This repository has been archived by the owner on Aug 30, 2024. It is now read-only.
adding David and Phani #52
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Preview | |
on: | |
# Pull Request previews | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- closed | |
workflow_dispatch: | |
inputs: | |
prNumber: | |
description: 'The PR number to run this against.' | |
required: true | |
type: number | |
forceDeploy: | |
description: Forces deployment of the site if the PR is in draft mode. | |
type: boolean | |
default: false | |
# Azure OIDC: | |
# App: github-deploy-site | |
# Credential Name: gh-actions-pr-preview | |
# Subscription: Sandbox | |
env: | |
prNumber: ${{ github.event.inputs.prNumber > 0 && github.event.inputs.prNumber || github.event.number }} | |
resourceGroup: rg-ocelot-website | |
storageName: "ocelotprpreview${{ github.event.inputs.prNumber > 0 && github.event.inputs.prNumber || github.event.number }}" | |
indexFile: index.html | |
errorFile: 404.html | |
# Sets permissions of the GITHUB_TOKEN to allow Azure OIDC | |
permissions: | |
contents: read | |
pull-requests: write # Commenting on PRs | |
id-token: write # This is required for requesting the JWT from Azure | |
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. | |
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. | |
concurrency: | |
group: "pages-preview-${{ github.event.inputs.prNumber > 0 && github.event.inputs.prNumber || github.event.number }}" | |
cancel-in-progress: false | |
jobs: | |
# This may be run manually so get the PR status | |
get-pr: | |
runs-on: ubuntu-latest | |
outputs: | |
valid: ${{ steps.check-secrets.outputs.valid }} | |
pr: ${{ steps.get-pr.outputs.pr }} | |
steps: | |
- name: Check Secrets | |
id: check-secrets | |
run: | | |
echo "valid=$([ -n "${{ secrets.AZURE_CLIENT_ID }}" ] && [ -n "${{ secrets.AZURE_SUBSCRIPTION_ID }}" ] && [ -n "${{ secrets.AZURE_TENANT_ID }}" ] && echo 'true' || echo 'false')" >> $GITHUB_OUTPUT | |
- uses: dkershner6/get-pull-request-action@v1 | |
id: get-pr | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
pull-number: ${{ env.prNumber }} | |
# Build job | |
build: | |
needs: [ get-pr ] | |
# If this is a PR, only run this if the PR is not a draft or closed | |
# This can be force deployed as well | |
if: ${{ needs.get-pr.outputs.valid == 'true' && (fromJSON(needs.get-pr.outputs.pr).draft == false || github.event.inputs.forceDeploy == true) && fromJSON(needs.get-pr.outputs.pr).state != 'closed' }} | |
uses: ./.github/workflows/build.yml | |
deploy-preview: | |
# Add a dependency to the build job | |
needs: [ get-pr, build ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download Build Artifact | |
id: download-artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: github-pages # Automatically named from actions/upload-pages-artifact | |
- name: Extract Artifact | |
id: extract-artifact | |
# The file is artifact.tar from https://github.com/actions/upload-pages-artifact/blob/main/action.yml#L69 | |
run: | | |
tar xvf artifact.tar | |
rm artifact.tar | |
- name: Azure Login | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
enable-AzPSSession: true | |
- name: Create Storage Account | |
id: storage-account | |
uses: azure/powershell@v1 | |
with: | |
azPSVersion: latest | |
inlineScript: | | |
$acct = Get-AzStorageAccount -ResourceGroupName '${{ env.resourceGroup }}' -Name '${{ env.storageName }}' -ErrorAction SilentlyContinue | |
$tags = @{ | |
'managed-by'='GitHub' | |
'sha'='${{ github.sha }}' | |
'pullrequest'='${{ github.repository }}/${{ env.prNumber }}' | |
'pullrequest-repository'='${{ github.repository }}' | |
'pullrequest-number'='${{ env.prNumber }}' | |
'pullrequest-url'='https://github.com/${{ github.repository }}/pull/${{ env.prNumber }}' | |
'created'=(Get-Date | ConvertTo-Json) -replace '"','' | |
'modified'=(Get-Date | ConvertTo-Json) -replace '"','' | |
} | |
if (!($acct)) { | |
Write-Host 'Creating storage account: ${{ env.storageName }}' | |
New-AzStorageAccount ` | |
-ResourceGroupName '${{ env.resourceGroup }}' ` | |
-Name '${{ env.storageName }}' ` | |
-SkuName Standard_LRS ` | |
-Location eastus ` | |
-Tags $tags | |
Write-Host 'Enabling Static Websites' | |
$acct = Get-AzStorageAccount -ResourceGroupName '${{ env.resourceGroup }}' -Name '${{ env.storageName }}' -ErrorAction SilentlyContinue | |
Enable-AzStorageStaticWebsite -IndexDocument '${{ env.indexFile }}' -ErrorDocument404Path '${{ env.errorFile }}' -Context $acct.Context | |
} else { | |
Write-Host 'Storage account exists, updating tags.' | |
# Save the creation date | |
if ($acct.Tags -and $acct.Tags.ContainsKey('created')) { | |
$tags['created'] = $acct.Tags['created'] | |
} | |
Set-AzStorageAccount ` | |
-ResourceGroupName '${{ env.resourceGroup }}' ` | |
-Name '${{ env.storageName }}' ` | |
-Tags $tags | |
} | |
Write-Host 'URL:' | |
Write-Host $acct.PrimaryEndpoints.Web | |
Write-Output "previewUrl=$($acct.PrimaryEndpoints.Web)" >> $env:GITHUB_OUTPUT | |
- name: Deploy Preview to Azure Storage | |
id: deploy-preview | |
uses: azure/powershell@v1 | |
with: | |
azPSVersion: latest | |
inlineScript: | | |
$acct = Get-AzStorageAccount -ResourceGroupName '${{ env.resourceGroup }}' -Name '${{ env.storageName }}' -ErrorAction SilentlyContinue | |
if (!($acct)) { | |
Write-Error 'Unable to find the storage account: ${{ env.storageName }}' | |
exit 1 | |
} | |
# Generate a proper SAS token | |
$container = Get-AzStorageContainer -Context $acct.Context -Name `$web | |
$token = New-AzStorageContainerSASToken -Context $acct.Context -Name `$web -Permission rwdl -ExpiryTime (Get-Date).AddMinutes(10) | |
$containerUri = [System.UriBuilder]::new($container.blobContainerClient.Uri) | |
$containerUri.Query = $token | |
$containerUriStr = $containerUri.Uri.ToString() | |
# Enforce a robots.txt which blocks all crawlers | |
"User-agent: *`nDisallow: /" | Out-File -FilePath robots.txt -Force | |
# Using AzCopy should make this easy with content type autodetection | |
azcopy sync . "$containerUriStr" --recursive --delete-destination true | |
- name: Logout Azure | |
run: | | |
az logout | |
if: always() | |
- name: Comment PR | |
id: post-url | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
message: | | |
Preview deployed to [${{ steps.storage-account.outputs.previewUrl }}](${{ steps.storage-account.outputs.previewUrl }}) | |
comment_tag: pr-link | |
mode: recreate | |
reactions: hooray, rocket | |
pr_number: ${{ env.prNumber }} | |
- name: Comment PR | |
id: post-failure | |
uses: thollander/actions-comment-pull-request@v2 | |
# Make sure we're not posting a failure because we failed to comment | |
if: failure() && steps.post-url.outcome != 'failure' | |
with: | |
message: | | |
Unable to deploy the preview. Check the Actions log. | |
comment_tag: pr-link | |
mode: recreate | |
reactions: eyes | |
pr_number: ${{ env.prNumber }} | |
destroy-preview: | |
needs: [ get-pr ] | |
runs-on: ubuntu-latest | |
# Only run this if the PR is closed | |
if: ${{ needs.get-pr.outputs.valid == 'true' && fromJSON(needs.get-pr.outputs.pr).state == 'closed' }} | |
steps: | |
- name: Azure Login | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
enable-AzPSSession: true | |
- name: Delete Storage Account | |
uses: azure/powershell@v1 | |
with: | |
azPSVersion: latest | |
inlineScript: | | |
$acct = Get-AzStorageAccount -ResourceGroupName '${{ env.resourceGroup }}' -Name '${{ env.storageName }}' -ErrorAction SilentlyContinue | |
if ($acct) { | |
Write-Host 'Removing storage account: ${{ env.storageName }}' | |
Remove-AzStorageAccount -ResourceGroupName '${{ env.resourceGroup }}' -Name '${{ env.storageName }}' -ErrorAction Stop -Force | |
} else { | |
Write-Host 'Storage account does not exist, skipping.' | |
} | |
- name: Logout Azure | |
run: | | |
az logout | |
if: always() | |
- name: Comment PR | |
id: delete-post | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
message: | | |
The preview storage account has been deleted. | |
comment_tag: pr-link | |
mode: recreate | |
pr_number: ${{ env.prNumber }} | |
- name: Storage Account Deletion Failed | |
id: post-failure | |
uses: thollander/actions-comment-pull-request@v2 | |
# Make sure we're not posting a failure because we failed to comment | |
if: failure() && steps.delete-post.outcome != 'failure' | |
with: | |
message: | | |
**WARNING:** The preview storage account '${{ env.storageName }}' was unable to be deleted. Please check and delete manually if required. | |
comment_tag: pr-link | |
mode: recreate | |
reactions: eyes | |
pr_number: ${{ env.prNumber }} |