|
5 | 5 | branches: |
6 | 6 | - main |
7 | 7 |
|
8 | | - workflow_call: |
9 | | - secrets: |
10 | | - GCP_PROJECT_NAME: |
11 | | - required: true |
12 | | - WIP_PROJECT_ID: |
13 | | - required: true |
14 | | - |
15 | | -permissions: |
16 | | - # Post comment in pull request. |
17 | | - pull-requests: write |
18 | | - # Authenticate with GCP. |
19 | | - id-token: write |
20 | | - |
21 | | -concurrency: |
22 | | - group: ci-${{ github.workflow }}-${{ github.event.pull_request.number }} |
23 | | - cancel-in-progress: true |
24 | | - |
25 | | -env: |
26 | | - PREFIX: fred-pr${{ github.event.pull_request.number }} |
27 | | - |
28 | 8 | jobs: |
29 | 9 | deploy: |
30 | 10 | if: github.repository_owner == 'mdn' && github.event.pull_request.user.login != 'dependabot[bot]' |
31 | | - environment: |
32 | | - name: review |
33 | | - url: https://${{ env.PREFIX }}.${{ vars.HOST }} |
34 | | - runs-on: ubuntu-latest |
35 | | - env: |
36 | | - BUILD_OUT_ROOT: ${{ github.workspace }}/mdn/fred/out |
37 | | - |
38 | | - steps: |
39 | | - - name: Stop if author/actor is not an admin |
40 | | - env: |
41 | | - ACTOR: ${{ github.actor }} |
42 | | - AUTHOR: ${{ github.event.pull_request.user.login }} |
43 | | - GH_TOKEN: ${{ github.token }} |
44 | | - REPO: ${{ github.repository }} |
45 | | - RUN_ID: ${{ github.run_id }} |
46 | | - run: | |
47 | | - # Check author. |
48 | | - AUTHOR_PERMISSION=$(gh api https://api.github.com/repos/$REPO/collaborators/$AUTHOR/permission --jq .permission) |
49 | | -
|
50 | | - if [ "$AUTHOR_PERMISSION" != "admin" ]; then |
51 | | - echo "PR author ($AUTHOR) is not an admin, please ping someone for a review." |
52 | | - gh run cancel --repo "$REPO" $RUN_ID |
53 | | - exit 1 |
54 | | - fi |
55 | | -
|
56 | | - # Check actor. |
57 | | - if [ "$ACTOR" != "$AUTHOR" ]; then |
58 | | - ACTOR_PERMISSION=$(gh api https://api.github.com/repos/$REPO/collaborators/$ACTOR/permission --jq .permission) |
59 | | -
|
60 | | - if [ "$ACTOR_PERMISSION" != "admin" ]; then |
61 | | - echo "PR actor ($ACTOR) is not an admin, please ping someone for a review." |
62 | | - gh run cancel --repo "$REPO" $RUN_ID |
63 | | - exit 1 |
64 | | - fi |
65 | | - fi |
66 | | -
|
67 | | - - name: Checkout (fred) |
68 | | - uses: actions/checkout@v4 |
69 | | - with: |
70 | | - path: mdn/fred |
71 | | - |
72 | | - - name: Checkout (content) |
73 | | - uses: actions/checkout@v4 |
74 | | - with: |
75 | | - repository: mdn/content |
76 | | - path: mdn/content |
77 | | - |
78 | | - - name: Checkout (curriculum) |
79 | | - uses: actions/checkout@v4 |
80 | | - with: |
81 | | - repository: mdn/curriculum |
82 | | - path: mdn/curriculum |
83 | | - |
84 | | - - name: Checkout (mdn-studio) |
85 | | - uses: actions/checkout@v4 |
86 | | - with: |
87 | | - repository: mdn/mdn-studio |
88 | | - path: mdn/mdn-studio |
89 | | - lfs: true |
90 | | - token: ${{ secrets.MDN_STUDIO_PAT }} |
91 | | - |
92 | | - - name: Checkout (generic-content) |
93 | | - uses: actions/checkout@v4 |
94 | | - with: |
95 | | - repository: mdn/generic-content |
96 | | - path: mdn/generic-content |
97 | | - |
98 | | - - name: Checkout (mdn-contributor-spotlight) |
99 | | - uses: actions/checkout@v4 |
100 | | - with: |
101 | | - repository: mdn/mdn-contributor-spotlight |
102 | | - path: mdn/mdn-contributor-spotlight |
103 | | - |
104 | | - - name: Setup (fred) |
105 | | - uses: actions/setup-node@v4 |
106 | | - with: |
107 | | - node-version-file: "mdn/fred/.nvmrc" |
108 | | - cache: npm |
109 | | - cache-dependency-path: "mdn/fred/package-lock.json" |
110 | | - |
111 | | - - name: Install (fred) |
112 | | - working-directory: mdn/fred |
113 | | - run: npm ci |
114 | | - |
115 | | - - name: Build (fred) |
116 | | - working-directory: mdn/fred |
117 | | - run: npm run build |
118 | | - |
119 | | - - name: Build (rari) |
120 | | - working-directory: mdn/fred |
121 | | - env: |
122 | | - CONTENT_ROOT: ${{ github.workspace }}/mdn/content/files |
123 | | - CONTRIBUTOR_SPOTLIGHT_ROOT: ${{ github.workspace }}/mdn/mdn-contributor-spotlight/contributors |
124 | | - BLOG_ROOT: ${{ github.workspace }}/mdn/mdn-studio/content/posts |
125 | | - CURRICULUM_ROOT: ${{ github.workspace }}/mdn/curriculum |
126 | | - GENERIC_CONTENT_ROOT: ${{ github.workspace }}/mdn/generic-content/files |
127 | | - |
128 | | - LIVE_SAMPLES_BASE_URL: https://live.mdnyalp.dev |
129 | | - INTERACTIVE_EXAMPLES_BASE_URL: https://interactive-examples.mdn.allizom.net |
130 | | - |
131 | | - ADDITIONAL_LOCALES_FOR_GENERICS_AND_SPAS: de |
132 | | - run: | |
133 | | - set -eo pipefail |
134 | | -
|
135 | | - npm run rari git-history |
136 | | -
|
137 | | - # Only build some content pages. |
138 | | - find $CONTENT_ROOT -name 'index.md' -type f -maxdepth 4 > ${{ github.workspace }}/files.txt |
139 | | -
|
140 | | - npm run rari build -- --all --file-list ${{ github.workspace }}/files.txt --templ-stats |
141 | | -
|
142 | | - - name: Render (fred) |
143 | | - working-directory: mdn/fred |
144 | | - run: | |
145 | | - npm run ssr |
146 | | -
|
147 | | - cp -r dist $BUILD_OUT_ROOT/static |
148 | | -
|
149 | | - - name: Authenticate with GCP |
150 | | - uses: google-github-actions/auth@v2 |
151 | | - with: |
152 | | - token_format: access_token |
153 | | - service_account: deploy-mdn-review-content@${{ secrets.GCP_PROJECT_NAME }}.iam.gserviceaccount.com |
154 | | - workload_identity_provider: projects/${{ secrets.WIP_PROJECT_ID }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions |
155 | | - |
156 | | - - name: Setup gcloud |
157 | | - uses: google-github-actions/setup-gcloud@v2 |
158 | | - |
159 | | - - name: Upload to GCS |
160 | | - uses: google-github-actions/upload-cloud-storage@v2 |
161 | | - with: |
162 | | - path: ${{ env.BUILD_OUT_ROOT }} |
163 | | - destination: "${{ vars.GCP_BUCKET_NAME }}/${{ env.PREFIX }}" |
164 | | - resumable: false |
165 | | - concurrency: 500 |
166 | | - parent: false |
167 | | - process_gcloudignore: false |
168 | | - |
169 | | - - name: Post message in PR |
170 | | - run: | |
171 | | - COMMENT_ID=$(gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" --comments --json comments \ |
172 | | - --jq ".comments | sort_by(.createdAt) | map(select(.author.login == \"github-actions\")) | .[0].id") |
173 | | -
|
174 | | - if [ -n "$COMMENT_ID" ]; then |
175 | | - gh api graphql -f query=' |
176 | | - mutation($id:ID!, $body:String!) { |
177 | | - updateIssueComment(input:{id:$id, body:$body}) { |
178 | | - issueComment { |
179 | | - id |
180 | | - } |
181 | | - } |
182 | | - }' -f id="$COMMENT_ID" -f body="$BODY" |
183 | | - else |
184 | | - gh pr comment "$PR_NUMBER" --repo "${{ github.repository }}" --body "$BODY" |
185 | | - fi |
186 | | - env: |
187 | | - BODY: "${{ github.sha }} was deployed to: https://${{ env.PREFIX }}.${{ vars.HOST }}/" |
188 | | - PR_NUMBER: ${{ github.event.pull_request.number }} |
189 | | - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 11 | + uses: ./.github/workflows/_deploy.yml |
| 12 | + secrets: inherit |
| 13 | + with: |
| 14 | + prefix: fred-pr${{ github.event.pull_request.number }} |
0 commit comments