[feat] Migrating to GitHub Actions

Introducing cd.yml and ci_master.yml worfklows, to tackle safe deployment to AWS S3 service. ``` The new trigger workflow_run was introduced to enable scenarios that require building the untrusted code and also need write permissions to update the PR with e.g. code coverage results or other test results. To do this in a secure manner, the untrusted code must be handled via the pull_request trigger so that it is isolated in an unprivileged environment. ```
mattermost · Aug 21, 2023 · b8ab819 · b8ab819
1 parent 5bc7d0c
commit b8ab819
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 0 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -0,0 +1,29 @@
+name: CD
+on:
+  workflow_run:
+    workflows: ["CI Master"]
+    types:
+      - completed
+permissions:
+  contents: read
+jobs:
+  s3-release-prod:
+    runs-on: ubuntu-latest
+    steps:
+    - name: cd/Configure AWS
+      uses: aws-actions/configure-aws-credentials@07c2f971bac433df982ccc261983ae443861db49 # v1-node16
+      with:
+        aws-region: us-east-1
+        aws-access-key-id: ${{ secrets.DOCS_BUILDS_BUCKET_AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.DOCS_BUILDS_BUCKET_AWS_SECRET_ACCESS_KEY }}
+    - name: cd/Download artifacts
+      uses: dawidd6/action-download-artifact@0c49384d39ceb023b8040f480a25596fd6cf441b # v2.26.0
+      with:
+        workflow: ${{ github.event.workflow_run.workflow_id }}
+        run_id: ${{ github.event.workflow_run.id }}
+        workflow_conclusion: success
+        name: docs
+        path: build/html
+    - name: cd/Upload artifacts to S3
+      run: |
+        aws s3 cp build/html s3://docs.mattermost.com/ --recursive --cache-control no-cache --acl public-read --no-progress
diff --git a/.github/workflows/ci_master.yml b/.github/workflows/ci_master.yml
@@ -0,0 +1,30 @@
+name: CI Master
+on:
+  push:
+    branches:
+      - master
+permissions:
+  contents: read
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: ci/Checkout code
+      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+    - uses: actions/setup-python@db9987b4c1f10f0404fa60ee629f675fafbd6763 # v4.6.0
+      with:
+        python-version: '3.9'
+    - name: ci/Build
+      run: |
+        make python-deps
+        make html
+    - name: ci/Persist docs artifacts
+      uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05 # v3.1.2
+      with:
+        name: docs
+        path: build/html
+    - name: ci/Persist doc logs artifacts
+      uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05 # v3.1.2
+      with:
+        name: doc-logs
+        path: build/*.log