From f19c01a11f23da6a79d3245ca33b81c383a58d54 Mon Sep 17 00:00:00 2001 From: Daniel Lockyer Date: Tue, 24 Sep 2024 16:44:29 +0200 Subject: [PATCH] Added workflow changes to support PR deploys to staging ref https://linear.app/tryghost/issue/DEV-31/staging-deploys-of-feature-branchesprs - we want the ability to ship a PR to staging, so we can test and QA without merging to `main` - most of the infrastructure is already in place for this, so it's mostly a case of wiring it all up - this commit will send a slightly different payload to the build process, to indicate it's coming from a PR - I've also added a check that the user is a member of the org, so we don't get random builds from non-members - to trigger this, we should be able to add the `deploy-to-staging` label and it Just Works :TM: --- .github/workflows/ci.yml | 42 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 11d4f68ec5..3e542caa57 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -61,6 +61,22 @@ jobs: echo "Setting BASE_COMMIT to $BASE_COMMIT" echo "BASE_COMMIT=$BASE_COMMIT" >> $GITHUB_ENV + - name: Check user org membership + id: check_user_org_membership + if: github.event_name == 'pull_request' + run: | + echo "Looking up: ${{ github.event.pull_request.user.login }}" + + LOOKUP_USER=$(curl --write-out "%{http_code}" --silent --output /dev/null --location 'https://api.github.com/orgs/tryghost/members/${{ github.event.pull_request.user.login }}' --header 'Authorization: Bearer ${{ secrets.CANARY_DOCKER_BUILD }}') + + if [ "$LOOKUP_USER" == "204" ]; then + echo "User is in the org" + echo "is_member=true" >> $GITHUB_OUTPUT + else + echo "User is not in the org" + echo "is_member=false" >> $GITHUB_OUTPUT + fi + - name: Determine added packages uses: dorny/paths-filter@v2.12.0 id: added @@ -179,9 +195,8 @@ jobs: changed_any_code: ${{ steps.changed.outputs.any-code }} changed_new_package: ${{ steps.added.outputs.new-package }} base_commit: ${{ env.BASE_COMMIT }} - branch_name: ${{ github.ref_name }} - is_canary_branch: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/arch') }} is_main: ${{ env.IS_MAIN }} + member_is_in_org: ${{ steps.check_user_org_membership.outputs.is_member }} has_browser_tests_label: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'browser-tests') }} dependency_cache_key: ${{ env.cachekey }} @@ -950,11 +965,30 @@ jobs: ] name: Canary runs-on: ubuntu-latest - if: always() && needs.job_setup.outputs.is_canary_branch == 'true' && needs.job_setup.result == 'success' && needs.job_required_tests.result == 'success' + if: | + always() + && needs.job_setup.result == 'success' + && needs.job_required_tests.result == 'success' + && ( + needs.job_setup.outputs.is_main == 'true' + || ( + github.event_name == 'pull_request' + && needs.job_setup.outputs.member_is_in_org == 'true' + && contains(github.event.pull_request.labels.*.name, 'deploy-to-staging') + ) + ) steps: - name: Output needs (for debugging) run: echo "${{ toJson(needs) }}" + - name: Compute branch name (push) + if: github.event_name == 'push' + run: echo "branch_name=${{ github.ref_name }}" >> $GITHUB_ENV + + - name: Compute branch name (pull_request) + if: github.event_name == 'pull_request' + run: echo "branch_name=${{ github.ref }}" >> $GITHUB_ENV + - name: Invoke build uses: aurelien-baudet/workflow-dispatch@v2 with: @@ -962,6 +996,6 @@ jobs: workflow: .github/workflows/deploy.yml ref: 'refs/heads/main' repo: TryGhost/Ghost-Moya - inputs: '{"version":"canary","environment":"staging","version_extra":"${{ needs.job_setup.outputs.branch_name }}"}' + inputs: '{"version":"canary","environment":"staging","version_extra":"${{ env.branch_name }}"}' wait-for-completion-timeout: 25m wait-for-completion-interval: 30s