forked from danskernesdigitalebibliotek/dpl-cms
-
Notifications
You must be signed in to change notification settings - Fork 0
152 lines (144 loc) · 5.77 KB
/
lagoon.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
on:
pull_request:
# We have two groups of jobs in this workflow that reacts on actions:
#
# 1. We update the status of a Github Deployment on:
# - opened
# - synchronize
# - reopened
# - closed
#
# 2. We forward all events to lagoon via InformLagoon
types: [ opened, synchronize, reopened, closed, edited ]
name: Lagoon integration
env:
LAGOON_HOST: "dplplat01.dpl.reload.dk"
LAGOON_PROJECT: "dpl-cms"
jobs:
CheckPrAuthor:
name: Check PR author
runs-on: ubuntu-latest
steps:
- name: Check PR author
run: |
set -e
echo "IGNORED_PR_AUTHORS: ${{ vars.IGNORED_PR_AUTHORS }}"
echo "PR author: ${{ github.event.pull_request.user.login }}"
AUTHOR_IS_IGNORED=$(echo '${{ vars.IGNORED_PR_AUTHORS }}' | jq --arg author "${{ github.event.pull_request.user.login }}" 'any(.[]; . as $ | $author | match($))')
echo "PR author is ${{ github.event.pull_request.user.login }}"
exit 1
if [[ "${{ github.event.pull_request.user.login }}" == "dpl-bot" ]]
then
echo "PR author is dpl-bot. Skipping deployment."
exit 1
fi
if: ${{ vars.IGNORED_PR_AUTHORS }}
BranchNameLength:
name: Check branch length
runs-on: ubuntu-latest
needs: [CheckPrAuthor]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Ensure branch name length
uses: lekterable/[email protected]
if: github.ref_type == 'branch' || github.ref_type == 'pull_request'
with:
allowed: |
/^.{1,50}$/
errorMessage: 'Branch name too long. This cannot be deployed to Lagoon.'
CheckEnvironment:
name: Check environment
runs-on: ubuntu-latest
if: ${{ github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' }}
needs: [BranchNameLength, CheckPrAuthor]
permissions:
# Give the default GITHUB_TOKEN permission to create and update deployments
deployments: write
steps:
- name: Generate environment data
id: environment
run: |
echo ::set-output name=id::pr-${{github.event.number}}
echo ::set-output name=url::'https://varnish.pr-${{github.event.number}}.${{ env.LAGOON_PROJECT }}.${{ env.LAGOON_HOST }}/'
echo ::set-output name=logs::'https://ui.lagoon.${{ env.LAGOON_HOST }}/projects/${{ env.LAGOON_PROJECT }}/${{ env.LAGOON_PROJECT }}-pr-${{github.event.number}}/deployments'
- name: Start deployment
uses: bobheadxi/[email protected]
id: deployment
with:
step: start
token: ${{ secrets.GITHUB_TOKEN }}
env: ${{ steps.environment.outputs.id }}
ref: ${{ github.head_ref }}
logs: ${{ steps.environment.outputs.logs }}
debug: ${{ runner.debug && 'true' || 'false' }}
- name: Generate wait-on config
# Retrieval of Let's Encrypt certificate sometimes fail in Lagoon.
# In this case a self-signed certificate will be used. Allow this.
run: |
echo "{\"strictSSL\": false}" > $RUNNER_TEMP/wait-on.config.json
- name: Wait for environment to become available
uses: iFaxity/[email protected]
with:
resource: ${{ steps.environment.outputs.url }}
# Time in ms. Wait for 15 mins for deployment to complete. We have
# seen deployments taking up to 12 mins.
timeout: 900000
# Poll every 10 seconds. For whatever reason Lagoon environments may
# return 200 during the deployment process even though the deployment
# is not complete. Reduce polling interval to the risk of this
# happening.
interval: 10000
config: ${{ runner.temp }}/wait-on.config.json
- name: Finish deployment
if: always()
uses: bobheadxi/[email protected]
with:
step: finish
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
env: ${{ steps.deployment.outputs.env }}
env_url: ${{ steps.environment.outputs.url }}
logs: ${{ steps.environment.outputs.logs }}
debug: ${{ runner.debug && 'true' || 'false' }}
CloseEnvironment:
name: Close environment
runs-on: ubuntu-latest
if: ${{ github.event.action == 'closed' }}
permissions:
# Give the default GITHUB_TOKEN permission to close deployments.
deployments: write
steps:
- name: Generate environment data
id: environment
run: |
echo ::set-output name=id::pr-${{github.event.number}}
- name: Close environment
uses: bobheadxi/[email protected]
with:
step: deactivate-env
token: ${{ secrets.GITHUB_TOKEN }}
env: ${{ steps.environment.outputs.id }}
debug: ${{ runner.debug && 'true' || 'false' }}
# We only permit the integration with Lagoon to run if the user is
# authorized. This saves on resources and ensures we only spin up sites for
# legitimate contributions.
# The integration is controlled by creating synthetic events related to select
# pull-request events, and send them to Lagoon.
#
# The job expects the following secrets:
# LAGOON_WEBHOOK_URL: The url events are to be delivered to
# LAGOON_WEBHOOK_SECRET: Shared lagoon webhook secret
#
InformLagoon:
name: Send synthetic event to Lagoon
runs-on: ubuntu-latest
needs: [BranchNameLength, CheckPrAuthor]
steps:
- name: Send pull request event
uses: distributhor/workflow-webhook@v3
env:
webhook_url: ${{ secrets.LAGOON_WEBHOOK_URL }}
webhook_secret: ${{ secrets.LAGOON_WEBHOOK_SECRET }}
webhook_type: 'json-extended'