Test #5610
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Preview | |
on: | |
pull_request: | |
permissions: | |
contents: read | |
pages: write | |
id-token: write | |
env: | |
PR_NUMBER: ${{ github.event.number || github.run_id }} | |
COMMIT_REF: ${{ github.event.pull_request.head.sha || github.event.inputs.COMMIT_REF }} | |
PORT: 80 | |
# This allows one deploy workflow to interrupt another | |
concurrency: | |
group: 'preview-env @ ${{ github.head_ref || github.run_id }} for ${{ github.event.number || github.event.inputs.PR_NUMBER }}' | |
cancel-in-progress: true | |
jobs: | |
demo: | |
name: Demo Build & Deploy | |
if: ${{ github.event.pull_request.head.repo.full_name == 'primer/view_components' && github.actor != 'dependabot[bot]' }} | |
runs-on: ubuntu-latest | |
environment: | |
name: preview | |
# The environment variable is computed later in this job in | |
# the "Get preview app info" step. | |
# That script sets environment variables which is used by Actions | |
# to link a PR to a list of environments later. | |
url: ${{ env.APP_URL }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install lib deps | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.3' | |
bundler-cache: true | |
env: | |
BUNDLE_GEMFILE: Gemfile | |
- name: Install demo app deps | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.3' | |
bundler-cache: true | |
env: | |
BUNDLE_GEMFILE: demo/Gemfile | |
- name: Install Kuby deps | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.3' | |
bundler-cache: true | |
env: | |
BUNDLE_GEMFILE: demo/gemfiles/kuby.gemfile | |
- name: Docker login | |
env: | |
AZURE_ACR_PASSWORD: ${{ secrets.AZURE_ACR_PASSWORD }} | |
run: echo $AZURE_ACR_PASSWORD | docker login primer.azurecr.io --username GitHubActions --password-stdin | |
- uses: Azure/login@v2 | |
with: | |
# excluding a client secret here will cause a login via OpenID Connect (OIDC), | |
# which prevents us from having to rotate client credentials, etc | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Get preview app info | |
run: ./.github/workflows/demo-preview-app-info.sh | |
- name: Pull latest | |
run: | | |
docker pull ${{ env.IMAGE_URL }}:latest || true | |
docker pull ${{ env.IMAGE_URL }}:latest-assets || true | |
- name: Build | |
env: | |
RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} | |
run: | | |
bin/kuby -e production build --only app -- --tag=${{ env.DOCKER_IMAGE }} --cache-from ${{ env.IMAGE_URL }}:latest | |
bin/kuby -e production build --only assets -- --tag=${{ env.DOCKER_IMAGE }}-assets --cache-from ${{ env.IMAGE_URL }}:latest-assets | |
- name: Push | |
run: | | |
docker image push --all-tags ${{ env.IMAGE_URL }} | |
- name: Run ARM deploy | |
# This condition will be truthy if this workflow is... | |
# - run as a workflow_dispatch | |
# - run because of a push to main (or when added to a merge queue) | |
# - run as a regular pull request | |
# But if it's a pull request, *and* for whatever reason the pull | |
# request has "Auto-merge" enabled, don't bother. | |
# The idea is that if auto-merge has been abled, by humans or by | |
# bots, they have no intention of viewing the deployed preview anyway. | |
# This saves time because the PR can merge sooner. | |
if: ${{ !github.event.pull_request.auto_merge }} | |
uses: azure/arm-deploy@a1361c2c2cd398621955b16ca32e01c65ea340f5 | |
with: | |
resourceGroupName: primer | |
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
template: ./.github/workflows/demo-preview-template.json | |
deploymentName: ${{env.DEPLOYMENT_NAME}} | |
parameters: appName="${{env.APP_NAME}}" | |
containerImage="${{ env.DOCKER_IMAGE }}" | |
dockerRegistryUrl="primer.azurecr.io" | |
dockerRegistryUsername="GitHubActions" | |
dockerRegistryPassword="${{ secrets.AZURE_ACR_PASSWORD }}" | |
railsMasterKey="${{ secrets.RAILS_MASTER_KEY }}" |