Merge pull request #3973 from element-hq/quenting/ci-reuse-actions

Refactor actions to reuse shared steps

Author: sandhose

.github/actions/build-frontend/action.yml

@@ -0,0 +1,20 @@
+name: Build the frontend assets
+description: Installs Node.js and builds the frontend assets from the frontend directory
+
+runs:
+  using: composite
+  steps:
+    - name: Install Node
+      uses: actions/setup-node@v4.2.0
+      with:
+        node-version: '22'
+
+    - name: Install dependencies
+      run: npm ci
+      working-directory: ./frontend
+      shell: sh
+
+    - name: Build the frontend assets
+      run: npm run build
+      working-directory: ./frontend
+      shell: sh

.github/actions/build-policies/action.yml

@@ -0,0 +1,15 @@
+name: Build the Open Policy Agent policies
+description: Installs OPA and builds the policies
+
+runs:
+  using: composite
+  steps:
+    - name: Install Open Policy Agent
+      uses: open-policy-agent/setup-opa@v2.2.0
+      with:
+        version: 0.70.0
+
+    - name: Build the policies
+      run: make
+      working-directory: ./policies
+      shell: sh

.github/scripts/.gitignore

@@ -0,0 +1,2 @@
+node_modules/
+package-lock.json

.github/scripts/commit-and-tag.cjs

@@ -0,0 +1,71 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const fs = require("node:fs/promises");
+  const { owner, repo } = context.repo;
+  const version = process.env.VERSION;
+  const parent = context.sha;
+  if (!version) throw new Error("VERSION is not defined");
+
+  const files = [
+    "Cargo.toml",
+    "Cargo.lock",
+    "tools/syn2mas/package.json",
+    "tools/syn2mas/package-lock.json",
+  ];
+
+  /** @type {{path: string, mode: "100644", type: "blob", sha: string}[]} */
+  const tree = [];
+  for (const file of files) {
+    const content = await fs.readFile(file);
+    const blob = await github.rest.git.createBlob({
+      owner,
+      repo,
+      content: content.toString("base64"),
+      encoding: "base64",
+    });
+    console.log(`Created blob for ${file}:`, blob.data.url);
+
+    tree.push({
+      path: file,
+      mode: "100644",
+      type: "blob",
+      sha: blob.data.sha,
+    });
+  }
+
+  const treeObject = await github.rest.git.createTree({
+    owner,
+    repo,
+    tree,
+    base_tree: parent,
+  });
+  console.log("Created tree:", treeObject.data.url);
+
+  const commit = await github.rest.git.createCommit({
+    owner,
+    repo,
+    message: version,
+    parents: [parent],
+    tree: treeObject.data.sha,
+  });
+  console.log("Created commit:", commit.data.url);
+
+  const tag = await github.rest.git.createTag({
+    owner,
+    repo,
+    tag: `v${version}`,
+    message: version,
+    type: "commit",
+    object: commit.data.sha,
+  });
+  console.log("Created tag:", tag.data.url);
+
+  return { commit: commit.data.sha, tag: tag.data.sha };
+};

.github/scripts/create-release-branch.cjs

@@ -0,0 +1,22 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const { owner, repo } = context.repo;
+  const branch = process.env.BRANCH;
+  const sha = process.env.SHA;
+  if (!sha) throw new Error("SHA is not defined");
+
+  await github.rest.git.createRef({
+    owner,
+    repo,
+    ref: `refs/heads/${branch}`,
+    sha,
+  });
+  console.log(`Created branch ${branch} from ${sha}`);
+};

.github/scripts/create-version-tag.cjs

@@ -0,0 +1,24 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const { owner, repo } = context.repo;
+  const version = process.env.VERSION;
+  const tagSha = process.env.TAG_SHA;
+
+  if (!version) throw new Error("VERSION is not defined");
+  if (!tagSha) throw new Error("TAG_SHA is not defined");
+
+  const tag = await github.rest.git.createRef({
+    owner,
+    repo,
+    ref: `refs/tags/v${version}`,
+    sha: tagSha,
+  });
+  console.log("Created tag ref:", tag.data.url);
+};

.github/scripts/merge-back.cjs

@@ -0,0 +1,60 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const { owner, repo } = context.repo;
+  const sha = process.env.SHA;
+  const branch = `ref-merge/${sha}`;
+  if (!sha) throw new Error("SHA is not defined");
+
+  await github.rest.git.createRef({
+    owner,
+    repo,
+    ref: `refs/heads/${branch}`,
+    sha,
+  });
+  console.log(`Created branch ${branch} to ${sha}`);
+
+  // Create a PR to merge the branch back to main
+  const pr = await github.rest.pulls.create({
+    owner,
+    repo,
+    head: branch,
+    base: "main",
+    title: "Automatic merge back to main",
+    body: "This pull request was automatically created by the release workflow. It merges the release branch back to main.",
+    maintainer_can_modify: true,
+  });
+  console.log(
+    `Created pull request #${pr.data.number} to merge the release branch back to main`,
+  );
+  console.log(`PR URL: ${pr.data.html_url}`);
+
+  // Add the `T-Task` label to the PR
+  await github.rest.issues.addLabels({
+    owner,
+    repo,
+    issue_number: pr.data.number,
+    labels: ["T-Task"],
+  });
+
+  // Enable auto-merge on the PR
+  await github.graphql(
+    `
+      mutation AutoMerge($id: ID!) {
+        enablePullRequestAutoMerge(input: {
+          pullRequestId: $id,
+          mergeMethod: MERGE,
+        }) {
+          clientMutationId
+        }
+      }
+    `,
+    { id: pr.data.node_id },
+  );
+};

.github/scripts/package.json

@@ -0,0 +1,7 @@
+{
+  "private": true,
+  "devDependencies": {
+    "@actions/github-script": "github:actions/github-script",
+    "typescript": "^5.7.3"
+  }
+}

.github/scripts/update-release-branch.cjs

@@ -0,0 +1,22 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const { owner, repo } = context.repo;
+  const branch = process.env.BRANCH;
+  const sha = process.env.SHA;
+  if (!sha) throw new Error("SHA is not defined");
+
+  await github.rest.git.updateRef({
+    owner,
+    repo,
+    ref: `heads/${branch}`,
+    sha,
+  });
+  console.log(`Updated branch ${branch} to ${sha}`);
+};

.github/scripts/update-unstable-tag.cjs

@@ -0,0 +1,21 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+// @ts-check
+
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+module.exports = async ({ github, context }) => {
+  const { owner, repo } = context.repo;
+  const sha = context.sha;
+
+  const tag = await github.rest.git.updateRef({
+    owner,
+    repo,
+    force: true,
+    ref: "tags/unstable",
+    sha,
+  });
+  console.log("Updated tag ref:", tag.data.url);
+};