chore: update circleci envs (#31295)

2026-01-06 06:29:45 -06:00 · 2025-03-14 20:56:40 -06:00
parent eb846fb021
commit 3fd0e3cbbd
4 changed files with 36 additions and 58 deletions
--- a/.circleci/workflows.yml
+++ b/.circleci/workflows.yml
@@ -36,10 +36,9 @@ mainBuildFilters: &mainBuildFilters
      only:
        - develop
        - /^release\/\d+\.\d+\.\d+$/
-        - ryanm/chore/fix-binary-due-to-proxy-from-env
        # use the following branch as well to ensure that v8 snapshot cache updates are fully tested
        - 'update-v8-snapshot-cache-on-develop'
-        - 'ryanm/chore/add_internal_studio'
+        - 'mschile/circle_ci_env'

 # usually we don't build Mac app - it takes a long time
 # but sometimes we want to really confirm we are doing the right thing
@@ -50,7 +49,7 @@ macWorkflowFilters: &darwin-workflow-filters
      - equal: [ develop, << pipeline.git.branch >> ]
      # use the following branch as well to ensure that v8 snapshot cache updates are fully tested
      - equal: [ 'update-v8-snapshot-cache-on-develop', << pipeline.git.branch >> ]
-      - equal: [ 'ryanm/chore/fix-binary-due-to-proxy-from-env', << pipeline.git.branch >> ]
+      - equal: [ 'mschile/circle_ci_env', << pipeline.git.branch >> ]
      - matches:
          pattern: /^release\/\d+\.\d+\.\d+$/
          value: << pipeline.git.branch >>
@@ -61,7 +60,7 @@ linuxArm64WorkflowFilters: &linux-arm64-workflow-filters
      - equal: [ develop, << pipeline.git.branch >> ]
      # use the following branch as well to ensure that v8 snapshot cache updates are fully tested
      - equal: [ 'update-v8-snapshot-cache-on-develop', << pipeline.git.branch >> ]
-      - equal: [ 'ryanm/chore/fix-binary-due-to-proxy-from-env', << pipeline.git.branch >> ]
+      - equal: [ 'mschile/circle_ci_env', << pipeline.git.branch >> ]
      - matches:
          pattern: /^release\/\d+\.\d+\.\d+$/
          value: << pipeline.git.branch >>
@@ -84,7 +83,7 @@ windowsWorkflowFilters: &windows-workflow-filters
      - equal: [ develop, << pipeline.git.branch >> ]
      # use the following branch as well to ensure that v8 snapshot cache updates are fully tested
      - equal: [ 'update-v8-snapshot-cache-on-develop', << pipeline.git.branch >> ]
-      - equal: [ 'ryanm/chore/fix-binary-due-to-proxy-from-env', << pipeline.git.branch >> ]
+      - equal: [ 'mschile/circle_ci_env', << pipeline.git.branch >> ]
      - matches:
          pattern: /^release\/\d+\.\d+\.\d+$/
          value: << pipeline.git.branch >>
@@ -1519,6 +1518,9 @@ jobs:
      resource_class:
        type: string
        default: large
+      is_contributor_pr:
+        type: boolean
+        default: false
    resource_class: << parameters.resource_class >>
    steps:
      - restore_cached_workspace
@@ -1537,7 +1539,8 @@ jobs:
          command: yarn list --depth=0 || true
      - run:
          name: Check env canaries
-          command: node ./scripts/circle-env.js --check-canaries
+          command: node ./scripts/circle-env.js --check-canaries --is-contributor-pr <<
+            parameters.is_contributor_pr >>
      - build-and-persist

  lint:
@@ -2793,31 +2796,6 @@ jobs:
          repo: cypress-example-todomvc
          browser: firefox

-  test-binary-against-conduit-chrome:
-    <<: *defaults
-    steps:
-      - test-binary-against-repo:
-          repo: cypress-example-conduit-app
-          browser: chrome
-          command: "npm run cypress:run"
-          wait-on: http://localhost:3000
-
-  test-binary-against-api-testing-firefox:
-    <<: *defaults
-    steps:
-      - test-binary-against-repo:
-          repo: cypress-example-api-testing
-          browser: firefox
-          command: "npm run cy:run"
-
-  test-binary-against-piechopper-firefox:
-    <<: *defaults
-    steps:
-      - test-binary-against-repo:
-          repo: cypress-example-piechopper
-          browser: firefox
-          command: "npm run cypress:run"
-
  test-binary-against-cypress-realworld-app:
    <<: *defaults
    resource_class: medium+
@@ -3286,8 +3264,7 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow
  jobs:
    - node_modules_install
    - build:
-        environment:
-          IS_CONTRIBUTOR_PR: true
+        is_contributor_pr: true
        requires:
          - node_modules_install
    # In subsequent jobs, we use some contexts that are restricted to members of the Cypress organization.
--- a/scripts/circle-env.js
+++ b/scripts/circle-env.js
@@ -1,10 +1,10 @@
 // check if the project env canary and context canary are both present to verify that this script is reading the right env
-function checkCanaries () {
+function checkCanaries ({ isContributorPR }) {
  if (!process.env.CI) console.warn('This script will not work outside of CI.')

  const circleEnv = readProcessEnv()

-  if (circleEnv.hasOwnProperty('IS_CONTRIBUTOR_PR')) {
+  if (isContributorPR) {
    console.log('Contributor PR detected. Verifying canary envs are not available.')
    if (circleEnv.MAIN_CANARY) throw new Error('MAIN_CANARY should not be present in a contributor PR. Investigate why the CircleCI project level env var is being applied to this job.')

@@ -31,10 +31,14 @@ module.exports = {
 }

 if (require.main === module) {
-  if (process.argv.includes('--check-canaries')) {
-    checkCanaries()
-  } else {
-    console.error(`No options were passed, but ${__filename} was invoked as a script.`)
+  const args = process.argv.slice(2)
+
+  if (args.length !== 3 || args[0] !== '--check-canaries' || args[1] !== '--is-contributor-pr') {
+    console.error(`Invalid arguments. Usage: ${__filename} --check-canaries --is-contributor-pr <isContributorPR>`)
    process.exit(1)
  }
+
+  const isContributorPR = args[2] === 'true'
+
+  checkCanaries({ isContributorPR })
 }
--- a/scripts/sanitize-mocha-results.js
+++ b/scripts/sanitize-mocha-results.js
@@ -18,7 +18,8 @@ function isAllowlistedEnv (key, value) {
    ['true', 'false', 'TRUE', 'FALSE', 'True', 'False'].includes(value)
    || value.length < 4
    // allow some envs that are not sensitive
-    || ['nodejs_version', 'CF_DOMAIN', 'SKIP_RELEASE_CHANGELOG_VALIDATION_FOR_BRANCHES', 'CIRCLE_PROJECT_REPONAME', 'HOME', 'PLATFORM', 'HOSTNAME', 'PWD', 'INIT_CWD', 'USER', 'LOGNAME', 'npm_config_loglevel'].includes(key)
+    || ['nodejs_version', 'CF_DOMAIN', 'SKIP_RELEASE_CHANGELOG_VALIDATION_FOR_BRANCHES', 'CIRCLE_PROJECT_REPONAME', 'CIRCLE_BRANCH',
+      'HOME', 'HOMEPATH', 'PLATFORM', 'HOSTNAME', 'PWD', 'INIT_CWD', 'USER', 'SUDO_USER', 'USERNAME', 'USERPROFILE', 'LOGNAME', 'npm_config_loglevel'].includes(key)
    // ignore npm_package_ envs https://docs.npmjs.com/cli/v11/using-npm/scripts#packagejson-vars
    || key.startsWith('npm_package_')
  )
@@ -49,7 +50,7 @@ async function checkReportFile (filename, circleEnv) {

  if (foundKeys.length) {
    await fs.rm(REPORTS_PATH, { recursive: true, force: true })
-    throw new Error(`Report contained the value of ${foundKeys.join(' ,')}, which is a CI environment variable. This means that a failing test is exposing environment variables. Test reports will not be persisted for this job.`)
+    throw new Error(`Report contained the value of ${foundKeys.join(', ')}, which is a CI environment variable. This means that a failing test is exposing environment variables. Test reports will not be persisted for this job.`)
  }

  console.log('Report parsed successfully.')
--- a/scripts/unit/circle-env-spec.js
+++ b/scripts/unit/circle-env-spec.js
@@ -15,49 +15,45 @@ describe('circle-env', () => {
  context('with missing canaries', () => {
    context('internal PR', () => {
      it('fails when neither canary is set', () => {
-        expect(_checkCanaries).to.throw('Missing MAIN_CANARY')
+        expect(() => _checkCanaries({ isContributorPR: false })).to.throw('Missing MAIN_CANARY')
      })

      it('fails when only MAIN_CANARY is set', () => {
-        process.env.MAIN_CANARY = true
+        process.env.MAIN_CANARY = 'true'

-        expect(_checkCanaries).to.throw('Missing CONTEXT_CANARY')
+        expect(() => _checkCanaries({ isContributorPR: false })).to.throw('Missing CONTEXT_CANARY')
      })

      it('fails when only CONTEXT_CANARY is set', () => {
-        process.env.CONTEXT_CANARY = true
+        process.env.CONTEXT_CANARY = 'true'

-        expect(_checkCanaries).to.throw('Missing MAIN_CANARY')
+        expect(() => _checkCanaries({ isContributorPR: false })).to.throw('Missing MAIN_CANARY')
      })
    })

    context('contributor PR', () => {
      it('fails when MAIN_CANARY is set', () => {
-        process.env.IS_CONTRIBUTOR_PR = true
-        process.env.MAIN_CANARY = true
+        process.env.MAIN_CANARY = 'true'

-        expect(_checkCanaries).to.throw('MAIN_CANARY should not be present in a contributor PR.')
+        expect(() => _checkCanaries({ isContributorPR: true })).to.throw('MAIN_CANARY should not be present in a contributor PR.')
      })

      it('fails when CONTEXT_CANARY is set', () => {
-        process.env.IS_CONTRIBUTOR_PR = true
-        process.env.CONTEXT_CANARY = true
+        process.env.CONTEXT_CANARY = 'true'

-        expect(_checkCanaries).to.throw('CONTEXT_CANARY should not be present in a contributor PR.')
+        expect(() => _checkCanaries({ isContributorPR: true })).to.throw('CONTEXT_CANARY should not be present in a contributor PR.')
      })
    })
  })

  it('passes with canaries', () => {
-    process.env.MAIN_CANARY = true
-    process.env.CONTEXT_CANARY = true
+    process.env.MAIN_CANARY = 'true'
+    process.env.CONTEXT_CANARY = 'true'

-    _checkCanaries()
+    _checkCanaries({ isContributorPR: false })
  })

  it('passes for contributor PR', () => {
-    process.env.IS_CONTRIBUTOR_PR = true
-
-    _checkCanaries()
+    _checkCanaries({ isContributorPR: true })
  })
 })