Merge branch 'main' into docs/realtime-self-hosted

.github/actions/api-deploy-ecs/action.yml

@@ -91,7 +91,7 @@ runs:
       shell: bash
 
     - name: Deploy Amazon ECS web task definition
-      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v2
       with:
         cluster: ${{ inputs.aws_ecs_cluster_name }}
         service: ${{ inputs.aws_ecs_service_name }}

.github/actions/task-processor-deploy-ecs/action.yml

@@ -41,7 +41,7 @@ runs:
         image: ${{ inputs.api_ecr_image_url }}
 
     - name: Deploy Amazon ECS Task Processor task definition
-      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v2
       with:
         cluster: ${{ inputs.aws_ecs_cluster_name }}
         service: ${{ inputs.aws_ecs_service_name }}

.github/dependabot.yml

@@ -0,0 +1,46 @@
+# $schema: https://json.schemastore.org/dependabot-2.0.json
+
+
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    # we only want security updates from dependabot, so we set the limit to 0
+    # for regular updates. See documentation for further information here:
+    # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#open-pull-requests-limit-
+    open-pull-requests-limit: 0
+    directory: "/api"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "flagsmith/flagsmith-back-end"
+    commit-message:
+      prefix: "deps"
+    labels:
+      - "api"
+      - "dependencies"
+
+  - package-ecosystem: "npm"
+    open-pull-requests-limit: 0  # only security updates
+    directory: "/frontend"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "flagsmith/flagsmith-front-end"
+    commit-message:
+      prefix: "deps"
+    labels:
+      - "front-end"
+      - "dependencies"
+
+  - package-ecosystem: "npm"
+    open-pull-requests-limit: 0  # only security updates
+    directory: "/docs"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "flagsmith/flagsmith-docs"
+    commit-message:
+      prefix: "deps"
+    labels:
+      - "docs"
+      - "dependencies"

.github/workflows/.reusable-docker-build.yml

@@ -148,7 +148,7 @@ jobs:
 
       - name: Scan ${{ steps.image-tag.outputs.image-tag }} image
         id: trivy
-        uses: ./.github/actions/trivy-scan-image
+        uses: Flagsmith/actions/trivy-scan-image@v0.3.0
         if: inputs.scan
         with:
           image-tag: ${{ steps.image-tag.outputs.image-tag }}

.github/workflows/.reusable-docker-e2e-tests.yml

@@ -28,9 +28,12 @@ on:
         required: false
         default: ubuntu-latest
     secrets:
-      gcr-token:
+      GCR_TOKEN:
         description: A token to use for logging into Github Container Registry. If not provided, login does not occur.
         required: false
+      SLACK_TOKEN:
+        description: A token to use uploading test failures to slack.
+        required: false
 
 jobs:
   run-e2e:
@@ -43,7 +46,7 @@ jobs:
       id-token: write
 
     env:
-      GCR_TOKEN: ${{ secrets.gcr-token }}
+      GCR_TOKEN: ${{ secrets.GCR_TOKEN }}
 
     steps:
       - name: Cloning repo

.github/workflows/.reusable-frontend-deploy.yml

@@ -0,0 +1,54 @@
+# reusable workflow
+
+on:
+  workflow_call:
+    inputs:
+      gh_environment:
+        type: string
+        description: Github environment to use for secret / variable access
+        required: true
+      npm_build_environment:
+        type: string
+        description: The environment set as the ENV environment variable when running npm run env
+        required: true
+
+defaults:
+  run:
+    working-directory: frontend
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.gh_environment }}
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Cloning repo
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js 16.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: 16.x
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: npm-${{ hashFiles('package-lock.json') }}
+          restore-keys: npm-
+
+      - name: Deploy to Vercel
+        env:
+          VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
+          VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
+          ENV: ${{ inputs.npm_build_environment }}
+        run: |
+          npm ci --only=prod
+          npm run env
+          npm run bundle
+          echo ${{ github.sha }} > CI_COMMIT_SHA
+          npm install --global [email protected]
+          vercel --prod --token ${{ secrets.VERCEL_TOKEN }}

.github/workflows/docs-cron-vercel-deploy.yml

@@ -0,0 +1,13 @@
+name: Docs - update SDK versions
+
+on:
+  workflow_dispatch:
+  schedule:
+    # At 12:00 on Tuesday https://crontab.guru/#0_12_*_*_2
+    - cron: '0 12 * * 2'
+jobs:
+  vercel-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run Vercel deploy hook
+        run: curl -X POST "${{ secrets.VERCEL_SDK_VERSIONS_DEPLOY_HOOKS_URL }}"

.github/workflows/docs-pull-request.yml

@@ -29,8 +29,6 @@ jobs:
 
       - name: npm install
         run: npm ci --include=dev --ignore-scripts
+
       - name: Run docusaurus build to check for broken links etc
-        run: |
-          npx prettier --version
-          npx prettier --check docs
-          npm run build
+        run: npm run build

.github/workflows/frontend-deploy-production.yml

@@ -8,10 +8,6 @@ on:
       - frontend/**
       - .github/**
 
-defaults:
-  run:
-    working-directory: frontend
-
 jobs:
   run-tests:
     runs-on: ubuntu-latest
@@ -33,70 +29,19 @@ jobs:
           environment: prod
 
   deploy-production:
-    runs-on: ubuntu-latest
     name: Deploy to Vercel Production
-    environment: production
     needs: run-tests
-
-    steps:
-      - name: Cloning repo
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js 16.x
-        uses: actions/setup-node@v4
-        with:
-          node-version: 16.x
-
-      - name: Cache dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.npm
-          key: npm-${{ hashFiles('package-lock.json') }}
-          restore-keys: npm-
-
-      - name: Deploy to Vercel
-        env:
-          VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
-          VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
-          ENV: prod
-        run: |
-          npm ci --only=prod
-          npm run env
-          npm run bundle
-          echo ${{ github.sha }} > CI_COMMIT_SHA
-          vercel --prod --token ${{ secrets.VERCEL_TOKEN }}
+    uses: ./.github/workflows/.reusable-frontend-deploy.yml
+    with:
+      gh_environment: production
+      npm_build_environment: prod
+    secrets: inherit
 
   deploy-demo:
-    runs-on: ubuntu-latest
     name: Deploy to Vercel Demo
-    environment: demo
     needs: run-tests
-
-    steps:
-      - name: Cloning repo
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js 16.x
-        uses: actions/setup-node@v4
-        with:
-          node-version: 16.x
-
-      - name: Cache dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.npm
-          key: npm-${{ hashFiles('package-lock.json') }}
-          restore-keys: npm-
-
-      - name: Deploy to Vercel
-        env:
-          VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
-          VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
-          ENV: prod
-        run: |
-          npm ci --only=prod
-          npm run env
-          npm run bundle
-          echo ${{ github.sha }} > CI_COMMIT_SHA
-          npm install --global [email protected]
-          vercel --prod --token ${{ secrets.VERCEL_TOKEN }}
+    uses: ./.github/workflows/.reusable-frontend-deploy.yml
+    with:
+      gh_environment: demo
+      npm_build_environment: prod
+    secrets: inherit