Bump the development-dependencies group with 3 updates #2229
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & deploy review site | |
on: | |
pull_request: | |
paths-ignore: | |
- 'dist/**' | |
push: | |
paths-ignore: | |
- 'dist/**' | |
branches: | |
- main | |
- 2.x | |
env: | |
AZ_SITE_HOST: ${{ vars.AZ_SITE_HOST }} | |
AZ_EPHEMERALIMAGENAME: ${{ vars.AZ_EPHEMERALIMAGENAME }} | |
jobs: | |
lint-code: | |
name: Check code for linting errors | |
runs-on: ubuntu-latest | |
permissions: | |
checks: write | |
contents: write | |
packages: write | |
steps: | |
- name: Checkout repository to workspace | |
uses: actions/checkout@v4 | |
- name: Set variables for Docker images | |
run: | | |
oldhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }} | |
imageprefix=${{ vars.AZ_DOCKER_REGISTRY }}"/${GITHUB_REPOSITORY}/" | |
imagestem="${imageprefix}${AZ_EPHEMERALIMAGENAME}:" | |
echo "AZ_OLD_HASH=${oldhash}" >> ${GITHUB_ENV} | |
echo "AZ_IMAGE_STEM=${imagestem}" >> ${GITHUB_ENV} | |
echo "AZ_EPHEMERAL_IMAGE=${imagestem}${oldhash}" >> ${GITHUB_ENV} | |
echo "AZ_BOOTSTRAP_SOURCE_DIR=/arizona-bootstrap-source" >> ${GITHUB_ENV} | |
echo "AZ_BOOTSTRAP_FROZEN_DIR=/azbuild/arizona-bootstrap" >> ${GITHUB_ENV} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker authentication | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ vars.AZ_DOCKER_REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Search for Docker image | |
id: dockerpull | |
continue-on-error: true | |
run: | | |
docker pull "$AZ_EPHEMERAL_IMAGE" | |
- name: Conditionally rebuild and save the Docker image | |
if: ${{ steps.dockerpull.outcome == 'failure' }} | |
run: | | |
workingtitle="${AZ_EPHEMERALIMAGENAME}:working" | |
docker buildx build --load --platform=linux/amd64 --no-cache -t "$workingtitle" --build-arg AZ_BOOTSTRAP_FROZEN_DIR . | |
tempname="old${AZ_OLD_HASH}" | |
docker run --name "$tempname" "$workingtitle" true | |
docker cp -a "${tempname}:${AZ_BOOTSTRAP_FROZEN_DIR}/." . | |
docker rm "$tempname" | |
lockhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }} | |
ephemeral="${AZ_IMAGE_STEM}${lockhash}" | |
docker tag "$workingtitle" "$ephemeral" | |
docker push "$ephemeral" | |
echo "AZ_EPHEMERAL_IMAGE=${ephemeral}" >> ${GITHUB_ENV} | |
- name: Run the code linting checks | |
run: | | |
sudo touch config.yml | |
sudo find . -path "./.git" -prune -o -exec chown 1000:1000 {} \; | |
sudo chown 1000:1000 . | |
docker run --rm -v $(pwd):"${AZ_BOOTSTRAP_SOURCE_DIR}" "$AZ_EPHEMERAL_IMAGE" lint | |
review-site: | |
name: Build & deploy review site | |
needs: lint-code | |
runs-on: ubuntu-latest | |
permissions: | |
checks: write | |
contents: write | |
packages: write | |
pull-requests: write | |
steps: | |
- name: Checkout repository to workspace | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
fetch-depth: 20 | |
- name: Find the push source branch name | |
if: ${{ github.event_name != 'pull_request' }} | |
run: echo "AZ_TRIMMED_REF=${GITHUB_REF#refs/*/}" >> ${GITHUB_ENV} | |
- name: Find the pull request source branch name | |
if: ${{ github.event_name == 'pull_request' }} | |
run: echo "AZ_TRIMMED_REF=${GITHUB_HEAD_REF}" >> ${GITHUB_ENV} | |
- name: Set variables for Docker images | |
run: | | |
oldhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }} | |
imageprefix=${{ vars.AZ_DOCKER_REGISTRY }}"/${GITHUB_REPOSITORY}/" | |
imagestem="${imageprefix}${AZ_EPHEMERALIMAGENAME}:" | |
echo "AZ_OLD_HASH=${oldhash}" >> ${GITHUB_ENV} | |
echo "AZ_IMAGE_STEM=${imagestem}" >> ${GITHUB_ENV} | |
echo "AZ_EPHEMERAL_IMAGE=${imagestem}${oldhash}" >> ${GITHUB_ENV} | |
echo "AZ_BOOTSTRAP_SOURCE_DIR=/arizona-bootstrap-source" >> ${GITHUB_ENV} | |
echo "AZ_BOOTSTRAP_FROZEN_DIR=/azbuild/arizona-bootstrap" >> ${GITHUB_ENV} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker authentication | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ vars.AZ_DOCKER_REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Search for Docker image | |
id: dockerpull | |
continue-on-error: true | |
run: | | |
docker pull "$AZ_EPHEMERAL_IMAGE" | |
- name: Conditionally rebuild and save the Docker image | |
if: ${{ steps.dockerpull.outcome == 'failure' }} | |
run: | | |
workingtitle="${AZ_EPHEMERALIMAGENAME}:working" | |
docker buildx build --load --platform=linux/amd64 --no-cache -t "$workingtitle" --build-arg AZ_BOOTSTRAP_FROZEN_DIR . | |
tempname="old${AZ_OLD_HASH}" | |
docker run --name "$tempname" "$workingtitle" true | |
docker cp -a "${tempname}:${AZ_BOOTSTRAP_FROZEN_DIR}/." . | |
docker rm "$tempname" | |
lockhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }} | |
ephemeral="${AZ_IMAGE_STEM}${lockhash}" | |
docker tag "$workingtitle" "$ephemeral" | |
docker push "$ephemeral" | |
echo "AZ_EPHEMERAL_IMAGE=${ephemeral}" >> ${GITHUB_ENV} | |
- name: Build variables | |
run: | | |
echo "AZ_REVIEW_BASEURL=/arizona-bootstrap/${AZ_TRIMMED_REF}" >> ${GITHUB_ENV} | |
- name: Build review site artifact | |
run: | | |
sudo touch config.yml | |
sudo find . -path "./.git" -prune -o -exec chown 1000:1000 {} \; | |
sudo chown 1000:1000 . | |
docker run --rm -e "AZ_SITE_BASE_URL=${AZ_REVIEW_BASEURL}" -e "AZ_SITE_HOST=${AZ_SITE_HOST}" -v $(pwd):"${AZ_BOOTSTRAP_SOURCE_DIR}" "$AZ_EPHEMERAL_IMAGE" expose-review-site | |
- name: Push back the updated deployable files to the repository (CSS, JS, and so on) | |
run: | | |
git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
git config --global user.name "${GITHUB_ACTOR}" | |
if [ -n "$(git status --porcelain dist)" ] ; then | |
git add dist | |
git commit -m "Save updated CSS and JS files before deployment to ${AZ_SITE_HOST}${AZ_REVIEW_BASEURL}" | |
git push --force origin "HEAD:${AZ_TRIMMED_REF}" | |
fi | |
shell: sh | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Deploy review site artifact to S3 + CloudFront | |
run: | | |
aws s3 sync --delete _site/ s3://${{ secrets.REVIEW_BUCKET }}${AZ_REVIEW_BASEURL}/ | |
aws cloudfront create-invalidation --distribution-id ${{ secrets.REVIEW_CDN }} --paths ${AZ_REVIEW_BASEURL}/* | |
- name: Display review site URL | |
# TODO: replace with step that publishes link to review site on PR. | |
run: | | |
echo "Review site deployed to ${AZ_SITE_HOST}${AZ_REVIEW_BASEURL}" |