aboutsummaryrefslogtreecommitdiff
path: root/.github/workflows/pr-review-companion.yml
blob: fa92d70475f25930ffee6047e25a7c62bfb43558 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# NOTE! This is a copy of
# https://github.com/mdn/content/blob/main/.github/workflows/pr-review-companion.yml
# with absolutely minor differences.

# Things to do and run after a "PR Test" workflow has finished successfully.
# Note, as of right now, this workflow does a bunch of things. It might be
# worth considering to break it up so there's a dedicated post-PR
# workflow just to posting PR comments about flaws, for example.

name: PR review companion

on:
  workflow_run:
    workflows: ["PR Test"]
    types:
      - completed

jobs:
  review:
    runs-on: ubuntu-latest

    if: >
      ${{ github.event.workflow_run.event == 'pull_request' &&
      github.event.workflow_run.conclusion == 'success' }}

    steps:
      - name: 'Download artifact'
        uses: actions/github-script@v5
        with:
          script: |
            var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
               owner: context.repo.owner,
               repo: context.repo.repo,
               run_id: ${{github.event.workflow_run.id }},
            });
            var matchArtifacts = artifacts.data.artifacts.filter((artifact) => {
              return artifact.name == "build"
            });
            if (matchArtifacts.length === 0) {
              console.warn(
                'No artifacts to download probably just means nothing ' +
                'was built in the "PR test" workflow. That\'s OK. ' +
                'This is actually not a genuine CI error.'
              );
              throw new Error(
                'No matched build artifacts. ' +
                'Perhaps nothing built in the "PR test" workflow'
              );
            }
            var matchArtifact = matchArtifacts[0];
            var download = await github.rest.actions.downloadArtifact({
                owner: context.repo.owner,
                repo: context.repo.repo,
                artifact_id: matchArtifact.id,
                archive_format: 'zip',
            });
            var fs = require('fs');
            fs.writeFileSync('${{github.workspace}}/build.zip', Buffer.from(download.data));

      - name: Unzip what was downloaded
        run: |
          7z x build.zip -obuild -bb1

      - uses: actions/checkout@v2
        with:
           repository: mdn/yari
           path: yari

      - name: Install Python
        uses: actions/setup-python@v2.2.2
        with:
          python-version: "3.8"

      # See https://www.peterbe.com/plog/install-python-poetry-github-actions-faster
      - name: Load cached ~/.local
        uses: actions/cache@v2.1.6
        with:
          path: ~/.local
          key: dotlocal-${{ runner.os }}-${{ hashFiles('.github/workflows/pr-review-companion.yml') }}

      - name: Install Python poetry
        uses: snok/install-poetry@v1.1.8
        with:
          virtualenvs-create: true
          virtualenvs-in-project: true

      - name: Load cached venv
        id: cached-poetry-dependencies
        uses: actions/cache@v2.1.6
        with:
          path: yari/deployer/.venv
          key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}-${{ hashFiles('.github/workflows/pr-review-companion.yml') }}

      - name: Install poetry dependencies
        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
        run: |
          cd yari/deployer
          poetry install --no-interaction --no-root

      - name: Install Deployer
        run: |
          cd yari/deployer
          poetry install --no-interaction

      - name: Deploy and analyze built content
        env:
          BUILD_OUT_ROOT: ${{ github.workspace }}/build

          DEPLOYER_BUCKET_NAME: mdn-content-dev
          AWS_ACCESS_KEY_ID: ${{ secrets.DEPLOYER_DEV_AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.DEPLOYER_DEV_AWS_SECRET_ACCESS_KEY }}
          DEPLOYER_LOG_EACH_SUCCESSFUL_UPLOAD: false

        run: |
          PR_NUMBER=`cat build/NR`

          echo "Pull request:"
          echo "https://github.com/mdn/translated-content/pull/$PR_NUMBER"

          cd yari/deployer

          poetry run deployer upload \
            --prefix="pr$PR_NUMBER" \
            --no-redirects \
            --default-cache-control 0 \
            "$BUILD_OUT_ROOT"

          poetry run deployer analyze-pr-build \
            --prefix="pr$PR_NUMBER" \
            --analyze-flaws \
            --analyze-dangerous-content \
            --github-token="${{secrets.GITHUB_TOKEN}}" \
            --repo=$GITHUB_REPOSITORY \
            --pr-number=$PR_NUMBER \
            --diff-file=$BUILD_OUT_ROOT/DIFF \
            $BUILD_OUT_ROOT