jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-07 00:01:39 -05:00
Code Issues Projects Releases Wiki Activity

Remove Azure preview and destroy workflows (#54122)

Browse Source
This commit is contained in:
Hector Alfaro
2025-01-27 15:02:35 -05:00
committed by GitHub
parent b7fe4f67e1
commit f985a7edbf
8 changed files with 0 additions and 868 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
.github/workflows/azure-preview-env-deploy-public.yml vendored
View File

@@ -1,172 +0,0 @@
name: Azure - Deploy Preview Environment (public)
# NOTE! This is specifically and only for github/docs.
# **What it does**: Build and deploy an Azure preview environment for this PR in github/docs
# **Why we have it**: It's our preview environment deploy mechanism, to docs public repo
# **Who does it impact**: All open source contributors.
# !!!
# ! This worflow has access to secrets, runs in the public repository, and clones untrusted user code.
# ! Modify with extreme caution
# !!!
on:
pull_request_target:
# Note that if someone makes a PR that touches `Dockerfile`
# and `content/index.md`, this use of `paths` will still run.
# It would run even if we appended `- '!Dockerfile'` to the list.
# But if someone makes a PR that touches `Dockerfile` only, the
# workflow will not run.
paths:
- 'content/**'
- 'data/**'
- 'assets/**'
merge_group:
permissions:
contents: read
deployments: write
# This allows one deploy workflow to interrupt another
concurrency:
group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}'
cancel-in-progress: true
jobs:
build-and-deploy-azure-preview-public:
name: Build and deploy Azure preview environment (public)
runs-on: ubuntu-latest
# Ensure this is actually a pull request and not a merge group
# If its a merge group, report success without doing anything
# See https://bit.ly/3qB9nZW > If a job in a workflow is skipped due to a conditional, it will report its status as "Success".
if: |
(
(github.event.pull_request.head.sha)
&& (github.event.number || github.run_id)
)
&& github.repository == 'github/docs'
timeout-minutes: 15
environment:
name: preview-env-${{ github.event.number }}
# The environment variable is computer later in this job in
# the "Get preview app info" step.
# That script sets environment variables which is used by Actions
# to link a PR to a list of environments later.
url: ${{ env.APP_URL }}
env:
PR_NUMBER: ${{ github.event.number || github.run_id }}
COMMIT_REF: ${{ github.event.pull_request.head.sha }}
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
NONPROD_REGISTRY_USERNAME: ghdocs
steps:
- name: 'Az CLI login'
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2
with:
creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }}
- name: 'Docker login'
uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
with:
login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
username: ${{ env.NONPROD_REGISTRY_USERNAME }}
password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Check out main branch
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: 'main'
persist-credentials: 'false'
- name: Get preview app info
env:
APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }}
run: src/workflows/get-preview-app-info.sh
- name: 'Set env vars'
run: |
# Image tag is unique to each workflow run so that it always triggers a new deployment
echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${IMAGE_REPO}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV
- name: Check out user code to temp directory
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
path: ./user-code
ref: ${{ env.COMMIT_REF }}
# Move acceptable user changes into our main branch checkout
- name: Move acceptable user changes
run: |
# Make sure recursive path expansion is enabled
shopt -s globstar
rsync -rptovR ./user-code/content/./**/*.md ./content
rsync -rptovR ./user-code/assets/./**/*.png ./assets
rsync -rptovR ./user-code/data/./**/*.{yml,md} ./data
- uses: ./.github/actions/warmup-remotejson-cache
with:
restore-only: true
- uses: ./.github/actions/precompute-pageinfo
with:
restore-only: true
# In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context
- name: 'Prune for preview env'
run: src/workflows/prune-for-preview-env.sh
- name: 'Build and push image'
uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
with:
context: .
file: Dockerfile.azure
push: true
target: preview
tags: ${{ env.DOCKER_IMAGE }}
# we only pull the `main` cache image
cache-from: type=registry,ref=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview
# `main-docker-cache.yml` handles updating the remote cache so we don't pollute it with PR specific code
cache-to: ''
build-args: |
BUILD_SHA=${{ env.COMMIT_REF }}
# Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel)
- name: 'Cancel any existing deployments for this PR'
run: |
az deployment group cancel --name ${{ env.DEPLOYMENT_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} || true
# Deploy ARM template is idempotent
# Note: once the resources exist the image tag must change for a new deployment to occur (the image tag includes workflow run number, run attempt, as well as sha)
- name: Run ARM deploy
uses: azure/arm-deploy@a1361c2c2cd398621955b16ca32e01c65ea340f5
with:
scope: resourcegroup
resourceGroupName: ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }}
subscriptionId: ${{ secrets.NONPROD_SUBSCRIPTION_ID }}
template: ./src/workflows/azure-preview-env-template.json
deploymentName: ${{ env.DEPLOYMENT_NAME }}
parameters: appName="${{ env.APP_NAME }}"
containerImage="${{ env.DOCKER_IMAGE }}"
dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}"
dockerRegistryUsername="${{ env.NONPROD_REGISTRY_USERNAME }}"
dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}"
- name: Check that it can be reached
# This introduces a necessary delay. Because the preview evironment
# URL is announced to the pull request as soon as all the steps
# finish, what sometimes happens is that a viewer of the PR clicks
# that link too fast and are confronted with a broken page.
# It's because there's a delay between the `azure/arm-deploy`
# and when the server is actually started and can receive and
# process requests.
# By introducing a slight "delay" here we avoid announcing a
# preview environment URL that isn't actually working just yet.
# Note the use of `--fail`. It which means that if it actually
# did connect but the error code was >=400, the command will fail.
# The `--fail --retry N` combination means that a 4xx response
# code will exit immediately but a 5xx will exhaust the retries.
run: curl --fail --retry-connrefused --retry 5 -I ${{ env.APP_URL }}

223
.github/workflows/azure-preview-env-deploy.yml vendored
View File

@@ -1,223 +0,0 @@
name: Azure - Deploy Preview Environment (private)
# NOTE! This is specifically and only for github/docs-internal.
# **What it does**: Build and deploy an Azure preview environment for this PR in github/docs-internal
# **Why we have it**: It's our preview environment deploy mechanism, to docs-internal repo
# **Who does it impact**: Writ-access contributors.
on:
# The advantage of 'pull_request' over 'pull_request_target' is that we
# can make changes to this file and test them in a pull request, instead
# of relying on landing it in 'main' first.
# From a security point of view, its arguably safer this way because
# unlike 'pull_request_target', these only have secrets if the pull
# request creator has permission to access secrets.
pull_request_target:
merge_group:
workflow_dispatch:
inputs:
PR_NUMBER:
description: 'PR Number'
type: string
required: true
COMMIT_REF:
description: 'The commit SHA to build'
type: string
required: true
WITH_TRANSLATIONS:
description: 'With translations'
required: true
type: boolean
permissions:
contents: read
deployments: write
# This allows one deploy workflow to interrupt another
concurrency:
group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}'
cancel-in-progress: true
jobs:
build-and-deploy-azure-preview:
name: Build and deploy Azure preview environment
runs-on: ubuntu-latest
# Ensure this is actually a pull request and not a merge group
# If its a merge group, report success without doing anything
# See https://bit.ly/3qB9nZW > If a job in a workflow is skipped due to a conditional, it will report its status as "Success".
if: |
(
(github.event.pull_request.head.sha || inputs.COMMIT_REF)
&& (github.event.number || inputs.PR_NUMBER || github.run_id)
)
&& github.repository == 'github/docs-internal'
timeout-minutes: 15
environment:
name: preview-env-${{ github.event.number }}
# The environment variable is computer later in this job in
# the "Get preview app info" step.
# That script sets environment variables which is used by Actions
# to link a PR to a list of environments later.
url: ${{ env.APP_URL }}
env:
PR_NUMBER: ${{ github.event.number || inputs.PR_NUMBER || github.run_id }}
COMMIT_REF: ${{ github.event.pull_request.head.sha || inputs.COMMIT_REF }}
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
NONPROD_REGISTRY_USERNAME: ghdocsinternal
steps:
- name: 'Az CLI login'
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2
with:
creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }}
- name: 'Docker login'
uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
with:
login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
username: ${{ env.NONPROD_REGISTRY_USERNAME }}
password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Check out PR code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ env.COMMIT_REF }}
# To prevent issues with cloning early access content later
persist-credentials: 'false'
- name: Get preview app info
env:
APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }}
run: src/workflows/get-preview-app-info.sh
- name: 'Set env vars'
run: |
# Image tag is unique to each workflow run so that it always triggers a new deployment
echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${IMAGE_REPO}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV
- name: Determine which docs-early-access branch to clone
id: 'check-early-access'
uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0
env:
BRANCH_NAME: ${{ env.BRANCH_NAME }}
with:
github-token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
result-encoding: string
script: |
const { BRANCH_NAME } = process.env
try {
const { status } = await github.request('GET /repos/{owner}/{repo}/branches/{branch}', {
owner: 'github',
repo: 'docs-early-access',
branch: BRANCH_NAME,
})
if (status !== 200) {
throw new Error('Received non-200 response from branch GET request')
}
console.log(`Using docs-early-access branch '${BRANCH_NAME}'`)
return BRANCH_NAME
} catch (e) {
console.log(`Failed to get docs-early-access branch '${BRANCH_NAME}', 'main' will be used instead.`)
return 'main'
}
- name: Clone docs-early-access
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: github/docs-early-access
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
path: docs-early-access
ref: ${{ steps.check-early-access.outputs.result }}
- name: Merge docs-early-access repo's folders
run: src/early-access/scripts/merge-early-access.sh
- name: Determine if we should include translations?
uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0
id: with-translations
with:
script: |
if (process.env.IS_INTERNAL_BUILD !== 'true') return false
if (context.eventName === "workflow_dispatch") {
return context.payload.inputs.WITH_TRANSLATIONS === 'true'
}
// This works for pull_request_target too
if (context.payload.pull_request?.labels) {
return context.payload.pull_request.labels.map(label => label.name).includes('preview-with-translations')
}
return false
- if: ${{ steps.with-translations.outputs.result == 'true' }}
uses: ./.github/actions/clone-translations
with:
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
- uses: ./.github/actions/warmup-remotejson-cache
with:
restore-only: true
- uses: ./.github/actions/precompute-pageinfo
with:
restore-only: true
# In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context
- name: 'Prune for preview env'
run: src/workflows/prune-for-preview-env.sh
- name: 'Build and push image'
uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
with:
context: .
file: Dockerfile.azure
push: true
target: ${{ steps.with-translations.outputs.result == 'true' && 'production' || 'preview' }}
tags: ${{ env.DOCKER_IMAGE }}
# we only pull the `main` cache image
cache-from: type=registry,ref=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview
# `main-docker-cache.yml` handles updating the remote cache so we don't pollute it with PR specific code
cache-to: ''
build-args: |
BUILD_SHA=${{ env.COMMIT_REF }}
# Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel)
- name: 'Cancel any existing deployments for this PR'
run: |
az deployment group cancel --name ${{ env.DEPLOYMENT_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} || true
# Deploy ARM template is idempotent
# Note: once the resources exist the image tag must change for a new deployment to occur (the image tag includes workflow run number, run attempt, as well as sha)
- name: Run ARM deploy
uses: azure/arm-deploy@a1361c2c2cd398621955b16ca32e01c65ea340f5
with:
scope: resourcegroup
resourceGroupName: ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }}
subscriptionId: ${{ secrets.NONPROD_SUBSCRIPTION_ID }}
template: ./src/workflows/azure-preview-env-template.json
deploymentName: ${{ env.DEPLOYMENT_NAME }}
parameters: appName="${{ env.APP_NAME }}"
containerImage="${{ env.DOCKER_IMAGE }}"
dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}"
dockerRegistryUsername="${{ env.NONPROD_REGISTRY_USERNAME }}"
dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}"
- name: Check that it can be reached
# This introduces a necessary delay. Because the preview evironment
# URL is announced to the pull request as soon as all the steps
# finish, what sometimes happens is that a viewer of the PR clicks
# that link too fast and are confronted with a broken page.
# It's because there's a delay between the `azure/arm-deploy`
# and when the server is actually started and can receive and
# process requests.
# By introducing a slight "delay" here we avoid announcing a
# preview environment URL that isn't actually working just yet.
# Note the use of `--fail`. It which means that if it actually
# did connect but the error code was >=400, the command will fail.
# The `--fail --retry N` combination means that a 4xx response
# code will exit immediately but a 5xx will exhaust the retries.
run: curl --fail --retry-connrefused --retry 5 -I ${{ env.APP_URL }}

73
.github/workflows/azure-preview-env-destroy.yml vendored
View File

@@ -1,73 +0,0 @@
name: Azure - Destroy Preview Env
# **What it does**: Destroys resources associated with a PRs Azure preview environment
# **Why we have it**: Closed PRs don't need apps
# **Who does it impact**: All contributors.
on:
# Required in lieu of `pull_request` so that PRs created from forks can destroy the preview environment.
pull_request_target:
types:
- closed
- locked
workflow_dispatch:
inputs:
PR_NUMBER:
description: 'PR Number'
type: string
required: true
permissions:
contents: read
# This allows one deploy workflow to interrupt another
concurrency:
group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}'
cancel-in-progress: true
jobs:
destroy-azure-preview-env:
name: Destroy
runs-on: ubuntu-latest
if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
timeout-minutes: 5
env:
PR_NUMBER: ${{ github.event.number || inputs.PR_NUMBER }}
steps:
- name: 'Az CLI login'
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2
with:
creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }}
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Get preview app info
env:
APP_NAME_SEED: ${{ secrets.PREVIEW_ENV_NAME_SEED }}
run: src/workflows/get-preview-app-info.sh
# Succeed despite any non-zero exit code (e.g. if there is no deployment to cancel)
- name: 'Cancel any in progress deployments'
run: |
az deployment group cancel --name ${{ env.DEPLOYMENT_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} || true
# Delete web app (which will also delete the App Service plan)
# This will succeed even if the app doesn't exist / has already been deleted
- name: 'Delete App Service App (which will also delete the App Service plan)'
run: |
az container delete -n ${{ env.APP_NAME }} -g ${{ secrets.PREVIEW_ENV_RESOURCE_GROUP }} -y
# Untag all images under this PR's container registry repo - the container registry will automatically remove untagged images.
# This will fail if the IMAGE_REPO doesn't exist, but we don't care
- name: 'Untag all docker images for this PR'
run: |
az acr repository delete -n ${{ secrets.NONPROD_REGISTRY_SERVER }} --repository ${{ env.IMAGE_REPO }} -y || true
# Remove all GitHub deployments from this environment and remove the environment
- uses: strumwolf/delete-deployment-environment@a4825dd9648c57da8437a4885c3fcad58beac69c
with:
# The token provided by the workflow does not have the permissions to delete created environments
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
environment: preview-env-${{ env.PR_NUMBER }}

137
.github/workflows/azure-prod-build-deploy.yml vendored
View File

@@ -1,137 +0,0 @@
name: Azure Production - Build and Deploy
# **What it does**: Builds and deploys the default branch to production
# **Why we have it**: To enable us to deploy the latest to production whenever necessary rather than relying on PR merges.
# **Who does it impact**: All contributors.
on:
workflow_dispatch:
permissions:
contents: read
deployments: write
# This allows a subsequently queued workflow run to take priority over
# previously queued runs but NOT interrupt currently executing runs
concurrency:
group: '${{ github.workflow }}'
cancel-in-progress: false
jobs:
azure-prod-build-and-deploy:
if: ${{ github.repository == 'github/docs-internal' }}
runs-on: ubuntu-20.04-xl
timeout-minutes: 20
environment:
name: production
url: 'https://docs.github.com'
env:
DOCKER_IMAGE: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:${{ github.sha }}
DOCKER_IMAGE_CACHE_REF: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:main-production
RESOURCE_GROUP_NAME: docs-prod
APP_SERVICE_NAME: ghdocs-prod
SLOT_NAME: canary
ACR_TOKEN_NAME: acrToken
steps:
- name: 'Az CLI login'
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2
with:
creds: ${{ secrets.PROD_AZURE_CREDENTIALS }}
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.sha }}
# To prevent issues with cloning early access content later
persist-credentials: 'false'
- name: Setup Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version-file: 'package.json'
cache: npm
# We need this to run a few scripts that were easier to write in JS/TS
- name: Install dependencies
run: npm install
# Create a temporary token for the Azure Container Registry
# and set it as a GitHub Actions environment variable
# Created token are viewable in the ACR resource UI
# under Repository permissions > Tokens
- name: 'Create Azure Container Registry Token'
env:
CONTAINER_REGISTRY_SERVER: ${{ secrets.PROD_REGISTRY_SERVER }}
run: npm run create-acr-token
- name: 'Docker login'
uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
with:
login-server: ${{ secrets.PROD_REGISTRY_SERVER }}
username: ${{ env.ACR_TOKEN_NAME }}
password: ${{ env.ACR_TOKEN_VALUE }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Clone docs-early-access
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: github/docs-early-access
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
path: docs-early-access
- name: Merge docs-early-access repo's folders
run: src/early-access/scripts/merge-early-access.sh
- uses: ./.github/actions/warmup-remotejson-cache
with:
restore-only: true
- uses: ./.github/actions/precompute-pageinfo
with:
restore-only: true
- uses: ./.github/actions/clone-translations
with:
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
- name: 'Build and push image'
uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
with:
context: .
file: Dockerfile.azure
push: true
target: production
tags: ${{ env.DOCKER_IMAGE }}, ${{ env.DOCKER_IMAGE_CACHE_REF }}
cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_CACHE_REF }}
cache-to: type=registry,mode=max,ref=${{ env.DOCKER_IMAGE_CACHE_REF }}
build-args: |
BUILD_SHA=${{ github.sha }}
- name: 'Update docker-compose.prod.yaml template file'
run: |
sed 's|#{IMAGE}#|${{ env.DOCKER_IMAGE }}|g' src/workflows/docker-compose.prod.tmpl.yaml > docker-compose.prod.yaml
- name: 'Apply updated docker-compose.prod.yaml config to canary slot'
run: |
az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.prod.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }}
# Watch canary slot instances to see when all the instances are ready
- name: Check that canary slot is ready
env:
CHECK_INTERVAL: 10000
EXPECTED_SHA: ${{ github.sha }}
CANARY_BUILD_URL: https://ghdocs-prod-canary.azurewebsites.net/_build
run: npm run check-canary-slots
- name: 'Swap canary slot to production'
run: |
az webapp deployment slot swap --slot ${{ env.SLOT_NAME }} --target-slot production -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }}
- uses: ./.github/actions/slack-alert
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
with:
slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}

122
.github/workflows/azure-staging-build-deploy.yml vendored
View File

@@ -1,122 +0,0 @@
name: Azure Staging - Build and Deploy
# **What it does**: Builds and deploys a branch/PR to staging
# **Why we have it**: To enable us to deploy a branch/PR to staging whenever necessary
# **Who does it impact**: All contributors.
on:
workflow_dispatch:
inputs:
PR_NUMBER:
description: 'PR Number'
type: string
required: true
COMMIT_REF:
description: 'The commit SHA to build'
type: string
required: true
permissions:
contents: read
deployments: write
# This allows a subsequently queued workflow run to take priority over
# previously queued runs but NOT interrupt currently executing runs
concurrency:
group: 'staging-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || inputs.PR_NUMBER }}'
cancel-in-progress: true
jobs:
azure-staging-build-and-deploy:
if: ${{ github.repository == 'github/docs-internal' }}
runs-on: ubuntu-latest
timeout-minutes: 20
environment:
# TODO: Update name and url to point to a specific slot for the branch/PR
name: staging-env
url: ${{ env.APP_URL }}
env:
PR_NUMBER: ${{ github.event.number || inputs.PR_NUMBER || github.run_id }}
COMMIT_REF: ${{ github.event.pull_request.head.sha || inputs.COMMIT_REF }}
IMAGE_REPO: ${{ github.repository }}/pr-${{ github.event.number || inputs.PR_NUMBER || github.run_id }}
RESOURCE_GROUP_NAME: docs-staging
APP_SERVICE_NAME: ghdocs-staging
SLOT_NAME: canary
steps:
- name: 'Az CLI login'
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2
with:
creds: ${{ secrets.PROD_AZURE_CREDENTIALS }}
- name: 'Docker login'
uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
with:
login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
username: ${{ secrets.NONPROD_REGISTRY_USERNAME }}
password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ env.COMMIT_REF }}
# To prevent issues with cloning early access content later
persist-credentials: 'false'
- name: 'Set env vars'
run: |
# Set APP_URL
echo "APP_URL=${{ secrets.STAGING_APP_URL }}" >> $GITHUB_ENV
# Image tag is unique to each workflow run so that it always triggers a new deployment
echo "DOCKER_IMAGE=${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ env.IMAGE_REPO }}:${{ env.COMMIT_REF }}-${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV
- name: Setup Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version-file: 'package.json'
cache: npm
- name: Clone docs-early-access
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: github/docs-early-access
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
path: docs-early-access
ref: main
- name: Merge docs-early-access repo's folders
run: src/early-access/scripts/merge-early-access.sh
- name: 'Build and push image'
uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
with:
context: .
file: Dockerfile.azure
push: true
target: production
tags: ${{ env.DOCKER_IMAGE }}
build-args: |
BUILD_SHA=${{ env.COMMIT_REF }}
- name: 'Update docker-compose.staging.yaml template file'
run: |
sed 's|#{IMAGE}#|${{ env.DOCKER_IMAGE }}|g' src/workflows/docker-compose.staging.tmpl.yaml > docker-compose.staging.yaml
- name: 'Apply updated docker-compose.staging.yaml config to deployment slot'
run: |
az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.staging.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }}
# Watch deployment slot instances to see when all the instances are ready
- name: Check that deployment slot is ready
env:
CHECK_INTERVAL: 10000
EXPECTED_SHA: ${{ github.sha }}
CANARY_BUILD_URL: https://ghdocs-staging-canary.azurewebsites.net/_build
run: npm run check-canary-slots
- name: 'Swap deployment slot to production'
run: |
az webapp deployment slot swap --slot ${{ env.SLOT_NAME }} --target-slot production -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }}

85
.github/workflows/main-preview-docker-cache.yml vendored
View File

@@ -1,85 +0,0 @@
name: Build and Push Main Preview Env Docker Cache
# **What it does**: Builds and pushes the `main` Docker cache image
# **Why we have it**: It allows PRs using the registry cache to pull a pre-built image, which should speed up the build
# **Who does it impact**: All contributors.
on:
push:
branches:
- main
permissions:
contents: read
# This allows a subsequently queued workflow run to take priority over
# previously queued runs and interrupt currently executing runs
concurrency:
group: '${{ github.workflow }}'
cancel-in-progress: true
jobs:
build-and-push-nonprod-cache:
if: ${{ github.repository == 'github/docs-internal' || github.repository == 'github/docs' }}
runs-on: ubuntu-latest
timeout-minutes: 15
env:
ENABLE_EARLY_ACCESS: ${{ github.repository == 'github/docs-internal' }}
DOCKER_IMAGE_CACHE_REF: ${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview
NONPROD_REGISTRY_USERNAME: ${{ fromJSON('["ghdocs", "ghdocsinternal"]')[github.repository == 'github/docs-internal'] }}
steps:
- name: 'Az CLI login'
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2
with:
creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }}
- name: 'Docker login'
uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
with:
login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
username: ${{ env.NONPROD_REGISTRY_USERNAME }}
password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
# To prevent issues with cloning early access content later
persist-credentials: 'false'
- if: ${{ env.ENABLE_EARLY_ACCESS }}
name: Clone docs-early-access
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: github/docs-early-access
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
path: docs-early-access
ref: main
- if: ${{ env.ENABLE_EARLY_ACCESS }}
name: Merge docs-early-access repo's folders
run: src/early-access/scripts/merge-early-access.sh
# In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context
- name: 'Prune for preview env'
run: src/workflows/prune-for-preview-env.sh
- name: 'Build and push image'
uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755
with:
context: .
file: Dockerfile.azure
push: true
target: preview
tags: ${{ env.DOCKER_IMAGE_CACHE_REF }}
cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_CACHE_REF }}
cache-to: type=registry,mode=max,ref=${{ env.DOCKER_IMAGE_CACHE_REF }}
- uses: ./.github/actions/slack-alert
if: ${{ failure() }}
with:
slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}