-
Notifications
You must be signed in to change notification settings - Fork 816
483 lines (431 loc) · 17.5 KB
/
post-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
name: Post-Build
run-name: Post-Build on ${{ github.event.workflow_run.head_branch }}
on:
workflow_run:
types: [ 'completed' ]
workflows:
- Build
concurrency:
# Cancel concurrent jobs on pull_request but not push, by including the run_id in the concurrency group for the latter.
group: post-build-${{ github.event.workflow_run.event == 'push' && github.run_id || 'pr' }}-${{ github.event.workflow_run.head_branch }}
cancel-in-progress: true
env:
COMPOSER_ROOT_VERSION: "dev-trunk"
SUMMARY: Post-Build run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for Build run [#${{ github.event.workflow_run.id }}](${{ github.event.workflow_run.html_url }})
permissions:
actions: read
contents: read
pull-requests: read
# Note the job logic here is a bit unusual. That's because this workflow is triggered by `workflow_run`, and so is not shown on the PR by default.
# Instead we have to manually report back, including where we could normally just skip or let a failure be handled.
# - If the "Build" job failed, we need to set our status as failed too (build_failed).
# - If the find_artifact job fails for some reason, we need a step to explicitly report that back.
# - If no plugins are found, we need to explicitly report back a "skipped" status.
# - And the upgrade_test job both explicitly sets "in progress" at its start and updates at its end.
#
# If you're wanting to add a new check, you'd want to do the following:
# - Add a step in the `setup` workflow to create your check, and a corresponding output for later steps to have the ID.
# - Add a step in the `build_failed` workflow to set your run to cancelled.
# - Add a job to run whatever tests you need to run, with steps similar to the `upgrade_test` workflow's "Get token", "Notify check in progress", and "Notify final status".
# - Add a step in the `no_plugins` workflow to set your run to skipped if your job only runs when there are plugins built.
jobs:
setup:
name: Setup
runs-on: ubuntu-latest
timeout-minutes: 2 # 2022-12-20: Seems like it should be fast.
outputs:
upgrade_check: ${{ steps.upgrade_check.outputs.id }}
wpcom_filename_check: ${{ steps.wpcom_filename_check.outputs.id }}
steps:
- name: Log info
run: |
echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY
- uses: actions/checkout@v4
- name: Get token
id: get_token
uses: ./.github/actions/gh-app-token
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: 'Create "Test plugin upgrades" check'
id: upgrade_check
uses: ./.github/actions/check-run
with:
name: Test plugin upgrades
sha: ${{ github.event.workflow_run.head_sha }}
status: queued
title: Test queued...
summary: |
${{ env.SUMMARY }}
token: ${{ steps.get_token.outputs.token }}
- name: 'Create "Test wpcom filename restrictions" check'
id: wpcom_filename_check
uses: ./.github/actions/check-run
with:
name: Test wpcom filename restrictions
sha: ${{ github.event.workflow_run.head_sha }}
status: queued
title: Test queued...
summary: |
${{ env.SUMMARY }}
token: ${{ steps.get_token.outputs.token }}
build_failed:
name: Handle build failure
runs-on: ubuntu-latest
needs: setup
if: github.event.workflow_run.conclusion != 'success'
timeout-minutes: 2 # 2022-08-26: Seems like it should be fast.
steps:
- uses: actions/checkout@v4
- name: Get token
id: get_token
uses: ./.github/actions/gh-app-token
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: 'Mark "Test plugin upgrades" cancelled'
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.upgrade_check }}
conclusion: cancelled
title: Build failed
summary: |
${{ env.SUMMARY }}
Post-build run aborted because the build did not succeed.
token: ${{ steps.get_token.outputs.token }}
- name: 'Mark "Test wpcom filename restrictions" cancelled'
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.wpcom_filename_check }}
conclusion: cancelled
title: Build failed
summary: |
${{ env.SUMMARY }}
Post-build run aborted because the build did not succeed.
token: ${{ steps.get_token.outputs.token }}
find_artifact:
name: Find artifact
runs-on: ubuntu-latest
needs: setup
if: github.event.workflow_run.conclusion == 'success'
timeout-minutes: 2 # 2022-08-26: Seems like it should be fast.
outputs:
zip_url: ${{ steps.run.outputs.zip_url }}
any_plugins: ${{ steps.run.outputs.any_plugins }}
steps:
- uses: actions/checkout@v4
- name: Find artifact
id: run
env:
TOKEN: ${{ github.token }}
URL: ${{ github.event.workflow_run.artifacts_url }}
run: |
for (( i=1; i<=5; i++ )); do
[[ $i -gt 1 ]] && sleep 10
echo "::group::Fetch list of artifacts (attempt $i/5)"
JSON="$(curl -v -L --get \
--header "Authorization: token $TOKEN" \
--url "$URL"
)"
echo "$JSON"
echo "::endgroup::"
ZIPURL="$(jq -r '.artifacts | map( select( .name == "jetpack-build" ) ) | sort_by( .created_at ) | last | .archive_download_url // empty' <<<"$JSON")"
PLUGINS="$(jq -r '.artifacts[] | select( .name == "plugins.tsv" )' <<<"$JSON")"
if [[ -n "$ZIPURL" ]]; then
break
fi
done
[[ -z "$ZIPURL" ]] && { echo "::error::Failed to find artifact."; exit 1; }
echo "Zip URL: $ZIPURL"
echo "zip_url=${ZIPURL}" >> "$GITHUB_OUTPUT"
if [[ -z "$PLUGINS" ]]; then
echo "Any plugins? No"
echo "any_plugins=false" >> "$GITHUB_OUTPUT"
else
echo "Any plugins? Yes"
echo "any_plugins=true" >> "$GITHUB_OUTPUT"
fi
- name: Get token
id: get_token
if: ${{ ! success() }}
uses: ./.github/actions/gh-app-token
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: 'Mark "Test plugin upgrades" failed'
if: ${{ ! success() }}
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.upgrade_check }}
conclusion: failure
title: Failed to find build artifact
summary: |
${{ env.SUMMARY }}
Post-build run aborted because the "Find artifact" step failed.
token: ${{ steps.get_token.outputs.token }}
- name: 'Mark "Test wpcom filename restrictions" failed'
if: ${{ ! success() }}
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.wpcom_filename_check }}
conclusion: failure
title: Failed to find build artifact
summary: |
${{ env.SUMMARY }}
Post-build run aborted because the "Find artifact" step failed.
token: ${{ steps.get_token.outputs.token }}
no_plugins:
name: Handle no-plugins
runs-on: ubuntu-latest
needs: [ setup, find_artifact ]
if: needs.find_artifact.outputs.any_plugins == 'false'
timeout-minutes: 2 # 2022-08-26: Seems like it should be fast.
steps:
- uses: actions/checkout@v4
- name: Get token
id: get_token
uses: ./.github/actions/gh-app-token
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: 'Mark "Test plugin upgrades" skipped'
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.upgrade_check }}
conclusion: skipped
title: No plugins were built
summary: |
${{ env.SUMMARY }}
Post-build run skipped because no plugins were built.
token: ${{ steps.get_token.outputs.token }}
- name: 'Mark "Test wpcom filename restrictions" skipped'
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.wpcom_filename_check }}
conclusion: skipped
title: No plugins were built
summary: |
${{ env.SUMMARY }}
Post-build run skipped because no plugins were built.
token: ${{ steps.get_token.outputs.token }}
prepare_upgrade_test:
name: Prepare plugin upgrades matrix
runs-on: ubuntu-latest
needs: [ setup, find_artifact ]
if: needs.find_artifact.outputs.any_plugins == 'true'
outputs:
matrix: ${{ steps.matrix.outputs.matrix }}
timeout-minutes: 5 # 2025-03-13: Should be just a few seconds.
steps:
- uses: actions/checkout@v4
- name: Get token
id: get_token
uses: ./.github/actions/gh-app-token
env:
# Work around a weird node 16/openssl 3 issue in the docker env
OPENSSL_CONF: '/dev/null'
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: Notify check in progress
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.upgrade_check }}
status: in_progress
title: Test started...
summary: |
${{ env.SUMMARY }}
See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.
token: ${{ steps.get_token.outputs.token }}
- name: Download build artifact
env:
TOKEN: ${{ github.token }}
ZIPURL: ${{ needs.find_artifact.outputs.zip_url }}
shell: bash
run: |
for (( i=1; i<=2; i++ )); do
[[ $i -gt 1 ]] && sleep 10
echo "::group::Downloading artifact (attempt $i/2)"
curl -v -L --get \
--header "Authorization: token $TOKEN" \
--url "$ZIPURL" \
--output "artifact.zip"
echo "::endgroup::"
if [[ -e "artifact.zip" ]] && zipinfo artifact.zip &>/dev/null; then
break
fi
done
[[ ! -e "artifact.zip" ]] && { echo "::error::Failed to download artifact."; exit 1; }
unzip artifact.zip
tar --xz -xvvf build.tar.xz build/plugins.tsv
- name: Prepare matrix
id: matrix
run: |
RET=$( jq -c -s --raw-input 'split( "\n" )[0:-1] | map( split( "\t" ) | { src: .[0], mirror: .[1], slug: .[2] } )' build/plugins.tsv )
jq '.' <<<"$RET"
echo "matrix=$RET" >> "$GITHUB_OUTPUT"
upgrade_test:
name: Test upgrades for ${{ matrix.slug }}
runs-on: ubuntu-latest
needs: [ setup, find_artifact, prepare_upgrade_test ]
if: needs.find_artifact.outputs.any_plugins == 'true'
timeout-minutes: 15 # 2022-08-26: Successful runs seem to take about 6 minutes, but give some extra time for the downloads.
strategy:
fail-fast: false
matrix:
include: ${{ fromJson( needs.prepare_upgrade_test.outputs.matrix ) }}
env:
PLUGIN_SRC: ${{ matrix.src }}
PLUGIN_MIRROR: ${{ matrix.mirror }}
PLUGIN_SLUG: ${{ matrix.slug }}
services:
db:
image: mariadb:lts
env:
MARIADB_ROOT_PASSWORD: wordpress
ports:
- 3306:3306
options: --health-cmd="healthcheck.sh --su-mysql --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=5
container:
image: ghcr.io/automattic/jetpack-wordpress-dev:latest
env:
WP_DOMAIN: localhost
WP_ADMIN_USER: wordpress
WP_ADMIN_EMAIL: [email protected]
WP_ADMIN_PASSWORD: wordpress
WP_TITLE: Hello World
MYSQL_HOST: db:3306
MYSQL_DATABASE: wordpress
MYSQL_USER: root
MYSQL_PASSWORD: wordpress
HOST_PORT: 80
ports:
- 80:80
steps:
- uses: actions/checkout@v4
with:
path: trunk
- uses: actions/checkout@v4
with:
ref: ${{ github.event.workflow_run.head_commit.id }}
path: commit
- name: Download build artifact
env:
TOKEN: ${{ github.token }}
ZIPURL: ${{ needs.find_artifact.outputs.zip_url }}
shell: bash
run: |
for (( i=1; i<=2; i++ )); do
[[ $i -gt 1 ]] && sleep 10
echo "::group::Downloading artifact (attempt $i/2)"
curl -v -L --get \
--header "Authorization: token $TOKEN" \
--url "$ZIPURL" \
--output "artifact.zip"
echo "::endgroup::"
if [[ -e "artifact.zip" ]] && zipinfo artifact.zip &>/dev/null; then
break
fi
done
[[ ! -e "artifact.zip" ]] && { echo "::error::Failed to download artifact."; exit 1; }
unzip artifact.zip
tar --xz -xvvf build.tar.xz build
- name: Setup WordPress
run: trunk/.github/files/test-plugin-update/setup.sh
- name: Prepare plugin zips
run: trunk/.github/files/test-plugin-update/prepare-zips.sh
- name: Test upgrades
run: trunk/.github/files/test-plugin-update/test.sh
post_upgrade_test:
name: Finalize plugin test
runs-on: ubuntu-latest
needs: [ setup, find_artifact, upgrade_test ]
if: always() && needs.find_artifact.outputs.any_plugins == 'true'
timeout-minutes: 5 # 2025-03-13: Should be just a few seconds.
steps:
- uses: actions/checkout@v4
- name: Get token
id: get_token
uses: ./.github/actions/gh-app-token
env:
# Work around a weird node 16/openssl 3 issue in the docker env
OPENSSL_CONF: '/dev/null'
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: Notify final status
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.upgrade_check }}
conclusion: ${{ needs.upgrade_test.result }}
title: ${{ needs.upgrade_test.result == 'success' && 'Tests passed' || needs.upgrade_test.result == 'cancelled' && 'Cancelled' || 'Tests failed' }}
summary: |
${{ env.SUMMARY }}
See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.
token: ${{ steps.get_token.outputs.token }}
wpcom_filename_test:
name: Test wpcom filename restrictions
runs-on: ubuntu-latest
needs: [ setup, find_artifact ]
if: needs.find_artifact.outputs.any_plugins == 'true'
timeout-minutes: 15 # 2025-03-03: Guess. Leave time for the downloads.
steps:
- uses: actions/checkout@v4
with:
path: trunk
- uses: actions/checkout@v4
with:
ref: ${{ github.event.workflow_run.head_commit.id }}
path: commit
- name: Get token
id: get_token
uses: ./trunk/.github/actions/gh-app-token
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: Notify check in progress
uses: ./trunk/.github/actions/check-run
with:
id: ${{ needs.setup.outputs.wpcom_filename_check }}
status: in_progress
title: Test started...
summary: |
${{ env.SUMMARY }}
See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.
token: ${{ steps.get_token.outputs.token }}
- name: Download build artifact
env:
TOKEN: ${{ github.token }}
ZIPURL: ${{ needs.find_artifact.outputs.zip_url }}
shell: bash
run: |
for (( i=1; i<=2; i++ )); do
[[ $i -gt 1 ]] && sleep 10
echo "::group::Downloading artifact (attempt $i/2)"
curl -v -L --get \
--header "Authorization: token $TOKEN" \
--url "$ZIPURL" \
--output "artifact.zip"
echo "::endgroup::"
if [[ -e "artifact.zip" ]] && zipinfo artifact.zip &>/dev/null; then
break
fi
done
[[ ! -e "artifact.zip" ]] && { echo "::error::Failed to download artifact."; exit 1; }
unzip artifact.zip
tar --xz -xvvf build.tar.xz build
- name: Test filename restrictions
id: tests
run: trunk/.github/files/test-wpcom-filename-restrictions.sh
- name: Notify final status
if: always()
uses: ./trunk/.github/actions/check-run
with:
id: ${{ needs.setup.outputs.wpcom_filename_check }}
conclusion: ${{ job.status }}
title: ${{ job.status == 'success' && 'Tests passed' || job.status == 'cancelled' && 'Cancelled' || 'Tests failed' }}
summary: |
${{ env.SUMMARY }}
${{ steps.tests.outputs.info }}
See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.
token: ${{ steps.get_token.outputs.token }}