mirror of
https://github.com/redhat-developer/odo.git
synced 2025-10-19 03:06:19 +03:00
7c006dd7b5
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
260 lines
9.4 KiB
YAML
260 lines
9.4 KiB
YAML
name: Pull Request Website Preview
|
|
|
|
on:
|
|
# /!\ Warning: using the pull_request_target event to be able to read secrets. But using this event without the cautionary measures described below
|
|
# may allow unauthorized GitHub users to open a “pwn request” and exfiltrate secrets.
|
|
# As recommended in https://iterative.ai/blog/testing-external-contributions-using-github-actions-secrets,
|
|
# we are adding an 'authorize' job that checks if the workflow was triggered from a fork PR. In that case, the "external" environment
|
|
# will prevent the job from running until it's approved manually by human intervention.
|
|
pull_request_target:
|
|
types: [opened, synchronize, reopened, ready_for_review, closed]
|
|
branches: [ main ]
|
|
paths:
|
|
- 'docs/website/**'
|
|
- '.github/workflows/pr-website.yaml'
|
|
|
|
env:
|
|
ODO_LOG_LEVEL: "4"
|
|
ODO_TRACKING_CONSENT: "no"
|
|
IBM_CLOUD_API_KEY: ${{ secrets.IBM_CLOUD_API_KEY }}
|
|
IKS_CLUSTER: ${{ secrets.IBM_CLOUD_IKS_CLUSTER_FOR_WEBSITE_DEPLOY_PREVIEWS }}
|
|
DEPLOY_RESOURCE_NAME: "odo-dev-pr-${{ github.event.number }}"
|
|
NAMESPACE: "odo-dev-pr-${{ github.event.number }}"
|
|
PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
|
|
PR_NUMBER: ${{ github.event.number }}
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.number }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
authorize:
|
|
# The 'external' environment is configured with the odo-maintainers team as required reviewers.
|
|
# All the subsequent jobs in this workflow 'need' this job, which will require manual approval for PRs coming from external forks.
|
|
# TODO(rm3l): list of authorized users that do not require manual review comes from the maintainers team and various robot accounts that handle automation in the repo => find a better way not to hardcode this list!
|
|
environment:
|
|
${{ (github.event.pull_request.head.repo.full_name == github.repository ||
|
|
contains(fromJSON('["odo-robot[bot]", "dependabot[bot]", "openshift-ci[bot]", "openshift-merge-robot", "openshift-ci-robot", "feloy", "kadel", "rm3l", "valaparthvi", "ritudes"]'), github.actor)) &&
|
|
'internal' || 'external' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- run: echo ✓
|
|
|
|
build_odo:
|
|
runs-on: ubuntu-latest
|
|
needs: authorize
|
|
steps:
|
|
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha || github.ref }}
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
|
|
- name: Build odo
|
|
run: make bin
|
|
|
|
- run: |
|
|
chmod +x ./odo
|
|
./odo version
|
|
|
|
- name: 'Upload odo'
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: odo_bin
|
|
path: odo
|
|
retention-days: 1
|
|
if-no-files-found: error
|
|
|
|
deploy-preview:
|
|
if: ${{ github.event.pull_request.state == 'open' }}
|
|
needs: [authorize, build_odo]
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha || github.ref }}
|
|
|
|
- name: Install IBM Cloud CLI
|
|
run: |
|
|
curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
|
|
ibmcloud --version
|
|
ibmcloud config --check-version=false
|
|
ibmcloud plugin install -f kubernetes-service
|
|
|
|
- name: Authenticate with IBM Cloud CLI
|
|
run: |
|
|
ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region --quiet
|
|
|
|
- name: Generate Kubeconfig
|
|
run: |
|
|
ibmcloud ks cluster config --cluster $IKS_CLUSTER
|
|
kubectl config current-context
|
|
|
|
- name: Get ingress domain
|
|
run: |
|
|
ingressDomain=$(ibmcloud ks cluster get --cluster $IKS_CLUSTER --output json | jq -r '.ingress.hostname')
|
|
if [[ -z "$ingressDomain" ]]; then
|
|
echo "Could not get ingress domain"
|
|
exit 1
|
|
fi
|
|
echo "DEPLOY_INGRESS_DOMAIN=$ingressDomain" >> "$GITHUB_ENV"
|
|
|
|
- name: Download odo from previous job
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: odo_bin
|
|
|
|
- name: Set odo in system path
|
|
run: |
|
|
mkdir -p "$HOME/.local/bin/"
|
|
mv ./odo "$HOME/.local/bin/odo"
|
|
chmod +x "$HOME/.local/bin/odo"
|
|
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
|
|
- name: Create and set namespace
|
|
run: |
|
|
if odo list namespaces | grep "$NAMESPACE"; then
|
|
echo "Namespace $NAMESPACE already exists."
|
|
else
|
|
echo "Namespace $NAMESPACE *not* found => creating it."
|
|
odo create namespace "$NAMESPACE" --wait
|
|
fi
|
|
odo set namespace "$NAMESPACE"
|
|
|
|
- name: Login to Container Image Registry
|
|
uses: redhat-actions/podman-login@v1
|
|
with:
|
|
username: odo-dev+gh
|
|
password: ${{ secrets.REGISTRY_PASSWORD }}
|
|
registry: quay.io/odo-dev
|
|
|
|
- name: Set Image Registry in odo preference
|
|
# Setting this will make odo treat relative image names in the Devfile as a selector.
|
|
# See https://odo.dev/docs/development/devfile#how-odo-handles-image-names for more details.
|
|
run: |
|
|
odo preference set ImageRegistry quay.io/odo-dev --force
|
|
|
|
- name: Deploy with odo
|
|
run: |
|
|
cd docs/website/
|
|
odo deploy \
|
|
--var DEPLOY_RESOURCE_NAME \
|
|
--var DEPLOY_INGRESS_DOMAIN
|
|
|
|
- run: echo "PR_PREVIEW_URL=https://$DEPLOY_RESOURCE_NAME.$DEPLOY_INGRESS_DOMAIN/" >> "$GITHUB_ENV"
|
|
|
|
- name: Test access
|
|
run: |
|
|
wget --no-check-certificate \
|
|
--tries=20 \
|
|
--retry-on-host-error \
|
|
--retry-on-http-error=404,502,503 \
|
|
-S \
|
|
-O - \
|
|
"${{ env.PR_PREVIEW_URL }}" || exit 1
|
|
|
|
- name: Add PR comment with preview URL
|
|
uses: thollander/actions-comment-pull-request@1d3973dc4b8e1399c0620d3f2b1aa5e795465308 # v2
|
|
with:
|
|
message: |
|
|
### <span aria-hidden="true">✅</span> Deploy Preview on internal cluster ready!
|
|
|
|
| Name | Link |
|
|
|---------------------------------|------------------------|
|
|
|<span aria-hidden="true">🔨</span> Latest commit | ${{ env.PR_HEAD_SHA }} |
|
|
|<span aria-hidden="true">😎</span> Deploy Preview | [${{ env.PR_PREVIEW_URL }}](${{ env.PR_PREVIEW_URL }}) |
|
|
comment_tag: 'Deploy Preview'
|
|
pr_number: ${{ env.PR_NUMBER }}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
reactions: rocket
|
|
|
|
delete_resources_for_pr:
|
|
if: ${{ github.event.pull_request.state == 'closed' }}
|
|
needs: [authorize, build_odo]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha || github.ref }}
|
|
|
|
- name: Download odo from previous job
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: odo_bin
|
|
|
|
- name: Set odo in system path
|
|
run: |
|
|
mkdir -p "$HOME/.local/bin/"
|
|
mv ./odo "$HOME/.local/bin/odo"
|
|
chmod +x "$HOME/.local/bin/odo"
|
|
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
|
|
- name: Install IBM Cloud CLI
|
|
run: |
|
|
curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
|
|
ibmcloud --version
|
|
ibmcloud config --check-version=false
|
|
ibmcloud plugin install -f kubernetes-service
|
|
|
|
- name: Authenticate with IBM Cloud CLI
|
|
run: |
|
|
ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region --quiet
|
|
|
|
- name: Generate Kubeconfig
|
|
run: |
|
|
ibmcloud ks cluster config --cluster $IKS_CLUSTER
|
|
kubectl config current-context
|
|
|
|
- name: Get ingress domain
|
|
run: |
|
|
ingressDomain=$(ibmcloud ks cluster get --cluster $IKS_CLUSTER --output json | jq -r '.ingress.hostname')
|
|
if [[ -z "$ingressDomain" ]]; then
|
|
echo "Could not get ingress domain"
|
|
exit 1
|
|
fi
|
|
echo "DEPLOY_INGRESS_DOMAIN=$ingressDomain" >> "$GITHUB_ENV"
|
|
|
|
- run: echo "PR_PREVIEW_URL=https://$DEPLOY_RESOURCE_NAME.$DEPLOY_INGRESS_DOMAIN/" >> "$GITHUB_ENV"
|
|
|
|
- name: Update PR comment about preview URL
|
|
uses: thollander/actions-comment-pull-request@1d3973dc4b8e1399c0620d3f2b1aa5e795465308 # v2
|
|
with:
|
|
message: |
|
|
### <span aria-hidden="true">🔨</span> Deploy Preview deleted from internal cluster!
|
|
|
|
| Name | Link |
|
|
|---------------------------------|------------------------|
|
|
|<span aria-hidden="true">🔨</span> Latest commit | ${{ env.PR_HEAD_SHA }} |
|
|
|<span aria-hidden="true">😎</span> Deploy Preview | ~[${{ env.PR_PREVIEW_URL }}](${{ env.PR_PREVIEW_URL }})~ |
|
|
comment_tag: 'Deploy Preview'
|
|
pr_number: ${{ env.PR_NUMBER }}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
reactions: recycle
|
|
|
|
- name: Delete component in namespace
|
|
run: |
|
|
if odo list namespaces | grep "$NAMESPACE"; then
|
|
odo set namespace "$NAMESPACE"
|
|
cd docs/website/
|
|
odo delete component --force --wait
|
|
fi
|
|
|
|
- name: Delete namespace
|
|
if: ${{ always() }}
|
|
run: |
|
|
if odo list namespaces | grep "$NAMESPACE"; then
|
|
odo delete namespace "$NAMESPACE" \
|
|
--wait \
|
|
--force \
|
|
|| echo "Could not delete namespace $NAMESPACE - please delete it manually."
|
|
fi
|