forked from github/docs
-
Notifications
You must be signed in to change notification settings - Fork 0
524 lines (472 loc) · 20.7 KB
/
staging-deploy-pr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
name: Staging - Deploy PR
# **What it does**: To deploy PRs to a Heroku staging environment.
# **Why we have it**: To deploy with high visibility in case of failures.
# **Who does it impact**: All contributors.
# IT'S CRUCIALLY IMPORTANT THAT THIS WORKFLOW IS ONLY ENABLED IN docs!
on:
workflow_run:
workflows:
- 'Staging - Build PR'
types:
- completed
permissions:
actions: read
contents: read
deployments: write
pull-requests: read
statuses: write
# IMPORTANT: Intentionally OMIT a `concurrency` configuration from this workflow's
# top-level as we do not have any guarantee of identifying values being available
# within the `github.event` context for PRs from forked repos!
#
# The implication of this shortcoming is that we may have multiple workflow runs
# of this running at the same time for different commits within the same PR.
# However, once they reach the `concurrency` configurations deeper down within
# this workflow's jobs, then we can expect concurrent short-circuiting to begin.
env:
CONTEXT_NAME: '${{ github.workflow }} / deploy (${{ github.event.workflow_run.event }})'
ACTIONS_RUN_LOG: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
BUILD_ACTIONS_RUN_ID: ${{ github.event.workflow_run.id }}
BUILD_ACTIONS_RUN_LOG: https://github.com/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }}
jobs:
pr-metadata:
# This is needed because the workflow we depend on
# (see on.workflow_run.workflows) might be running from pushes on
# main. That's because it needs to do that to popular the cache.
if: >-
${{
github.repository == 'github/docs' &&
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
}}
runs-on: ubuntu-latest
outputs:
number: ${{ steps.pr.outputs.number }}
url: ${{ steps.pr.outputs.url }}
state: ${{ steps.pr.outputs.state }}
head_sha: ${{ steps.pr.outputs.head_sha }}
head_branch: ${{ steps.pr.outputs.head_branch }}
head_label: ${{ steps.pr.outputs.head_label }}
head_ref: ${{ steps.pr.outputs.head_ref }}
steps:
- name: Find the originating pull request
id: pr
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
env:
BUILD_ACTIONS_RUN_ID: ${{ env.BUILD_ACTIONS_RUN_ID }}
with:
script: |
// Curious about what version of node you get
console.log('Node version:', process.version)
// In order to find out the PR info for a forked repo, we must query
// the API for more info based on the originating workflow run
const { BUILD_ACTIONS_RUN_ID } = process.env
const { owner, repo } = context.repo
const { data: run } = await github.actions.getWorkflowRun({
owner,
repo,
run_id: BUILD_ACTIONS_RUN_ID,
})
// Gather PR-identifying information from the workflow run
const {
head_branch: headBranch,
head_sha: headSha,
head_repository: {
owner: { login: prRepoOwner },
name: prRepoName
}
} = run
const prIsInternal = owner === prRepoOwner && repo === prRepoName
let headLabel = `${prRepoOwner}:${headBranch}`
// If the PR is external, prefix its head branch name with the
// forked repo owner's login and their fork repo name e.g.
// "octocat/my-fork:docs". We need to include the fork repo
// name as well to account for an API issue (this will work fine
// if they don't have a different fork repo name).
if (!prIsInternal) {
headLabel = `${prRepoOwner}/${prRepoName}:${headBranch}`
}
// If the PR is external, prefix its head branch name with the
// forked repo owner's login, e.g. "octocat:docs"
const headRef = prIsInternal ? headBranch : headLabel
// Retrieve matching PRs (up to 30)
const { data: pulls } = await github.pulls.list({
owner,
repo,
head: headLabel,
sort: 'updated',
direction: 'desc',
per_page: 30
})
// Find the open PR, if any, otherwise choose the most recently updated
const targetPull = pulls.find(pr => pr.state === 'open') || pulls[0] || {}
const pullNumber = targetPull.number || 0
const pullUrl = targetPull.html_url || 'about:blank'
const pullState = targetPull.state || 'closed'
core.setOutput('number', pullNumber.toString())
core.setOutput('url', pullUrl)
core.setOutput('state', pullState)
core.setOutput('head_sha', headSha)
core.setOutput('head_branch', headBranch)
core.setOutput('head_label', headLabel)
core.setOutput('head_ref', headRef)
debug-originating-trigger:
needs: pr-metadata
runs-on: ubuntu-latest
steps:
- name: Dump info about the originating workflow run
env:
PR_NUMBER: ${{ needs.pr-metadata.outputs.number }}
PR_URL: ${{ needs.pr-metadata.outputs.url }}
PR_STATE: ${{ needs.pr-metadata.outputs.state }}
HEAD_SHA: ${{ needs.pr-metadata.outputs.head_sha }}
HEAD_BRANCH: ${{ needs.pr-metadata.outputs.head_branch }}
HEAD_LABEL: ${{ needs.pr-metadata.outputs.head_label }}
HEAD_REF: ${{ needs.pr-metadata.outputs.head_ref }}
BUILD_ACTIONS_RUN_ID: ${{ env.BUILD_ACTIONS_RUN_ID }}
BUILD_ACTIONS_RUN_LOG: ${{ env.BUILD_ACTIONS_RUN_LOG }}
run: |
echo "Originating workflow info:"
echo " - PR_NUMBER = $PR_NUMBER"
echo " - PR_URL = $PR_URL"
echo " - PR_STATE = $PR_STATE"
echo " - HEAD_SHA = $HEAD_SHA"
echo " - HEAD_BRANCH = $HEAD_BRANCH"
echo " - HEAD_LABEL = $HEAD_LABEL"
echo " - HEAD_REF = $HEAD_REF"
echo " - BUILD_ACTIONS_RUN_ID = $BUILD_ACTIONS_RUN_ID"
echo " - BUILD_ACTIONS_RUN_LOG = $BUILD_ACTIONS_RUN_LOG"
notify-of-failed-builds:
needs: pr-metadata
if: >-
${{
needs.pr-metadata.outputs.number != '0' &&
github.event.workflow_run.conclusion == 'failure'
}}
runs-on: ubuntu-latest
timeout-minutes: 1
# Specifically omitting a concurrency group here in case the build was not
# successful BECAUSE a subsequent build already canceled it
steps:
- name: Verify build workflow run was not cancelled
id: check-workflow-run
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
env:
BUILD_ACTIONS_RUN_ID: ${{ env.BUILD_ACTIONS_RUN_ID }}
with:
script: |
const { owner, repo } = context.repo
const { data: { jobs: buildJobs } } = await github.actions.listJobsForWorkflowRun({
owner,
repo,
run_id: process.env.BUILD_ACTIONS_RUN_ID,
filter: 'latest'
})
const wasCancelled = (
buildJobs.length > 0 &&
buildJobs.every(({ status, conclusion }) => {
return status === 'completed' && conclusion === 'cancelled'
})
)
core.setOutput('cancelled', wasCancelled.toString())
- if: ${{ steps.check-workflow-run.outputs.cancelled == 'false' }}
name: Send Slack notification if build workflow failed
uses: someimportantcompany/github-actions-slack-message@f8d28715e7b8a4717047d23f48c39827cacad340
with:
channel: ${{ secrets.DOCS_STAGING_DEPLOYMENT_FAILURES_SLACK_CHANNEL_ID }}
bot-token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
color: failure
text: Staging build failed for PR ${{ needs.pr-metadata.outputs.url }} at commit ${{ needs.pr-metadata.outputs.head_sha }}. See ${{ env.BUILD_ACTIONS_RUN_LOG }}. This run was ${{ env.ACTIONS_RUN_LOG }}.
check-pr-before-prepare:
needs: pr-metadata
if: >-
${{
needs.pr-metadata.outputs.number != '0' &&
github.event.workflow_run.conclusion == 'success'
}}
runs-on: ubuntu-latest
# This timeout should match or exceed the value of the timeout for Undeploy
timeout-minutes: 5
# This interrupts Build, Deploy, and pre-write Undeploy workflow runs in
# progress for this PR branch.
concurrency:
group: 'PR Staging @ ${{ needs.pr-metadata.outputs.head_label }}'
cancel-in-progress: true
outputs:
pull_request_state: ${{ steps.check-pr.outputs.state }}
steps:
- name: Check pull request state
id: check-pr
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
env:
PR_NUMBER: ${{ needs.pr-metadata.outputs.number }}
with:
script: |
// Equivalent of the 'await-sleep' module without the install
const sleep = ms => new Promise(resolve => setTimeout(resolve, ms))
const blockingLabel = 'automated-block-deploy'
const { owner, repo } = context.repo
const startTime = Date.now()
let pullRequest = {}
let blocked = true
// Keep polling the PR until the blocking label has been removed
while (blocked) {
const { data: pr } = await github.pulls.get({
owner,
repo,
pull_number: process.env.PR_NUMBER
})
blocked = pr.labels.some(({ name }) => name === blockingLabel)
if (blocked) {
console.warn(`WARNING! PR currently has blocking label "${blockingLabel}" (after ${Date.now() - startTime} ms). Will check again soon...`)
await sleep(15000) // Wait 15 seconds and check again
} else {
console.log(`PR was unblocked (after ${Date.now() - startTime} ms)!`)
pullRequest = pr
}
}
core.setOutput('state', pullRequest.state)
prepare-for-deploy:
needs: [pr-metadata, check-pr-before-prepare]
if: ${{ needs.check-pr-before-prepare.outputs.pull_request_state == 'open' }}
runs-on: ubuntu-latest
timeout-minutes: 5
# This interrupts Build, Deploy, and pre-write Undeploy workflow runs in
# progress for this PR branch.
concurrency:
group: 'PR Staging @ ${{ needs.pr-metadata.outputs.head_label }}'
cancel-in-progress: true
outputs:
source_blob_url: ${{ steps.build-source.outputs.download_url }}
steps:
- name: Create initial status
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
env:
CONTEXT_NAME: ${{ env.CONTEXT_NAME }}
ACTIONS_RUN_LOG: ${{ env.ACTIONS_RUN_LOG }}
HEAD_SHA: ${{ needs.pr-metadata.outputs.head_sha }}
with:
script: |
const { CONTEXT_NAME, ACTIONS_RUN_LOG, HEAD_SHA } = process.env
const { owner, repo } = context.repo
await github.repos.createCommitStatus({
owner,
repo,
sha: HEAD_SHA,
context: CONTEXT_NAME,
state: 'pending',
description: 'The app is being deployed. See logs.',
target_url: ACTIONS_RUN_LOG
})
- name: Check out repo's default branch
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
with:
# To prevent issues with cloning early access content later
persist-credentials: 'false'
lfs: 'true'
- name: Check out LFS objects
run: git lfs checkout
- name: Setup node
uses: actions/setup-node@04c56d2f954f1e4c69436aa54cfef261a018f458
with:
node-version: 16.13.x
cache: npm
# Install any additional dependencies *before* downloading the build artifact
- name: Install Heroku client development-only dependency
run: npm install --no-save heroku-client
# Download the previously built "app.tar"
- name: Download build artifact
uses: dawidd6/action-download-artifact@af92a8455a59214b7b932932f2662fdefbd78126
with:
workflow: ${{ github.event.workflow_run.workflow_id }}
run_id: ${{ env.BUILD_ACTIONS_RUN_ID }}
name: pr_build
path: ${{ runner.temp }}
# gzip the app.tar to meet Heroku's expected format
- name: Create a gzipped archive (docs)
run: gzip -9 < "$RUNNER_TEMP/app.tar" > app.tar.gz
- name: Create a Heroku build source
id: build-source
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
env:
HEROKU_API_TOKEN: ${{ secrets.HEROKU_API_TOKEN }}
with:
script: |
const { owner, repo } = context.repo
if (owner !== 'github') {
throw new Error(`Repository owner must be 'github' but was: ${owner}`)
}
if (repo !== 'docs') {
throw new Error(`Repository name must be 'docs' but was: ${repo}`)
}
const Heroku = require('heroku-client')
const heroku = new Heroku({ token: process.env.HEROKU_API_TOKEN })
try {
const { source_blob: sourceBlob } = await heroku.post('/sources')
const { put_url: uploadUrl, get_url: downloadUrl } = sourceBlob
core.setOutput('upload_url', uploadUrl)
core.setOutput('download_url', downloadUrl)
} catch (error) {
if (error.statusCode === 503) {
console.error('💀 Heroku may be down! Please check its Status page: https://status.heroku.com/')
}
throw error
}
# See: https://devcenter.heroku.com/articles/build-and-release-using-the-api#sources-endpoint
- name: Upload to the Heroku build source
env:
UPLOAD_URL: ${{ steps.build-source.outputs.upload_url }}
run: |
curl "$UPLOAD_URL" \
-X PUT \
-H 'Content-Type:' \
--data-binary @app.tar.gz
- name: Create failure status
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
if: ${{ failure() }}
env:
CONTEXT_NAME: ${{ env.CONTEXT_NAME }}
ACTIONS_RUN_LOG: ${{ env.ACTIONS_RUN_LOG }}
HEAD_SHA: ${{ needs.pr-metadata.outputs.head_sha }}
with:
script: |
const { CONTEXT_NAME, ACTIONS_RUN_LOG, HEAD_SHA } = process.env
const { owner, repo } = context.repo
await github.repos.createCommitStatus({
owner,
repo,
sha: HEAD_SHA,
context: CONTEXT_NAME,
state: 'error',
description: 'Failed to deploy. See logs.',
target_url: ACTIONS_RUN_LOG
})
- name: Send Slack notification if deployment preparation job failed
uses: someimportantcompany/github-actions-slack-message@f8d28715e7b8a4717047d23f48c39827cacad340
if: ${{ failure() }}
with:
channel: ${{ secrets.DOCS_STAGING_DEPLOYMENT_FAILURES_SLACK_CHANNEL_ID }}
bot-token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
color: failure
text: Staging preparation failed for PR ${{ needs.pr-metadata.outputs.url }} at commit ${{ needs.pr-metadata.outputs.head_sha }}. See ${{ env.ACTIONS_RUN_LOG }}.
check-pr-before-deploy:
needs: [pr-metadata, prepare-for-deploy]
runs-on: ubuntu-latest
timeout-minutes: 1
# This interrupts Build, Deploy, and pre-write Undeploy workflow runs in
# progress for this PR branch.
concurrency:
group: 'PR Staging @ ${{ needs.pr-metadata.outputs.head_label }}'
cancel-in-progress: true
outputs:
pull_request_state: ${{ steps.check-pr.outputs.state }}
steps:
- name: Check pull request state
id: check-pr
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
env:
PR_NUMBER: ${{ needs.pr-metadata.outputs.number }}
with:
script: |
const { owner, repo } = context.repo
const { data: pullRequest } = await github.pulls.get({
owner,
repo,
pull_number: process.env.PR_NUMBER
})
core.setOutput('state', pullRequest.state)
deploy:
needs: [pr-metadata, prepare-for-deploy, check-pr-before-deploy]
if: ${{ needs.check-pr-before-deploy.outputs.pull_request_state == 'open' }}
runs-on: ubuntu-latest
timeout-minutes: 10
# This interrupts Build, Deploy, and pre-write Undeploy workflow runs in
# progress for this PR branch.
concurrency:
group: 'PR Staging @ ${{ needs.pr-metadata.outputs.head_label }}'
cancel-in-progress: true
steps:
- name: Check out repo's default branch
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
- name: Setup node
uses: actions/setup-node@04c56d2f954f1e4c69436aa54cfef261a018f458
with:
node-version: 16.13.x
cache: npm
- name: Install dependencies
run: npm ci
- name: Deploy
id: deploy
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HEROKU_API_TOKEN: ${{ secrets.HEROKU_API_TOKEN }}
HYDRO_ENDPOINT: ${{ secrets.HYDRO_ENDPOINT }}
HYDRO_SECRET: ${{ secrets.HYDRO_SECRET }}
PR_URL: ${{ needs.pr-metadata.outputs.url }}
SOURCE_BLOB_URL: ${{ needs.prepare-for-deploy.outputs.source_blob_url }}
ALLOWED_POLLING_FAILURES_PER_PHASE: '15'
RUN_ID: ${{ github.run_id }}
run: .github/actions-scripts/staging-deploy.js
- name: Create successful commit status
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CONTEXT_NAME: ${{ env.CONTEXT_NAME }}
ACTIONS_RUN_LOG: ${{ env.ACTIONS_RUN_LOG }}
HEAD_SHA: ${{ needs.pr-metadata.outputs.head_sha }}
run: .github/actions-scripts/staging-commit-status-success.js
- name: Mark the deployment as inactive if timed out
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
if: ${{ steps.deploy.outcome == 'cancelled' }}
env:
DEPLOYMENT_ID: ${{ steps.deploy.outputs.deploymentId }}
LOG_URL: ${{ steps.deploy.outputs.logUrl }}
with:
script: |
const { DEPLOYMENT_ID, LOG_URL } = process.env
const { owner, repo } = context.repo
if (!DEPLOYMENT_ID) {
throw new Error('A deployment wasn't created before a timeout occurred!')
}
await github.repos.createDeploymentStatus({
owner,
repo,
deployment_id: DEPLOYMENT_ID,
state: 'error',
description: 'The deployment step timed out. See workflow logs.',
log_url: LOG_URL,
// The 'ant-man' preview is required for `state` values of 'inactive', as well as
// the use of the `log_url`, `environment_url`, and `auto_inactive` parameters.
// The 'flash' preview is required for `state` values of 'in_progress' and 'queued'.
mediaType: {
previews: ['ant-man', 'flash'],
},
})
console.log('⏲️ Deployment status: error - The deployment timed out...')
- name: Create failure status
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
if: ${{ failure() }}
env:
CONTEXT_NAME: ${{ env.CONTEXT_NAME }}
ACTIONS_RUN_LOG: ${{ env.ACTIONS_RUN_LOG }}
HEAD_SHA: ${{ needs.pr-metadata.outputs.head_sha }}
with:
script: |
const { CONTEXT_NAME, ACTIONS_RUN_LOG, HEAD_SHA } = process.env
const { owner, repo } = context.repo
await github.repos.createCommitStatus({
owner,
repo,
sha: HEAD_SHA,
context: CONTEXT_NAME,
state: 'error',
description: 'Failed to deploy. See logs.',
target_url: ACTIONS_RUN_LOG
})
- name: Send Slack notification if deployment job failed
uses: someimportantcompany/github-actions-slack-message@f8d28715e7b8a4717047d23f48c39827cacad340
if: ${{ failure() }}
with:
channel: ${{ secrets.DOCS_STAGING_DEPLOYMENT_FAILURES_SLACK_CHANNEL_ID }}
bot-token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
color: failure
text: Staging deployment failed for PR ${{ needs.pr-metadata.outputs.url }} at commit ${{ needs.pr-metadata.outputs.head_sha }}. See ${{ env.ACTIONS_RUN_LOG }}.