Skip to content

chore(deps): update dependency ubuntu to v24 #2035

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency ubuntu to v24 #2035

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,149 +2,149 @@
on: [push]
jobs:
python-tests:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04

services:
# Label used to access the service container
db:
# Docker Hub image
image: postgres:12.22
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres # pragma: allowlist secret
POSTGRES_DB: postgres
ports:
- 5432:5432

redis:
image: redis:7.4.2
ports:
- 6379:6379

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- name: update apt
run: sudo apt-get update -y

- name: Apt install
run: cat Aptfile | sudo xargs apt-get install

- name: Install poetry
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1
with:
version: 2.1.3
virtualenvs-create: true
virtualenvs-in-project: true

- uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5
with:
python-version-file: "pyproject.toml"
cache: "poetry"

- name: Validate lockfile
run: poetry check --lock

- name: Install dependencies
run: poetry install --no-interaction

- name: Create test local state
run: ./scripts/test/stub-data.sh

- name: Tests
run: |
poetry run ./manage.py collectstatic --noinput --clear
export MEDIA_ROOT="$(mktemp -d)"
./scripts/test/python_tests.sh
env:
DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres # pragma: allowlist secret
MITOL_SECURE_SSL_REDIRECT: "False"
MITOL_DB_DISABLE_SSL: "True"
MITOL_FEATURES_DEFAULT: "True"
OPENSEARCH_URL: localhost:9200
CELERY_TASK_ALWAYS_EAGER: "True"
CELERY_BROKER_URL: redis://localhost:6379/4
CELERY_RESULT_BACKEND: redis://localhost:6379/4
TIKA_CLIENT_ONLY: "True"
MITOL_APP_BASE_URL: http://localhost:8062/
MAILGUN_KEY: fake_mailgun_key
MAILGUN_SENDER_DOMAIN: other.fake.site
OPENSEARCH_INDEX: testindex
INDEXING_API_USERNAME: mitodl
MITOL_COOKIE_DOMAIN: localhost
MITOL_COOKIE_NAME: cookie_monster

- name: Upload coverage to CodeCov
uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
with:
file: ./coverage.xml

javascript-tests:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
with:
node-version: "^22.0.0"
cache: yarn
cache-dependency-path: yarn.lock

- name: Setup environment
run: sudo apt-get install libelf1

- name: Install dependencies
run: yarn install --immutable

- name: Dependencies are consistent
run: yarn syncpack list-mismatches

- name: Format check
run: yarn workspace frontends fmt-check

- name: Style lint
run: yarn run style-lint

- name: Lints
run: yarn run lint-check

- name: Build Next.js frontend
run: yarn workspace main build
env:
NODE_ENV: production
NEXT_PUBLIC_ORIGIN: https://cifake.learn.mit.edu
NEXT_PUBLIC_MITOL_API_BASE_URL: https://api.cifake.learn.mit.edu
NEXT_PUBLIC_CSRF_COOKIE_NAME: cookie-monster
NEXT_PUBLIC_SITE_NAME: MIT Learn
NEXT_PUBLIC_MITOL_SUPPORT_EMAIL: [email protected]
# do this before typecheck. See https://github.com/vercel/next.js/issues/53959#issuecomment-1735563224

- name: Typecheck
run: yarn run typecheck

- name: Get number of CPU cores
id: cpu-cores
uses: SimenB/github-actions-cpu-cores@97ba232459a8e02ff6121db9362b09661c875ab8 # v2

- name: Tests
run: yarn test --max-workers ${{ steps.cpu-cores.outputs.count }}
env:
CODECOV: true
NODE_ENV: test

- name: Upload coverage to CodeCov
uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
with:
file: coverage/lcov.info

build-nextjs-container:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
needs: javascript-tests
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
Expand Down Expand Up @@ -193,24 +193,24 @@
-t mitodl/mit-learn-frontend:$VERSION .

build-storybook:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
with:
node-version: "^22"
cache: yarn
cache-dependency-path: yarn.lock

- name: Install dependencies
run: yarn install

- name: Build Storybook
run: yarn workspace ol-components build-storybook

openapi-generated-client-check-v0:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
# This job checks that the output of openapi-generator-typescript-axios that
# is checked into version control is up-to-date.
env:
Expand All @@ -218,7 +218,7 @@
GENERATOR_IGNORE_FILE: ./frontends/api/.openapi-generator-ignore
GENERATOR_OUTPUT_DIR_CI: ./frontends/api/tmp/generated/v0
GENERATOR_OUTPUT_DIR_VC: ./frontends/api/src/generated/v0
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
Expand Down Expand Up @@ -257,7 +257,7 @@
GENERATOR_IGNORE_FILE: ./frontends/api/.openapi-generator-ignore
GENERATOR_OUTPUT_DIR_CI: ./frontends/api/tmp/generated/v1
GENERATOR_OUTPUT_DIR_VC: ./frontends/api/src/generated/v1
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/openapi-diff.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,76 +2,76 @@
on: [pull_request]
jobs:
openapi-diff:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Checkout HEAD
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.head_ref }}
path: head
- name: Checkout BASE
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.base_ref }}
path: base
- name: Generate oasdiff changelog
id: oasdif_changelog
run: | # Capture changelog as a multiline output
echo "changelog<<EOF" > $GITHUB_OUTPUT
docker run --rm \
--workdir ${{ github.workspace }} \
--volume ${{ github.workspace }}:${{ github.workspace }}:rw \
-e GITHUB_WORKSPACE=${{ github.workspace }} \
tufin/oasdiff changelog --composed \
'base/openapi/specs/*.yaml' \
'head/openapi/specs/*.yaml' \
>> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Get summary
id: oasdif_summary
run: |
echo summary=$(echo "${{ steps.oasdif_changelog.outputs.changelog }}" | head -1 ) \
>> $GITHUB_OUTPUT
- name: Find existing comment
id: find_comment
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
issue-number: ${{ github.event.pull_request.number }}
body-includes: "## OpenAPI Changes"
- name: Post changes as comment
uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3
# Even if no changes, make sure to update old comment if it was found.
if: steps.oasdif_summary.outputs.summary || steps.find_comment.outputs.comment-id
with:
token: ${{ secrets.GITHUB_TOKEN }}
edit-mode: "replace"
repository: ${{ github.repository }}
issue-number: ${{ github.event.pull_request.number }}
comment-id: ${{ steps.find_comment.outputs.comment-id }}
body: |
## OpenAPI Changes

<details>
<summary>Show/hide ${{ steps.oasdif_summary.outputs.summary || 'No detectable change.' }}</summary>

```
${{ steps.oasdif_changelog.outputs.changelog }}
```

Unexpected changes? Ensure your branch is up-to-date with `main` (consider rebasing).
</details>
- name: Check for breaking changes
id: oasdif_breaking
run: |
docker run --rm \
--workdir ${{ github.workspace }} \
--volume ${{ github.workspace }}:${{ github.workspace }}:ro \
-e GITHUB_WORKSPACE=${{ github.workspace }} \
tufin/oasdiff breaking \
--fail-on ERR \
--format githubactions \
--composed \
'base/openapi/specs/*.yaml' \
'head/openapi/specs/*.yaml'

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
4 changes: 2 additions & 2 deletions .github/workflows/production.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,97 +10,97 @@
jobs:
# runs if CI workflow was successful OR if this was manually triggered
on-success:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
if: >
github.event_name == 'workflow_dispatch' ||
github.event.workflow_run.conclusion == 'success'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: release

- name: Set VERSION
run: echo "VERSION=$(./scripts/get_version.sh)" >> $GITHUB_ENV

- name: Heroku login
env:
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
run: heroku container:login

- name: Release Backend on Heroku
uses: akhileshns/heroku-deploy@e3eb99d45a8e2ec5dca08735e089607befa4bf28
with:
heroku_api_key: ${{ secrets.HEROKU_API_KEY }}
heroku_app_name: mitopen-production
heroku_email: ${{ secrets.HEROKU_EMAIL }}
branch: release

- name: Write commit SHA to file
run: echo $GITHUB_SHA > frontends/main/public/hash.txt

- name: Build and push the NextJS Docker image
env:
HEROKU_APP_NAME: mitopen-production-nextjs
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
ORIGIN: https://learn.mit.edu
MITOL_API_BASE_URL: ${{ vars.API_BASE_PROD }}
SITE_NAME: MIT Learn
SUPPORT_EMAIL: [email protected]
EMBEDLY_KEY: ${{ secrets.EMBEDLY_KEY_PROD }}
MITOL_AXIOS_WITH_CREDENTIALS: true
CSRF_COOKIE_NAME: ${{ secrets.CSRF_COOKIE_NAME_PROD }}
POSTHOG_API_HOST: ${{ vars.POSTHOG_API_HOST_PROD }}
POSTHOG_PROJECT_ID: ${{ secrets.POSTHOG_PROJECT_ID_PROD }}
POSTHOG_API_KEY: ${{ secrets.POSTHOG_PROJECT_API_KEY_PROD }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN_PROD }}
SENTRY_ENV: ${{ secrets.MITOL_ENVIRONMENT_PROD }}
SENTRY_PROFILES_SAMPLE_RATE: ${{ secrets.SENTRY_PROFILES_SAMPLE_RATE_PROD }}
SENTRY_TRACES_SAMPLE_RATE: ${{ secrets.SENTRY_TRACES_SAMPLE_RATE_PROD }}
APPZI_URL: ${{ secrets.APPZI_URL_PROD }}
LEARN_AI_RECOMMENDATION_ENDPOINT: ${{ secrets.LEARN_AI_RECOMMENDATION_ENDPOINT_PROD }}
LEARN_AI_SYLLABUS_ENDPOINT: ${{ secrets.LEARN_AI_SYLLABUS_ENDPOINT_PROD }}
VERSION: ${{ github.sha }}
run: | # NOTE: The --args must be comma separated and NOT have spaces
heroku container:push web \
--app $HEROKU_APP_NAME \
--recursive \
--arg NEXT_PUBLIC_ORIGIN=$ORIGIN,\
NEXT_PUBLIC_MITOL_API_BASE_URL=$MITOL_API_BASE_URL,\
NEXT_PUBLIC_SITE_NAME="$SITE_NAME",\
NEXT_PUBLIC_MITOL_SUPPORT_EMAIL=$SUPPORT_EMAIL,\
NEXT_PUBLIC_EMBEDLY_KEY=$EMBEDLY_KEY,\
NEXT_PUBLIC_MITOL_AXIOS_WITH_CREDENTIALS=$MITOL_AXIOS_WITH_CREDENTIALS,\
NEXT_PUBLIC_CSRF_COOKIE_NAME=$CSRF_COOKIE_NAME,\
NEXT_PUBLIC_POSTHOG_API_HOST=$POSTHOG_API_HOST,\
NEXT_PUBLIC_POSTHOG_PROJECT_ID=$POSTHOG_PROJECT_ID,\
NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY,\
NEXT_PUBLIC_SENTRY_DSN=$SENTRY_DSN,\
NEXT_PUBLIC_SENTRY_ENV=$SENTRY_ENV,\
NEXT_PUBLIC_SENTRY_PROFILES_SAMPLE_RATE=$SENTRY_PROFILES_SAMPLE_RATE,\
NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE=$SENTRY_TRACES_SAMPLE_RATE,\
NEXT_PUBLIC_APPZI_URL=$APPZI_URL,\
NEXT_PUBLIC_LEARN_AI_RECOMMENDATION_ENDPOINT=$LEARN_AI_RECOMMENDATION_ENDPOINT,\
NEXT_PUBLIC_LEARN_AI_SYLLABUS_ENDPOINT=$LEARN_AI_SYLLABUS_ENDPOINT,\
NEXT_PUBLIC_VERSION=$VERSION \
--context-path .

- name: Release Frontend on Heroku
env:
HEROKU_APP_NAME: mitopen-production-nextjs
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
run: heroku container:release --app $HEROKU_APP_NAME web

- name: Purge Fastly cache
uses: jcoene/fastly-purge-action@master
with:
api_key: "${{ secrets.FASTLY_API_KEY_PROD_NEXTJS }}"
service_id: "${{ secrets.FASTLY_SERVICE_ID_PROD_NEXTJS }}"

# runs ONLY on a failure of the CI workflow
on-failure:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
if: >
github.event_name == 'workflow_dispatch' ||
github.event.workflow_run.conclusion == 'failure'
steps:
- run: echo 'The triggering workflow failed'

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}
4 changes: 2 additions & 2 deletions .github/workflows/publish-pages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,29 +10,29 @@

jobs:
build:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
with:
node-version: "^22.0.0"
cache: yarn
cache-dependency-path: yarn.lock

- name: Install dependencies
run: yarn install

- name: Build Storybook
run: yarn workspace ol-components build-storybook

- name: Upload artifact
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
with:
path: ./frontends/ol-components/storybook-static

deploy:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
needs: build

permissions:
Expand All @@ -43,7 +43,7 @@
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}

runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- name: Deploy to GitHub Pages
id: deployment
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release-candidate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,97 +10,97 @@
jobs:
# runs if CI workflow was successful OR if this was manually triggered
on-success:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
if: >
github.event_name == 'workflow_dispatch' ||
github.event.workflow_run.conclusion == 'success'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: release-candidate

- name: Set VERSION
run: echo "VERSION=$(./scripts/get_version.sh)" >> $GITHUB_ENV

- name: Heroku login
env:
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
run: heroku container:login

- name: Release Backend on Heroku
uses: akhileshns/heroku-deploy@e3eb99d45a8e2ec5dca08735e089607befa4bf28
with:
heroku_api_key: ${{ secrets.HEROKU_API_KEY }}
heroku_app_name: mitopen-rc
heroku_email: ${{ secrets.HEROKU_EMAIL }}
branch: release-candidate

- name: Write commit SHA to file
run: echo $GITHUB_SHA > frontends/main/public/hash.txt

- name: Build and push the NextJS Docker image
env:
HEROKU_APP_NAME: mitopen-rc-nextjs
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
ORIGIN: https://rc.learn.mit.edu
MITOL_API_BASE_URL: ${{ vars.API_BASE_RC }}
SITE_NAME: MIT Learn
SUPPORT_EMAIL: [email protected]
EMBEDLY_KEY: ${{ secrets.EMBEDLY_KEY_RC }}
MITOL_AXIOS_WITH_CREDENTIALS: true
CSRF_COOKIE_NAME: ${{ secrets.CSRF_COOKIE_NAME_RC }}
POSTHOG_API_HOST: ${{ vars.POSTHOG_API_HOST_RC }}
POSTHOG_PROJECT_ID: ${{ secrets.POSTHOG_PROJECT_ID_RC }}
POSTHOG_API_KEY: ${{ secrets.POSTHOG_PROJECT_API_KEY_RC }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN_RC }}
SENTRY_ENV: ${{ secrets.MITOL_ENVIRONMENT_RC }}
SENTRY_PROFILES_SAMPLE_RATE: ${{ secrets.SENTRY_PROFILES_SAMPLE_RATE_RC }}
SENTRY_TRACES_SAMPLE_RATE: ${{ secrets.SENTRY_TRACES_SAMPLE_RATE_RC }}
APPZI_URL: ${{ secrets.APPZI_URL_RC }}
LEARN_AI_RECOMMENDATION_ENDPOINT: ${{ secrets.LEARN_AI_RECOMMENDATION_ENDPOINT_RC }}
LEARN_AI_SYLLABUS_ENDPOINT: ${{ secrets.LEARN_AI_SYLLABUS_ENDPOINT_RC }}
VERSION: ${{ github.sha }}
run: | # NOTE: The --args must be comma separated and NOT have spaces
heroku container:push web \
--app $HEROKU_APP_NAME \
--recursive \
--arg NEXT_PUBLIC_ORIGIN=$ORIGIN,\
NEXT_PUBLIC_MITOL_API_BASE_URL=$MITOL_API_BASE_URL,\
NEXT_PUBLIC_SITE_NAME="$SITE_NAME",\
NEXT_PUBLIC_MITOL_SUPPORT_EMAIL=$SUPPORT_EMAIL,\
NEXT_PUBLIC_EMBEDLY_KEY=$EMBEDLY_KEY,\
NEXT_PUBLIC_MITOL_AXIOS_WITH_CREDENTIALS=$MITOL_AXIOS_WITH_CREDENTIALS,\
NEXT_PUBLIC_CSRF_COOKIE_NAME=$CSRF_COOKIE_NAME,\
NEXT_PUBLIC_POSTHOG_API_HOST=$POSTHOG_API_HOST,\
NEXT_PUBLIC_POSTHOG_PROJECT_ID=$POSTHOG_PROJECT_ID,\
NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY,\
NEXT_PUBLIC_SENTRY_DSN=$SENTRY_DSN,\
NEXT_PUBLIC_SENTRY_ENV=$SENTRY_ENV,\
NEXT_PUBLIC_SENTRY_PROFILES_SAMPLE_RATE=$SENTRY_PROFILES_SAMPLE_RATE,\
NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE=$SENTRY_TRACES_SAMPLE_RATE,\
NEXT_PUBLIC_APPZI_URL=$APPZI_URL,\
NEXT_PUBLIC_LEARN_AI_RECOMMENDATION_ENDPOINT=$LEARN_AI_RECOMMENDATION_ENDPOINT,\
NEXT_PUBLIC_LEARN_AI_SYLLABUS_ENDPOINT=$LEARN_AI_SYLLABUS_ENDPOINT,\
NEXT_PUBLIC_VERSION=$VERSION \
--context-path .

- name: Release Frontend on Heroku
env:
HEROKU_APP_NAME: mitopen-rc-nextjs
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
run: heroku container:release --app $HEROKU_APP_NAME web

- name: Purge Fastly cache
uses: jcoene/fastly-purge-action@master
with:
api_key: "${{ secrets.FASTLY_API_KEY_RC_NEXTJS }}"
service_id: "${{ secrets.FASTLY_SERVICE_ID_RC_NEXTJS }}"

# runs ONLY on a failure of the CI workflow
on-failure:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
if: >
github.event_name == 'workflow_dispatch' ||
github.event.workflow_run.conclusion == 'failure'
steps:
- run: echo 'The triggering workflow failed'

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}
Loading