From 6a1ae62d7d3409eeca52ce4ce004efef60450bf9 Mon Sep 17 00:00:00 2001 From: Victor Engmark Date: Tue, 4 Jun 2024 09:05:36 +1200 Subject: [PATCH] build: update to Node.js 22 TDE-1193 Keep our software up to date, and get any useful features, fixes, and optimisations from new versions of dependencies. 1. Update the engine: ``` jq '.engines.node = "^22.11.0"' package.json | sponge package.json ``` 2. Update the lock file: ``` npm install ``` 3. Update the uses of `linz/action-typescript`: ``` for path in .github/workflows/*.y*ml; do yq --inplace '(.jobs.*.steps[] | select(.uses == "linz/action-typescript*").with.node-version) = "22.x"' "$path" done ``` 4. Update Dockerfile manifest digest: ``` sed --in-place --expression="s/^FROM node:.*/FROM node:22-slim@$(docker manifest inspect node:22-slim | jq --raw-output '.manifests[] | select(.platform.architecture == "amd64" and .platform.os == "linux") | .digest')/" Dockerfile ``` 5. Run Node.js tests without an argument. Something changed in the Node.js CLI in this release, breaking the old invocation. --- .github/workflows/pull-request-container.yml | 19 ++----------- .github/workflows/push.yml | 30 ++------------------ .github/workflows/release-please.yml | 22 ++------------ Dockerfile | 3 +- package-lock.json | 2 +- package.json | 4 +-- 6 files changed, 12 insertions(+), 68 deletions(-) diff --git a/.github/workflows/pull-request-container.yml b/.github/workflows/pull-request-container.yml index a323f165..1fb227f3 100644 --- a/.github/workflows/pull-request-container.yml +++ b/.github/workflows/pull-request-container.yml @@ -1,5 +1,4 @@ name: Pull Request Containers - on: pull_request: types: @@ -8,23 +7,18 @@ jobs: containers: name: Create containers runs-on: ubuntu-latest - if: | github.event.label.name == 'container' - environment: name: nonprod - permissions: id-token: write contents: read packages: write - steps: - uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3 with: - node-version: 20.x - + node-version: 22.x - name: Setup GIT version id: version run: | @@ -33,14 +27,11 @@ jobs: GIT_VERSION_MAJOR_MINOR=$(echo "$GIT_VERSION" | cut -d. -f1,2) { echo "version=${GIT_VERSION}"; echo "version_major=${GIT_VERSION_MAJOR}"; echo "version_major_minor=${GIT_VERSION_MAJOR_MINOR}"; } >> "$GITHUB_OUTPUT" - - name: Set up Docker Qemu id: qemu uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 - - name: Docker meta id: meta uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5 @@ -48,14 +39,12 @@ jobs: images: ${{ github.repository }} labels: | org.opencontainers.image.version=${{ steps.version.outputs.version }} - - name: Login to GitHub Container Registry uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Setup docker tags id: tags uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 @@ -65,7 +54,6 @@ jobs: const tags = []; tags.push('ghcr.io/${{ github.repository }}:pr-${{ github.event.number }}'); return tags.join(', ') - - name: Build and push container uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5 with: @@ -74,7 +62,4 @@ jobs: push: true labels: ${{ steps.meta.outputs.labels }} platforms: linux/arm64,linux/amd64 - build-args: | - GIT_HASH=${{ github.sha }} - GIT_VERSION=${{ steps.version.outputs.version }} - GITHUB_RUN_ID=${{ github.run_id}} + build-args: "GIT_HASH=${{ github.sha }}\nGIT_VERSION=${{ steps.version.outputs.version }} \nGITHUB_RUN_ID=${{ github.run_id}}\n" diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index a2c9dfe5..61310c65 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -6,22 +6,18 @@ jobs: steps: - uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3 with: - node-version: 20.x - + node-version: 22.x - name: Generate Readme run: | node build/src/readme.generate.js - # Validate no READMEs have been updated - name: Validate Readme generation run: | git diff --exit-code - # Only build containers on branches otherwise container builds are duplicated deploy-nonprod-containers - name: Set up Docker Buildx if: ${{ github.ref != 'refs/heads/master' }} uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 - - name: Build container if: ${{ github.ref != 'refs/heads/master' }} uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5 @@ -32,37 +28,28 @@ jobs: build-args: | GIT_HASH=${{ github.sha }} GITHUB_RUN_ID=${{ github.run_id}} - deploy-nonprod-containers: runs-on: ubuntu-latest concurrency: deploy-dev-${{ github.ref }} needs: ['build'] - # On push to master when it is not a release! if: ${{ github.ref == 'refs/heads/master' && !startsWith(github.event.head_commit.message, 'release:') }} - permissions: id-token: write contents: read packages: write - env: AWS_CI_ROLE: ${{ secrets.AWS_CI_ROLE }} - environment: name: nonprod - steps: - uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3 with: - node-version: 20.x - + node-version: 22.x - name: Download actionlint run: docker build --tag actionlint - < .github/workflows/actionlint.dockerfile - - name: Run actionlint to check workflow files run: docker run --volume="${PWD}:/repo" --workdir=/repo actionlint -color - - name: Setup GIT version id: version run: | @@ -71,14 +58,11 @@ jobs: GIT_VERSION_MAJOR_MINOR=$(echo "$GIT_VERSION" | cut -d. -f1,2) { echo "version=${GIT_VERSION}"; echo "version_major=${GIT_VERSION_MAJOR}"; echo "version_major_minor=${GIT_VERSION_MAJOR_MINOR}"; } >> "$GITHUB_OUTPUT" - - name: Set up Docker Qemu id: qemu uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 - - name: Docker meta id: meta uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5 @@ -86,14 +70,12 @@ jobs: images: ${{ github.repository }} labels: | org.opencontainers.image.version=${{ steps.version.outputs.version }} - - name: Login to GitHub Container Registry uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure AWS Credentials if: ${{env.AWS_CI_ROLE != ''}} uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4 @@ -101,12 +83,10 @@ jobs: aws-region: ap-southeast-2 mask-aws-account-id: true role-to-assume: ${{ secrets.AWS_CI_ROLE }} - - name: Login to Amazon ECR if: ${{env.AWS_CI_ROLE != ''}} id: login-ecr uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1 - - name: Setup docker tags id: tags uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 @@ -122,7 +102,6 @@ jobs: tags.push('${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:${{ steps.version.outputs.version }}'); } return tags.join(', ') - - name: Build and push container uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5 with: @@ -131,7 +110,4 @@ jobs: push: true labels: ${{ steps.meta.outputs.labels }} platforms: linux/arm64,linux/amd64 - build-args: | - GIT_HASH=${{ github.sha }} - GIT_VERSION=${{ steps.version.outputs.version }} - GITHUB_RUN_ID=${{ github.run_id}} + build-args: "GIT_HASH=${{ github.sha }}\nGIT_VERSION=${{ steps.version.outputs.version }} \nGITHUB_RUN_ID=${{ github.run_id}}\n" diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index a1356b4c..2587debe 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -15,29 +15,22 @@ jobs: release-type: node token: ${{ secrets.GITHUB_TOKEN }} pull-request-title-pattern: "release: ${version}" - publish-release: needs: release-please runs-on: ubuntu-latest - environment: name: prod - env: AWS_CI_ROLE: ${{ secrets.AWS_CI_ROLE }} - permissions: id-token: write contents: read packages: write - if: ${{ needs.release-please.outputs.release_created }} - steps: - uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3 with: - node-version: 20.x - + node-version: 22.x - name: Setup GIT version id: version run: | @@ -46,14 +39,11 @@ jobs: GIT_VERSION_MAJOR_MINOR=$(echo "$GIT_VERSION" | cut -d. -f1,2) { echo "version=${GIT_VERSION}"; echo "version_major=${GIT_VERSION_MAJOR}"; echo "version_major_minor=${GIT_VERSION_MAJOR_MINOR}"; } >> "$GITHUB_OUTPUT" - - name: Set up Docker Qemu id: qemu uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 - - name: Docker meta id: meta uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5 @@ -61,14 +51,12 @@ jobs: images: ${{ github.repository }} labels: | org.opencontainers.image.version=${{ steps.version.outputs.version }} - - name: Login to GitHub Container Registry uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure AWS Credentials if: ${{ env.AWS_CI_ROLE != '' }} uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4 @@ -76,12 +64,10 @@ jobs: aws-region: ap-southeast-2 mask-aws-account-id: true role-to-assume: ${{ secrets.AWS_CI_ROLE }} - - name: Login to Amazon ECR if: ${{ env.AWS_CI_ROLE != '' }} id: login-ecr uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1 - - name: Setup docker tags id: tags uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 @@ -101,7 +87,6 @@ jobs: tags.push('${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:${{ steps.version.outputs.version }}'); } return tags.join(', ') - - name: Build and push container uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5 with: @@ -110,7 +95,4 @@ jobs: push: true labels: ${{ steps.meta.outputs.labels }} platforms: linux/arm64,linux/amd64 - build-args: | - GIT_HASH=${{ github.sha }} - GIT_VERSION=${{ steps.version.outputs.version }} - GITHUB_RUN_ID=${{ github.run_id}} + build-args: "GIT_HASH=${{ github.sha }}\nGIT_VERSION=${{ steps.version.outputs.version }} \nGITHUB_RUN_ID=${{ github.run_id}}\n" diff --git a/Dockerfile b/Dockerfile index 1ce55934..9b137ae9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ -FROM node:20-slim@sha256:cffed8cd39d6a380434e6d08116d188c53e70611175cd5ec7700f93f32a935a6 +# Use manifest digest for multi-platform support +FROM node:22-slim@sha256:3a17df2ede55682bccb79e45d71b5213295ce5eae25a0816877b0e548595de1b RUN apt-get update && apt-get install openssh-client git -y diff --git a/package-lock.json b/package-lock.json index eceab921..daeb6d3c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -40,7 +40,7 @@ "stac-ts": "^1.0.3" }, "engines": { - "node": "^20.13.1" + "node": "^22.11.0" } }, "node_modules/@aws-crypto/crc32": { diff --git a/package.json b/package.json index 49d3b5b0..fce89c3b 100644 --- a/package.json +++ b/package.json @@ -21,14 +21,14 @@ "scripts": { "build": "tsc", "lint": "npx eslint . --ignore-path .gitignore", - "test": "node --test build/" + "test": "node --test 'build/**/*.test.js'" }, "publishConfig": { "access": "restricted" }, "type": "module", "engines": { - "node": "^20.13.1" + "node": "^22.11.0" }, "files": [ "build/src/**"