diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 94c62d4b4..4d9e17618 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -52,27 +52,29 @@ jobs: artifact_id: deployFiles.id, }) - # We could run `unzip -o` to overwrite all files, but that could easily lead - # to security problems as the workflow creating the zip file can add - # arbitrary files. Right now it does not matter as this workflow explicitly - # only runs for trusted users, but being more careful here is better. So we - # explicitly remove the file we expect to get overwriten. + - name: extract artifacts - run: | - rm .deployment/templates/config.toml || true - rm util/dev-config/logo-large.svg || true - rm util/dev-config/logo-small.svg || true - rm util/dev-config/favicon.svg || true - rm util/containers/login-handler.py || true - unzip artifacts.zip + run: mkdir tmp_artifacts && unzip artifacts.zip -d tmp_artifacts + + - name: Read Deploy ID + run: echo "DEPLOY_ID=$(cat ./tmp_artifacts/deploy-id)" >> $GITHUB_ENV + + - name: Set GitHub deployment status to "Pending" + uses: bobheadxi/deployments@v0.5.2 + id: gh_deployment_start + with: + step: start + token: ${{ secrets.GITHUB_TOKEN }} + env: ${{ env.DEPLOY_ID }} + ref: ${{ github.event.workflow_run.head_commit.id }} - name: Prepare files for deployment run: | - cp -v tobira .deployment/files/ - cp -v util/dev-config/logo-large.svg .deployment/files/ - cp -v util/dev-config/logo-small.svg .deployment/files/ - cp -v util/dev-config/favicon.svg .deployment/files/ - cp -v util/containers/login-handler.py .deployment/files/ + cp -v tmp_artifacts/tobira .deployment/files/ + cp -v tmp_artifacts/util/dev-config/logo-large.svg .deployment/files/ + cp -v tmp_artifacts/util/dev-config/logo-small.svg .deployment/files/ + cp -v tmp_artifacts/util/dev-config/favicon.svg .deployment/files/ + cp -v tmp_artifacts/util/containers/login-handler.py .deployment/files/ - name: prepare deploy key env: @@ -93,56 +95,16 @@ jobs: run: > ansible-playbook --private-key=~/.ssh/id_ed25519 - --extra-vars="deployid='$(cat ../deploy-id)'" + --extra-vars="deployid='${{ env.DEPLOY_ID }}'" -u github deploy.yml - - name: comment on PR - uses: actions/github-script@v6 + - name: Set GitHub deployment status to "deployed" + uses: bobheadxi/deployments@v0.5.2 with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - const fs = require('fs'); - const deploy_id = fs.readFileSync('${{github.workspace}}/deploy-id', 'utf8').trim(); - if (deploy_id.startsWith('pr')) { - const body = `🚀 This PR was deployed at https://${deploy_id}.tobira.opencast.org. ` - + `The deployment will be updated whenever someone pushes onto this PR's branch.`; - const issue_number = Number(deploy_id.substring(2)); - - // Check if we commented before - let page = 0; - let commentedAlready = false; - - // In theory we don't need this upper limit of 20, but I am really uncomfortable - // having a potentially infinite loop in here. So I rather have this artificial - // upper limit. The worst that can happen is that this actions adds a second - // comment. - for (let page = 0; page < 20; page++) { - const comments = await github.rest.issues.listComments({ - issue_number, - owner: context.repo.owner, - repo: context.repo.repo, - per_page: 100, - page, - }); - - if (comments.data.length == 0) { - break; - } - - if (comments.data.some(c => c.body == body)) { - console.log("Found an identical comment: will not comment again.") - commentedAlready = true; - break; - } - } - - if (!commentedAlready) { - await github.rest.issues.createComment({ - issue_number, - owner: context.repo.owner, - repo: context.repo.repo, - body, - }) - } - } + step: finish + token: ${{ secrets.GITHUB_TOKEN }} + env: ${{ env.DEPLOY_ID }} + status: ${{ job.status }} + deployment_id: ${{ steps.gh_deployment_start.outputs.deployment_id }} + env_url: ${{ format('https://{0}.tobira.opencast.org', env.DEPLOY_ID) }} diff --git a/.github/workflows/remove-deployment.yml b/.github/workflows/remove-deployment.yml index dbd62ce22..475f34070 100644 --- a/.github/workflows/remove-deployment.yml +++ b/.github/workflows/remove-deployment.yml @@ -29,18 +29,25 @@ jobs: run: ansible-galaxy collection install community.postgresql - name: Write deploy ID (for branch) to file - run: ./.deployment/deploy-id.sh "${{ github.event.ref }}" > deploy-id + run: echo "DEPLOY_ID=$(./.deployment/deploy-id.sh "${{ github.event.ref }}")" >> $GITHUB_ENV if: github.event_name == 'delete' - name: Write deploy ID (for PR) to file - run: ./.deployment/deploy-id.sh "refs/pull/${{ github.event.pull_request.number }}/merge" > deploy-id + run: echo "DEPLOY_ID=pr${{ github.event.pull_request.number }}" >> $GITHUB_ENV if: github.event_name != 'delete' + - name: Delete GitHub deployment status + uses: bobheadxi/deployments@v0.5.2 + with: + step: delete-env + token: ${{ secrets.GITHUB_TOKEN }} + env: ${{ env.DEPLOY_ID }} + - name: remove deployment working-directory: .deployment run: > ansible-playbook --private-key=~/.ssh/id_ed25519 - --extra-vars="deployid='$(cat ../deploy-id)'" + --extra-vars="deployid='${{ env.DEPLOY_ID }}'" -u github remove-deployment.yml