-
Notifications
You must be signed in to change notification settings - Fork 8
159 lines (159 loc) · 7.11 KB
/
review-site.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: Build & deploy review site
on:
pull_request:
paths-ignore:
- 'dist/**'
push:
paths-ignore:
- 'dist/**'
branches:
- main
- 2.x
env:
AZ_SITE_HOST: ${{ vars.AZ_SITE_HOST }}
AZ_EPHEMERALIMAGENAME: ${{ vars.AZ_EPHEMERALIMAGENAME }}
jobs:
lint-code:
name: Check code for linting errors
runs-on: ubuntu-latest
permissions:
checks: write
contents: write
packages: write
steps:
- name: Checkout repository to workspace
uses: actions/checkout@v4
- name: Set variables for Docker images
run: |
oldhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }}
imageprefix=${{ vars.AZ_DOCKER_REGISTRY }}"/${GITHUB_REPOSITORY}/"
imagestem="${imageprefix}${AZ_EPHEMERALIMAGENAME}:"
echo "AZ_OLD_HASH=${oldhash}" >> ${GITHUB_ENV}
echo "AZ_IMAGE_STEM=${imagestem}" >> ${GITHUB_ENV}
echo "AZ_EPHEMERAL_IMAGE=${imagestem}${oldhash}" >> ${GITHUB_ENV}
echo "AZ_BOOTSTRAP_SOURCE_DIR=/arizona-bootstrap-source" >> ${GITHUB_ENV}
echo "AZ_BOOTSTRAP_FROZEN_DIR=/azbuild/arizona-bootstrap" >> ${GITHUB_ENV}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker authentication
uses: docker/login-action@v3
with:
registry: ${{ vars.AZ_DOCKER_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Search for Docker image
id: dockerpull
continue-on-error: true
run: |
docker pull "$AZ_EPHEMERAL_IMAGE"
- name: Conditionally rebuild and save the Docker image
if: ${{ steps.dockerpull.outcome == 'failure' }}
run: |
workingtitle="${AZ_EPHEMERALIMAGENAME}:working"
docker buildx build --load --platform=linux/amd64 --no-cache -t "$workingtitle" --build-arg AZ_BOOTSTRAP_FROZEN_DIR .
tempname="old${AZ_OLD_HASH}"
docker run --name "$tempname" "$workingtitle" true
docker cp -a "${tempname}:${AZ_BOOTSTRAP_FROZEN_DIR}/." .
docker rm "$tempname"
lockhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }}
ephemeral="${AZ_IMAGE_STEM}${lockhash}"
docker tag "$workingtitle" "$ephemeral"
docker push "$ephemeral"
echo "AZ_EPHEMERAL_IMAGE=${ephemeral}" >> ${GITHUB_ENV}
- name: Run the code linting checks
run: |
sudo touch config.yml
sudo find . -path "./.git" -prune -o -exec chown 1000:1000 {} \;
sudo chown 1000:1000 .
docker run --rm -v $(pwd):"${AZ_BOOTSTRAP_SOURCE_DIR}" "$AZ_EPHEMERAL_IMAGE" lint
review-site:
name: Build & deploy review site
needs: lint-code
runs-on: ubuntu-latest
permissions:
checks: write
contents: write
packages: write
pull-requests: write
steps:
- name: Checkout repository to workspace
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 20
- name: Find the push source branch name
if: ${{ github.event_name != 'pull_request' }}
run: echo "AZ_TRIMMED_REF=${GITHUB_REF#refs/*/}" >> ${GITHUB_ENV}
- name: Find the pull request source branch name
if: ${{ github.event_name == 'pull_request' }}
run: echo "AZ_TRIMMED_REF=${GITHUB_HEAD_REF}" >> ${GITHUB_ENV}
- name: Set variables for Docker images
run: |
oldhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }}
imageprefix=${{ vars.AZ_DOCKER_REGISTRY }}"/${GITHUB_REPOSITORY}/"
imagestem="${imageprefix}${AZ_EPHEMERALIMAGENAME}:"
echo "AZ_OLD_HASH=${oldhash}" >> ${GITHUB_ENV}
echo "AZ_IMAGE_STEM=${imagestem}" >> ${GITHUB_ENV}
echo "AZ_EPHEMERAL_IMAGE=${imagestem}${oldhash}" >> ${GITHUB_ENV}
echo "AZ_BOOTSTRAP_SOURCE_DIR=/arizona-bootstrap-source" >> ${GITHUB_ENV}
echo "AZ_BOOTSTRAP_FROZEN_DIR=/azbuild/arizona-bootstrap" >> ${GITHUB_ENV}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker authentication
uses: docker/login-action@v3
with:
registry: ${{ vars.AZ_DOCKER_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Search for Docker image
id: dockerpull
continue-on-error: true
run: |
docker pull "$AZ_EPHEMERAL_IMAGE"
- name: Conditionally rebuild and save the Docker image
if: ${{ steps.dockerpull.outcome == 'failure' }}
run: |
workingtitle="${AZ_EPHEMERALIMAGENAME}:working"
docker buildx build --load --platform=linux/amd64 --no-cache -t "$workingtitle" --build-arg AZ_BOOTSTRAP_FROZEN_DIR .
tempname="old${AZ_OLD_HASH}"
docker run --name "$tempname" "$workingtitle" true
docker cp -a "${tempname}:${AZ_BOOTSTRAP_FROZEN_DIR}/." .
docker rm "$tempname"
lockhash=${{ hashFiles('Dockerfile', 'package.json', 'package-lock.json', 'scripts/*') }}
ephemeral="${AZ_IMAGE_STEM}${lockhash}"
docker tag "$workingtitle" "$ephemeral"
docker push "$ephemeral"
echo "AZ_EPHEMERAL_IMAGE=${ephemeral}" >> ${GITHUB_ENV}
- name: Build variables
run: |
echo "AZ_REVIEW_BASEURL=/arizona-bootstrap/${AZ_TRIMMED_REF}" >> ${GITHUB_ENV}
- name: Build review site artifact
run: |
sudo touch config.yml
sudo find . -path "./.git" -prune -o -exec chown 1000:1000 {} \;
sudo chown 1000:1000 .
docker run --rm -e "AZ_SITE_BASE_URL=${AZ_REVIEW_BASEURL}" -e "AZ_SITE_HOST=${AZ_SITE_HOST}" -v $(pwd):"${AZ_BOOTSTRAP_SOURCE_DIR}" "$AZ_EPHEMERAL_IMAGE" expose-review-site
- name: Push back the updated deployable files to the repository (CSS, JS, and so on)
run: |
git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
git config --global user.name "${GITHUB_ACTOR}"
if [ -n "$(git status --porcelain dist)" ] ; then
git add dist
git commit -m "Save updated CSS and JS files before deployment to ${AZ_SITE_HOST}${AZ_REVIEW_BASEURL}"
git push --force origin "HEAD:${AZ_TRIMMED_REF}"
fi
shell: sh
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Deploy review site artifact to S3 + CloudFront
run: |
aws s3 sync --delete _site/ s3://${{ secrets.REVIEW_BUCKET }}${AZ_REVIEW_BASEURL}/
aws cloudfront create-invalidation --distribution-id ${{ secrets.REVIEW_CDN }} --paths ${AZ_REVIEW_BASEURL}/*
- name: Display review site URL
# TODO: replace with step that publishes link to review site on PR.
run: |
echo "Review site deployed to ${AZ_SITE_HOST}${AZ_REVIEW_BASEURL}"