Automattic · zinigor · Jan 21, 2025 · Sep 5, 2024 · Sep 5, 2024 · Oct 7, 2024
diff --git a/.github/workflows/wpcloud.yml b/.github/workflows/wpcloud.yml
@@ -0,0 +1,105 @@
+name: WPCloud Unit Testing for WPCOMSH
+
+on:
+  pull_request:
+  push:
+    branches: ['trunk', '*/branch-*']
+concurrency:
+  group: wpcloud-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    name: Run phpunit on WPCloud site
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # codecov.io requires a fetch depth > 1.
+          fetch-depth: 2
+
+      # For pull requests, list-changed-projects.sh needs the merge base.
+      # But it doesn't have to be checked out.
+      - name: Deepen to merge base
+        if: github.event_name == 'pull_request'
+        uses: ./.github/actions/deepen-to-merge-base
+        with:
+          checkout: false
+
+      - name: Setup tools
+        uses: ./.github/actions/tool-setup
+        with:
+          php: ${{ matrix.php }}
+          node: ${{ matrix.node }}
+      - name: Monorepo install
+        run: |
+          echo "::group::Pnpm"
+          pnpm install
+          echo "::endgroup::"
+      - name: Detect if wpcomsh has changed
+        id: changed
+        run: |
+          CHANGED="$(EXTRA=test .github/files/list-changed-projects.sh)"
+
+          WPCOMSH_CHANGED="$(jq --argjson changed "$CHANGED" -n '$changed | has( "plugins/wpcomsh" ) ')"
+          echo "wpcomsh=${WPCOMSH_CHANGED}" >> "$GITHUB_OUTPUT"
+
+      - name: Configure Github to be able to SSH to the Atomic site
+        if: steps.changed.outputs.wpcomsh == 'true'
+        run: |
+          echo "Intializing"
+          echo "::group::setup"
+
+          mkdir -vp ~/.ssh/
+          chmod -v 700 ~/.ssh
+
+          touch ~/.ssh/id_site
+          chmod 600 ~/.ssh/id_site
+          echo "$WPCLOUD_SSH_KEY" > ~/.ssh/id_site
+          echo "wrote ~/.ssh/id_site"
+
+          touch ~/.ssh/askpass
+          chmod -v 700 ~/.ssh/askpass
+          cat >>~/.ssh/askpass <<END
+          #!/bin/bash
+          echo "\$WPCLOUD_SSH_KEY_PASSPHRASE"
+          END
+          echo "wrote ~/.ssh/askpass"
+
+          cat >>~/.ssh/config <<END
+          Host *
+            StrictHostKeyChecking no
+          END
+          echo "wrote ~/.ssh/config"
+
+          touch ~/.ssh/stdin
+          chmod -v 600 ~/.ssh/stdin
+          cat >>~/.ssh/stdin <<END
+          $WPCLOUD_STDIN
+          END
+          echo "wrote ~/.ssh/stdin"
+
+          export SSH_ASKPASS="$HOME/.ssh/askpass"
+          echo "exported SSH_ASKPASS"
+          export SSH_ASKPASS_REQUIRE="force"
+          echo "exported SSH_ASKPASS_REQUIRE"
+          export DISPLAY=":"
+          echo "exported DISPLAY"
+
+          echo "::endgroup::"
+
+          echo "::group::execution"
+          cat ~/.ssh/stdin | setsid ssh -i ~/.ssh/id_site -l "$WPCLOUD_SSH_USER" ssh.atomicsites.net "$WPCLOUD_SSH_COMMAND" || CODE=$?
+          echo "::endgroup::"
+
+          echo "::group::teardown"
+          rm -rvf ~/.ssh/
+          echo "::endgroup::"
+          echo "Exiting with exit code $CODE"
+          exit $CODE
+        env:
+          WPCLOUD_SSH_KEY: ${{ secrets.WPCLOUD_SSH_KEY }}
+          WPCLOUD_SSH_KEY_PASSPHRASE: ${{ secrets.WPCLOUD_SSH_KEY_PASSPHRASE }}
+          WPCLOUD_SSH_USER: ${{ secrets.WPCLOUD_SSH_USER }}
+          WPCLOUD_SSH_COMMAND: ${{ secrets.WPCLOUD_SSH_COMMAND }}
+          WPCLOUD_STDIN: ${{ toJSON(github) }}