Bump tjenkinson/gh-action-auto-merge-dependency-updates from 4d7756c04d9d999c5968697a621b81c47f533d61 to f1b2bfec5fecc4d554429241f8b10625cfa74d70 #942
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Staging - Undeploy PR | |
# **What it does**: To undeploy PRs from a Heroku staging environment, i.e. destroy the Heroku App. | |
# **Why we have it**: To save money spent on deployments for closed PRs. | |
# **Who does it impact**: All contributors. | |
on: | |
pull_request_target: | |
types: | |
- closed | |
permissions: | |
contents: read | |
deployments: write | |
pull-requests: write | |
# This prevents one Undeploy workflow run from interrupting another | |
concurrency: | |
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label }}' | |
cancel-in-progress: false | |
jobs: | |
debug: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Dump full context for debugging | |
env: | |
GITHUB_CONTEXT: ${{ toJSON(github) }} | |
run: echo "$GITHUB_CONTEXT" | |
cancel-jobs-before-undeploy: | |
if: ${{ github.repository == 'github/docs-internal' || github.repository == 'github/docs' }} | |
runs-on: ubuntu-latest | |
# This interrupts Build and Deploy workflow runs in progress for this PR | |
# branch. However, it does so with an intentionally short, independent job | |
# so that the following `undeploy` job cannot be cancelled once started! | |
concurrency: | |
group: 'PR Staging @ ${{ github.event.pull_request.head.label }}' | |
cancel-in-progress: true | |
steps: | |
- name: Cancelling other deployments via concurrency configuration | |
run: | | |
echo 'Cancelling other deployment runs (if any)...' | |
undeploy: | |
needs: cancel-jobs-before-undeploy | |
if: ${{ github.repository == 'github/docs-internal' || github.repository == 'github/docs' }} | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
# IMPORTANT: Intentionally OMIT a `concurrency` configuration from this job! | |
steps: | |
- name: Add a label to the PR to block deployment during undeployment | |
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PR_NUMBER: ${{ github.event.pull_request.number }} | |
with: | |
script: | | |
const { owner, repo } = context.repo | |
await github.issues.addLabels({ | |
owner, | |
repo, | |
issue_number: process.env.PR_NUMBER, | |
labels: ['automated-block-deploy'] | |
}) | |
- name: Check out repo's default branch | |
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f | |
with: | |
# For enhanced security: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | |
persist-credentials: 'false' | |
- name: Setup node | |
uses: actions/setup-node@38d90ce44d5275ad62cc48384b3d8a58c500bb5f | |
with: | |
node-version: 16.8.x | |
cache: npm | |
- name: Install dependencies | |
run: npm ci | |
- name: Install one-off development-only dependencies | |
run: npm install --no-save --include=optional esm | |
- name: Undeploy | |
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HEROKU_API_TOKEN: ${{ secrets.HEROKU_API_TOKEN }} | |
with: | |
script: | | |
const { GITHUB_TOKEN, HEROKU_API_TOKEN } = process.env | |
// Exit if GitHub Actions PAT is not found | |
if (!GITHUB_TOKEN) { | |
throw new Error('You must supply a GITHUB_TOKEN environment variable!') | |
} | |
// Exit if Heroku API token is not found | |
if (!HEROKU_API_TOKEN) { | |
throw new Error('You must supply a HEROKU_API_TOKEN environment variable!') | |
} | |
// Workaround to allow us to load ESM files with `require(...)` | |
const esm = require('esm') | |
require = esm({}) | |
const { default: getOctokit } = require('./script/helpers/github') | |
const { default: undeployFromStaging } = require('./script/deployment/undeploy-from-staging') | |
// This helper uses the `GITHUB_TOKEN` implicitly! | |
// We're using our usual version of Octokit vs. the provided `github` | |
// instance to avoid versioning discrepancies. | |
const octokit = getOctokit() | |
try { | |
await undeployFromStaging({ | |
octokit, | |
pullRequest: context.payload.pull_request, | |
runId: context.runId | |
}) | |
} catch (error) { | |
console.error(`Failed to undeploy from staging: ${error.message}`) | |
console.error(error) | |
throw error | |
} | |
- if: ${{ always() }} | |
name: Remove the label from the PR to unblock deployment | |
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PR_NUMBER: ${{ github.event.pull_request.number }} | |
with: | |
script: | | |
const { owner, repo } = context.repo | |
await github.issues.removeLabel({ | |
owner, | |
repo, | |
issue_number: process.env.PR_NUMBER, | |
name: 'automated-block-deploy' | |
}) | |
- name: Send Slack notification if workflow failed | |
uses: someimportantcompany/github-actions-slack-message@0b470c14b39da4260ed9e3f9a4f1298a74ccdefd | |
if: ${{ failure() }} | |
with: | |
channel: ${{ secrets.DOCS_STAGING_DEPLOYMENT_FAILURES_SLACK_CHANNEL_ID }} | |
bot-token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} | |
color: failure | |
text: Staging undeployment failed for PR ${{ github.event.pull_request.html_url }} at commit ${{ github.head_sha }}. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}. |