diff --git a/.github/actions/cdn_deployment_aws/action.yaml b/.github/actions/cdn_deployment_aws/action.yaml index f586f30..b7078b4 100644 --- a/.github/actions/cdn_deployment_aws/action.yaml +++ b/.github/actions/cdn_deployment_aws/action.yaml @@ -1,84 +1,84 @@ -name: CDN Deployment for AWS -description: Deploys to AWS CDN and optionally invalidates the path in CloudFront -inputs: - artifact: - description: Name of the artifact - required: true - invalidate_paths: - description: paths that get invalidated in cloud front - default: '' - aws_account_id: - description: The AWS account id - required: true - aws_distribution_id: - description: The CloudFront description id - required: true - aws_bucket_name: - description: The AWS bucket to sync - required: true - deploy_index_html: - description: Deploy a simple index.html file to S3 root - default: 'false' -runs: - using: 'composite' - - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4 - with: - aws-region: us-east-2 - role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/github-runner-for-cdn - - - name: Check Identity - shell: bash - run: aws sts get-caller-identity - - - uses: actions/download-artifact@v4 - with: - name: ${{ inputs.artifact }} - path: ./download - - - name: Deploy - shell: bash - run: aws s3 sync ./download s3://${{ inputs.aws_bucket_name }} - - - name: Create and Deploy Index HTML - if: ${{ inputs.deploy_index_html == 'true' }} - shell: bash - run: | - echo ' - - - - - UID2/EUID SDK Files - - - -

UID2/EUID SDK Files

-

This directory contains the latest SDK files for UID2 and EUID integration.

-
-
- SDK Files: Available in this directory -
-
- Documentation: Visit Documentation -
-
- - ' > index.html - aws s3 cp index.html s3://${{ inputs.aws_bucket_name }}/index.html - - - name: Invalidate CloudFront - uses: chetan/invalidate-cloudfront-action@cacab256f2bd90d1c04447a7d6afdaf6f346e7b3 # v2 - env: - DISTRIBUTION: ${{ inputs.aws_distribution_id }} - PATHS: ${{ inputs.invalidate_paths }} - AWS_REGION: us-east-2 +name: CDN Deployment for AWS +description: Deploys to AWS CDN and optionally invalidates the path in CloudFront +inputs: + artifact: + description: Name of the artifact + required: true + invalidate_paths: + description: paths that get invalidated in cloud front + default: '' + aws_account_id: + description: The AWS account id + required: true + aws_distribution_id: + description: The CloudFront description id + required: true + aws_bucket_name: + description: The AWS bucket to sync + required: true + deploy_index_html: + description: Deploy a simple index.html file to S3 root + default: 'false' +runs: + using: 'composite' + + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + with: + aws-region: us-east-2 + role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/github-runner-for-cdn + + - name: Check Identity + shell: bash + run: aws sts get-caller-identity + + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: ${{ inputs.artifact }} + path: ./download + + - name: Deploy + shell: bash + run: aws s3 sync ./download s3://${{ inputs.aws_bucket_name }} + + - name: Create and Deploy Index HTML + if: ${{ inputs.deploy_index_html == 'true' }} + shell: bash + run: | + echo ' + + + + + UID2/EUID SDK Files + + + +

UID2/EUID SDK Files

+

This directory contains the latest SDK files for UID2 and EUID integration.

+
+
+ SDK Files: Available in this directory +
+
+ Documentation: Visit Documentation +
+
+ + ' > index.html + aws s3 cp index.html s3://${{ inputs.aws_bucket_name }}/index.html + + - name: Invalidate CloudFront + uses: chetan/invalidate-cloudfront-action@cacab256f2bd90d1c04447a7d6afdaf6f346e7b3 # v2 + env: + DISTRIBUTION: ${{ inputs.aws_distribution_id }} + PATHS: ${{ inputs.invalidate_paths }} + AWS_REGION: us-east-2 diff --git a/.github/workflows/build-sdk-package.yml b/.github/workflows/build-sdk-package.yml index ef2d1c1..422b9b2 100644 --- a/.github/workflows/build-sdk-package.yml +++ b/.github/workflows/build-sdk-package.yml @@ -16,7 +16,7 @@ on: jobs: incrementVersionNumber: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-increase-version-number.yaml@v3 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-increase-version-number.yaml@sch-UID2-6742-update-node20-actions with: release_type: ${{ inputs.release_type }} merge_environment: ${{ github.ref_protected && 'ci-auto-merge' || '' }} diff --git a/.github/workflows/node.js.yaml b/.github/workflows/node.js.yaml index f992106..a79b1d4 100644 --- a/.github/workflows/node.js.yaml +++ b/.github/workflows/node.js.yaml @@ -18,9 +18,9 @@ jobs: # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ matrix.node-version }} cache: 'npm' @@ -32,6 +32,6 @@ jobs: - run: npm test working-directory: ${{ env.WORKING_DIR }} - name: Vulnerability Scan - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions with: scan_type: 'fs' diff --git a/.github/workflows/publish-cstg-example.yml b/.github/workflows/publish-cstg-example.yml new file mode 100644 index 0000000..e93e88e --- /dev/null +++ b/.github/workflows/publish-cstg-example.yml @@ -0,0 +1,38 @@ +name: Release CSTG Example Docker Image +run-name: ${{ github.action_ref == 'refs/head/main' && 'Release' || 'Publish Pre-release' }} CSTG Example Docker Image by @${{ github.actor }} + +on: + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: iabtechlab/uid2-cstg-example + +jobs: + build-cstg-example: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=sha,format=short + - name: Build and push Docker CSTG Example image + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: examples/cstg + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/publish-js-sdk-example.yml b/.github/workflows/publish-js-sdk-example.yml new file mode 100644 index 0000000..0dc0e4b --- /dev/null +++ b/.github/workflows/publish-js-sdk-example.yml @@ -0,0 +1,38 @@ +name: Release JS SDK Example Docker Image +run-name: ${{ github.action_ref == 'refs/head/main' && 'Release' || 'Publish Pre-release' }} JS SDK Example Docker Image by @${{ github.actor }} + +on: + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: iabtechlab/uid2-js-sdk-example + +jobs: + build-js-sdk-example: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=sha,format=short + - name: Build and push Docker JS SDK Example image + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: examples/js-sdk + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/publish-package-to-cdn.yml b/.github/workflows/publish-package-to-cdn.yml new file mode 100644 index 0000000..2d27cb7 --- /dev/null +++ b/.github/workflows/publish-package-to-cdn.yml @@ -0,0 +1,191 @@ +name: Release SDK to NPM and CDN (v2) +run-name: ${{ inputs.release_type == 'Snapshot' && 'Publish Pre-release' || format('Release {0}', inputs.release_type)}} SDK Package to NPM and CDN by @${{ github.actor }} + +on: + workflow_dispatch: + inputs: + release_type: + type: choice + description: The type of release + options: + - Major + - Minor + - Patch + - Snapshot + required: true + with_tag: + description: By default, running npm publish will tag your package with the latest dist-tag. To use another dist-tag, please add tag here + required: false + publish_to_npm: + type: boolean + description: Publish package to NPM (In general, always release to both) + required: false + default: true + publish_to_cdn: + type: boolean + description: Publish package to CDN (In general, always release to both) + required: false + default: true + +jobs: + incrementVersionNumber: + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-increase-version-number.yaml@v2 + with: + release_type: ${{ inputs.release_type }} + secrets: inherit + + build: + runs-on: ubuntu-latest + needs: [incrementVersionNumber] + strategy: + matrix: + node-version: [20.x] + target: [development, production] + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: ${{ matrix.node-version }} + - name: Get Package Version + id: version + run: | + echo "package_version=$(cat package.json | jq -r '.version')" >> $GITHUB_OUTPUT + - name: Install dependencies + run: npm install + - name: Build script + run: npm run build -- --mode=${{ matrix.target }} + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + if: inputs.publish_to_cdn + with: + name: uid2SDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} + path: ./dist/uid2-sdk-${{ steps.version.outputs.package_version }}.js + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + if: inputs.publish_to_cdn + with: + name: euidSDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} + path: ./dist/euid-sdk-${{ steps.version.outputs.package_version }}.js + outputs: + sdkVersion: ${{ steps.version.outputs.package_version }} + + createNpmJsRelease: + needs: [incrementVersionNumber, build] + runs-on: ubuntu-latest + steps: + - name: Build Changelog + id: github_release_changelog + uses: mikepenz/release-changelog-builder-action@v4 + with: + toTag: v${{ needs.incrementVersionNumber.outputs.new_version }} + configurationJson: | + { + "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )" + } + - name: Create Release Notes + uses: softprops/action-gh-release@v2 + with: + name: v${{ needs.incrementVersionNumber.outputs.new_version }} + body: ${{ steps.github_release_changelog.outputs.changelog }} + draft: true + + publish-package: + if: inputs.publish_to_npm + needs: [build, incrementVersionNumber] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: '20.x' + registry-url: 'https://registry.npmjs.org' + scope: uid2 + - run: npm ci + - name: Build package + run: npm run build-package + - name: Publish Latest package + if: ${{!github.event.inputs.with_tag}} + run: | + npm publish ./dist/uid2-npm --access public + npm publish ./dist/euid-npm --access public + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - name: Publish Latest package with tag + if: ${{github.event.inputs.with_tag}} + run: | + npm publish ./dist/uid2-npm --tag ${{github.event.inputs.with_tag}} --access public + npm publish ./dist/euid-npm --tag ${{github.event.inputs.with_tag}} --access public + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + # Test Environment - UID2 only first + cdn-deployment-test: + if: inputs.publish_to_cdn + needs: [build, incrementVersionNumber] + runs-on: ubuntu-latest + permissions: + id-token: write + environment: uid2-test + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} + - uses: ./.github/actions/cdn_deployment_aws + with: + artifact: uid2SDK-development-${{ needs.build.outputs.sdkVersion}} + invalidate_paths: '/uid2-sdk-${{ needs.build.outputs.sdkVersion}}.js' + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_bucket_name: ${{ secrets.S3_BUCKET }} + aws_distribution_id: ${{ secrets.AWS_DISTRIBUTION_ID }} + deploy_index_html: 'true' + + approval-to-deploy: + name: Approval To Deploy + needs: [cdn-deployment-test] + runs-on: ubuntu-latest + environment: approve-deployment + steps: + - name: Approval to deploy + shell: bash + run: echo "Approved" + + # Consolidated CDN Deployment with Matrix + cdn-deployment: + if: inputs.publish_to_cdn + needs: [build, incrementVersionNumber, approval-to-deploy] + runs-on: ubuntu-latest + permissions: + id-token: write + strategy: + matrix: + include: + # UID2 Environments + - product: uid2 + github_env: uid2-integ + build_type: development + - product: uid2 + github_env: uid2-prod + build_type: production + # EUID Environments + - product: euid + github_env: euid-integ + build_type: development + - product: euid + github_env: euid-prod + build_type: production + environment: ${{ matrix.github_env }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} + - uses: ./.github/actions/cdn_deployment_aws + with: + artifact: ${{ matrix.product }}SDK-${{ matrix.build_type }}-${{ needs.build.outputs.sdkVersion}} + invalidate_paths: '/${{ matrix.product }}-sdk-${{ needs.build.outputs.sdkVersion}}.js' + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_bucket_name: ${{ secrets.S3_BUCKET }} + aws_distribution_id: ${{ secrets.AWS_DISTRIBUTION_ID }} + deploy_index_html: 'true' diff --git a/.github/workflows/publish-package-to-npmjs.yml b/.github/workflows/publish-package-to-npmjs.yml new file mode 100644 index 0000000..80213aa --- /dev/null +++ b/.github/workflows/publish-package-to-npmjs.yml @@ -0,0 +1,163 @@ +name: Release SDK Package to NPM and CDN +run-name: ${{ inputs.release_type == 'Snapshot' && 'Publish Pre-release' || format('Release {0}', inputs.release_type)}} SDK Package to NPM and CDN by @${{ github.actor }} + +on: + workflow_dispatch: + inputs: + release_type: + type: choice + description: The type of release + options: + - Major + - Minor + - Patch + - Snapshot + required: true + with_tag: + description: By default, running npm publish will tag your package with the latest dist-tag. To use another dist-tag, please add tag here + required: false + publish_to_npm: + type: boolean + description: Publish package to NPM (In general, always release to both) + required: false + default: true + publish_to_cdn: + type: boolean + description: Publish package to CDN (In general, always release to both) + required: false + default: true +jobs: + incrementVersionNumber: + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-increase-version-number.yaml@v2 + with: + release_type: ${{ inputs.release_type }} + secrets: inherit + build: + runs-on: ubuntu-latest + needs: [incrementVersionNumber] + strategy: + matrix: + node-version: [20.x] + # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ + target: [development, production] + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: ${{ matrix.node-version }} + - name: Get Package Version + id: version + run: | + echo "package_version=$(cat package.json | jq -r '.version')" >> $GITHUB_OUTPUT + - name: Install dependencies + run: npm install + - name: Build script + run: npm run build -- --mode=${{ matrix.target }} + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + if: inputs.publish_to_cdn + with: + name: uid2SDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} + path: ./dist/uid2-sdk-${{ steps.version.outputs.package_version }}.js + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + if: inputs.publish_to_cdn + with: + name: euidSDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }} + path: ./dist/euid-sdk-${{ steps.version.outputs.package_version }}.js + outputs: + sdkVersion: ${{ steps.version.outputs.package_version }} + createNpmJsRelease: + needs: [incrementVersionNumber, build] + runs-on: ubuntu-latest + steps: + - name: Build Changelog + id: github_release_changelog + uses: mikepenz/release-changelog-builder-action@v4 + with: + toTag: v${{ needs.incrementVersionNumber.outputs.new_version }} + configurationJson: | + { + "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )" + } + - name: Create Release Notes + uses: softprops/action-gh-release@v2 + with: + name: v${{ needs.incrementVersionNumber.outputs.new_version }} + body: ${{ steps.github_release_changelog.outputs.changelog }} + draft: true + publish-package: + if: inputs.publish_to_npm + needs: [build, incrementVersionNumber] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: '20.x' + registry-url: 'https://registry.npmjs.org' + scope: uid2 + - run: npm ci + - name: Build package + run: npm run build-package + - name: Publish Latest package + if: ${{!github.event.inputs.with_tag}} + run: | + npm publish ./dist/uid2-npm --access public + npm publish ./dist/euid-npm --access public + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - name: Publish Latest package with tag + if: ${{github.event.inputs.with_tag}} + run: | + npm publish ./dist/uid2-npm --tag ${{github.event.inputs.with_tag}} --access public + npm publish ./dist/euid-npm --tag ${{github.event.inputs.with_tag}} --access public + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + cdn-deployment-uid2: + if: inputs.publish_to_cdn + needs: [build, incrementVersionNumber] + runs-on: ubuntu-latest + permissions: + id-token: write + strategy: + matrix: + environment: [integ, production] + environment: ${{ matrix.environment }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} + - uses: ./.github/actions/cdn_deployment_aws + with: + environment: ${{ matrix.environment }} + artifact: uid2SDK-${{ (matrix.environment == 'integ' && 'development') || matrix.environment }}-${{ needs.build.outputs.sdkVersion}} + invalidate_paths: '/uid2-sdk-${{ needs.build.outputs.sdkVersion}}.js' + aws_account_id: ${{ vars.AWS_ACCOUNT_ID }} + aws_bucket_name: ${{ vars.S3_BUCKET }} + aws_distribution_id: ${{ secrets.AWS_DISTRIBUTION_ID }} + cdn-deployment-euid: + if: inputs.publish_to_cdn + needs: [build, incrementVersionNumber] + runs-on: ubuntu-latest + permissions: + id-token: write + strategy: + matrix: + environment: [integ, production] + environment: ${{ matrix.environment }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }} + - uses: ./.github/actions/cdn_deployment_aws + with: + environment: ${{ matrix.environment }} + artifact: euidSDK-${{ (matrix.environment == 'integ' && 'development') || matrix.environment }}-${{ needs.build.outputs.sdkVersion}} + invalidate_paths: '/euid-sdk-${{ needs.build.outputs.sdkVersion}}.js' + aws_account_id: ${{ vars.EUID_AWS_ACCOUNT_ID }} + aws_bucket_name: ${{ vars.EUID_S3_BUCKET }} + aws_distribution_id: ${{ secrets.EUID_AWS_DISTRIBUTION_ID }} diff --git a/.github/workflows/publish-secure-signal-examples.yml b/.github/workflows/publish-secure-signal-examples.yml new file mode 100644 index 0000000..0378381 --- /dev/null +++ b/.github/workflows/publish-secure-signal-examples.yml @@ -0,0 +1,102 @@ +name: Release Secure Signal Examples Docker Image +run-name: ${{ github.action_ref == 'refs/head/main' && 'Release' || 'Publish Pre-release' }} Secure Signal Examples Docker Image by @${{ github.actor }} + +on: + workflow_dispatch: + +env: + REGISTRY: ghcr.io + +jobs: + build-server-side: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/iabtechlab/uid2-secure-signals-example-srvonly + tags: | + type=sha,format=short + type=raw,value=latest + - name: Build and push Docker server_side image + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: examples/google-secure-signals-integration/server_side + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + build-standard: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/iabtechlab/uid2-secure-signals-example-jssdk + tags: | + type=sha,format=short + type=raw,value=latest + - name: Build and push Docker standard image + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: examples/google-secure-signals-integration/with_sdk_v3 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-client-side: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/iabtechlab/uid2-secure-signals-example-client-side + tags: | + type=sha,format=short + type=raw,value=latest + - name: Build and push Docker client_side image + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: examples/google-secure-signals-integration/client_side + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Build and push Docker React image + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: examples/google-secure-signals-integration/react_client_side + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/secureSignal-cd.yaml b/.github/workflows/secureSignal-cd.yaml new file mode 100644 index 0000000..d651e82 --- /dev/null +++ b/.github/workflows/secureSignal-cd.yaml @@ -0,0 +1,89 @@ +name: Release UID2/EUID Secure Signal Package to CDN +run-name: ${{ github.action_ref == 'refs/head/main' && 'Release' || 'Publish Pre-release' }} UID2/EUID Secure Signal Package to CDN by @${{ github.actor }} + +on: + workflow_dispatch: + +env: + WORKING_DIR: ./ + +jobs: + verify: + runs-on: ubuntu-latest + outputs: + is_any_file_modified: ${{ steps.verify.outputs.any_modified }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Check for change to src/secureSignalUid2.ts + id: verify_uid2 + uses: tj-actions/changed-files@v41 + with: + files: src/secureSignalUid2.ts + - name: Check for change to src/secureSignalEuid.ts + id: verify_euid + uses: tj-actions/changed-files@v41 + with: + files: src/secureSignalEuid.ts + build: + needs: [verify] + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [20.x] + # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ + target: [development, production] + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: ${{ matrix.node-version }} + cache: 'npm' + cache-dependency-path: ${{ env.WORKING_DIR }}/package-lock.json + - name: Install dependencies + run: npm install + - name: Build + run: npm run build:esp -- --mode=${{ matrix.target }} + - name: Upload UID2 Secure Signals Files + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: ${{ matrix.target }}Uid2SecureSignalScript + path: ./dist/uid2SecureSignal.js + - name: Upload EUID Secure Signals Files + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: ${{ matrix.target }}EuidSecureSignalScript + path: ./dist/euidSecureSignal.js + + deployment: + needs: [build] + runs-on: ubuntu-latest + permissions: + id-token: write + + strategy: + matrix: + environment: [integ, production] + + environment: ${{ matrix.environment }} + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Deploy UID2 Secure Signals to CDN + uses: ./.github/actions/cdn_deployment_aws + with: + artifact: ${{ (matrix.environment == 'integ' && 'development') || matrix.environment }}Uid2SecureSignalScript + invalidate_paths: '/uid2SecureSignal.js' + aws_account_id: ${{ vars.AWS_ACCOUNT_ID }} + aws_bucket_name: ${{ vars.S3_BUCKET }} + aws_distribution_id: ${{ secrets.AWS_DISTRIBUTION_ID }} + - name: Deploy EUID Secure Signals to CDN + uses: ./.github/actions/cdn_deployment_aws + with: + artifact: ${{ (matrix.environment == 'integ' && 'development') || matrix.environment }}EuidSecureSignalScript + invalidate_paths: '/euidSecureSignal.js' + aws_account_id: ${{ vars.EUID_AWS_ACCOUNT_ID }} + aws_bucket_name: ${{ vars.EUID_S3_BUCKET }} + aws_distribution_id: ${{ secrets.EUID_AWS_DISTRIBUTION_ID }} diff --git a/.github/workflows/secureSignal-to-cdn.yaml b/.github/workflows/secureSignal-to-cdn.yaml new file mode 100644 index 0000000..cddb5a4 --- /dev/null +++ b/.github/workflows/secureSignal-to-cdn.yaml @@ -0,0 +1,126 @@ +name: Release Secure Signal to CDN (v2) +run-name: ${{ github.action_ref == 'refs/head/main' && 'Release' || 'Publish Pre-release' }} UID2/EUID Secure Signal Package to CDN (Five Environments) by @${{ github.actor }} + +on: + workflow_dispatch: + +env: + WORKING_DIR: ./ + +jobs: + verify: + runs-on: ubuntu-latest + outputs: + uid2_modified: ${{ steps.verify_uid2.outputs.any_modified }} + euid_modified: ${{ steps.verify_euid.outputs.any_modified }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Check for change to src/secureSignalUid2.ts + id: verify_uid2 + uses: tj-actions/changed-files@v41 + with: + files: src/secureSignalUid2.ts + - name: Check for change to src/secureSignalEuid.ts + id: verify_euid + uses: tj-actions/changed-files@v41 + with: + files: src/secureSignalEuid.ts + + build: + needs: [verify] + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [20.x] + # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ + target: [development, production] + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: ${{ matrix.node-version }} + cache: 'npm' + cache-dependency-path: ${{ env.WORKING_DIR }}/package-lock.json + - name: Install dependencies + run: npm install + - name: Build + run: npm run build:esp -- --mode=${{ matrix.target }} + - name: Upload UID2 Secure Signals Files + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: ${{ matrix.target }}Uid2SecureSignalScript + path: ./dist/uid2SecureSignal.js + - name: Upload EUID Secure Signals Files + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: ${{ matrix.target }}EuidSecureSignalScript + path: ./dist/euidSecureSignal.js + + # Test Environment - UID2 only (first deployment) + deployment-test: + needs: [build] + runs-on: ubuntu-latest + permissions: + id-token: write + environment: uid2-test + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Deploy UID2 Secure Signals to Test CDN + uses: ./.github/actions/cdn_deployment_aws + with: + artifact: developmentUid2SecureSignalScript + invalidate_paths: '/uid2SecureSignal.js' + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_bucket_name: ${{ secrets.S3_BUCKET }} + aws_distribution_id: ${{ secrets.AWS_DISTRIBUTION_ID }} + + approval-to-deploy: + name: Approval To Deploy to All Environments + needs: [deployment-test] + runs-on: ubuntu-latest + environment: approve-deployment + steps: + - name: Approval to deploy + shell: bash + run: echo "Approved for deployment to all environments" + + # Matrix Deployment for All Environments + cdn-deployment: + needs: [build, approval-to-deploy] + runs-on: ubuntu-latest + permissions: + id-token: write + strategy: + matrix: + include: + # UID2 Environments + - product: uid2 + github_env: uid2-integ + build_type: development + file_name: uid2SecureSignal.js + - product: uid2 + github_env: uid2-prod + build_type: production + file_name: uid2SecureSignal.js + # EUID Environments + - product: euid + github_env: euid-integ + build_type: development + file_name: euidSecureSignal.js + - product: euid + github_env: euid-prod + build_type: production + file_name: euidSecureSignal.js + environment: ${{ matrix.github_env }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Deploy ${{ matrix.product == 'uid2' && 'UID2' || 'EUID' }} Secure Signals to ${{ matrix.build_type == 'development' && 'Integration' || 'Production' }} CDN + uses: ./.github/actions/cdn_deployment_aws + with: + artifact: ${{ matrix.build_type }}${{ matrix.product == 'uid2' && 'Uid2' || 'Euid' }}SecureSignalScript + invalidate_paths: '/${{ matrix.file_name }}' + aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} + aws_bucket_name: ${{ secrets.S3_BUCKET }} + aws_distribution_id: ${{ secrets.AWS_DISTRIBUTION_ID }} diff --git a/.github/workflows/vulnerability-scan-failure-notify.yaml b/.github/workflows/vulnerability-scan-failure-notify.yaml index 6704b91..dec38c0 100644 --- a/.github/workflows/vulnerability-scan-failure-notify.yaml +++ b/.github/workflows/vulnerability-scan-failure-notify.yaml @@ -16,7 +16,7 @@ on: jobs: vulnerability-scan-failure-notify: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@v3 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@sch-UID2-6742-update-node20-actions secrets: SLACK_WEBHOOK : ${{ secrets.SLACK_WEBHOOK }} with: