Build(deps): Bump jekyll from 3.9.5 to 4.3.4 #3181
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Name referenced in .github/workflows/check-merge-deploy.yml | |
| name: Build and test | |
| on: | |
| push: | |
| branches-ignore: master | |
| pull_request: {} | |
| workflow_dispatch: | |
| inputs: | |
| pull_request_number: | |
| description: Number of the pull request targeted by a workflow dispatch job | |
| default: "" | |
| jobs: | |
| validate: | |
| name: Validate commit | |
| runs-on: ubuntu-22.04 | |
| env: | |
| # Use a default rcfile. GitHub Actions prefers an incremental update model | |
| # to environment setup where environment changes are written to $GITHUB_ENV | |
| # or $GITHUB_PATH, but unless dynamic variables really need to be propagated | |
| # everywhere a fixed rcfile provides more flexibility without the incidental | |
| # lock-in. | |
| BASH_ENV: ci/env.sh | |
| steps: | |
| - name: Resolve dispatched pull request | |
| id: dispatched-pr | |
| if: github.event_name == 'workflow_dispatch' && github.event.inputs.pull_request_number != '' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PR_NUMBER: ${{ github.event.inputs.pull_request_number }} | |
| run: | | |
| set -euo pipefail | |
| curl --silent --show-error --fail \ | |
| -H "Authorization: token $GH_TOKEN" \ | |
| -H 'Accept: application/vnd.github.v3+json' \ | |
| "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/pulls/$(jq -nr '@uri "\(env.PR_NUMBER)"')" | | |
| jq -r ' | |
| if .head.ref != (env.GITHUB_REF | sub("^refs/heads/"; "")) then | |
| error("Ref mismatch: dispatched with \(env.GITHUB_REF), PR has \(.head.ref)") | |
| elif .mergeable == false then | |
| error("PR \(env.PR_NUMBER) at \(.head.sha) cannot be merged with \(.base.sha)") | |
| elif .mergeable == null then | |
| # TODO: Poll until this changes? | |
| error("PR \(env.PR_NUMBER) mergeability not yet determined at \(.head.sha) with \(.base.sha)") | |
| else | |
| [ | |
| "ref=refs/pull/\(env.PR_NUMBER)/merge", | |
| "head_ref=\(.head.ref)", | |
| "base_ref=\(.base.ref)" | |
| ] | join("\n") | |
| end | |
| ' | | |
| tee -a "$GITHUB_OUTPUT" | |
| # Currently it isn't possible to trigger a rerun of a pull request job | |
| # through the API, so we implement some manual indirection over the | |
| # workflow_dispatch event. | |
| # | |
| # Use the outputs of this step as follows: | |
| # | |
| # - effective_event: replaces github.event_name, will be 'pull_request' for | |
| # for workflow_dispatch jobs which trigger pull request logic | |
| # | |
| # - ref: replaces github.ref / $GITHUB_REF | |
| # | |
| # If effective_event != 'pull_request' then ref will be equivalent to | |
| # github.ref. When processing pull requests, use HEAD instead of github.sha / | |
| # $GITHUB_SHA. | |
| # | |
| # - head_ref: replaces github.head_ref | |
| # | |
| # - base_ref: replaces github.base_ref | |
| # | |
| # - pr_number: replaces github.event.pull_request.number | |
| - name: Resolve parameters | |
| id: resolve | |
| env: | |
| DISPATCHED_PR_OUTCOME: ${{ steps.dispatched-pr.outcome }} | |
| EVENT_NAME: ${{ github.event_name }} | |
| GH_HEAD_REF: ${{ github.head_ref }} | |
| GH_BASE_REF: ${{ github.base_ref }} | |
| GH_PR_NUMBER: ${{ github.event.pull_request.number }} | |
| DISPATCHED_REF: ${{ steps.dispatched-pr.outputs.ref }} | |
| DISPATCHED_HEAD_REF: ${{ steps.dispatched-pr.outputs.head_ref }} | |
| DISPATCHED_BASE_REF: ${{ steps.dispatched-pr.outputs.base_ref }} | |
| DISPATCHED_PR_NUMBER: ${{ github.event.inputs.pull_request_number }} | |
| run: | | |
| set -euo pipefail | |
| case "$DISPATCHED_PR_OUTCOME" in | |
| success) | |
| echo "effective_event=pull_request" | tee -a "$GITHUB_OUTPUT" | |
| echo "ref=$DISPATCHED_REF" | tee -a "$GITHUB_OUTPUT" | |
| echo "head_ref=$DISPATCHED_HEAD_REF" | tee -a "$GITHUB_OUTPUT" | |
| echo "base_ref=$DISPATCHED_BASE_REF" | tee -a "$GITHUB_OUTPUT" | |
| echo "pr_number=$DISPATCHED_PR_NUMBER" | tee -a "$GITHUB_OUTPUT" | |
| ;; | |
| skipped) | |
| echo "effective_event=$EVENT_NAME" | tee -a "$GITHUB_OUTPUT" | |
| echo "ref=$GITHUB_REF" | tee -a "$GITHUB_OUTPUT" | |
| echo "head_ref=$GH_HEAD_REF" | tee -a "$GITHUB_OUTPUT" | |
| echo "base_ref=$GH_BASE_REF" | tee -a "$GITHUB_OUTPUT" | |
| echo "pr_number=$GH_PR_NUMBER" | tee -a "$GITHUB_OUTPUT" | |
| ;; | |
| *) | |
| echo "::error ::Unexpected prereq outcome: $DISPATCHED_PR_OUTCOME" | |
| exit 1 | |
| esac | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ steps.resolve.outputs.ref }} | |
| # Fetch parents so that we can record their hashes in | |
| # site.revisions.json if this is a PR merge commit | |
| fetch-depth: 2 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version-file: pyproject.toml | |
| - name: Install system dependencies | |
| uses: ./.github/actions/install-system-deps | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| dependencies: | | |
| tree | |
| poetry | |
| geckodriver | |
| - name: Repopulate Ruby gem cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: vendor/bundle | |
| key: ${{ runner.os }}-bundle-${{ hashFiles('Gemfile.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-bundle- | |
| - name: Install pnpm | |
| run: | | |
| corepack enable | |
| corepack install | |
| - name: Get pnpm cache directory path | |
| id: pnpm-store-path | |
| run: set -euo pipefail && echo "dir=$(pnpm store path)" | tee -a "$GITHUB_OUTPUT" | |
| - name: Repopulate pnpm package cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ steps.pnpm-store-path.outputs.dir }} | |
| key: ${{ runner.os }}-pnpm-${{ hashFiles('pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm- | |
| - name: Get poetry cache directory path | |
| id: poetry-store-path | |
| run: set -euo pipefail && echo "dir=$(poetry config cache-dir)" | tee -a "$GITHUB_OUTPUT" | |
| - name: Repopulate poetry cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ${{ steps.poetry-store-path.outputs.dir }} | |
| !${{ steps.poetry-store-path.outputs.dir }}/virtualenvs | |
| key: ${{ runner.os }}-poetry-${{ hashFiles('poetry.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-poetry- | |
| - name: Install packages | |
| run: | | |
| bundle config set deployment 'true' | |
| bundle install --jobs=4 --retry=3 | |
| bundle info --path --verbose jekyll | |
| pnpm install --frozen-lockfile | |
| - name: Create revisions file | |
| env: | |
| EVENT: ${{ steps.resolve.outputs.effective_event }} | |
| PR_NUMBER: ${{ steps.resolve.outputs.pr_number }} | |
| REF: ${{ steps.resolve.outputs.ref }} | |
| HEAD_REF: ${{ steps.resolve.outputs.head_ref }} | |
| BASE_REF: ${{ steps.resolve.outputs.base_ref }} | |
| run: | | |
| sha="$(git rev-parse 'HEAD')" | |
| tree="$(git rev-parse 'HEAD^{tree}')" | |
| if [[ "$EVENT" == pull_request ]]; then | |
| parents="$(git rev-parse 'HEAD^@')" | |
| jq \ | |
| --null-input \ | |
| --arg sha "$sha" \ | |
| --arg tree "$tree" \ | |
| --arg parents "$parents" \ | |
| ' | |
| ($parents | split("\n")) as $parent_list | | |
| if ($parent_list | length) != 2 then | |
| error("expected PR merge commit to have two parents, got \($parent_list)") | |
| else | |
| null | |
| end | | |
| { | |
| ref: env.REF, | |
| sha: $sha, | |
| tree: $tree, | |
| head_ref: env.HEAD_REF, | |
| head_sha: $parent_list[1], | |
| base_ref: env.BASE_REF, | |
| base_ref_sha: $parent_list[0], | |
| } | |
| ' \ | |
| > site.revisions.json | |
| cat site.revisions.json | jq -C . | |
| echo "::notice ::Pull request #$PR_NUMBER: $( | |
| cat site.revisions.json | | |
| jq --raw-output ' | |
| "Ref \(.ref) [1] merges \(.head_ref) [2] into \(.base_ref) [3]. " + | |
| "[1]: \(.sha) [2]: \(.head_sha) [3]: \(.base_ref_sha)" | |
| ' | |
| )" | |
| else | |
| jq \ | |
| --null-input \ | |
| --arg sha "$sha" \ | |
| --arg tree "$tree" \ | |
| '{ ref: env.REF, sha: $sha, tree: $tree }' \ | |
| > site.revisions.json | |
| cat site.revisions.json | jq -C . | |
| echo "::notice ::$EVENT event: $( | |
| cat site.revisions.json | | |
| jq --raw-output '"ref \(.ref) at \(.sha)"' | |
| )" | |
| fi | |
| - name: Lint and build | |
| run: | | |
| export WB_RELEASE_VERSION="$(jq --raw-output -f ci/release-name.jq site.revisions.json)" | |
| echo "::notice ::Release $WB_RELEASE_VERSION" | |
| pnpm run lint-build-infra | |
| JEKYLL_ENV=production pnpm run pre-jekyll | |
| JEKYLL_ENV=production pnpm run jekyll-build | |
| JEKYLL_ENV=production pnpm run jekyll-lint | |
| - name: Create deploy tarfile | |
| id: create-deploy-tarfile | |
| if: > | |
| steps.resolve.outputs.effective_event == 'pull_request' || | |
| (steps.resolve.outputs.effective_event == 'push' && | |
| steps.resolve.outputs.ref == 'refs/heads/develop') | |
| run: | | |
| tar -c -z --null --verbatim-files-from \ | |
| --verbose --show-transformed-names \ | |
| --transform='s,^_site/,site/,' \ | |
| --files-from=<(git ls-files -z --others --exclude-from=.deploy-gitignore _site) \ | |
| -f site.tgz | |
| - name: Test | |
| run: bin/ci-run-integration-tests.sh | |
| - name: Test CI infra | |
| run: ci/pull-request/test/tests.sh | |
| - name: Check CI code | |
| run: | | |
| export MYPYPATH=$PWD/ci | |
| # Prefer active python instance (the one initialized using | |
| # setup-python above). For some reason poetry otherwise tries to use | |
| # the python version it was installed with, although it looks like | |
| # that isn't intended (c.f. | |
| # https://github.com/python-poetry/poetry/issues/7158, | |
| # https://github.com/python-poetry/poetry/issues/7772). | |
| poetry env use python | |
| poetry check --lock | |
| poetry install | |
| poetry run -- black --check . | |
| poetry run -- mypy -p integration_tools | |
| - name: Upload deploy artifact | |
| if: steps.create-deploy-tarfile.outcome == 'success' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: site.tgz | |
| path: | | |
| site.tgz | |
| site.revisions.json | |
| # For workflow_dispatch events there's no obvious indicator of a failure | |
| # within the pull request, so add a comment | |
| - name: "Post-run: Add pull request comment if dispatched rerun failed" | |
| if: > | |
| failure() && | |
| steps.resolve.outputs.effective_event == 'pull_request' && | |
| github.event_name == 'workflow_dispatch' | |
| continue-on-error: true | |
| env: | |
| PR_NUMBER: ${{ steps.resolve.outputs.pr_number }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| export URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" | |
| curl --silent --show-error --fail -XPOST \ | |
| -H "Authorization: token $GH_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/issues/$PR_NUMBER/comments" \ | |
| -d "$(jq -n '{ body: "A [job] dispatched for this pull request failed.\n\n[job]: \(env.URL)" }')" |