diff --git a/.github/workflows/azure-preview-env-deploy-public.yml b/.github/workflows/azure-preview-env-deploy-public.yml deleted file mode 100644 index cb571374ed..0000000000 --- a/.github/workflows/azure-preview-env-deploy-public.yml +++ /dev/null @@ -1,172 +0,0 @@ -name: Azure - Deploy Preview Environment (public) - -# NOTE! This is specifically and only for github/docs. - -# **What it does**: Build and deploy an Azure preview environment for this PR in github/docs -# **Why we have it**: It's our preview environment deploy mechanism, to docs public repo -# **Who does it impact**: All open source contributors. - -# !!! -# ! This worflow has access to secrets, runs in the public repository, and clones untrusted user code. -# ! Modify with extreme caution -# !!! - -on: - pull_request_target: - # Note that if someone makes a PR that touches `Dockerfile` - # and `content/index.md`, this use of `paths` will still run. - # It would run even if we appended `- '!Dockerfile'` to the list. - # But if someone makes a PR that touches `Dockerfile` only, the - # workflow will not run. - paths: - - 'content/**' - - 'data/**' - - 'assets/**' - merge_group: - -permissions: - contents: read - deployments: write - -# This allows one deploy workflow to interrupt another -concurrency: - group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}' - cancel-in-progress: true - -jobs: - build-and-deploy-azure-preview-public: - name: Build and deploy Azure preview environment (public) - runs-on: ubuntu-latest - # Ensure this is actually a pull request and not a merge group - # If its a merge group, report success without doing anything - # See https://bit.ly/3qB9nZW > If a job in a workflow is skipped due to a conditional, it will report its status as "Success". - if: | - ( - (github.event.pull_request.head.sha) - && (github.event.number || github.run_id) - ) - && github.repository == 'github/docs' - timeout-minutes: 15 - environment: - name: preview-env-${{ github.event.number }} - # The environment variable is computer later in this job in - # the "Get preview app info" step. - # That script sets environment variables which is used by Actions - # to link a PR to a list of environments later. - url: ${{ env.APP_URL }} - env: - PR_NUMBER: ${{ github.event.number || github.run_id }} - COMMIT_REF: ${{ github.event.pull_request.head.sha }} - BRANCH_NAME: ${{ github.head_ref || github.ref_name }} - NONPROD_REGISTRY_USERNAME: ghdocs - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }} - - - name: 'Docker login' - uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c - with: - login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }} - username: ${{ env.NONPROD_REGISTRY_USERNAME }} - password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - - - name: Check out main branch - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: 'main' - persist-credentials: 'false' - - - name: Get preview app info - env: - APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }} - run: src/workflows/get-preview-app-info.sh - - - name: 'Set env vars' - run: | - # Image tag is unique to each workflow run so that it always triggers a new deployment - echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${IMAGE_REPO}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV - - - name: Check out user code to temp directory - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - path: ./user-code - ref: ${{ env.COMMIT_REF }} - - # Move acceptable user changes into our main branch checkout - - name: Move acceptable user changes - run: | - # Make sure recursive path expansion is enabled - shopt -s globstar - rsync -rptovR ./user-code/content/./**/*.md ./content - rsync -rptovR ./user-code/assets/./**/*.png ./assets - rsync -rptovR ./user-code/data/./**/*.{yml,md} ./data - - - uses: ./.github/actions/warmup-remotejson-cache - with: - restore-only: true - - - uses: ./.github/actions/precompute-pageinfo - with: - restore-only: true - - # In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context - - name: 'Prune for preview env' - run: src/workflows/prune-for-preview-env.sh - - - name: 'Build and push image' - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 - with: - context: . - file: Dockerfile.azure - push: true - target: preview - tags: ${{ env.DOCKER_IMAGE }} - # we only pull the `main` cache image - cache-from: type=registry,ref=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview - # `main-docker-cache.yml` handles updating the remote cache so we don't pollute it with PR specific code - cache-to: '' - build-args: | - BUILD_SHA=${{ env.COMMIT_REF }} - - # Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel) - - name: 'Cancel any existing deployments for this PR' - run: | - az deployment group cancel --name ${{ env.DEPLOYMENT_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} || true - - # Deploy ARM template is idempotent - # Note: once the resources exist the image tag must change for a new deployment to occur (the image tag includes workflow run number, run attempt, as well as sha) - - name: Run ARM deploy - uses: azure/arm-deploy@a1361c2c2cd398621955b16ca32e01c65ea340f5 - with: - scope: resourcegroup - resourceGroupName: ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} - subscriptionId: ${{ secrets.NONPROD_SUBSCRIPTION_ID }} - template: ./src/workflows/azure-preview-env-template.json - deploymentName: ${{ env.DEPLOYMENT_NAME }} - parameters: appName="${{ env.APP_NAME }}" - containerImage="${{ env.DOCKER_IMAGE }}" - dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}" - dockerRegistryUsername="${{ env.NONPROD_REGISTRY_USERNAME }}" - dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}" - - - name: Check that it can be reached - # This introduces a necessary delay. Because the preview evironment - # URL is announced to the pull request as soon as all the steps - # finish, what sometimes happens is that a viewer of the PR clicks - # that link too fast and are confronted with a broken page. - # It's because there's a delay between the `azure/arm-deploy` - # and when the server is actually started and can receive and - # process requests. - # By introducing a slight "delay" here we avoid announcing a - # preview environment URL that isn't actually working just yet. - # Note the use of `--fail`. It which means that if it actually - # did connect but the error code was >=400, the command will fail. - # The `--fail --retry N` combination means that a 4xx response - # code will exit immediately but a 5xx will exhaust the retries. - run: curl --fail --retry-connrefused --retry 5 -I ${{ env.APP_URL }} diff --git a/.github/workflows/azure-preview-env-deploy.yml b/.github/workflows/azure-preview-env-deploy.yml deleted file mode 100644 index 63e42e4c0a..0000000000 --- a/.github/workflows/azure-preview-env-deploy.yml +++ /dev/null @@ -1,223 +0,0 @@ -name: Azure - Deploy Preview Environment (private) - -# NOTE! This is specifically and only for github/docs-internal. - -# **What it does**: Build and deploy an Azure preview environment for this PR in github/docs-internal -# **Why we have it**: It's our preview environment deploy mechanism, to docs-internal repo -# **Who does it impact**: Writ-access contributors. - -on: - # The advantage of 'pull_request' over 'pull_request_target' is that we - # can make changes to this file and test them in a pull request, instead - # of relying on landing it in 'main' first. - # From a security point of view, its arguably safer this way because - # unlike 'pull_request_target', these only have secrets if the pull - # request creator has permission to access secrets. - pull_request_target: - merge_group: - workflow_dispatch: - inputs: - PR_NUMBER: - description: 'PR Number' - type: string - required: true - COMMIT_REF: - description: 'The commit SHA to build' - type: string - required: true - WITH_TRANSLATIONS: - description: 'With translations' - required: true - type: boolean -permissions: - contents: read - deployments: write - -# This allows one deploy workflow to interrupt another -concurrency: - group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}' - cancel-in-progress: true - -jobs: - build-and-deploy-azure-preview: - name: Build and deploy Azure preview environment - runs-on: ubuntu-latest - # Ensure this is actually a pull request and not a merge group - # If its a merge group, report success without doing anything - # See https://bit.ly/3qB9nZW > If a job in a workflow is skipped due to a conditional, it will report its status as "Success". - if: | - ( - (github.event.pull_request.head.sha || inputs.COMMIT_REF) - && (github.event.number || inputs.PR_NUMBER || github.run_id) - ) - && github.repository == 'github/docs-internal' - timeout-minutes: 15 - environment: - name: preview-env-${{ github.event.number }} - # The environment variable is computer later in this job in - # the "Get preview app info" step. - # That script sets environment variables which is used by Actions - # to link a PR to a list of environments later. - url: ${{ env.APP_URL }} - env: - PR_NUMBER: ${{ github.event.number || inputs.PR_NUMBER || github.run_id }} - COMMIT_REF: ${{ github.event.pull_request.head.sha || inputs.COMMIT_REF }} - BRANCH_NAME: ${{ github.head_ref || github.ref_name }} - NONPROD_REGISTRY_USERNAME: ghdocsinternal - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }} - - - name: 'Docker login' - uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c - with: - login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }} - username: ${{ env.NONPROD_REGISTRY_USERNAME }} - password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - - - name: Check out PR code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ env.COMMIT_REF }} - # To prevent issues with cloning early access content later - persist-credentials: 'false' - - - name: Get preview app info - env: - APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }} - run: src/workflows/get-preview-app-info.sh - - - name: 'Set env vars' - run: | - # Image tag is unique to each workflow run so that it always triggers a new deployment - echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${IMAGE_REPO}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV - - - name: Determine which docs-early-access branch to clone - id: 'check-early-access' - uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0 - env: - BRANCH_NAME: ${{ env.BRANCH_NAME }} - with: - github-token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - result-encoding: string - script: | - const { BRANCH_NAME } = process.env - - try { - const { status } = await github.request('GET /repos/{owner}/{repo}/branches/{branch}', { - owner: 'github', - repo: 'docs-early-access', - branch: BRANCH_NAME, - }) - - if (status !== 200) { - throw new Error('Received non-200 response from branch GET request') - } - - console.log(`Using docs-early-access branch '${BRANCH_NAME}'`) - return BRANCH_NAME - } catch (e) { - console.log(`Failed to get docs-early-access branch '${BRANCH_NAME}', 'main' will be used instead.`) - return 'main' - } - - - name: Clone docs-early-access - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - repository: github/docs-early-access - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - path: docs-early-access - ref: ${{ steps.check-early-access.outputs.result }} - - - name: Merge docs-early-access repo's folders - run: src/early-access/scripts/merge-early-access.sh - - - name: Determine if we should include translations? - uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0 - id: with-translations - with: - script: | - if (process.env.IS_INTERNAL_BUILD !== 'true') return false - if (context.eventName === "workflow_dispatch") { - return context.payload.inputs.WITH_TRANSLATIONS === 'true' - } - // This works for pull_request_target too - if (context.payload.pull_request?.labels) { - return context.payload.pull_request.labels.map(label => label.name).includes('preview-with-translations') - } - return false - - - if: ${{ steps.with-translations.outputs.result == 'true' }} - uses: ./.github/actions/clone-translations - with: - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - - - uses: ./.github/actions/warmup-remotejson-cache - with: - restore-only: true - - - uses: ./.github/actions/precompute-pageinfo - with: - restore-only: true - - # In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context - - name: 'Prune for preview env' - run: src/workflows/prune-for-preview-env.sh - - - name: 'Build and push image' - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 - with: - context: . - file: Dockerfile.azure - push: true - target: ${{ steps.with-translations.outputs.result == 'true' && 'production' || 'preview' }} - tags: ${{ env.DOCKER_IMAGE }} - # we only pull the `main` cache image - cache-from: type=registry,ref=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview - # `main-docker-cache.yml` handles updating the remote cache so we don't pollute it with PR specific code - cache-to: '' - build-args: | - BUILD_SHA=${{ env.COMMIT_REF }} - - # Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel) - - name: 'Cancel any existing deployments for this PR' - run: | - az deployment group cancel --name ${{ env.DEPLOYMENT_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} || true - - # Deploy ARM template is idempotent - # Note: once the resources exist the image tag must change for a new deployment to occur (the image tag includes workflow run number, run attempt, as well as sha) - - name: Run ARM deploy - uses: azure/arm-deploy@a1361c2c2cd398621955b16ca32e01c65ea340f5 - with: - scope: resourcegroup - resourceGroupName: ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} - subscriptionId: ${{ secrets.NONPROD_SUBSCRIPTION_ID }} - template: ./src/workflows/azure-preview-env-template.json - deploymentName: ${{ env.DEPLOYMENT_NAME }} - parameters: appName="${{ env.APP_NAME }}" - containerImage="${{ env.DOCKER_IMAGE }}" - dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}" - dockerRegistryUsername="${{ env.NONPROD_REGISTRY_USERNAME }}" - dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}" - - - name: Check that it can be reached - # This introduces a necessary delay. Because the preview evironment - # URL is announced to the pull request as soon as all the steps - # finish, what sometimes happens is that a viewer of the PR clicks - # that link too fast and are confronted with a broken page. - # It's because there's a delay between the `azure/arm-deploy` - # and when the server is actually started and can receive and - # process requests. - # By introducing a slight "delay" here we avoid announcing a - # preview environment URL that isn't actually working just yet. - # Note the use of `--fail`. It which means that if it actually - # did connect but the error code was >=400, the command will fail. - # The `--fail --retry N` combination means that a 4xx response - # code will exit immediately but a 5xx will exhaust the retries. - run: curl --fail --retry-connrefused --retry 5 -I ${{ env.APP_URL }} diff --git a/.github/workflows/azure-preview-env-destroy.yml b/.github/workflows/azure-preview-env-destroy.yml deleted file mode 100644 index 382836eb41..0000000000 --- a/.github/workflows/azure-preview-env-destroy.yml +++ /dev/null @@ -1,73 +0,0 @@ -name: Azure - Destroy Preview Env - -# **What it does**: Destroys resources associated with a PRs Azure preview environment -# **Why we have it**: Closed PRs don't need apps -# **Who does it impact**: All contributors. - -on: - # Required in lieu of `pull_request` so that PRs created from forks can destroy the preview environment. - pull_request_target: - types: - - closed - - locked - workflow_dispatch: - inputs: - PR_NUMBER: - description: 'PR Number' - type: string - required: true - -permissions: - contents: read - -# This allows one deploy workflow to interrupt another -concurrency: - group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}' - cancel-in-progress: true - -jobs: - destroy-azure-preview-env: - name: Destroy - runs-on: ubuntu-latest - if: github.repository == 'github/docs-internal' || github.repository == 'github/docs' - timeout-minutes: 5 - env: - PR_NUMBER: ${{ github.event.number || inputs.PR_NUMBER }} - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }} - - - name: Check out repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Get preview app info - env: - APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }} - run: src/workflows/get-preview-app-info.sh - - # Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel) - - name: 'Cancel any in progress deployments' - run: | - az deployment group cancel --name ${{ env.DEPLOYMENT_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} || true - - # Delete web app (which will also delete the App Service plan) - # This will succeed even if the app doesn't exist / has already been deleted - - name: 'Delete App Service App (which will also delete the App Service plan)' - run: | - az container delete -n ${{ env.APP_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} -y - - # Untag all images under this PR's container registry repo - the container registry will automatically remove untagged images. - # This will fail if the IMAGE_REPO doesn't exist, but we don't care - - name: 'Untag all docker images for this PR' - run: | - az acr repository delete -n ${{ secrets.NONPROD_REGISTRY_SERVER }} --repository ${{ env.IMAGE_REPO }} -y || true - - # Remove all GitHub deployments from this environment and remove the environment - - uses: strumwolf/delete-deployment-environment@a4825dd9648c57da8437a4885c3fcad58beac69c - with: - # The token provided by the workflow does not have the permissions to delete created environments - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - environment: preview-env-${{ env.PR_NUMBER }} diff --git a/.github/workflows/azure-prod-build-deploy.yml b/.github/workflows/azure-prod-build-deploy.yml deleted file mode 100644 index 9a09b5f185..0000000000 --- a/.github/workflows/azure-prod-build-deploy.yml +++ /dev/null @@ -1,137 +0,0 @@ -name: Azure Production - Build and Deploy - -# **What it does**: Builds and deploys the default branch to production -# **Why we have it**: To enable us to deploy the latest to production whenever necessary rather than relying on PR merges. -# **Who does it impact**: All contributors. - -on: - workflow_dispatch: - -permissions: - contents: read - deployments: write - -# This allows a subsequently queued workflow run to take priority over -# previously queued runs but NOT interrupt currently executing runs -concurrency: - group: '${{ github.workflow }}' - cancel-in-progress: false - -jobs: - azure-prod-build-and-deploy: - if: ${{ github.repository == 'github/docs-internal' }} - runs-on: ubuntu-20.04-xl - timeout-minutes: 20 - environment: - name: production - url: 'https://docs.github.com' - env: - DOCKER_IMAGE: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:${{ github.sha }} - DOCKER_IMAGE_CACHE_REF: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:main-production - RESOURCE_GROUP_NAME: docs-prod - APP_SERVICE_NAME: ghdocs-prod - SLOT_NAME: canary - ACR_TOKEN_NAME: acrToken - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.PROD_AZURE_CREDENTIALS }} - - - name: Check out repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ github.sha }} - # To prevent issues with cloning early access content later - persist-credentials: 'false' - - - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 - with: - node-version-file: 'package.json' - cache: npm - - # We need this to run a few scripts that were easier to write in JS/TS - - name: Install dependencies - run: npm install - - # Create a temporary token for the Azure Container Registry - # and set it as a GitHub Actions environment variable - # Created token are viewable in the ACR resource UI - # under Repository permissions > Tokens - - name: 'Create Azure Container Registry Token' - env: - CONTAINER_REGISTRY_SERVER: ${{ secrets.PROD_REGISTRY_SERVER }} - run: npm run create-acr-token - - - name: 'Docker login' - uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c - with: - login-server: ${{ secrets.PROD_REGISTRY_SERVER }} - username: ${{ env.ACR_TOKEN_NAME }} - password: ${{ env.ACR_TOKEN_VALUE }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - - - name: Clone docs-early-access - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - repository: github/docs-early-access - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - path: docs-early-access - - - name: Merge docs-early-access repo's folders - run: src/early-access/scripts/merge-early-access.sh - - - uses: ./.github/actions/warmup-remotejson-cache - with: - restore-only: true - - - uses: ./.github/actions/precompute-pageinfo - with: - restore-only: true - - - uses: ./.github/actions/clone-translations - with: - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - - - name: 'Build and push image' - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 - with: - context: . - file: Dockerfile.azure - push: true - target: production - tags: ${{ env.DOCKER_IMAGE }}, ${{ env.DOCKER_IMAGE_CACHE_REF }} - cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_CACHE_REF }} - cache-to: type=registry,mode=max,ref=${{ env.DOCKER_IMAGE_CACHE_REF }} - build-args: | - BUILD_SHA=${{ github.sha }} - - - name: 'Update docker-compose.prod.yaml template file' - run: | - sed 's|#{IMAGE}#|${{ env.DOCKER_IMAGE }}|g' src/workflows/docker-compose.prod.tmpl.yaml > docker-compose.prod.yaml - - - name: 'Apply updated docker-compose.prod.yaml config to canary slot' - run: | - az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.prod.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} - - # Watch canary slot instances to see when all the instances are ready - - name: Check that canary slot is ready - env: - CHECK_INTERVAL: 10000 - EXPECTED_SHA: ${{ github.sha }} - CANARY_BUILD_URL: https://ghdocs-prod-canary.azurewebsites.net/_build - run: npm run check-canary-slots - - - name: 'Swap canary slot to production' - run: | - az webapp deployment slot swap --slot ${{ env.SLOT_NAME }} --target-slot production -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} - - - uses: ./.github/actions/slack-alert - if: ${{ failure() && github.event_name != 'workflow_dispatch' }} - with: - slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} - slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} diff --git a/.github/workflows/azure-staging-build-deploy.yml b/.github/workflows/azure-staging-build-deploy.yml deleted file mode 100644 index 24cf895746..0000000000 --- a/.github/workflows/azure-staging-build-deploy.yml +++ /dev/null @@ -1,122 +0,0 @@ -name: Azure Staging - Build and Deploy - -# **What it does**: Builds and deploys a branch/PR to staging -# **Why we have it**: To enable us to deploy a branch/PR to staging whenever necessary -# **Who does it impact**: All contributors. - -on: - workflow_dispatch: - inputs: - PR_NUMBER: - description: 'PR Number' - type: string - required: true - COMMIT_REF: - description: 'The commit SHA to build' - type: string - required: true - -permissions: - contents: read - deployments: write - -# This allows a subsequently queued workflow run to take priority over -# previously queued runs but NOT interrupt currently executing runs -concurrency: - group: 'staging-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}' - cancel-in-progress: true - -jobs: - azure-staging-build-and-deploy: - if: ${{ github.repository == 'github/docs-internal' }} - runs-on: ubuntu-latest - timeout-minutes: 20 - environment: - # TODO: Update name and url to point to a specific slot for the branch/PR - name: staging-env - url: ${{ env.APP_URL }} - env: - PR_NUMBER: ${{ github.event.number || inputs.PR_NUMBER || github.run_id }} - COMMIT_REF: ${{ github.event.pull_request.head.sha || inputs.COMMIT_REF }} - IMAGE_REPO: ${{ github.repository }}/pr-${{ github.event.number || inputs.PR_NUMBER || github.run_id }} - RESOURCE_GROUP_NAME: docs-staging - APP_SERVICE_NAME: ghdocs-staging - SLOT_NAME: canary - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.PROD_AZURE_CREDENTIALS }} - - - name: 'Docker login' - uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c - with: - login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }} - username: ${{ secrets.NONPROD_REGISTRY_USERNAME }} - password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - - - name: Check out repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ env.COMMIT_REF }} - # To prevent issues with cloning early access content later - persist-credentials: 'false' - - - name: 'Set env vars' - run: | - # Set APP_URL - echo "APP_URL=${{ secrets.STAGING_APP_URL }}" >> $GITHUB_ENV - # Image tag is unique to each workflow run so that it always triggers a new deployment - echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ env.IMAGE_REPO }}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV - - - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 - with: - node-version-file: 'package.json' - cache: npm - - - name: Clone docs-early-access - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - repository: github/docs-early-access - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - path: docs-early-access - ref: main - - - name: Merge docs-early-access repo's folders - run: src/early-access/scripts/merge-early-access.sh - - - name: 'Build and push image' - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 - with: - context: . - file: Dockerfile.azure - push: true - target: production - tags: ${{ env.DOCKER_IMAGE }} - build-args: | - BUILD_SHA=${{ env.COMMIT_REF }} - - - name: 'Update docker-compose.staging.yaml template file' - run: | - sed 's|#{IMAGE}#|${{ env.DOCKER_IMAGE }}|g' src/workflows/docker-compose.staging.tmpl.yaml > docker-compose.staging.yaml - - - name: 'Apply updated docker-compose.staging.yaml config to deployment slot' - run: | - az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.staging.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} - - # Watch deployment slot instances to see when all the instances are ready - - name: Check that deployment slot is ready - env: - CHECK_INTERVAL: 10000 - EXPECTED_SHA: ${{ github.sha }} - CANARY_BUILD_URL: https://ghdocs-staging-canary.azurewebsites.net/_build - run: npm run check-canary-slots - - - name: 'Swap deployment slot to production' - run: | - az webapp deployment slot swap --slot ${{ env.SLOT_NAME }} --target-slot production -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} diff --git a/.github/workflows/main-preview-docker-cache.yml b/.github/workflows/main-preview-docker-cache.yml deleted file mode 100644 index 35c386a16d..0000000000 --- a/.github/workflows/main-preview-docker-cache.yml +++ /dev/null @@ -1,85 +0,0 @@ -name: Build and Push Main Preview Env Docker Cache - -# **What it does**: Builds and pushes the `main` Docker cache image -# **Why we have it**: It allows PRs using the registry cache to pull a pre-built image, which should speed up the build -# **Who does it impact**: All contributors. - -on: - push: - branches: - - main - -permissions: - contents: read - -# This allows a subsequently queued workflow run to take priority over -# previously queued runs and interrupt currently executing runs -concurrency: - group: '${{ github.workflow }}' - cancel-in-progress: true - -jobs: - build-and-push-nonprod-cache: - if: ${{ github.repository == 'github/docs-internal' || github.repository == 'github/docs' }} - runs-on: ubuntu-latest - timeout-minutes: 15 - env: - ENABLE_EARLY_ACCESS: ${{ github.repository == 'github/docs-internal' }} - DOCKER_IMAGE_CACHE_REF: ${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview - NONPROD_REGISTRY_USERNAME: ${{ fromJSON('["ghdocs", "ghdocsinternal"]')[github.repository == 'github/docs-internal'] }} - - steps: - - name: 'Az CLI login' - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 - with: - creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }} - - - name: 'Docker login' - uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c - with: - login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }} - username: ${{ env.NONPROD_REGISTRY_USERNAME }} - password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - - - name: Check out repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - # To prevent issues with cloning early access content later - persist-credentials: 'false' - - - if: ${{ env.ENABLE_EARLY_ACCESS }} - name: Clone docs-early-access - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - repository: github/docs-early-access - token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - path: docs-early-access - ref: main - - - if: ${{ env.ENABLE_EARLY_ACCESS }} - name: Merge docs-early-access repo's folders - run: src/early-access/scripts/merge-early-access.sh - - # In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context - - name: 'Prune for preview env' - run: src/workflows/prune-for-preview-env.sh - - - name: 'Build and push image' - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 - with: - context: . - file: Dockerfile.azure - push: true - target: preview - tags: ${{ env.DOCKER_IMAGE_CACHE_REF }} - cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_CACHE_REF }} - cache-to: type=registry,mode=max,ref=${{ env.DOCKER_IMAGE_CACHE_REF }} - - - uses: ./.github/actions/slack-alert - if: ${{ failure() }} - with: - slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} - slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} diff --git a/src/workflows/get-preview-app-info.sh b/src/workflows/get-preview-app-info.sh deleted file mode 100755 index 3624f683d0..0000000000 --- a/src/workflows/get-preview-app-info.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/env bash - -# [start-readme] -# -# This script sets environment variables with info about the preview app for a given PR -# -# [end-readme] - -# ENV VARS NEEDED TO RUN -[[ -z $GITHUB_REPOSITORY ]] && { echo "Missing GITHUB_REPOSITORY. Exiting."; exit 1; } -[[ -z $PR_NUMBER ]] && { echo "Missing PR_NUMBER. Exiting."; exit 1; } -[[ -z $GITHUB_ENV ]] && { echo "Missing GITHUB_ENV. Exiting."; exit 1; } -[[ -z $APP_NAME_SEED ]] && { echo "Missing APP_NAME_SEED. Exiting."; exit 1; } - -PREVIEW_ENV_LOCATION="eastus" - -# GITHUB_REPOSITORY is a default env variable and cannot be overwritten. -# Use CUSTOM_GITHUB_REPOSITORY to specify a repo owner/name -# other than the repo owner/name where this script was called from. -# If CUSTOM_GITHUB_REPOSITORY is not specified, fall back to GITHUB_REPOSITORY. -REPO_NAME_WITH_OWNER="${CUSTOM_GITHUB_REPOSITORY:-$GITHUB_REPOSITORY}" - -REPO_NAME="${REPO_NAME_WITH_OWNER#*\/}" -echo "REPO_NAME=${REPO_NAME}" >> $GITHUB_ENV - -DEPLOYMENT_NAME="${REPO_NAME}-pr-${PR_NUMBER}" -echo "DEPLOYMENT_NAME=${DEPLOYMENT_NAME}" >> $GITHUB_ENV - -APP_NAME_BASE="${REPO_NAME}-preview-${PR_NUMBER}" - -# pseudo random string so guessing a preview env URL is more difficult -APP_SHA=$(echo -n "${APP_NAME_SEED}-${APP_NAME_BASE}" | sha1sum | cut -c1-6) - -APP_NAME="${APP_NAME_BASE}-${APP_SHA}" -echo "APP_NAME=${APP_NAME}" >> $GITHUB_ENV - -APP_URL="https://${REPO_NAME}-${PR_NUMBER}-${APP_SHA}.preview.ghdocs.com" -echo "APP_URL=${APP_URL}" >> $GITHUB_ENV - -IMAGE_REPO="${REPO_NAME_WITH_OWNER}/pr-${PR_NUMBER}" -echo "IMAGE_REPO=${IMAGE_REPO}" >> $GITHUB_ENV diff --git a/src/workflows/prune-for-preview-env.sh b/src/workflows/prune-for-preview-env.sh deleted file mode 100755 index 8840031f8f..0000000000 --- a/src/workflows/prune-for-preview-env.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -# [start-readme] -# -# This script removes files that are unnecessary for our preview environments. -# This is typically run before a docker build to reduce the size of the build context sent to docker -# -# [end-readme] - -# The assumption here is that a preview build will not -# need these legacy redirects. Only the redirects from -# front-matter will be at play. -# These static redirects json files are notoriously large -echo '[]' > src/redirects/lib/static/archived-frontmatter-valid-urls.json -echo '{}' > src/redirects/lib/static/archived-redirects-from-213-to-217.json