-
Notifications
You must be signed in to change notification settings - Fork 553
257 lines (211 loc) · 8.45 KB
/
dev-build.yml
File metadata and controls
257 lines (211 loc) · 8.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
name: Dev Build
# NOTE! This is the *DEV* workflow.
# Keep in mind that much of the configuration is repeated in `prod-build.yml`
# and `stage-build.yml`
#
# For a complete picture of all environments, see:
#
# https://docs.google.com/spreadsheets/d/1VnnEl-iTtKYmlyN02FiEXygxZCgE4o_ZO8wSleebne4/edit?usp=sharing
#
# NOTE! Unlike prod and stage, this work only works on manual dispatch
on:
workflow_dispatch:
inputs:
notes:
description: "Notes"
required: false
default: ""
deployment_prefix:
description: "Deployment prefix"
required: false
default: "main"
workflow_call:
secrets:
GCP_PROJECT_NAME:
required: true
WIP_PROJECT_ID:
required: true
env:
DEFAULT_DEPLOYMENT_PREFIX: "main"
permissions:
# Authenticate with GCP.
id-token: write
# Post comment in pull request.
pull-requests: write
jobs:
build:
environment: review
runs-on: ubuntu-latest
steps:
- name: Merge dispatch inputs with default env vars
run: |
echo "PREFIX=${{ github.event.inputs.deployment_prefix || env.DEFAULT_DEPLOYMENT_PREFIX }}" >> "$GITHUB_ENV"
- name: Checkout
uses: actions/checkout@v4
- name: Checkout (content)
uses: actions/checkout@v4
with:
repository: mdn/content
path: mdn/content
# Yes, this means fetch EVERY COMMIT EVER.
# It's probably not sustainable in the far future (e.g. past 2021)
# but for now it's good enough. We'll need all the history
# so we can figure out each document's last-modified date.
fetch-depth: 0
- name: Checkout (mdn-studio)
uses: actions/checkout@v4
with:
repository: mdn/mdn-studio
path: mdn/mdn-studio
lfs: true
token: ${{ secrets.MDN_STUDIO_PAT }}
- name: Checkout (generic-content)
uses: actions/checkout@v4
with:
repository: mdn/generic-content
path: mdn/generic-content
- name: Checkout (curriculum)
uses: actions/checkout@v4
with:
repository: mdn/curriculum
path: mdn/curriculum
- name: Checkout (translated-content)
uses: actions/checkout@v4
with:
repository: mdn/translated-content
path: mdn/translated-content
# See matching warning for mdn/content checkout step
fetch-depth: 0
- name: Checkout (translated-content-de)
uses: actions/checkout@v4
with:
repository: mdn/translated-content-de
path: mdn/translated-content-de
- name: Move de into translated-content
run: |
mv mdn/translated-content-de/files/de mdn/translated-content/files/
rm -rf mdn/translated-content-de
- name: Clean and commit de
working-directory: mdn/translated-content
run: |
git add files/de
git -c user.name='MDN' -c user.email='mdn-dev@mozilla.com' commit -m 'de'
- name: Checkout (mdn-contributor-spotlight)
uses: actions/checkout@v4
with:
repository: mdn/mdn-contributor-spotlight
path: mdn/mdn-contributor-spotlight
- name: Setup Node.js environment
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
- name: Install all yarn packages
run: yarn --frozen-lockfile
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install Python poetry
uses: snok/install-poetry@v1
- name: Install deployer
run: |
cd deployer
poetry install
- name: Display Python & Poetry version
run: |
python --version
poetry --version
- name: Print information about build
run: |
echo "notes: ${{ github.event.inputs.notes }}"
echo "PREFIX: ${{ env.PREFIX }}"
- name: Print information about CPU
run: cat /proc/cpuinfo
- name: Build everything
env:
# Remember, the mdn/content repo got cloned into `pwd` into a
# sub-folder called "mdn/content"
CONTENT_ROOT: ${{ github.workspace }}/mdn/content/files
CONTENT_TRANSLATED_ROOT: ${{ github.workspace }}/mdn/translated-content/files
CONTRIBUTOR_SPOTLIGHT_ROOT: ${{ github.workspace }}/mdn/mdn-contributor-spotlight/contributors
BLOG_ROOT: ${{ github.workspace }}/mdn/mdn-studio/content/posts
CURRICULUM_ROOT: ${{ github.workspace }}/mdn/curriculum
GENERIC_CONTENT_ROOT: ${{ github.workspace }}/mdn/generic-content/files
# rari
BUILD_OUT_ROOT: "client/build"
# This basically means that all live-sample iframes run on the same
# host as the page that includes the iframe. Not great security but the
# context is that this is Dev and it's not connected to a real backend.
BUILD_LIVE_SAMPLES_BASE_URL: ""
# Now is not the time to worry about flaws.
BUILD_FLAW_LEVELS: "*:ignore"
# Uncomment when hacking on this workflow. It means the `yarn build`
# finishes much sooner, which can be helpful debugging the other stuff
# the workflow needs to do.
# BUILD_FOLDERSEARCH: web/html
# This just makes sure the Google Analytics script gets used even if
# it goes nowhere.
BUILD_GOOGLE_ANALYTICS_MEASUREMENT_ID: G-XXXXXXXX
# This removes the ability to sign in
REACT_APP_DISABLE_AUTH: true
run: |
set -eo pipefail
# Info about which CONTENT_* environment variables were set and to what.
echo "CONTENT_ROOT=$CONTENT_ROOT"
echo "CONTENT_TRANSLATED_ROOT=$CONTENT_TRANSLATED_ROOT"
# Build the ServiceWorker first
yarn build:sw
yarn build:client
yarn build:ssr
cp assets/nonprod/robots.txt client/build/robots.txt
yarn rari content sync-translated-content
yarn rari git-history
yarn rari build --all --issues client/build/issues.json --templ-stats
# SSR all pages
yarn render:html
# Generate whatsdeployed files.
yarn tool:legacy whatsdeployed --output client/build/_whatsdeployed/code.json
yarn tool:legacy whatsdeployed $CONTENT_ROOT --output client/build/_whatsdeployed/content.json
yarn tool:legacy whatsdeployed $CONTENT_TRANSLATED_ROOT --output client/build/_whatsdeployed/translated-content.json
- name: Update search index
env:
DEPLOYER_ELASTICSEARCH_URL: ${{ secrets.DEPLOYER_DEV_ELASTICSEARCH_URL }}
run: |
cd deployer
poetry run deployer search-index ../client/build
- name: Authenticate with GCP
uses: google-github-actions/auth@v2
with:
token_format: access_token
service_account: deploy-mdn-review-content@${{ secrets.GCP_PROJECT_NAME }}.iam.gserviceaccount.com
workload_identity_provider: projects/${{ secrets.WIP_PROJECT_ID }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions
- name: Setup gcloud
uses: google-github-actions/setup-gcloud@v2
- name: Sync build with GCS
uses: "google-github-actions/upload-cloud-storage@v2"
with:
path: "client/build"
destination: "${{ vars.GCP_BUCKET_NAME }}/${{ env.PREFIX }}"
resumable: false
concurrency: 500
parent: false
process_gcloudignore: false
- name: Notify PRs about deployment
run: |
gh pr list -S "$GITHUB_SHA -is:merged" --json number --jq '.[].number' | xargs -i gh pr comment {} --body "Dev build for $GITHUB_SHA was deployed to: $DEPLOYMENT_URL" || true
env:
DEPLOYMENT_URL: https://${{ env.PREFIX }}.review.mdn.allizom.net/
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Slack Notification
if: failure()
uses: rtCamp/action-slack-notify@v2
env:
SLACK_CHANNEL: mdn-notifications
SLACK_COLOR: ${{ job.status }}
SLACK_ICON: https://avatars.slack-edge.com/2020-11-17/1513880588420_fedd7f0e9456888e69ff_96.png
SLACK_TITLE: "Dev"
SLACK_MESSAGE: "Build failed :broken_heart:"
SLACK_FOOTER: "Powered by dev-build.yml"
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}