add pr-review-companion.yml (#1467)

author: Peter Bengtsson <mail@peterbe.com> 2021-07-09 16:34:45 -0400
committer: GitHub <noreply@github.com> 2021-07-09 16:34:45 -0400
commit: 5d08d613a9c2490c134282e2bd6c32a1475f4dca (patch)
tree: f111384dced20a306148dd81aa62b0ad17dcf76e /.github
parent: c46d129780a6de2cc228704621731ec5db399674 (diff)
download: translated-content-5d08d613a9c2490c134282e2bd6c32a1475f4dca.tar.gz
translated-content-5d08d613a9c2490c134282e2bd6c32a1475f4dca.tar.bz2
translated-content-5d08d613a9c2490c134282e2bd6c32a1475f4dca.zip
1 files changed, 129 insertions, 0 deletions
diff --git a/.github/workflows/pr-review-companion.yml b/.github/workflows/pr-review-companion.yml
new file mode 100644
index 0000000000..aaf799d499
--- /dev/null
+++ b/.github/workflows/pr-review-companion.yml
@@ -0,0 +1,129 @@
+# NOTE! This is a copy of
+# https://github.com/mdn/content/blob/main/.github/workflows/pr-review-companion.yml
+# with absolutely minor differences.
+
+# Things to do and run after a "PR Test" workflow has finished successfully.
+# Note, as of right now, this workflow does a bunch of things. It might be
+# worth considering to break it up so there's a dedicated post-PR
+# workflow just to posting PR comments about flaws, for example.
+
+name: PR review companion
+
+on:
+  workflow_run:
+    workflows: ["PR Test"]
+    types:
+      - completed
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+
+    if: >
+      ${{ github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.conclusion == 'success' }}
+
+    steps:
+      - name: 'Download artifact'
+        uses: actions/github-script@v4.0.2
+        with:
+          script: |
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{github.event.workflow_run.id }},
+            });
+            var matchArtifacts = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "build"
+            });
+            if (matchArtifacts.length === 0) {
+              console.warn(
+                'No artifacts to download probably just means nothing ' +
+                'was built in the "PR test" workflow. That\'s OK. ' +
+                'This is actually not a genuine CI error.'
+              );
+              throw new Error(
+                'No matched build artifacts. ' +
+                'Perhaps nothing built in the "PR test" workflow'
+              );
+            }
+            var matchArtifact = matchArtifacts[0];
+            var download = await github.actions.downloadArtifact({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                artifact_id: matchArtifact.id,
+                archive_format: 'zip',
+            });
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/build.zip', Buffer.from(download.data));
+
+      - name: Unzip what was downloaded
+        run: |
+          unzip build.zip -d build
+
+      - uses: actions/checkout@v2
+        with:
+           repository: mdn/yari
+           path: yari
+
+      - name: Install Python
+        uses: actions/setup-python@v2.2.2
+        with:
+          python-version: "3.8"
+
+      - name: Install Python poetry
+        uses: snok/install-poetry@v1.1.6
+        with:
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+
+      - name: Load cached venv
+        id: cached-poetry-dependencies
+        uses: actions/cache@v2.1.6
+        with:
+          path: yari/deployer/.venv
+          key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}-${{ hashFiles('.github/workflows/pr-review-companion.yml') }}
+
+      - name: Install poetry dependencies
+        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
+        run: |
+          cd yari/deployer
+          poetry install --no-interaction --no-root
+
+      - name: Install Deployer
+        run: |
+          cd yari/deployer
+          poetry install --no-interaction
+
+      - name: Deploy and analyze built content
+        env:
+          BUILD_OUT_ROOT: ${{ github.workspace }}/build
+
+          DEPLOYER_BUCKET_NAME: mdn-content-dev
+          AWS_ACCESS_KEY_ID: ${{ secrets.DEPLOYER_DEV_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.DEPLOYER_DEV_AWS_SECRET_ACCESS_KEY }}
+          DEPLOYER_LOG_EACH_SUCCESSFUL_UPLOAD: false
+
+        run: |
+          PR_NUMBER=`cat build/NR`
+
+          echo "Pull request:"
+          echo "https://github.com/mdn/translated-content/pull/$PR_NUMBER"
+
+          cd yari/deployer
+
+          poetry run deployer upload \
+            --prefix="pr$PR_NUMBER" \
+            --no-redirects \
+            --default-cache-control 0 \
+            "$BUILD_OUT_ROOT"
+
+          poetry run deployer analyze-pr-build \
+            --prefix="pr$PR_NUMBER" \
+            --analyze-flaws \
+            --analyze-dangerous-content \
+            --github-token="${{secrets.GITHUB_TOKEN}}" \
+            --repo=$GITHUB_REPOSITORY \
+            --pr-number=$PR_NUMBER \
+            --diff-file=$BUILD_OUT_ROOT/DIFF \
+            $BUILD_OUT_ROOT
author	Peter Bengtsson <mail@peterbe.com>	2021-07-09 16:34:45 -0400
committer	GitHub <noreply@github.com>	2021-07-09 16:34:45 -0400
commit	5d08d613a9c2490c134282e2bd6c32a1475f4dca (patch)
tree	f111384dced20a306148dd81aa62b0ad17dcf76e /.github
parent	c46d129780a6de2cc228704621731ec5db399674 (diff)
download	translated-content-5d08d613a9c2490c134282e2bd6c32a1475f4dca.tar.gz translated-content-5d08d613a9c2490c134282e2bd6c32a1475f4dca.tar.bz2 translated-content-5d08d613a9c2490c134282e2bd6c32a1475f4dca.zip