From f4b89da2cf3c225e77de52d44ba023e63057ec59 Mon Sep 17 00:00:00 2001 From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com> Date: Wed, 15 May 2024 13:18:25 -0400 Subject: [PATCH] Disable the schedule for daily staging deploy --- .github/workflows/auto-merge-staging-pr.yml | 36 ++-- .../create-pull-request-to-staging.yml | 158 +++++++++--------- .github/workflows/pull-request-checks.yml | 30 ++-- .../workflows/staging-scheduled-deploy.yml | 98 +++++------ 4 files changed, 161 insertions(+), 161 deletions(-) diff --git a/.github/workflows/auto-merge-staging-pr.yml b/.github/workflows/auto-merge-staging-pr.yml index 2368a5abaf..106ce00aef 100644 --- a/.github/workflows/auto-merge-staging-pr.yml +++ b/.github/workflows/auto-merge-staging-pr.yml @@ -1,19 +1,19 @@ --- -name: Auto Merge Pull Request With Approved Label -on: - repository_dispatch: - types: [ ready-to-merge ] -jobs: - auto-merge: - name: Auto Merge The Created Pull Request - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - id: automerge - name: Auto Merge a PR with the correct labels - uses: pascalgn/automerge-action@v0.16.3 - env: - GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }} - MERGE_LABELS: "automerge,autogenerated" - MERGE_METHOD: "merge" +# name: Auto Merge Pull Request With Approved Label +# on: +# repository_dispatch: +# types: [ ready-to-merge ] +# jobs: +# auto-merge: +# name: Auto Merge The Created Pull Request +# runs-on: ubuntu-latest +# permissions: +# pull-requests: write +# steps: +# - id: automerge +# name: Auto Merge a PR with the correct labels +# uses: pascalgn/automerge-action@v0.16.3 +# env: +# GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }} +# MERGE_LABELS: "automerge,autogenerated" +# MERGE_METHOD: "merge" diff --git a/.github/workflows/create-pull-request-to-staging.yml b/.github/workflows/create-pull-request-to-staging.yml index 81c8d09457..da6aba7cf7 100644 --- a/.github/workflows/create-pull-request-to-staging.yml +++ b/.github/workflows/create-pull-request-to-staging.yml @@ -1,79 +1,79 @@ ---- -name: Create Pull Request To Staging -on: - workflow_call: - workflow_dispatch: - -env: - GH_TOKEN: ${{ secrets.DEPLOY_TOKEN }} - -jobs: - check-commit: - runs-on: ubuntu-latest - name: Check For a Commit - outputs: - should_run: ${{ steps.should_run.outputs.should_run }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Print Latest Commit - run: echo ${{ github.sha }} - - - name: Check if There Has Been A Commit - id: should_run - continue-on-error: false - run: | - sha=$(git rev-list --after="24 hours" ${{ github.sha }}) - if test -z $sha - then - echo "should_run=false" >> $GITHUB_OUTPUT - else - echo "should_run=true" >> $GITHUB_OUTPUT - fi - - pull-request: - name: Create Pull Request - needs: [check-commit] - if: ${{ needs.check-commit.outputs.should_run != 'false' }} - runs-on: ubuntu-latest - outputs: - pr_number: ${{ steps.pr-number.outputs.pull_request_number }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Get Current Date - id: date - run: | - echo "date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT - - - name: Get Git Short Commit - id: git-short - run: | - echo "short_sha=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_OUTPUT - - - name: Open Pull Request - id: open-pr - run: | - gh pr create --label "autogenerated" --label "automerge" \ - --title "${{ steps.date.outputs.date }} | MAIN --> PROD | DEV (${{ steps.git-short.outputs.short_sha }}) --> STAGING" \ - --body "This is an auto-generated pull request to merge main into prod for a staging release on ${{ steps.date.outputs.date }} with the last commit being merged as ${{ steps.git-short.outputs.short_sha }}" \ - --base prod --head main - - - name: Get Pull Request Number - id: pr-number - run: echo "pull_request_number=$(gh pr view --json number -q .number || echo "")" >> $GITHUB_OUTPUT - - auto-approve: - name: Auto Approve The Created Pull Request - needs: [pull-request] - if: ${{ needs.pull-request.outputs.pr_number != null }} - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - uses: hmarr/auto-approve-action@v4 - with: - pull-request-number: ${{ needs.pull-request.outputs.pr_number }} - github-token: ${{ secrets.GITHUB_TOKEN }} +--- +name: Create Pull Request To Staging +on: + workflow_call: + workflow_dispatch: null + +env: + GH_TOKEN: ${{ secrets.DEPLOY_TOKEN }} + +jobs: + check-commit: + runs-on: ubuntu-latest + name: Check For a Commit + outputs: + should_run: ${{ steps.should_run.outputs.should_run }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Print Latest Commit + run: echo ${{ github.sha }} + + - name: Check if There Has Been A Commit + id: should_run + continue-on-error: false + run: | + sha=$(git rev-list --after="24 hours" ${{ github.sha }}) + if test -z $sha + then + echo "should_run=false" >> $GITHUB_OUTPUT + else + echo "should_run=true" >> $GITHUB_OUTPUT + fi + + pull-request: + name: Create Pull Request + needs: [check-commit] + if: ${{ needs.check-commit.outputs.should_run != 'false' }} + runs-on: ubuntu-latest + outputs: + pr_number: ${{ steps.pr-number.outputs.pull_request_number }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Get Current Date + id: date + run: | + echo "date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT + + - name: Get Git Short Commit + id: git-short + run: | + echo "short_sha=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_OUTPUT + + - name: Open Pull Request + id: open-pr + run: | + gh pr create --label "autogenerated" --label "automerge" \ + --title "${{ steps.date.outputs.date }} | MAIN --> PROD | DEV (${{ steps.git-short.outputs.short_sha }}) --> STAGING" \ + --body "This is an auto-generated pull request to merge main into prod for a staging release on ${{ steps.date.outputs.date }} with the last commit being merged as ${{ steps.git-short.outputs.short_sha }}" \ + --base prod --head main + + - name: Get Pull Request Number + id: pr-number + run: echo "pull_request_number=$(gh pr view --json number -q .number || echo "")" >> $GITHUB_OUTPUT + + auto-approve: + name: Auto Approve The Created Pull Request + needs: [pull-request] + if: ${{ needs.pull-request.outputs.pr_number != null }} + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - uses: hmarr/auto-approve-action@v4 + with: + pull-request-number: ${{ needs.pull-request.outputs.pr_number }} + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request-checks.yml b/.github/workflows/pull-request-checks.yml index 167d72f622..44bbfc402b 100644 --- a/.github/workflows/pull-request-checks.yml +++ b/.github/workflows/pull-request-checks.yml @@ -90,18 +90,18 @@ jobs: environment: "production" secrets: inherit - repo-event: - if: ${{ github.base_ref == 'prod' && always() }} - name: Set Repository Event - permissions: - contents: write - runs-on: ubuntu-latest - needs: [terraform-plan-staging, testing-from-ghcr, testing-from-build] - steps: - - name: Repository Dispatch - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - event-type: ready-to-merge - client-payload: '{"github": ${{ toJson(github) }}}' - if: github.event_name == 'pull_request' + # repo-event: + # if: ${{ github.base_ref == 'prod' && always() }} + # name: Set Repository Event + # permissions: + # contents: write + # runs-on: ubuntu-latest + # needs: [terraform-plan-staging, testing-from-ghcr, testing-from-build] + # steps: + # - name: Repository Dispatch + # uses: peter-evans/repository-dispatch@v3 + # with: + # token: ${{ secrets.GITHUB_TOKEN }} + # event-type: ready-to-merge + # client-payload: '{"github": ${{ toJson(github) }}}' + # if: github.event_name == 'pull_request' diff --git a/.github/workflows/staging-scheduled-deploy.yml b/.github/workflows/staging-scheduled-deploy.yml index 41a167c0e3..35657a8666 100644 --- a/.github/workflows/staging-scheduled-deploy.yml +++ b/.github/workflows/staging-scheduled-deploy.yml @@ -1,49 +1,49 @@ ---- -name: Scheduled Deploy From Main to Staging -on: - schedule: - # Invoke every Mon-Sat - - cron: '0 10 * * 1-6' - workflow_dispatch: null - -jobs: - trivy-scan: - uses: ./.github/workflows/trivy.yml - secrets: inherit - permissions: - contents: read - packages: write - actions: read - security-events: write - - build-container: - needs: - - trivy-scan - uses: ./.github/workflows/build-docker-container.yml - secrets: inherit - permissions: - contents: read - packages: write - with: - docker-name: fac - image-name: web-container - repo-name: gsa-tts/fac - work-dir: ./backend - - testing: - name: Run Django, Lighthouse, a11y and lint - needs: - - build-container - uses: ./.github/workflows/testing-from-ghcr.yml - secrets: inherit - - linting: - uses: ./.github/workflows/linting.yml - secrets: inherit - - create-pr: - needs: - - testing - name: Create Pull Request to Staging - uses: ./.github/workflows/create-pull-request-to-staging.yml - secrets: inherit +--- +name: Scheduled Deploy From Main to Staging +on: + # schedule: + # Invoke every Mon-Sat + # - cron: '0 10 * * 1-6' + workflow_dispatch: null + +jobs: + trivy-scan: + uses: ./.github/workflows/trivy.yml + secrets: inherit + permissions: + contents: read + packages: write + actions: read + security-events: write + + build-container: + needs: + - trivy-scan + uses: ./.github/workflows/build-docker-container.yml + secrets: inherit + permissions: + contents: read + packages: write + with: + docker-name: fac + image-name: web-container + repo-name: gsa-tts/fac + work-dir: ./backend + + testing: + name: Run Django, Lighthouse, a11y and lint + needs: + - build-container + uses: ./.github/workflows/testing-from-ghcr.yml + secrets: inherit + + linting: + uses: ./.github/workflows/linting.yml + secrets: inherit + + create-pr: + needs: + - testing + name: Create Pull Request to Staging + uses: ./.github/workflows/create-pull-request-to-staging.yml + secrets: inherit