Skip to content

Devxt 1653 - Add login controls #33

Devxt 1653 - Add login controls

Devxt 1653 - Add login controls #33

name: Build and optionally update gitops repo for a pull-request
env:
TARGET_FILE: 'values.pr.yaml'
WORKING_DIR: 'developer-portal'
YAML_PROPERTY_PATH: '.upstream.backstage.image.tag'
HUSKY: 0
on:
pull_request:
types: [synchronize, reopened, labeled]
branches: ['main']
# save resources. Don't take up a queue space doing a duplicate build
concurrency:
group: update-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
get-build-mode:
runs-on: ubuntu-latest
outputs:
SHOULD_BUILD: ${{ steps.build_mode.outputs.SHOULD_BUILD }}
SHOULD_BUILD_DEPLOY: ${{ steps.build_mode.outputs.SHOULD_BUILD_DEPLOY }}
steps:
# Check if this workflow should build and optionally deploy. Deployment cannot happen without a build
- name: Determine if should build and deploy
id: build_mode
run: |
should_build=false
should_build_deploy=false
if ${{ github.event.pull_request.state == 'open' }} ; then
if ${{ contains(github.event.pull_request.labels.*.name, 'build' )}} ; then
should_build=true
fi
if ${{ contains(github.event.pull_request.labels.*.name, 'preview') }}; then
should_build_deploy=true
fi
fi
echo "SHOULD_BUILD=$should_build" >> "$GITHUB_OUTPUT"
echo "SHOULD_BUILD_DEPLOY=$should_build_deploy" >> "$GITHUB_OUTPUT"
call-build-workflow:
needs: get-build-mode
if: ${{ (needs.get-build-mode.outputs.SHOULD_BUILD == 'true') || (needs.get-build-mode.outputs.SHOULD_BUILD_DEPLOY == 'true') }}
uses: ./.github/workflows/build.yaml
get-short-sha:
needs: get-build-mode
if: needs.get-build-mode.outputs.SHOULD_BUILD_DEPLOY == 'true'
uses: ./.github/workflows/get-short-sha.yaml
get-pr-branch-name:
needs: get-build-mode
if: needs.get-build-mode.outputs.SHOULD_BUILD_DEPLOY == 'true'
uses: ./.github/workflows/get-pr-branch-name.yaml
update-gitops-pr-file:
if: needs.get-build-mode.outputs.SHOULD_BUILD_DEPLOY == 'true'
runs-on: ubuntu-latest
needs:
[call-build-workflow, get-short-sha, get-pr-branch-name, get-build-mode]
steps:
- name: Setup gitops repo access
uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.MANIFEST_REPO_DEPLOY_KEY }}
- name: Checkout CD repo
uses: actions/checkout@v4
with:
repository: ${{ secrets.MANIFEST_REPO }}
ssh-key: ${{ secrets.MANIFEST_REPO_DEPLOY_KEY }}
# fetch depth 0 gets all branches and histories. The workflow needs to get the
# branches because the workflow may run if there were multiple commits to the PR.
# It needs to checkout the existing branch and update it, rather than creating a
# new branch and then getting an error when it pushes to the remote and sees there
# is an existing branch
fetch-depth: 0
- name: 'Configure git'
# From https://github.com/orgs/community/discussions/26560#discussioncomment-3531273
run: |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: 'Create or checkout branch'
run: |
branch_name=${{ needs.get-pr-branch-name.outputs.BRANCH_NAME }}
git checkout $branch_name || git checkout -b $branch_name
- name: Update image tag
run: |
cd ${{ env.WORKING_DIR }}
yq -i '${{ env.YAML_PROPERTY_PATH }} = "${{ needs.get-short-sha.outputs.SHORT_SHA }}"' ${{ env.TARGET_FILE }}
- name: 'Check for changes'
id: check_for_changes
run: |
CHANGES=$(git status --porcelain)
if [ -z "$CHANGES" ]; then
echo "No changes"
echo "HAS_CHANGES=0" >> $GITHUB_OUTPUT
else
echo "Has changes"
echo "HAS_CHANGES=1" >> $GITHUB_OUTPUT
fi
- name: Commit and push update
if: ${{ steps.check_for_changes.outputs.HAS_CHANGES == 1 }}
run: |
git commit -am "Update image tag for pull request deployment"
git push origin ${{ needs.get-pr-branch-name.outputs.BRANCH_NAME }}