Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FED-3006 CI fixes and dependency_validator cleanup #291

Merged
merged 2 commits into from
Aug 1, 2024
Merged

FED-3006 CI fixes and dependency_validator cleanup #291

merged 2 commits into from
Aug 1, 2024

Conversation

greglittlefield-wf
Copy link
Contributor

@greglittlefield-wf greglittlefield-wf commented Jul 31, 2024
edited
Loading

Motivation

While putting up another PR, I noticed a couple issues:

  1. The SBOM step failing (example) on one of the matrix runs; it looks like it doesn't like being run more than once
  2. dependency_validator failing on imports within test fixture packages

These seemed worth PRing to master separately.

Changes

  1. Update SBOM step to only run once
  2. Update / clean up dependency_validator config
    • Upgrade to dependency_validator 4.0.0, which doesn't have false positives for package: imports in comments and strings!
    • Add exclude to files within test_fixtures directory
    • Clean up ignores in config no longer needed with 4.0.0 and new exclude
    • Remove old, unused config from pubspec.yaml

Release Notes

Review

See CONTRIBUTING.md for more details on review types (+1 / QA +1 / +10) and code review process.

Please review:

QA Checklist

  • Tests were updated and provide good coverage of the changeset and other affected code
  • Manual testing was performed if needed
    • Steps from PR author:
      • CI passes
      • SBOM job is step is run exactly once in CI
    • Anything falling under manual testing criteria outlined in CONTRIBUTING.md

Merge Checklist

While we perform many automated checks before auto-merging, some manual checks are needed:

  • A Frontend Frameworks Design member has reviewed these changes
  • There are no unaddressed comments - this check can be automated if reviewers use the "Request Changes" feature
  • For release PRs - Version metadata in Rosie comment is correct

@aviary-wf
Copy link

Security Insights

No security relevant content was detected by automated scans.

Action Items

  • Review PR for security impact; comment "security review required" if needed or unsure
  • Verify aviary.yaml coverage of security relevant code

Questions or Comments? Reach out on Slack: #support-infosec.

@greglittlefield-wf greglittlefield-wf changed the title Fixes and cleanup CI fixes and dependency_validator cleanup Jul 31, 2024
@greglittlefield-wf greglittlefield-wf marked this pull request as ready for review July 31, 2024 23:59
@rmconsole7-wk rmconsole7-wk changed the title CI fixes and dependency_validator cleanup FED-3006 CI fixes and dependency_validator cleanup Jul 31, 2024
sydneyjodon-wk
sydneyjodon-wk approved these changes Aug 1, 2024
View reviewed changes
.github/workflows/dart_ci.yml
@@ -68,6 +68,8 @@ jobs:

- name: Create SBOM Release Asset
uses: anchore/sbom-action@v0
# This fails if it runs more than once within a given build
if: matrix.sdk != '2.18.7'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we even need to keep running CI on 2.18.7?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question: I don't think so. I thought about ripping that out, but didn't wanna mess with it right now

sydneyjodon-wk
sydneyjodon-wk approved these changes Aug 1, 2024
View reviewed changes
Copy link
Contributor

@sydneyjodon-wk sydneyjodon-wk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QA +1

  • CI passes
  • SBOM job is step is run exactly once in CI

@greglittlefield-wf
Copy link
Contributor Author

@Workiva/release-management-p

rmconsole-wf
rmconsole-wf approved these changes Aug 1, 2024
View reviewed changes
Copy link

@rmconsole-wf rmconsole-wf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 from RM

@rmconsole3-wf rmconsole3-wf merged commit 7c6c6db into master Aug 1, 2024
6 checks passed
@rmconsole3-wf rmconsole3-wf deleted the fixes-and-cleanup branch August 1, 2024 00:14
@rmconsole-readonly-wk rmconsole-readonly-wk mentioned this pull request Aug 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sydneyjodon-wk sydneyjodon-wk sydneyjodon-wk approved these changes

@rmconsole-wf rmconsole-wf rmconsole-wf approved these changes

@aaronlademann-wf aaronlademann-wf Awaiting requested review from aaronlademann-wf

Assignees
No one assigned
Labels
Merge Requirements Met RM Ready
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@greglittlefield-wf @aviary-wf @rmconsole-wf @sydneyjodon-wk @rmconsole3-wf