Devxt 1653 - Add login controls #33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and optionally update gitops repo for a pull-request | |
env: | |
TARGET_FILE: 'values.pr.yaml' | |
WORKING_DIR: 'developer-portal' | |
YAML_PROPERTY_PATH: '.upstream.backstage.image.tag' | |
HUSKY: 0 | |
on: | |
pull_request: | |
types: [synchronize, reopened, labeled] | |
branches: ['main'] | |
# save resources. Don't take up a queue space doing a duplicate build | |
concurrency: | |
group: update-${{ github.event.pull_request.number }} | |
cancel-in-progress: true | |
jobs: | |
get-build-mode: | |
runs-on: ubuntu-latest | |
outputs: | |
SHOULD_BUILD: ${{ steps.build_mode.outputs.SHOULD_BUILD }} | |
SHOULD_BUILD_DEPLOY: ${{ steps.build_mode.outputs.SHOULD_BUILD_DEPLOY }} | |
steps: | |
# Check if this workflow should build and optionally deploy. Deployment cannot happen without a build | |
- name: Determine if should build and deploy | |
id: build_mode | |
run: | | |
should_build=false | |
should_build_deploy=false | |
if ${{ github.event.pull_request.state == 'open' }} ; then | |
if ${{ contains(github.event.pull_request.labels.*.name, 'build' )}} ; then | |
should_build=true | |
fi | |
if ${{ contains(github.event.pull_request.labels.*.name, 'preview') }}; then | |
should_build_deploy=true | |
fi | |
fi | |
echo "SHOULD_BUILD=$should_build" >> "$GITHUB_OUTPUT" | |
echo "SHOULD_BUILD_DEPLOY=$should_build_deploy" >> "$GITHUB_OUTPUT" | |
call-build-workflow: | |
needs: get-build-mode | |
if: ${{ (needs.get-build-mode.outputs.SHOULD_BUILD == 'true') || (needs.get-build-mode.outputs.SHOULD_BUILD_DEPLOY == 'true') }} | |
uses: ./.github/workflows/build.yaml | |
get-short-sha: | |
needs: get-build-mode | |
if: needs.get-build-mode.outputs.SHOULD_BUILD_DEPLOY == 'true' | |
uses: ./.github/workflows/get-short-sha.yaml | |
get-pr-branch-name: | |
needs: get-build-mode | |
if: needs.get-build-mode.outputs.SHOULD_BUILD_DEPLOY == 'true' | |
uses: ./.github/workflows/get-pr-branch-name.yaml | |
update-gitops-pr-file: | |
if: needs.get-build-mode.outputs.SHOULD_BUILD_DEPLOY == 'true' | |
runs-on: ubuntu-latest | |
needs: | |
[call-build-workflow, get-short-sha, get-pr-branch-name, get-build-mode] | |
steps: | |
- name: Setup gitops repo access | |
uses: webfactory/ssh-agent@v0.9.0 | |
with: | |
ssh-private-key: ${{ secrets.MANIFEST_REPO_DEPLOY_KEY }} | |
- name: Checkout CD repo | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ secrets.MANIFEST_REPO }} | |
ssh-key: ${{ secrets.MANIFEST_REPO_DEPLOY_KEY }} | |
# fetch depth 0 gets all branches and histories. The workflow needs to get the | |
# branches because the workflow may run if there were multiple commits to the PR. | |
# It needs to checkout the existing branch and update it, rather than creating a | |
# new branch and then getting an error when it pushes to the remote and sees there | |
# is an existing branch | |
fetch-depth: 0 | |
- name: 'Configure git' | |
# From https://github.com/orgs/community/discussions/26560#discussioncomment-3531273 | |
run: | | |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git config --global user.name "github-actions[bot]" | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: 'Create or checkout branch' | |
run: | | |
branch_name=${{ needs.get-pr-branch-name.outputs.BRANCH_NAME }} | |
git checkout $branch_name || git checkout -b $branch_name | |
- name: Update image tag | |
run: | | |
cd ${{ env.WORKING_DIR }} | |
yq -i '${{ env.YAML_PROPERTY_PATH }} = "${{ needs.get-short-sha.outputs.SHORT_SHA }}"' ${{ env.TARGET_FILE }} | |
- name: 'Check for changes' | |
id: check_for_changes | |
run: | | |
CHANGES=$(git status --porcelain) | |
if [ -z "$CHANGES" ]; then | |
echo "No changes" | |
echo "HAS_CHANGES=0" >> $GITHUB_OUTPUT | |
else | |
echo "Has changes" | |
echo "HAS_CHANGES=1" >> $GITHUB_OUTPUT | |
fi | |
- name: Commit and push update | |
if: ${{ steps.check_for_changes.outputs.HAS_CHANGES == 1 }} | |
run: | | |
git commit -am "Update image tag for pull request deployment" | |
git push origin ${{ needs.get-pr-branch-name.outputs.BRANCH_NAME }} |