token that is configured in Circle CI as a envvar. The token has been updated in Circle CI, but we now need a way of passing the one time password to npm.
With this PR, we can now grab the otp from Circle CI's envvars. Considering otps are ephemeral, this requires the NPM_CONFIG_OTP envvar to be set by someone with publishing permissions anytime a new release will be pushed to npm. The token is short lived, but it would still be good to clear the envvar after the package is published. Circle CI envvars are not passed on to PR/forked builds.
This PR is effectively a breaking change for the release process, as the publish step will not succeed if the OTP is not valid.
OTPs are short-lived, and the publish_npm_package job will definitely outlive the token. Unfortunately this will require some timing to get right, but the alternative is to ssh into the Circle CI machine and re-run the `npm publish --otp` command, which again would still require someone with publish access to provide the otp.
Pull Request resolved: https://github.com/facebook/react-native/pull/20701
Differential Revision: D9478488
Pulled By: hramos
fbshipit-source-id: 6af631a9cb425271b98c03d158aec390ebc95304
2018-08-23 06:20:05 +00:00
|
|
|
name: Authenticate with npm
|
|
|
|
|
command: echo "//registry.npmjs.org/:_authToken=${CIRCLE_NPM_TOKEN}" > ~/.npmrc
|
|
|
|
|
|
|
|
|
|
- run:
|
|
|
|
|
name: Authenticate git user
|
2018-07-23 20:28:17 +00:00
|
|
|
command: |
|
Use one time password when publishing to npm (#20701)
Summary:
This pull request addresses the failing publish-npm.js script from earlier this week. For background, last month we reset all npm access tokens for any package related to Facebook, and we now require all accounts with publish permissions to have two factor enabled.
The publish-npm.js script relied on one such token that is configured in Circle CI as a envvar. The token has been updated in Circle CI, but we now need a way of passing the one time password to npm.
With this PR, we can now grab the otp from Circle CI's envvars. Considering otps are ephemeral, this requires the NPM_CONFIG_OTP envvar to be set by someone with publishing permissions anytime a new release will be pushed to npm. The token is short lived, but it would still be good to clear the envvar after the package is published. Circle CI envvars are not passed on to PR/forked builds.
This PR is effectively a breaking change for the release process, as the publish step will not succeed if the OTP is not valid.
OTPs are short-lived, and the publish_npm_package job will definitely outlive the token. Unfortunately this will require some timing to get right, but the alternative is to ssh into the Circle CI machine and re-run the `npm publish --otp` command, which again would still require someone with publish access to provide the otp.
Pull Request resolved: https://github.com/facebook/react-native/pull/20701
Differential Revision: D9478488
Pulled By: hramos
fbshipit-source-id: 6af631a9cb425271b98c03d158aec390ebc95304
2018-08-23 06:20:05 +00:00
|
|
|
git config --global user.email "react-native-bot@users.noreply.github.com"
|
2018-07-23 20:28:17 +00:00
|
|
|
git config --global user.name "npm Deployment Script"
|
Use one time password when publishing to npm (#20701)
Summary:
This pull request addresses the failing publish-npm.js script from earlier this week. For background, last month we reset all npm access tokens for any package related to Facebook, and we now require all accounts with publish permissions to have two factor enabled.
The publish-npm.js script relied on one such token that is configured in Circle CI as a envvar. The token has been updated in Circle CI, but we now need a way of passing the one time password to npm.
With this PR, we can now grab the otp from Circle CI's envvars. Considering otps are ephemeral, this requires the NPM_CONFIG_OTP envvar to be set by someone with publishing permissions anytime a new release will be pushed to npm. The token is short lived, but it would still be good to clear the envvar after the package is published. Circle CI envvars are not passed on to PR/forked builds.
This PR is effectively a breaking change for the release process, as the publish step will not succeed if the OTP is not valid.
OTPs are short-lived, and the publish_npm_package job will definitely outlive the token. Unfortunately this will require some timing to get right, but the alternative is to ssh into the Circle CI machine and re-run the `npm publish --otp` command, which again would still require someone with publish access to provide the otp.
Pull Request resolved: https://github.com/facebook/react-native/pull/20701
Differential Revision: D9478488
Pulled By: hramos
fbshipit-source-id: 6af631a9cb425271b98c03d158aec390ebc95304
2018-08-23 06:20:05 +00:00
|
|
|
echo "machine github.com login react-native-bot password $GITHUB_TOKEN" > ~/.netrc
|
|
|
|
|
|
|
|
|
|
- run:
|
|
|
|
|
name: Publish React Native Package
|
|
|
|
|
command: node ./scripts/publish-npm.js
|
2018-07-23 20:28:17 +00:00
|
|
|
|
2017-09-21 20:34:02 +00:00
|
|
|
# Workflows enables us to run multiple jobs in parallel
|
|
|
|
|
workflows:
|
|
|
|
|
version: 2
|
2017-11-27 18:54:22 +00:00
|
|
|
|
2018-02-13 16:08:18 +00:00
|
|
|
tests:
|
2017-09-21 20:34:02 +00:00
|
|
|
jobs:
|
2018-02-08 22:57:36 +00:00
|
|
|
# Checkout repo and run Yarn
|
|
|
|
|
- checkout_code:
|
|
|
|
|
filters: *filter-ignore-gh-pages
|
|
|
|
|
|
2018-03-01 16:07:40 +00:00
|
|
|
# Run lint, flow, and other checks
|
|
|
|
|
- analyze:
|
2017-12-20 19:29:33 +00:00
|
|
|
filters: *filter-ignore-gh-pages
|
2018-02-08 22:57:36 +00:00
|
|
|
requires:
|
|
|
|
|
- checkout_code
|
2017-12-20 19:29:33 +00:00
|
|
|
|
2018-02-08 22:57:36 +00:00
|
|
|
# Test JavaScript
|
|
|
|
|
- test_javascript:
|
2017-10-16 18:52:48 +00:00
|
|
|
filters: *filter-ignore-gh-pages
|
2018-02-08 22:57:36 +00:00
|
|
|
requires:
|
|
|
|
|
- checkout_code
|
|
|
|
|
|
2018-08-21 00:31:59 +00:00
|
|
|
# Test JavaScript and Node 10 compatibility
|
|
|
|
|
- test_node10:
|
|
|
|
|
filters: *filter-ignore-gh-pages
|
|
|
|
|
|
2017-11-27 18:54:22 +00:00
|
|
|
# Test Android
|
2018-02-08 22:57:36 +00:00
|
|
|
- test_android:
|
2018-01-22 19:56:36 +00:00
|
|
|
filters: *filter-ignore-gh-pages
|
2018-02-08 22:57:36 +00:00
|
|
|
requires:
|
|
|
|
|
- checkout_code
|
2017-10-13 23:11:53 +00:00
|
|
|
|
2018-03-05 02:10:29 +00:00
|
|
|
# Test iOS & tvOS
|
2018-06-16 22:49:31 +00:00
|
|
|
- test_objc:
|
2017-10-16 18:52:48 +00:00
|
|
|
filters: *filter-ignore-gh-pages
|
2018-02-08 22:57:36 +00:00
|
|
|
requires:
|
|
|
|
|
- checkout_code
|
2018-02-01 01:08:06 +00:00
|
|
|
|
2018-08-22 03:16:41 +00:00
|
|
|
- test_detox_end_to_end:
|
|
|
|
|
filters: *filter-ignore-gh-pages
|
|
|
|
|
requires:
|
|
|
|
|
- checkout_code
|
2018-08-06 19:59:41 +00:00
|
|
|
|
2018-06-14 20:48:15 +00:00
|
|
|
# Only runs on vX.X.X tags if all tests are green
|
|
|
|
|
- publish_npm_package:
|
|
|
|
|
filters:
|
|
|
|
|
branches:
|
2018-07-30 22:24:01 +00:00
|
|
|
only:
|
|
|
|
|
- /.*-stable/
|
2018-06-14 20:48:15 +00:00
|
|
|
tags:
|
|
|
|
|
only: /v[0-9]+(\.[0-9]+)*(\-rc(\.[0-9]+)?)?/
|
|
|
|
|
requires:
|
|
|
|
|
- test_javascript
|
2018-06-16 22:49:31 +00:00
|
|
|
- test_objc
|
|
|
|
|
- test_android
|
2018-06-14 20:48:15 +00:00
|
|
|
|
2018-02-08 23:50:25 +00:00
|
|
|
# Run code checks
|
2018-05-07 21:24:32 +00:00
|
|
|
- analyze_pr:
|
2018-02-08 23:50:25 +00:00
|
|
|
filters: *filter-ignore-master-stable
|
