fix(dev-build): ensure non-empty PREFIX #200
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dev Build | |
| # NOTE! This is the *DEV* workflow. | |
| # Keep in mind that much of the configuration is repeated in `prod-build.yml` | |
| # and `stage-build.yml` | |
| # | |
| # For a complete picture of all environments, see: | |
| # | |
| # https://docs.google.com/spreadsheets/d/1VnnEl-iTtKYmlyN02FiEXygxZCgE4o_ZO8wSleebne4/edit?usp=sharing | |
| # | |
| # NOTE! Unlike prod and stage, this work only works on manual dispatch | |
| on: | |
| push: | |
| branches: | |
| - "MP-1889-review-cloud-function" | |
| workflow_dispatch: | |
| inputs: | |
| notes: | |
| description: "Notes" | |
| required: false | |
| default: "" | |
| deployment_prefix: | |
| description: "Deployment prefix" | |
| required: false | |
| default: "main" | |
| workflow_call: | |
| secrets: | |
| GCP_PROJECT_NAME: | |
| required: true | |
| WIP_PROJECT_ID: | |
| required: true | |
| env: | |
| DEFAULT_DEPLOYMENT_PREFIX: "main" | |
| permissions: | |
| # Authenticate with GCP. | |
| id-token: write | |
| jobs: | |
| build: | |
| environment: review | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Merge dispatch inputs with default env vars | |
| run: | | |
| echo "PREFIX=${{ github.event.inputs.deployment_prefix || env.DEFAULT_DEPLOYMENT_PREFIX }}" >> $GITHUB_ENV | |
| - uses: actions/checkout@v4 | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: mdn/content | |
| path: mdn/content | |
| # Yes, this means fetch EVERY COMMIT EVER. | |
| # It's probably not sustainable in the far future (e.g. past 2021) | |
| # but for now it's good enough. We'll need all the history | |
| # so we can figure out each document's last-modified date. | |
| fetch-depth: 0 | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: mdn/translated-content | |
| path: mdn/translated-content | |
| # See matching warning for mdn/content checkout step | |
| fetch-depth: 0 | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: mdn/mdn-contributor-spotlight | |
| path: mdn/mdn-contributor-spotlight | |
| - name: Setup Node.js environment | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: yarn | |
| - name: Install all yarn packages | |
| run: yarn --frozen-lockfile | |
| env: | |
| # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Install Python poetry | |
| uses: snok/install-poetry@v1 | |
| - name: Install deployer | |
| run: | | |
| cd deployer | |
| poetry install | |
| - name: Display Python & Poetry version | |
| run: | | |
| python --version | |
| poetry --version | |
| - name: Print information about build | |
| run: | | |
| echo "notes: ${{ github.event.inputs.notes }}" | |
| echo "PREFIX: ${{ env.PREFIX }}" | |
| - name: Print information about CPU | |
| run: cat /proc/cpuinfo | |
| - name: Build everything | |
| env: | |
| # Remember, the mdn/content repo got cloned into `pwd` into a | |
| # sub-folder called "mdn/content" | |
| CONTENT_ROOT: ${{ github.workspace }}/mdn/content/files | |
| CONTENT_TRANSLATED_ROOT: ${{ github.workspace }}/mdn/translated-content/files | |
| CONTRIBUTOR_SPOTLIGHT_ROOT: ${{ github.workspace }}/mdn/mdn-contributor-spotlight/contributors | |
| # This basically means that all live-sample iframes run on the same | |
| # host as the page that includes the iframe. Not great security but the | |
| # context is that this is Dev and it's not connected to a real backend. | |
| BUILD_LIVE_SAMPLES_BASE_URL: "" | |
| # Now is not the time to worry about flaws. | |
| BUILD_FLAW_LEVELS: "*:ignore" | |
| # Uncomment when hacking on this workflow. It means the `yarn build` | |
| # finishes much sooner, which can be helpful debugging the other stuff | |
| # the workflow needs to do. | |
| # BUILD_FOLDERSEARCH: web/html | |
| # This just makes sure the Google Analytics script gets used even if | |
| # it goes nowhere. | |
| BUILD_GOOGLE_ANALYTICS_MEASUREMENT_ID: G-XXXXXXXX | |
| # This removes the ability to sign in | |
| REACT_APP_DISABLE_AUTH: true | |
| run: | | |
| set -eo pipefail | |
| # Info about which CONTENT_* environment variables were set and to what. | |
| echo "CONTENT_ROOT=$CONTENT_ROOT" | |
| echo "CONTENT_TRANSLATED_ROOT=$CONTENT_TRANSLATED_ROOT" | |
| # Build the ServiceWorker first | |
| yarn build:sw | |
| yarn build:client | |
| yarn build:ssr | |
| cp assets/nonprod/robots.txt client/build/robots.txt | |
| yarn rari content sync-translated-content | |
| yarn rari git-history | |
| yarn rari build --all --issues client/build/issues.json --templ-stats | |
| # SSR all pages | |
| yarn render:html | |
| # Generate whatsdeployed files. | |
| yarn tool:legacy whatsdeployed --output client/build/_whatsdeployed/code.json | |
| yarn tool:legacy whatsdeployed $CONTENT_ROOT --output client/build/_whatsdeployed/content.json | |
| yarn tool:legacy whatsdeployed $CONTENT_TRANSLATED_ROOT --output client/build/_whatsdeployed/translated-content.json | |
| - name: Update search index | |
| env: | |
| DEPLOYER_ELASTICSEARCH_URL: ${{ secrets.DEPLOYER_DEV_ELASTICSEARCH_URL }} | |
| run: | | |
| cd deployer | |
| poetry run deployer search-index ../client/build | |
| - name: Authenticate with GCP | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| service_account: deploy-mdn-review-content@${{ secrets.GCP_PROJECT_NAME }}.iam.gserviceaccount.com | |
| workload_identity_provider: projects/${{ secrets.WIP_PROJECT_ID }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
| - name: Setup gcloud | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Sync build with GCS | |
| run: |- | |
| gsutil -q -m -h "Cache-Control: public, max-age=3600" cp -r client/build/static "gs://${{ vars.GCP_BUCKET_NAME }}/${{ env.PREFIX }}/" | |
| gsutil -q -m -h "Cache-Control: public, max-age=3600" rsync -cdrj html,json,txt -y "^static/" client/build "gs://${{ vars.GCP_BUCKET_NAME }}/${{ env.PREFIX }}" | |
| - name: Notify PRs about deployment | |
| run: | | |
| gh pr list -S "$GITHUB_SHA -is:merged" --json number --jq '.[].number' | xargs -i gh pr comment {} --body "Dev build for $GITHUB_SHA was deployed to: $DEPLOYMENT_URL" || true | |
| env: | |
| DEPLOYMENT_URL: https://${{ env.PREFIX }}.review.mdn.allizom.net/ | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Slack Notification | |
| if: failure() | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_CHANNEL: mdn-notifications | |
| SLACK_COLOR: ${{ job.status }} | |
| SLACK_ICON: https://avatars.slack-edge.com/2020-11-17/1513880588420_fedd7f0e9456888e69ff_96.png | |
| SLACK_TITLE: "Dev" | |
| SLACK_MESSAGE: "Build failed :broken_heart:" | |
| SLACK_FOOTER: "Powered by dev-build.yml" | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |