blob: fa92d70475f25930ffee6047e25a7c62bfb43558 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
# NOTE! This is a copy of
# https://github.com/mdn/content/blob/main/.github/workflows/pr-review-companion.yml
# with absolutely minor differences.
# Things to do and run after a "PR Test" workflow has finished successfully.
# Note, as of right now, this workflow does a bunch of things. It might be
# worth considering to break it up so there's a dedicated post-PR
# workflow just to posting PR comments about flaws, for example.
name: PR review companion
on:
workflow_run:
workflows: ["PR Test"]
types:
- completed
jobs:
review:
runs-on: ubuntu-latest
if: >
${{ github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success' }}
steps:
- name: 'Download artifact'
uses: actions/github-script@v5
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifacts = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "build"
});
if (matchArtifacts.length === 0) {
console.warn(
'No artifacts to download probably just means nothing ' +
'was built in the "PR test" workflow. That\'s OK. ' +
'This is actually not a genuine CI error.'
);
throw new Error(
'No matched build artifacts. ' +
'Perhaps nothing built in the "PR test" workflow'
);
}
var matchArtifact = matchArtifacts[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/build.zip', Buffer.from(download.data));
- name: Unzip what was downloaded
run: |
7z x build.zip -obuild -bb1
- uses: actions/checkout@v2
with:
repository: mdn/yari
path: yari
- name: Install Python
uses: actions/setup-python@v2.2.2
with:
python-version: "3.8"
# See https://www.peterbe.com/plog/install-python-poetry-github-actions-faster
- name: Load cached ~/.local
uses: actions/cache@v2.1.6
with:
path: ~/.local
key: dotlocal-${{ runner.os }}-${{ hashFiles('.github/workflows/pr-review-companion.yml') }}
- name: Install Python poetry
uses: snok/install-poetry@v1.1.8
with:
virtualenvs-create: true
virtualenvs-in-project: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v2.1.6
with:
path: yari/deployer/.venv
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}-${{ hashFiles('.github/workflows/pr-review-companion.yml') }}
- name: Install poetry dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: |
cd yari/deployer
poetry install --no-interaction --no-root
- name: Install Deployer
run: |
cd yari/deployer
poetry install --no-interaction
- name: Deploy and analyze built content
env:
BUILD_OUT_ROOT: ${{ github.workspace }}/build
DEPLOYER_BUCKET_NAME: mdn-content-dev
AWS_ACCESS_KEY_ID: ${{ secrets.DEPLOYER_DEV_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DEPLOYER_DEV_AWS_SECRET_ACCESS_KEY }}
DEPLOYER_LOG_EACH_SUCCESSFUL_UPLOAD: false
run: |
PR_NUMBER=`cat build/NR`
echo "Pull request:"
echo "https://github.com/mdn/translated-content/pull/$PR_NUMBER"
cd yari/deployer
poetry run deployer upload \
--prefix="pr$PR_NUMBER" \
--no-redirects \
--default-cache-control 0 \
"$BUILD_OUT_ROOT"
poetry run deployer analyze-pr-build \
--prefix="pr$PR_NUMBER" \
--analyze-flaws \
--analyze-dangerous-content \
--github-token="${{secrets.GITHUB_TOKEN}}" \
--repo=$GITHUB_REPOSITORY \
--pr-number=$PR_NUMBER \
--diff-file=$BUILD_OUT_ROOT/DIFF \
$BUILD_OUT_ROOT
|