Closes Issue #1303: Backport GitHub Actions changes to allow successf…

…ul Dependabot PRs. (#1305)

.eslintignore

@@ -3,5 +3,6 @@
 **/vendor/
 /_site/
 /js/coverage/
+/site/assets/js/ie-emulation-modes-warning.js
 /site/static/sw.js
 /site/layouts/partials/

.github/workflows/cdn-deploy-head.yml

@@ -8,18 +8,18 @@ on:
 jobs:
  deploy:
  name: Build & deploy CDN assets
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
 
  steps:
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
 
  - name: Configure AWS credentials
- uses: aws-actions/configure-aws-credentials@v2
+ uses: aws-actions/configure-aws-credentials@v4
  with:
  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- aws-region: us-west-2
+ aws-region: ${{ secrets.AWS_REGION }}
 
  - name: Deploy 2.x CDN assets to S3 + CloudFront
  if: ${{ github.ref_name == '2.x' }}

.github/workflows/cdn-deploy-release.yml

@@ -7,20 +7,20 @@ on:
 jobs:
  deploy:
  name: Build & deploy CDN assets
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
 
  steps:
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  with:
  ref: ${{ github.event.client_payload.ref }}
 
  - name: Configure AWS credentials
- uses: aws-actions/configure-aws-credentials@v2
+ uses: aws-actions/configure-aws-credentials@v4
  with:
  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- aws-region: us-west-2
+ aws-region: ${{ secrets.AWS_REGION }}
 
  - name: Deploy CDN assets to S3 + CloudFront
  run: |

.github/workflows/release.yml

@@ -6,41 +6,45 @@ on:
  version:
  description: The version to tag and release
  required: true
+env:
+ AZ_EPHEMERALIMAGENAME: ${{ vars.AZ_EPHEMERALIMAGENAME }}
 
 jobs:
  release:
  name: Create Release
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
+ permissions: write-all
  steps:
  - name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  with:
  token: ${{ secrets.REPO_DISPATCH_TOKEN }}
  ref: 2.x
 
  - name: Set variables for Docker images
  run: |
  oldhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }}
- registry='ghcr.io'
- imageprefix="${registry}/${GITHUB_REPOSITORY}/"
- imagename='az-nodejs-ephemeral'
- imagestem="${imageprefix}${imagename}:"
- echo "AZ_DOCKER_REGISTRY=${registry}" >> ${GITHUB_ENV}
+ imageprefix=${{ vars.AZ_DOCKER_REGISTRY }}"/${GITHUB_REPOSITORY}/"
+ imagestem="${imageprefix}${AZ_EPHEMERALIMAGENAME}:"
  echo "AZ_OLD_HASH=${oldhash}" >> ${GITHUB_ENV}
  echo "AZ_IMAGE_STEM=${imagestem}" >> ${GITHUB_ENV}
  echo "AZ_BOOTSTRAP_SOURCE_DIR=/arizona-bootstrap-source" >> ${GITHUB_ENV}
  echo "AZ_BOOTSTRAP_FROZEN_DIR=/azbuild/arizona-bootstrap" >> ${GITHUB_ENV}
 
  - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
 
  - name: Docker authentication
- run: |
- docker login "$AZ_DOCKER_REGISTRY" -u "$GITHUB_ACTOR" -p ${{ secrets.GITHUB_TOKEN }}
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ vars.AZ_DOCKER_REGISTRY }}
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
 
  - name: Unconditionally rebuild and save the Docker image
  run: |
- workingtitle=$(docker build -q . )
+ workingtitle="${AZ_EPHEMERALIMAGENAME}:working"
+ docker buildx build --load --platform=linux/amd64 --no-cache -t "$workingtitle" --build-arg AZ_BOOTSTRAP_FROZEN_DIR . \
  tempname="old${AZ_OLD_HASH}"
  docker run --name "$tempname" "$workingtitle" true
  docker cp -a "${tempname}:${AZ_BOOTSTRAP_FROZEN_DIR}/." .
@@ -86,7 +90,7 @@ jobs:
  echo "{\"sha\": \"$(git rev-parse HEAD)\"}" > ${{ runner.temp }}/variables.json
 
  - name: Upload variables
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
  with:
  name: variables-json-artifact
  path: ${{ runner.temp }}/variables.json
@@ -102,7 +106,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Download variables
- uses: actions/download-artifact@v3
+ uses: actions/download-artifact@v4
  with:
  name: variables-json-artifact
  path: ${{ runner.temp }}
@@ -114,7 +118,7 @@ jobs:
  echo "BRANCH_NAME=${GITHUB_REF_NAME}" >> ${GITHUB_ENV}
 
  - name: Notify dependencies
- uses: peter-evans/repository-dispatch@v2
+ uses: peter-evans/repository-dispatch@v3
  with:
  token: ${{ secrets.REPO_DISPATCH_TOKEN }}
  repository: ${{ matrix.repo }}

.github/workflows/review-site.yml

@@ -9,32 +9,37 @@ on:
  branches:
  - main
  - 2.x
-
+env:
+ AZ_SITE_HOST: ${{ vars.AZ_SITE_HOST }}
+ AZ_EPHEMERALIMAGENAME: ${{ vars.AZ_EPHEMERALIMAGENAME }}
 jobs:
  lint-code:
  name: Check code for linting errors
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ packages: write
  steps:
  - name: Checkout repository to workspace
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  - name: Set variables for Docker images
  run: |
  oldhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }}
- registry='ghcr.io'
- imageprefix="${registry}/${GITHUB_REPOSITORY}/"
- imagename='az-nodejs-ephemeral'
- imagestem="${imageprefix}${imagename}:"
- echo "AZ_DOCKER_REGISTRY=${registry}" >> ${GITHUB_ENV}
+ imageprefix=${{ vars.AZ_DOCKER_REGISTRY }}"/${GITHUB_REPOSITORY}/"
+ imagestem="${imageprefix}${AZ_EPHEMERALIMAGENAME}:"
  echo "AZ_OLD_HASH=${oldhash}" >> ${GITHUB_ENV}
  echo "AZ_IMAGE_STEM=${imagestem}" >> ${GITHUB_ENV}
  echo "AZ_EPHEMERAL_IMAGE=${imagestem}${oldhash}" >> ${GITHUB_ENV}
  echo "AZ_BOOTSTRAP_SOURCE_DIR=/arizona-bootstrap-source" >> ${GITHUB_ENV}
  echo "AZ_BOOTSTRAP_FROZEN_DIR=/azbuild/arizona-bootstrap" >> ${GITHUB_ENV}
  - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
  - name: Docker authentication
- run: |
- docker login "$AZ_DOCKER_REGISTRY" -u "$GITHUB_ACTOR" -p ${{ secrets.AZ_DOCKER_REGISTRY_TOKEN }}
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ vars.AZ_DOCKER_REGISTRY }}
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
  - name: Search for Docker image
  id: dockerpull
  continue-on-error: true
@@ -43,7 +48,8 @@ jobs:
  - name: Conditionally rebuild and save the Docker image
  if: ${{ steps.dockerpull.outcome == 'failure' }}
  run: |
- workingtitle=$(docker build -q . )
+ workingtitle="${AZ_EPHEMERALIMAGENAME}:working"
+ docker buildx build --load --platform=linux/amd64 --no-cache -t "$workingtitle" --build-arg AZ_BOOTSTRAP_FROZEN_DIR .
  tempname="old${AZ_OLD_HASH}"
  docker run --name "$tempname" "$workingtitle" true
  docker cp -a "${tempname}:${AZ_BOOTSTRAP_FROZEN_DIR}/." .
@@ -62,12 +68,16 @@ jobs:
  review-site:
  name: Build & deploy review site
  needs: lint-code
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ packages: write
+ pull-requests: write
  steps:
  - name: Checkout repository to workspace
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  with:
- token: ${{ secrets.REPO_DISPATCH_TOKEN }}
+ token: ${{ secrets.GITHUB_TOKEN }}
  fetch-depth: 20
  - name: Find the push source branch name
  if: ${{ github.event_name != 'pull_request' }}
@@ -78,21 +88,21 @@ jobs:
  - name: Set variables for Docker images
  run: |
  oldhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }}
- registry='ghcr.io'
- imageprefix="${registry}/${GITHUB_REPOSITORY}/"
- imagename='az-nodejs-ephemeral'
- imagestem="${imageprefix}${imagename}:"
- echo "AZ_DOCKER_REGISTRY=${registry}" >> ${GITHUB_ENV}
+ imageprefix=${{ vars.AZ_DOCKER_REGISTRY }}"/${GITHUB_REPOSITORY}/"
+ imagestem="${imageprefix}${AZ_EPHEMERALIMAGENAME}:"
  echo "AZ_OLD_HASH=${oldhash}" >> ${GITHUB_ENV}
  echo "AZ_IMAGE_STEM=${imagestem}" >> ${GITHUB_ENV}
  echo "AZ_EPHEMERAL_IMAGE=${imagestem}${oldhash}" >> ${GITHUB_ENV}
  echo "AZ_BOOTSTRAP_SOURCE_DIR=/arizona-bootstrap-source" >> ${GITHUB_ENV}
  echo "AZ_BOOTSTRAP_FROZEN_DIR=/azbuild/arizona-bootstrap" >> ${GITHUB_ENV}
  - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
  - name: Docker authentication
- run: |
- docker login "$AZ_DOCKER_REGISTRY" -u "$GITHUB_ACTOR" -p ${{ secrets.GITHUB_TOKEN }}
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ vars.AZ_DOCKER_REGISTRY }}
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
  - name: Search for Docker image
  id: dockerpull
  continue-on-error: true
@@ -101,7 +111,8 @@ jobs:
  - name: Conditionally rebuild and save the Docker image
  if: ${{ steps.dockerpull.outcome == 'failure' }}
  run: |
- workingtitle=$(docker build -q . )
+ workingtitle="${AZ_EPHEMERALIMAGENAME}:working"
+ docker buildx build --load --platform=linux/amd64 --no-cache -t "$workingtitle" --build-arg AZ_BOOTSTRAP_FROZEN_DIR .
  tempname="old${AZ_OLD_HASH}"
  docker run --name "$tempname" "$workingtitle" true
  docker cp -a "${tempname}:${AZ_BOOTSTRAP_FROZEN_DIR}/." .
@@ -114,7 +125,6 @@ jobs:
  - name: Build variables
  run: |
  echo "AZ_REVIEW_BASEURL=/arizona-bootstrap/${AZ_TRIMMED_REF}" >> ${GITHUB_ENV}
- echo "AZ_SITE_HOST=https://review.digital.arizona.edu" >> ${GITHUB_ENV}
  - name: Build review site artifact
  run: |
  sudo touch config.yml
@@ -132,11 +142,11 @@ jobs:
  fi
  shell: sh
  - name: Configure AWS credentials
- uses: aws-actions/configure-aws-credentials@v2
+ uses: aws-actions/configure-aws-credentials@v4
  with:
  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- aws-region: us-west-2
+ aws-region: ${{ secrets.AWS_REGION }}
  - name: Deploy review site artifact to S3 + CloudFront
  run: |
  aws s3 sync --delete _site/ s3://${{ secrets.REVIEW_BUCKET }}${AZ_REVIEW_BASEURL}/

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 node:20.13.1-bookworm-slim
+FROM node:20.18.0-bookworm-slim
 
 ENV LANG C.UTF-8
 
@@ -37,7 +37,7 @@ RUN apt-get update \
  && chmod 755 /root \
  && touch /root/.npmrc \
  && chmod 644 /root/.npmrc \
- && npm install --location=global npm-check-updates@16.14.20 \
+ && npm install --location=global npm-check-updates@17.1.3 \
  && curl 'https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip' -o /tmp/awscliv2.zip \
  && unzip -d /tmp /tmp/awscliv2.zip \
  && /tmp/aws/install \
@@ -49,8 +49,8 @@ WORKDIR $AZ_BOOTSTRAP_FROZEN_DIR
 RUN mkdir /home/node/.npm \
  && chown node:node /home/node/.npm \
  && npm config set cache='/home/node/.npm' \
- && npm install \
- && find node_modules -name '.DS_Store' -exec rm {} \; \ 
+ && npm install --foreground-scripts=true --loglevel=verbose \
+ && find node_modules -name '.DS_Store' -exec rm {} \; \
  && chown -R node:node "$AZ_BOOTSTRAP_FROZEN_DIR"
 
 USER node:node

build/postcss.config.js

@@ -1,5 +1,6 @@
 'use strict'
 
+/* eslint-disable-next-line unicorn/no-anonymous-default-export */
 module.exports = ctx => {
  return {
  map: ctx.file.dirname.includes('examples') ?