chore: refactor workflows

[saikumarrs]

PR Description

• Removed the usage of v3- prefixed branches.
• Used self-hosted runners for all the workflows.
• Deleted unwanted 'CodeQL' analysis workflow.
• Separated the v1.1 SDK steps in the workflow to make it easy to remove them later.
• Removed unused steps for building customized SDK bundle.
• Split the checks workflow into two jobs to speed up the execution.

See the "Summary by CodeRabbit" section below for more details.

Linear task (optional)

https://linear.app/rudderstack/issue/SDK-1415/refactor-github-actions-js-sdk

Cross Browser Tests

Please confirm you have tested for the following browsers:

• Chrome
• Firefox
• IE11

Sanity Suite

• All sanity suite test cases pass locally

Security

• The code changed/added as part of this pull request won't create any security issues with how the software is being used.

Summary by CodeRabbit

Summary by CodeRabbit

• Refactor
  • Updated several CI/CD workflows for improved consistency and efficiency.
  • Refactored the rollback workflow to reuse the production deploy workflow.
• Chores
  • Updated the CODEOWNERS file to reflect current project ownership.
• Documentation
  • Adjusted naming conventions and descriptions across workflows for improved clarity.

[coderabbitai]

Walkthrough

The recent updates encompass a broad refinement of GitHub workflows and configurations, aiming to enhance deployment processes, job handling, and environment setups. Notable changes include renaming workflows for clarity, transitioning to self-hosted Linux X64 environments, refining AWS and Slack integrations, and updating Node.js versions. Additionally, adjustments in naming conventions, job triggers, and branch handling reflect a push towards more streamlined and efficient CI/CD pipelines.

Changes

Files	Change Summary
.github/workflows/check_pr_title.yml	Renamed workflow, updated triggers, and switched to self-hosted runner.
.github/workflows/create-hotfix-branch.yml	Updated branch naming and runs-on to self-hosted Linux X64.
.github/workflows/deploy-{beta,dev,prod,staging}.yml	Renamed workflows, updated AWS steps, and adjusted triggers and environments.
.github/workflows/deploy-npm.yml	Workflow renamed, updated for self-hosted Linux X64, and Slack message adjustments.
.github/workflows/deploy-sanity-suite.yml	Updated AWS credentials naming convention.
.github/workflows/draft-new-release.yml	Changed workflow name, adjusted job configuration and release logic.
.github/workflows/housekeeping.yaml	Updated to manage stale PRs/branches with refined messages and criteria.
.github/workflows/publish-new-release.yml	Renamed workflow, updated job and branch naming, and version extraction logic.
.github/workflows/rollback.yml	New workflow for rollback procedures with AWS and Slack integration.
.github/workflows/security-...-bundle-size-checks.yml	Separated bundle size from security/code quality checks with job and step adjustments.
.github/workflows/unit-tests-and-lint.yml	Renamed workflow, updated branch and job naming, and refined steps for tests and linting.
.nvmrc	Node.js version updated to 20.11.1.
CODEOWNERS	Updated by removing specific usernames.

"In the realm of code and nightly builds,
A rabbit hopped through, making tweaks and yields.
🐰 With a flip and a hop, the workflows aligned,
Renaming and syncing, with efficiency in mind.
Through branches and clouds, it danced with delight,
For the pipelines now flowed, both day and night."

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 52.44%. Comparing base (43f591e) to head (2ca579f).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #1643   +/-   ##
========================================
  Coverage    52.44%   52.44%           
========================================
  Files          584      584           
  Lines        16662    16662           
  Branches      3235     3234    -1     
========================================
  Hits          8738     8738           
  Misses        6535     6535           
  Partials      1389     1389           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coderabbitai]

Review Status

Actionable comments generated: 3

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 43f591e and 0db4de2.

Files selected for processing (16)

• .github/workflows/check_pr_title.yml (1 hunks)
• .github/workflows/create-hotfix-branch.yml (2 hunks)
• .github/workflows/deploy-beta.yml (4 hunks)
• .github/workflows/deploy-dev.yml (3 hunks)
• .github/workflows/deploy-npm.yml (5 hunks)
• .github/workflows/deploy-prod.yml (6 hunks)
• .github/workflows/deploy-sanity-suite.yml (1 hunks)
• .github/workflows/deploy-staging.yml (4 hunks)
• .github/workflows/draft-new-release.yml (4 hunks)
• .github/workflows/housekeeping.yaml (2 hunks)
• .github/workflows/publish-new-release.yml (5 hunks)
• .github/workflows/rollback.yml (1 hunks)
• .github/workflows/security-code-quality-and-bundle-size-checks.yml (3 hunks)
• .github/workflows/unit-tests-and-lint.yml (3 hunks)
• .nvmrc (1 hunks)
• CODEOWNERS (1 hunks)

Files skipped from review due to trivial changes (1)

• .nvmrc

Additional comments: 63

.github/workflows/check_pr_title.yml (3)

• 1-1: Renaming the workflow to "Check PR Title" improves clarity and consistency with other workflow names. Good practice for maintainability.
• 5-5: Adjusting the branches that trigger the workflow to include main, develop, and hotfix/* ensures that PR titles are checked across all critical branches. This is a positive change for ensuring consistency in PR titles.
• 11-11: Switching to a self-hosted Linux X64 machine for running the job could improve performance and control over the CI environment. Ensure that the self-hosted runner is properly configured and has the necessary dependencies for this workflow.

.github/workflows/create-hotfix-branch.yml (3)

• 1-1: Updating the workflow name to "Create a new hotfix branch" clarifies the workflow's purpose. This is a positive change for maintainability and clarity.
• 13-13: Running the workflow on a self-hosted Linux X64 environment could offer better performance and control. Ensure the self-hosted runner is properly configured for this task.
• 21-21: The new branch naming convention hotfix/${{ github.event.inputs.hotfix_name }} is clear and consistent with common practices for hotfix branches. This change should help in organizing and identifying hotfix branches more easily.

.github/workflows/rollback.yml (4)

• 1-1: Introducing a "Rollback Production Deployment" workflow is a significant addition for managing deployment issues. This workflow provides a structured approach to rolling back changes in production environments.
• 6-8: Setting specific permissions for the workflow, such as id-token: write and contents: read, is a good practice for following the principle of least privilege. Ensure these permissions align with the requirements of the actions used in this workflow.
• 16-16: The conditional if: startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/main') ensures that the rollback is only performed for tags starting with v or the main branch. This is a sensible safeguard, but ensure it aligns with the project's versioning and branching strategy.
• 17-17: Using the .github/workflows/deploy-prod.yml workflow with action_type: ' Rollback' for rolling back deployments is an innovative approach. Ensure that the deploy-prod.yml workflow is correctly configured to handle the action_type parameter and perform the rollback as expected.

.github/workflows/housekeeping.yaml (4)

• 1-1: Renaming the workflow to "Handle Stale PRs and Branches" clearly communicates its purpose. This is a positive change for clarity and maintainability.
• 5-5: Adjusting the schedule to run the cleanup job every day at 00:01 is a reasonable frequency for managing stale PRs and branches. Ensure this frequency aligns with the project's activity level and housekeeping needs.
• 21-21: The updated message for stale PRs is clear and provides actionable advice for contributors. This change should help in managing stale PRs more effectively by encouraging activity or closure.
• 40-40: The addition of extra_protected_branch_regex and exclude_open_pr_branches options in the branch cleanup step is a good practice for preventing accidental deletion of important branches and those associated with open PRs. Ensure the regex correctly captures all branches that should be protected.

.github/workflows/unit-tests-and-lint.yml (3)

• 1-1: Renaming the workflow to "Unit Tests and Lint" simplifies and clarifies its purpose. This is a positive change for clarity and maintainability.
• 8-8: Adjusting the branches that trigger the workflow to include hotfix/* ensures that unit tests and lint checks are run for all critical branches. This is a positive change for maintaining code quality across the codebase.
• 41-47: Adding a step to upload coverage reports to Codecov before the linting check step is executed is a good practice for ensuring code coverage is reviewed as part of the CI process. Ensure that the specified files match the project's coverage report outputs.

.github/workflows/security-code-quality-and-bundle-size-checks.yml (4)

• 1-1: Renaming the workflow to "Security, Code Quality and Bundle Size Checks" clearly communicates its expanded scope. This is a positive change for clarity and maintainability.
• 5-5: Adjusting the branches that trigger the workflow to include hotfix/* ensures that checks are run for all critical branches. This is a positive change for maintaining security and code quality across the codebase.
• 1-17: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [12-36]

Separating bundle size checks into their own job within the workflow is a good practice for modularity and clarity. Ensure that the configuration for the bundle size checks is correctly set up to meet the project's requirements.

• 37-64: Creating a distinct job for security and code quality checks enhances the workflow's clarity and modularity. Ensure that the steps within this job are correctly configured to perform the intended checks effectively.

.github/workflows/draft-new-release.yml (5)

• 1-1: Renaming the workflow to "Draft a new release" simplifies and clarifies its purpose. This is a positive change for clarity and maintainability.
• 12-12: Running the job on a self-hosted Linux X64 environment could offer better performance and control. Ensure the self-hosted runner is properly configured for this task.
• 13-13: Updating the conditional logic for branch prefixes to include hotfix/ aligns with common branching strategies for hotfixes. Ensure this change is consistent with the project's versioning and release strategy.
• 46-47: Adjusting the logic for determining the release type based on branch prefixes is a sensible approach. Ensure that the script correctly identifies and handles different release types.
• 103-103: Modifying the list of PR reviewers to include 'MoumitaM' and 'saikumarrs' reflects changes in project maintainers or ownership areas. Ensure that the new reviewers are prepared for their roles.

.github/workflows/deploy-dev.yml (4)

• 1-1: Renaming the workflow to "Deploy to Development Environment" clarifies its purpose. This is a positive change for clarity and maintainability.
• 19-19: Updating the job name to "Deploy to development environment" improves clarity. Ensure that the job configuration aligns with the deployment requirements for the development environment.
• 21-21: The updated conditions for job execution ensure that deployments to the development environment are triggered under appropriate circumstances. This change helps in maintaining a stable development environment.
• 69-82: Adding steps to create Cloudfront invalidations and synchronize legacy SDK files to S3 enhances the deployment process by ensuring that the latest changes are reflected and legacy SDK versions are maintained. Ensure that the paths and configurations are correctly set up for these operations.

.github/workflows/publish-new-release.yml (8)

• 1-1: The workflow name change to "Publish New Release to GitHub" is clear and descriptive.
• 15-16: Renaming the job to "Publish new release" and specifying a self-hosted runner on Linux X64 are appropriate updates for clarity and infrastructure specificity.
• 18-18: The conditional logic for triggering the job only on merged pull requests from release/ or hotfix-release/ branches is a good practice for release management.
• 54-54: Creating a monorepo release tag with the extracted version is a crucial step for version management. Ensure the tag format aligns with the project's versioning strategy.
• 72-72: Creating GitHub releases with dynamic base and head versions is a good practice for maintaining release history and documentation.
• 86-88: Updating the PR title and reviewers in the "Create pull request into develop" step helps maintain clarity and accountability in the release process.
• 92-94: The conditional logic for deleting hotfix release branches is a good housekeeping practice to keep the repository clean.
• 100-102: Similarly, the conditional logic for deleting release branches after merging is a good practice for repository maintenance.

.github/workflows/deploy-staging.yml (8)

• 1-1: Renaming the workflow to "Deploy to Staging Environment" improves clarity and specificity.
• 5-10: Adding a trigger for pull requests on the main branch with specific types (opened, synchronize, reopened) is a good practice for ensuring staging deployments are triggered by relevant PR activities.
• 21-25: The updated conditional logic for workflow execution based on branch names (refs/tags/v, refs/heads/hotfix-release, refs/heads/release) ensures that deployments are correctly triggered for relevant branches.
• 31-31: Configuring AWS credentials with a role to assume is crucial for secure access to AWS resources during the deployment process.
• 63-67: Specifying the BUGSNAG_RELEASE_STAGE as 'staging' in the environment variables for the build steps is important for accurate error tracking and monitoring in the staging environment.
• 72-79: The steps for syncing files to S3 for different SDK versions and folders are well-defined. Ensure that the AWS S3 bucket names and paths are correctly configured to prevent accidental overwrites or misplacements.
• 82-82: Creating a Cloudfront invalidation for the v3 staging folder is necessary to ensure that the latest changes are immediately reflected to end-users.
• 90-96: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [84-96]

The steps for syncing files and creating Cloudfront invalidations for the v1.1 SDK (legacy) are correctly implemented. This ensures that both the modern and legacy versions of the SDK are updated in the staging environment.

.github/workflows/deploy-beta.yml (5)

• 1-1: Renaming the workflow to "Deploy BETA/BugBash Feature" is concise and clearly communicates the purpose of the workflow.
• 23-27: Configuring AWS credentials with the appropriate role and region is essential for secure and correct access to AWS resources during the deployment process.
• 71-78: The steps for syncing files to the S3 beta directory are well-defined. It's important to ensure that the paths and bucket names are correctly configured to avoid conflicts with production assets.
• 79-81: Creating a Cloudfront invalidation for the beta or bugbash features ensures that the latest changes are immediately available for testing.
• 84-90: Syncing files for the v1.1 SDK (legacy) to the S3 beta directory and creating a Cloudfront invalidation are important steps for ensuring that legacy versions are also available for beta testing.

.github/workflows/deploy-npm.yml (4)

• 1-1: Renaming the workflow to "Deploy to NPM" simplifies the name while maintaining clarity about its purpose.
• 19-20: Updating the job to run on a self-hosted Linux X64 environment is a good practice for ensuring consistency and control over the deployment environment.
• 103-115: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [106-132]

Sending a Slack message for the Service Worker NPM package deployment with dynamic package versions and URLs is a good practice for keeping the team informed about new releases.

• 129-147: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [138-164]

Similarly, sending a Slack message for the v1.1 NPM package deployment ensures that all relevant stakeholders are notified about the release, promoting transparency and collaboration.

.github/workflows/deploy-prod.yml (8)

• 1-1: Renaming the workflow to "Deploy to Production Environment" enhances clarity and specificity, aligning with best practices for naming CI/CD workflows.
• 4-26: Updating the event trigger to workflow_call with additional input parameters and secrets is a significant improvement, allowing for more flexible and secure workflow executions.
• 43-43: The updated conditional logic for the deploy-tag job, including the new event trigger condition, ensures that deployments are correctly triggered under the intended circumstances.
• 49-49: Configuring AWS credentials with the specified role is crucial for secure access to AWS resources during the deployment process. This step is correctly implemented.
• 90-96: Syncing Adobe Analytics assets to S3 and creating a Cloudfront invalidation are important steps for ensuring that analytics assets are updated and available in the production environment.
• 102-110: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [106-117]

Creating Cloudfront invalidations for both the v3 folder and versioned folders ensures that the latest changes are immediately reflected to end-users, which is crucial for a production environment.

• 172-198: Syncing files for the v1.1 SDK (legacy) to both versioned and unversioned folders, and creating Cloudfront invalidations, ensures that legacy versions are also updated and available in the production environment.
• 202-214: Creating a Cloudfront invalidation for the '/latest' folder (v1.1) is necessary to ensure that the latest changes are immediately available. However, as mentioned earlier, the usage of the '/latest' folder should be evaluated for relevance and necessity.

[github-actions]

size-limit report 📦

Name	Size (Base)	Size (Current)	Size Limit	Status
Common Code - No bundling	15.81 KB	15.81 KB (0%)	16.5 KB	✅
Remote Module Federation Mapping - CDN	330 B	330 B (0%)	512 B	✅
Remote Module Federated Plugins - CDN	5.71 KB	5.71 KB (0%)	6 KB	✅
Core ESM - NPM	7.64 KB	7.64 KB (0%)	8 KB	✅
Core CJS - NPM	22.43 KB	22.43 KB (0%)	23 KB	✅
Core - NPM	22.57 KB	22.57 KB (0%)	23 KB	✅
Core Legacy - CDN	42.9 KB	42.9 KB (0%)	44 KB	✅
Core - CDN	22.72 KB	22.72 KB (0%)	23 KB	✅
Core (legacy build) - CDN - v1.1	31.54 KB	31.54 KB (0%)	32 KB	✅
Core - NPM - v1.1	31.52 KB	31.52 KB (0%)	32 KB	✅
Service Worker Module	22.64 KB	22.64 KB (0%)	24 KB	✅
All Integrations (legacy build) - CDN	98.58 KB	98.58 KB (0%)	105 KB	✅

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 0db4de2 and e8a6fa4.

Files selected for processing (1)

• .github/workflows/check_pr_title.yml (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• .github/workflows/check_pr_title.yml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[saikumarrs]

@coderabbitai review

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between e8a6fa4 and 2ca579f.

Files selected for processing (1)

• .github/workflows/publish-new-release.yml (5 hunks)

Files skipped from review as they are similar to previous changes (1)

• .github/workflows/publish-new-release.yml