Mikkel tester #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
pull_request: | |
# We have two groups of jobs in this workflow that reacts on actions: | |
# | |
# 1. We update the status of a Github Deployment on: | |
# - opened | |
# - synchronize | |
# - reopened | |
# - closed | |
# | |
# 2. We forward all events to lagoon via InformLagoon | |
types: [ opened, synchronize, reopened, closed, edited ] | |
name: Lagoon integration | |
env: | |
LAGOON_HOST: "dplplat01.dpl.reload.dk" | |
LAGOON_PROJECT: "dpl-cms" | |
jobs: | |
CheckPrAuthor: | |
name: Check PR author | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check PR author | |
run: | | |
set -e | |
echo "IGNORED_PR_AUTHORS: ${{ vars.IGNORED_PR_AUTHORS }}" | |
echo "PR author: ${{ env.PR_AUTHOR }}" | |
echo "AUTHOR_IS_IGNORED: ${{ env.AUTHOR_IS_IGNORED }}" | |
echo "PR author is ${{ env.PR_AUTHOR }}" | |
if [[ "${{ env.AUTHOR_IS_IGNORED }}" == "true" ]] | |
then | |
echo "PR author (${{ env.PR_AUTHOR }}) is ignored. Skipping deployment..." | |
exit 1 | |
fi | |
if: ${{ vars.IGNORED_PR_AUTHORS }} | |
env: | |
PR_AUTHOR: ${{ github.event.pull_request.user.login }} | |
AUTHOR_IS_IGNORED: $(echo '${{ vars.IGNORED_PR_AUTHORS }}' | jq --arg author "${{ github.event.pull_request.user.login }}" 'any(.[]; . as $user | $author | match($user))') | |
BranchNameLength: | |
name: Check branch length | |
runs-on: ubuntu-latest | |
needs: [CheckPrAuthor] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Ensure branch name length | |
uses: lekterable/[email protected] | |
if: github.ref_type == 'branch' || github.ref_type == 'pull_request' | |
with: | |
allowed: | | |
/^.{1,50}$/ | |
errorMessage: 'Branch name too long. This cannot be deployed to Lagoon.' | |
CheckEnvironment: | |
name: Check environment | |
runs-on: ubuntu-latest | |
if: ${{ github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' }} | |
needs: [BranchNameLength, CheckPrAuthor] | |
permissions: | |
# Give the default GITHUB_TOKEN permission to create and update deployments | |
deployments: write | |
steps: | |
- name: Generate environment data | |
id: environment | |
run: | | |
echo ::set-output name=id::pr-${{github.event.number}} | |
echo ::set-output name=url::'https://varnish.pr-${{github.event.number}}.${{ env.LAGOON_PROJECT }}.${{ env.LAGOON_HOST }}/' | |
echo ::set-output name=logs::'https://ui.lagoon.${{ env.LAGOON_HOST }}/projects/${{ env.LAGOON_PROJECT }}/${{ env.LAGOON_PROJECT }}-pr-${{github.event.number}}/deployments' | |
- name: Start deployment | |
uses: bobheadxi/[email protected] | |
id: deployment | |
with: | |
step: start | |
token: ${{ secrets.GITHUB_TOKEN }} | |
env: ${{ steps.environment.outputs.id }} | |
ref: ${{ github.head_ref }} | |
logs: ${{ steps.environment.outputs.logs }} | |
debug: ${{ runner.debug && 'true' || 'false' }} | |
- name: Generate wait-on config | |
# Retrieval of Let's Encrypt certificate sometimes fail in Lagoon. | |
# In this case a self-signed certificate will be used. Allow this. | |
run: | | |
echo "{\"strictSSL\": false}" > $RUNNER_TEMP/wait-on.config.json | |
- name: Wait for environment to become available | |
uses: iFaxity/[email protected] | |
with: | |
resource: ${{ steps.environment.outputs.url }} | |
# Time in ms. Wait for 15 mins for deployment to complete. We have | |
# seen deployments taking up to 12 mins. | |
timeout: 900000 | |
# Poll every 10 seconds. For whatever reason Lagoon environments may | |
# return 200 during the deployment process even though the deployment | |
# is not complete. Reduce polling interval to the risk of this | |
# happening. | |
interval: 10000 | |
config: ${{ runner.temp }}/wait-on.config.json | |
- name: Finish deployment | |
if: always() | |
uses: bobheadxi/[email protected] | |
with: | |
step: finish | |
token: ${{ secrets.GITHUB_TOKEN }} | |
status: ${{ job.status }} | |
deployment_id: ${{ steps.deployment.outputs.deployment_id }} | |
env: ${{ steps.deployment.outputs.env }} | |
env_url: ${{ steps.environment.outputs.url }} | |
logs: ${{ steps.environment.outputs.logs }} | |
debug: ${{ runner.debug && 'true' || 'false' }} | |
CloseEnvironment: | |
name: Close environment | |
runs-on: ubuntu-latest | |
if: ${{ github.event.action == 'closed' }} | |
permissions: | |
# Give the default GITHUB_TOKEN permission to close deployments. | |
deployments: write | |
steps: | |
- name: Generate environment data | |
id: environment | |
run: | | |
echo ::set-output name=id::pr-${{github.event.number}} | |
- name: Close environment | |
uses: bobheadxi/[email protected] | |
with: | |
step: deactivate-env | |
token: ${{ secrets.GITHUB_TOKEN }} | |
env: ${{ steps.environment.outputs.id }} | |
debug: ${{ runner.debug && 'true' || 'false' }} | |
# We only permit the integration with Lagoon to run if the user is | |
# authorized. This saves on resources and ensures we only spin up sites for | |
# legitimate contributions. | |
# The integration is controlled by creating synthetic events related to select | |
# pull-request events, and send them to Lagoon. | |
# | |
# The job expects the following secrets: | |
# LAGOON_WEBHOOK_URL: The url events are to be delivered to | |
# LAGOON_WEBHOOK_SECRET: Shared lagoon webhook secret | |
# | |
InformLagoon: | |
name: Send synthetic event to Lagoon | |
runs-on: ubuntu-latest | |
needs: [BranchNameLength, CheckPrAuthor] | |
steps: | |
- name: Send pull request event | |
uses: distributhor/workflow-webhook@v3 | |
env: | |
webhook_url: ${{ secrets.LAGOON_WEBHOOK_URL }} | |
webhook_secret: ${{ secrets.LAGOON_WEBHOOK_SECRET }} | |
webhook_type: 'json-extended' |