Feat/GitHub actions/source

.github/actions/node-and-build/action.yml

@@ -0,0 +1,38 @@
+name: Set Node and Build
+description: Checks out Amplify and builds the package
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Setup Node.js 16
+      uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 https://github.com/actions/setup-node/commit/64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c
+      with:
+        node-version: 16
+      env:
+        SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2
+    - name: Install
+      run: |
+        mv .yarnrc ._yarnrc
+        yarn
+      shell: bash
+    - name: Bootstrap
+      run: yarn bootstrap
+      shell: bash
+    - uses: actions/cache@v2
+      id: cache-build-artifacts
+      with:
+        path: |
+          **/dist
+          **/lib
+          **/
+          **/lib-esm/
+          **/es/
+          **/esm/
+          **/cjs/
+        key: ${{ runner.os }}-build-artifacts-${{ hashFiles('**/yarn.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-build-artifacts-
+    - name: Build packages
+      if: steps.cache-build-artifacts.outputs.cache-hit != 'true'
+      run: yarn build
+      shell: bash

.github/workflows/aws-amplify-dependency-check.yml

@@ -10,16 +10,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
         with:
           persist-credentials: true
       - name: Determine if "aws-amplify" package.json has been changed
         id: aws-amplify-package-check
-        uses: tj-actions/changed-files@v36
+        uses: tj-actions/changed-files@54479c37f5eb47a43e595c6b71e1df2c112ce7f1 # v36 https://github.com/tj-actions/changed-files/commit/54479c37f5eb47a43e595c6b71e1df2c112ce7f1
         with:
           files: packages/aws-amplify/package.json
       - name: Write a PR comment
-        uses: actions/github-script@v6
+        uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # v6.4.0 https://github.com/actions/github-script/commit/98814c53be79b1d30f795b907e553d8679345975
         if: steps.aws-amplify-package-check.outputs.any_changed == 'true'
         with:
           script: |

.github/workflows/callable-bundle-size-tests.yml

@@ -0,0 +1,19 @@
+name: 'Unit Tests'
+
+on:
+  workflow_call:
+
+jobs:
+  bundle_size_tests:
+    name: Bundle Size Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
+        with:
+          # Minimal depth 2 so we can checkout the commit before possible merge commit.
+          fetch-depth: 2
+      - name: Setup node and build the repository
+        uses: ./.github/actions/node-and-build
+      - name: Run Bundle Size Tests
+        run: yarn test:size

.github/workflows/codeql.yml → .github/workflows/callable-codeql.yml

@@ -2,8 +2,7 @@
 name: 'CodeQL'
 
 on:
-  push:
-  pull_request:
+  workflow_call:
 
 jobs:
   analyze:
@@ -21,23 +20,23 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
         with:
           # Minimal depth 2 so we can checkout the commit before possible merge commit.
           fetch-depth: 2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@d23060145bc9131d50558d5d4185494a20208101 # v2.12.5 https://github.com/github/codeql-action/commit/d23060145bc9131d50558d5d4185494a20208101
         with:
           languages: ${{ matrix.language }}
           config-file: ./.github/codeql/codeql-config.yml
 
       # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@d23060145bc9131d50558d5d4185494a20208101 # v2.12.5 https://github.com/github/codeql-action/commit/d23060145bc9131d50558d5d4185494a20208101
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@d23060145bc9131d50558d5d4185494a20208101 # v2.12.5 https://github.com/github/codeql-action/commit/d23060145bc9131d50558d5d4185494a20208101
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/callable-get-package-list.yml

@@ -0,0 +1,41 @@
+name: 'Capture Package Names List to Outputs'
+
+on:
+  workflow_call:
+    outputs:
+      packages:
+        description: 'The json encoded package list'
+        value: ${{ jobs.get-package-list.outputs.packages }}
+jobs:
+  get-package-list:
+    # Prepares the 'bazelversion' axis of the test matrix
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
+        with:
+          # Minimal depth 2 so we can checkout the commit before possible merge commit.
+          fetch-depth: 2
+      - uses: actions/cache@v2
+        id: cache-package-list
+        with:
+          path: |
+            **/package-list.json
+          key: ${{ runner.os }}-package-list-${{ hashFiles('**/package.json') }}
+          restore-keys: |
+            ${{ runner.os }}-package-list-
+      - name: Install
+        if: steps.cache-package-list.outputs.cache-hit != 'true'
+        run: yarn
+        shell: bash
+      # Need the repo checked out in order to read the file
+      - name: Dump Package List
+        if: steps.cache-package-list.outputs.cache-hit != 'true'
+        run: |
+          echo "packages=$(yarn lerna ls | egrep -v "lerna|Done|yarn" | jq -R -s -c 'split("\n")[:-1]')" > package-list.json
+      - name: Get Package List
+        id: get_package_list
+        run: |
+          cat package-list.json >> $GITHUB_OUTPUT
+    outputs:
+      packages: ${{ steps.get_package_list.outputs.packages }}

.github/workflows/callable-unit-tests.yml

@@ -0,0 +1,23 @@
+name: 'Unit Tests'
+
+on:
+  workflow_call:
+    inputs:
+      package:
+        required: true
+        type: string
+
+jobs:
+  unit_test:
+    name: Unit Tests - ${{ inputs.package }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
+        with:
+          # Minimal depth 2 so we can checkout the commit before possible merge commit.
+          fetch-depth: 2
+      - name: Setup node and build the repository
+        uses: ./.github/actions/node-and-build
+      - name: Run tests
+        run: npx lerna exec --scope ${{ inputs.package }} yarn test

.github/workflows/issue-pending-response.yml

@@ -9,7 +9,7 @@ jobs:
     if: ${{ !github.event.issue.pull_request  && contains(github.event.issue.labels.*.name, 'pending-response') }}
     runs-on: ubuntu-latest
     steps:
-      - uses: siegerts/pending-author-response@v1
+      - uses: siegerts/pending-author-response@409a63bf27370ba9a0e98e8d5fbda7a12398d456 # v1 https://github.com/siegerts/pending-author-response/commit/409a63bf27370ba9a0e98e8d5fbda7a12398d456
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           pending-response-label: pending-response

.github/workflows/lock.yaml

@@ -8,7 +8,7 @@ jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v2
+      - uses: dessant/lock-threads@f1a42f0f44eb83361d617a014663e1a76cf282d2 # v2 https://github.com/dessant/lock-threads/commit/f1a42f0f44eb83361d617a014663e1a76cf282d2
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           issue-lock-inactive-days: '365'

.github/workflows/pr.yml

@@ -0,0 +1,34 @@
+name: PR Validation
+
+on:
+  pull_request:
+
+jobs:
+  prebuild:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
+        with:
+          # Minimal depth 2 so we can checkout the commit before possible merge commit.
+          fetch-depth: 2
+      - name: Setup node and build the repository
+        uses: ./.github/actions/node-and-build
+  get-package-list:
+    uses: ./.github/workflows/callable-get-package-list.yml
+  codeql:
+    uses: ./.github/workflows/callable-codeql.yml
+  unit-tests:
+    needs:
+      - prebuild
+      - get-package-list
+    strategy:
+      matrix:
+        package: ${{ fromJSON(needs.get-package-list.outputs.packages) }}
+      fail-fast: true
+    uses: ./.github/workflows/callable-unit-tests.yml
+    with:
+      package: ${{ matrix.package }}
+  bundle-size-tests:
+    needs: prebuild
+    uses: ./.github/workflows/callable-bundle-size-tests.yml

.github/workflows/snyk-security.yml

@@ -18,9 +18,9 @@ jobs:
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
       - name: Set up Snyk CLI to check for security issues
-        uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb
+        uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb # v0.4.0 https://github.com/snyk/actions/commit/806182742461562b67788a64410098c9d9b96adb
       - name: Build
         run: yarn install || true
         # Using `|| true` to not fail the pipeline
@@ -31,6 +31,6 @@ jobs:
 
       # Push the Snyk Code results into GitHub Code Scanning tab
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2 https://github.com/github/codeql-action/commit/6c089f53dd51dc3fc7e599c3cb5356453a52ca9e
         with:
           sarif_file: snyk-code.sarif