Introduce a new subdomain dev.iscsc.fr to publish in-development features from opened PRs #194
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy HUGO website | |
| on: | |
| # Runs on pull requests to check that the website is building without errors | |
| pull_request: | |
| # Runs on push/merge to main to deploy the new website | |
| # Only run if the push updates website sources | |
| push: | |
| paths: | |
| - src/** | |
| branches: | |
| - main | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| # Build job | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Debug | |
| run: | | |
| echo "GH_TOKEN (env): ${{ env.GH_TOKEN }}" | |
| echo "GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}" | |
| echo "CI_USER_NAME: ${{ secrets.CI_USER_NAME }}" | |
| echo "TEST_EMPTY_SECRET:${{ secrets.TEST_EMPTY_SECRET }}" | |
| echo "TEST_ORG_SECRET: ${{ secrets.TEST_ORG_SECRET }}" | |
| echo "TEST_REPO_SECRET: ${{ secrets.TEST_REPO_SECRET }}" | |
| echo "TEST_ENV_SECRET: ${{ secrets.TEST_ENV_SECRET }}" | |
| echo "github.event.repository.fork = ${{ github.event.repository.fork }}" | |
| echo "github.event_name = ${{ github.event_name }}" | |
| # Checkout repo AND ITS SUBMODULES | |
| - name: π Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| # Build the static website with the provided docker-compose rules | |
| - name: π οΈ Build with HUGO | |
| run: | | |
| docker compose up builder --exit-code-from builder | |
| # Upload build artifacts for deployment or download | |
| - name: π Upload Artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: prod-build | |
| path: ./build/blog/prod | |
| # Deployment job: heavily inspired from https://swharden.com/blog/2022-03-20-github-actions-hugo/ | |
| # /!\ only triggers on (push events AND NOT fork repos) OR manually triggered | |
| ## Required secrets: | |
| # - SSH_KNOWN_HOSTS | |
| # - PRIVATE_SSH_KEY | |
| # - CI_USER_NAME | |
| # - REPO_PATH_ON_REMOTE | |
| deploy: | |
| needs: [build] | |
| # DISCLAIMER: | |
| # The following is a very POOR solution to avoid *failing deploy step* due to missing secrets | |
| # on fork repositories, but sadly the `env` context is not accessible from `jobs.<job_id>.if`: | |
| # https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability | |
| # | |
| # If for any reason you want to trigger this step on your fork remove the following line, | |
| # trigger manually or open an issue https://github.com/iScsc/blog.iscsc.fr/issues, | |
| # we'll find a better way to skip this step. | |
| if: ${{ (github.event_name == 'push' && ! github.event.repository.fork) || github.event_name == 'workflow_dispatch' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: π οΈ Setup build directory | |
| run: | | |
| mkdir -p build/blog/prod | |
| - name: π₯ Download build Artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: prod-build | |
| path: build/blog/prod | |
| # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host) | |
| - name: π Create Key File | |
| run: | | |
| mkdir ~/.ssh | |
| touch ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| - name: π Load Host Keys | |
| run: | | |
| echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts | |
| - name: π Populate Key | |
| run: | | |
| echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa | |
| # Upload the build to the remote server location: the volume shared by the nginx container serving http requests | |
| - name: π Upload | |
| run: | | |
| rsync --archive --stats --verbose --delete ./build/blog/prod/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog/prod | |
| - name: β¬ Remote git pull | |
| run: | | |
| ssh ${{ secrets.CI_USER_NAME }}@iscsc.fr /usr/bin/bash ${{ secrets.REPO_PATH_ON_REMOTE }}/scripts/remote_git_pull.sh ${{ secrets.REPO_PATH_ON_REMOTE }} | |
| # Finally notify of the new article (if any) on the iScsc discord server | |
| # action jitterbit/get-changed-files@v1 doesn't support 'workflow_dispatch' events: https://github.com/jitterbit/get-changed-files/issues/38 | |
| notify: | |
| needs: [deploy] | |
| if: ${{ github.event_name != 'workflow_dispatch' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout repo, no need to checkout submodule | |
| - name: π Checkout | |
| uses: actions/checkout@v3 | |
| # Get the list of added, changed, removed, and renamed files | |
| - name: π Get changed files | |
| uses: jitterbit/get-changed-files@v1 | |
| id: files | |
| with: | |
| format: space-delimited | |
| - name: Print changed files... | |
| run: | | |
| echo "All:" | |
| echo "${{ steps.files.outputs.all }}" | |
| echo "Added:" | |
| echo "${{ steps.files.outputs.added }}" | |
| echo "Removed:" | |
| echo "${{ steps.files.outputs.removed }}" | |
| echo "Renamed:" | |
| echo "${{ steps.files.outputs.renamed }}" | |
| echo "Modified:" | |
| echo "${{ steps.files.outputs.modified }}" | |
| echo "Added+Modified:" | |
| echo "${{ steps.files.outputs.added_modified }}" | |
| - name: π¨ Notify on Discord | |
| run: | | |
| python3 -m pip install requests PyYAML | |
| python3 ./scripts/new_article.py ${{ steps.files.outputs.added }} |