Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1
Add the orbs
stanza below your version, invoking the orb:
1
2
orbs:
nx: nrwl/nx@1.6.2
Use nx
elements in your existing workflows and jobs.
Opt-in to use of uncertified orbs on your organization’s Security settings page.
You need to specify `main-branch-name` if different than `main`. If last successful workflow run was not found, by default we report warning and fallback to HEAD~1. You can instead make this a hard error by settting 'error-on-no-successful-workflow' to true. If you need to find the last successful job within a specific workflow, set the value of 'workflow-name'. By default we check for `success` state of the workflow. If you would like to include also `on_hold` states, you can do so by enabling `allow-on-hold-workflow`.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
version: '2.1'
orbs:
nx: nrwl/nx@1.6.2
jobs:
build:
docker:
- image: cimg/node:14.17-browsers
environment:
MAIN_BRANCH_NAME: master
steps:
- checkout
- run:
command: yarn install --frozen-lockfile
name: Install dependencies
- nx/set-shas:
allow-on-hold-workflow: true
error-on-no-successful-workflow: true
main-branch-name: master
workflow-name: nx-pipeline
- run:
command: yarn nx affected --target=build --base=$NX_BASE
name: Run Builds
- run:
command: yarn nx affected --target=test --base=$NX_BASE
name: Run Unit Tests
workflows: null
You can use `set-shas` without parameters using the default values provided. Check API for more information.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
version: '2.1'
orbs:
nx: nrwl/nx@1.6.2
jobs:
build:
docker:
- image: cimg/node:14.17-browsers
steps:
- checkout
- run:
command: yarn install --frozen-lockfile
name: Install dependencies
- nx/set-shas
- run:
command: >-
yarn nx affected --target=build --base=$NX_BASE --parallel
--max-parallel=3
name: Run Builds
- run:
command: >-
yarn nx affected --target=test --base=$NX_BASE --parallel
--max-parallel=2
name: Run Unit Tests
workflows: null
To use this orb with a private repository on your main branch, you need to grant the orb access to your CircleCI API. You can do this by creating an environment variable called `CIRCLE_API_TOKEN` in the context or the project. The remaining usage code is intentionally omitted, since it does not differ from the normal usage. Note: It should be a user token, not project token.
1
2
3
4
version: '2.1'
orbs:
nx: nrwl/nx@1.6.2
workflows: null
You can use `set-shas` also for non-push events, but you need to skip the branch check in that case.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
version: '2.1'
orbs:
nx: nrwl/nx@1.6.1
jobs:
build:
docker:
- image: cimg/node:14.17-browsers
steps:
- checkout
- run:
command: yarn install --frozen-lockfile
name: Install dependencies
- nx/set-shas:
skip-branch-filter: true
- run:
command: >-
yarn nx affected --target=build --base=$NX_BASE --parallel
--max-parallel=3
name: Run Builds
- run:
command: >-
yarn nx affected --target=test --base=$NX_BASE --parallel
--max-parallel=2
name: Run Unit Tests
workflows:
my-workflow:
jobs:
- build:
filters:
branches:
ignore: /.*/
tags:
only: /^v[0-9]+(\.[0-9]+)*$/
Derives SHAs for base and head for use in `nx affected` commands in CI
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
allow-on-hold-workflow | By default, only workflows with CircleCI status of "success" will be detected for the main branch.
Enable this option to also detect workflows with CircleCI status of "on_hold" in case your workflow requires manual approvals.
| No | false | boolean |
error-on-no-successful-workflow | By default, if no successful workflow is found on the main branch to determine the SHA,
we will log a warning and use HEAD~1. Enable this option to error and exit instead.
| No | false | boolean |
main-branch-name | The name of the main branch in your repo, used as the target of PRs. E.g. main, master etc.
| No | main | string |
skip-branch-filter | By default, the workflow runs will be filtered by `main` branch. This works fine with standard `push` event. If you
want to use the orb for non-push events (e.g. tag, label etc.) you need to disable branch filtering.
| No | false | boolean |
workflow-name | By default, the script is looking for the last successful job across all workflows.
Set this param to search for the last successful job within a specific workflow.
| No | '' | string |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/orbs/licensing
version: 2.1
description: |
A Orb which includes helpful commands for running Nx commands in the CI
display:
home_url: https://nx.dev/
source_url: https://github.com/nrwl/nx-orb
commands:
set-shas:
description: |
Derives SHAs for base and head for use in `nx affected` commands in CI
parameters:
allow-on-hold-workflow:
default: false
description: |
By default, only workflows with CircleCI status of "success" will be detected for the main branch.
Enable this option to also detect workflows with CircleCI status of "on_hold" in case your workflow requires manual approvals.
type: boolean
error-on-no-successful-workflow:
default: false
description: |
By default, if no successful workflow is found on the main branch to determine the SHA,
we will log a warning and use HEAD~1. Enable this option to error and exit instead.
type: boolean
main-branch-name:
default: main
description: |
The name of the main branch in your repo, used as the target of PRs. E.g. main, master etc.
type: string
skip-branch-filter:
default: false
description: |
By default, the workflow runs will be filtered by `main` branch. This works fine with standard `push` event. If you
want to use the orb for non-push events (e.g. tag, label etc.) you need to disable branch filtering.
type: boolean
workflow-name:
default: ""
description: |
By default, the script is looking for the last successful job across all workflows.
Set this param to search for the last successful job within a specific workflow.
type: string
steps:
- run:
command: |
#!/bin/bash
echo "$PARAM_SCRIPT" >>"index.js"
if [ -z "$CIRCLE_BRANCH" ]; then
echo "\$CIRCLE_BRANCH not set, falling back to $PARAM_MAIN_BRANCH"
TARGET_BRANCH=$PARAM_MAIN_BRANCH
else
TARGET_BRANCH=$CIRCLE_BRANCH
fi
RESPONSE=$(node index.js $CIRCLE_BUILD_URL $TARGET_BRANCH $PARAM_MAIN_BRANCH $PARAM_ERROR_ON_NO_SUCCESSFUL_WORKFLOW $PARAM_ALLOW_ON_HOLD $PARAM_SKIP_BRANCH_FILTER $PARAM_WORKFLOW_NAME)
echo "$RESPONSE"
BASE_SHA=$(echo "$RESPONSE" | grep 'Commit:' | sed 's/.*Commit: //')
HEAD_SHA=$(git rev-parse HEAD)
echo "Base SHA"
echo $BASE_SHA
echo ""
echo "Head SHA"
echo $HEAD_SHA
echo ""
echo "export NX_BASE=\"$BASE_SHA\";" >>$BASH_ENV
echo "export NX_HEAD=\"$HEAD_SHA\";" >>$BASH_ENV
echo ""
echo "NX_BASE and NX_HEAD environment variables have been set for the current Job"
environment:
PARAM_ALLOW_ON_HOLD: <<parameters.allow-on-hold-workflow>>
PARAM_ERROR_ON_NO_SUCCESSFUL_WORKFLOW: <<parameters.error-on-no-successful-workflow>>
PARAM_MAIN_BRANCH: <<parameters.main-branch-name>>
PARAM_SCRIPT: |
#!/usr/bin/env node
const { execSync } = require('child_process');
const https = require('https');
const buildUrl = process.argv[2];
const branchName = process.argv[3];
const mainBranchName = process.env.MAIN_BRANCH_NAME || process.argv[4];
const errorOnNoSuccessfulWorkflow = process.argv[5] === '1';
const allowOnHoldWorkflow = process.argv[6] === '1';
const skipBranchFilter = process.argv[7] === '1';
const workflowName = process.argv[8];
const circleToken = process.env.CIRCLE_API_TOKEN;
const [, host, project] = buildUrl.match(/https?:\/\/([^\/]+)\/(.*)\/\d+/);
let BASE_SHA;
(async () => {
if (branchName !== mainBranchName) {
BASE_SHA = execSync(`git merge-base origin/${mainBranchName} HEAD`, { encoding: 'utf-8' });
} else {
try {
BASE_SHA = await findSuccessfulCommit(skipBranchFilter ? undefined : mainBranchName, workflowName);
} catch (e) {
process.stderr.write(e.message);
if (errorOnNoSuccessfulWorkflow) {
process.exit(1);
} else {
process.stdout.write(`
WARNING: Accessing CircleCI API failed on 'origin/${mainBranchName}'.
This might be a temporary issue with their API or a misconfiguration of the CIRCLE_API_TOKEN.
We are therefore defaulting to use HEAD~1 on 'origin/${mainBranchName}'.
NOTE: You can instead make this a hard error by settting 'error-on-no-successful-workflow' on the step in your workflow.\n\n`);
BASE_SHA = execSync(`git rev-parse origin/${mainBranchName}~1`, { encoding: 'utf-8' });
}
}
if (!BASE_SHA) {
if (errorOnNoSuccessfulWorkflow) {
process.stdout.write(`
Unable to find a successful workflow run on 'origin/${mainBranchName}'
NOTE: You have set 'error-on-no-successful-workflow' on the step so this is a hard error.
Is it possible that you have no runs currently on 'origin/${mainBranchName}'?
- If yes, then you should run the workflow without this flag first.
- If no, then you might have changed your git history and those commits no longer exist.`);
process.exit(1);
} else {
process.stdout.write(`
WARNING: Unable to find a successful workflow run on 'origin/${mainBranchName}'.
We are therefore defaulting to use HEAD~1 on 'origin/${mainBranchName}'.
NOTE: You can instead make this a hard error by settting 'error-on-no-successful-workflow' on the step in your workflow.\n\n`);
BASE_SHA = execSync(`git rev-parse origin/${mainBranchName}~1`, { encoding: 'utf-8' });
}
} else {
process.stdout.write(`
Found the last successful workflow run on 'origin/${mainBranchName}'.\n\n`);
}
}
process.stdout.write(`Commit: ${BASE_SHA}\n\n`);
})();
async function findSuccessfulCommit(branch, workflowName) {
const url = `https://${host}/api/v2/project/${project}/pipeline?`;
const params = branch ? [`branch=${branch}`] : [];
let nextPage;
let foundSHA;
do {
const fullParams = params.concat(nextPage ? [`page-token=${nextPage}`] : []).join('&');
const { next_page_token, sha } = await getJson(`${url}${fullParams}`)
.then(async ({ next_page_token, items }) => {
const pipeline = await findSuccessfulPipeline(items, workflowName);
return {
next_page_token,
sha: pipeline ? pipeline.vcs.revision : void 0
};
});
foundSHA = sha;
nextPage = next_page_token;
} while (!foundSHA && nextPage);
return foundSHA;
}
async function findSuccessfulPipeline(pipelines, workflowName) {
for (const pipeline of pipelines) {
if (!pipeline.errors.length
&& commitExists(pipeline.vcs.revision)
&& await isWorkflowSuccessful(pipeline.id, workflowName)) {
return pipeline;
}
}
return undefined;
}
function commitExists(commitSha) {
try {
execSync(`git cat-file -e ${commitSha}`, { stdio: ['pipe', 'pipe', null] });
return true;
} catch {
return false;
}
}
async function isWorkflowSuccessful(pipelineId, workflowName) {
if (!workflowName) {
return getJson(`https://${host}/api/v2/pipeline/${pipelineId}/workflow`)
.then(({ items }) => items.every(item => (item.status === 'success') || (allowOnHoldWorkflow && item.status === 'on_hold')));
} else {
return getJson(`https://${host}/api/v2/pipeline/${pipelineId}/workflow`)
.then(({ items }) => items.some(item => ((item.status === 'success') || (allowOnHoldWorkflow && item.status === 'on_hold')) && item.name === workflowName));
}
}
async function getJson(url) {
return new Promise((resolve, reject) => {
let options = {};
if (circleToken) {
options.headers = {
'Circle-Token': circleToken
}
}
https.get(url, options, (res) => {
let data = [];
res.on('data', chunk => {
data.push(chunk);
});
res.on('end', () => {
const response = Buffer.concat(data).toString();
try {
const responseJSON = JSON.parse(response);
resolve(responseJSON);
} catch (e) {
if (response.includes('Project not found')) {
reject(new Error(`Error: Project not found.\nIf you are using a private repo, make sure the CIRCLE_API_TOKEN is set.\n\n${response}`));
} else {
reject(e)
}
}
});
}).on('error', error => reject(
circleToken
? new Error(`Error: Pipeline fetching failed.\nCheck if you set the correct user CIRCLE_API_TOKEN.\n\n${error.toString()}`)
: new Error(`Error: Pipeline fetching failed.\nIf this is private repo you will need to set CIRCLE_API_TOKEN\n\n${error.toString()}`)
));
});
}
PARAM_SKIP_BRANCH_FILTER: <<parameters.skip-branch-filter>>
PARAM_WORKFLOW_NAME: <<parameters.workflow-name>>
name: Derives SHAs for base and head for use in `nx affected` commands
shell: /bin/bash
examples:
custom:
description: |
You need to specify `main-branch-name` if different than `main`. If last successful workflow run was not found, by default we report warning and fallback to HEAD~1. You can instead make this a hard error by settting 'error-on-no-successful-workflow' to true. If you need to find the last successful job within a specific workflow, set the value of 'workflow-name'. By default we check for `success` state of the workflow. If you would like to include also `on_hold` states, you can do so by enabling `allow-on-hold-workflow`.
usage:
version: "2.1"
orbs:
nx: nrwl/nx@1.6.2
jobs:
build:
docker:
- image: cimg/node:14.17-browsers
environment:
MAIN_BRANCH_NAME: master
steps:
- checkout
- run:
command: yarn install --frozen-lockfile
name: Install dependencies
- nx/set-shas:
allow-on-hold-workflow: true
error-on-no-successful-workflow: true
main-branch-name: master
workflow-name: nx-pipeline
- run:
command: yarn nx affected --target=build --base=$NX_BASE
name: Run Builds
- run:
command: yarn nx affected --target=test --base=$NX_BASE
name: Run Unit Tests
workflows: null
default:
description: |
You can use `set-shas` without parameters using the default values provided. Check API for more information.
usage:
version: "2.1"
orbs:
nx: nrwl/nx@1.6.2
jobs:
build:
docker:
- image: cimg/node:14.17-browsers
steps:
- checkout
- run:
command: yarn install --frozen-lockfile
name: Install dependencies
- nx/set-shas
- run:
command: yarn nx affected --target=build --base=$NX_BASE --parallel --max-parallel=3
name: Run Builds
- run:
command: yarn nx affected --target=test --base=$NX_BASE --parallel --max-parallel=2
name: Run Unit Tests
workflows: null
private:
description: |
To use this orb with a private repository on your main branch, you need to grant the orb access to your CircleCI API. You can do this by creating an environment variable called `CIRCLE_API_TOKEN` in the context or the project. The remaining usage code is intentionally omitted, since it does not differ from the normal usage.
Note: It should be a user token, not project token.
usage:
version: "2.1"
orbs:
nx: nrwl/nx@1.6.2
workflows: null
tags:
description: |
You can use `set-shas` also for non-push events, but you need to skip the branch check in that case.
usage:
version: "2.1"
orbs:
nx: nrwl/nx@1.6.1
jobs:
build:
docker:
- image: cimg/node:14.17-browsers
steps:
- checkout
- run:
command: yarn install --frozen-lockfile
name: Install dependencies
- nx/set-shas:
skip-branch-filter: true
- run:
command: yarn nx affected --target=build --base=$NX_BASE --parallel --max-parallel=3
name: Run Builds
- run:
command: yarn nx affected --target=test --base=$NX_BASE --parallel --max-parallel=2
name: Run Unit Tests
workflows:
my-workflow:
jobs:
- build:
filters:
branches:
ignore: /.*/
tags:
only: /^v[0-9]+(\.[0-9]+)*$/