From a31dcb6df8dc694c1518fab6442fbc5487ea7421 Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Thu, 28 Mar 2024 21:30:13 -0500 Subject: [PATCH] Add Pull Request deployment workflow --- .github/workflows/build.yml | 104 ++++++++++++++++++++++++++++ .github/workflows/cleanup.yml | 49 +++++++++++++ .github/workflows/deploy.yml | 72 +++++++++++++++++++ .github/workflows/download-repo.yml | 50 +++++++++++++ .github/workflows/mirror.yml | 9 +++ .github/workflows/preview-pr.yml | 86 +++++++++++++++++++++++ .github/workflows/release.yml | 4 ++ 7 files changed, 374 insertions(+) create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/cleanup.yml create mode 100644 .github/workflows/deploy.yml create mode 100644 .github/workflows/download-repo.yml create mode 100644 .github/workflows/preview-pr.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..02cc3a85 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,104 @@ +# Copyright (c) 2024 Jonah Aragon + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: Build Website + +on: + workflow_call: + inputs: + ref: + required: true + type: string + repo: + required: true + type: string + lang: + required: true + type: string + i18n: + required: true + type: boolean + +jobs: + build: + runs-on: ubuntu-latest + continue-on-error: ${{ inputs.i18n }} + permissions: + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + repository: ${{ inputs.repo }} + ref: ${{ inputs.ref }} + persist-credentials: 'false' + + - uses: actions/download-artifact@v4 + with: + path: modules + + - run: | + rmdir modules/mkdocs-material + mv modules/mkdocs-material-insiders modules/mkdocs-material + rmdir theme/assets/brand + mv modules/brand theme/assets/brand + + - if: inputs.i18n + run: | + cp -rl modules/i18n/i18n . + cp -rl modules/i18n/includes . + cp -rl modules/i18n/theme . + + - name: Python setup + uses: actions/setup-python@v5 + with: + python-version: '3.8' + cache: 'pipenv' + + - name: Cache files + uses: actions/cache@v4.0.2 + with: + key: ${{ inputs.ref }} + path: .cache + + - name: Install Python dependencies + run: | + pip install pipenv + pipenv install + sudo apt install pngquant + + - name: Build website + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CARDS: false + CONTEXT: deploy-preview + NETLIFY: true + run: | + pipenv run mkdocs build --config-file config/mkdocs.${{ inputs.lang }}.yml + cp -r static/* site/ + pipenv run mkdocs --version + tar -czvf site-build-${{ inputs.lang }}.tar.gz site + + - name: Upload tar.gz file + uses: actions/upload-artifact@v4 + with: + name: site-build-${{ inputs.lang }}.tar.gz + path: site-build-${{ inputs.lang }}.tar.gz diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml new file mode 100644 index 00000000..edb70251 --- /dev/null +++ b/.github/workflows/cleanup.yml @@ -0,0 +1,49 @@ +# Copyright (c) 2024 Jonah Aragon + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: Cleanup Artifacts + +on: + workflow_call: + +jobs: + brand: + runs-on: ubuntu-latest + steps: + - uses: geekyeggo/delete-artifact@v5 + with: + name: brand + failOnError: false + + i18n: + runs-on: ubuntu-latest + steps: + - uses: geekyeggo/delete-artifact@v5 + with: + name: i18n + failOnError: false + + mkdocs-material-insiders: + runs-on: ubuntu-latest + steps: + - uses: geekyeggo/delete-artifact@v5 + with: + name: mkdocs-material-insiders + failOnError: false diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 00000000..54f7502b --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,72 @@ +# Copyright (c) 2024 Jonah Aragon + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: Cleanup Artifacts + +on: + workflow_call: + inputs: + netlify: + type: boolean + netlify_alias: + type: string + outputs: + netlify_address: + value: ${{ jobs.netlify.outputs.address }} + secrets: + NETLIFY_TOKEN: + +jobs: + netlify: + if: inputs.netlify + runs-on: ubuntu-latest + outputs: + address: ${{ steps.deployment.outputs.address }} + + environment: + name: preview-netlify + url: ${{ steps.deployment.outputs.address }} + + steps: + - uses: actions/download-artifact@v4 + with: + pattern: site-build-* + merge-multiple: true + + - run: | + for file in *.tar.gz; do tar -zxf "$file"; done + wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml + ls -la site/ + + - uses: actions/setup-node@v4 + + - run: | + npm install netlify-cli -g + + - name: Limit length of Netlify alias to 12 + run: echo "SHORT_ALIAS=`echo ${{ inputs.netlify_alias }} | cut -c1-12`" >> $GITHUB_ENV + + - id: deployment + env: + NETLIFY_SITE_ID: ${{ vars.NETLIFY_SITE }} + NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }} + run: | + netlify deploy --dir=site --alias=${{ env.SHORT_ALIAS }} + echo "address=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/download-repo.yml b/.github/workflows/download-repo.yml new file mode 100644 index 00000000..730d3f0a --- /dev/null +++ b/.github/workflows/download-repo.yml @@ -0,0 +1,50 @@ +# Copyright (c) 2024 Jonah Aragon + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: Download repository + +on: + workflow_call: + inputs: + repo: + required: true + type: string + secrets: + ACTIONS_SSH_KEY: + required: true + +jobs: + download: + runs-on: ubuntu-latest + environment: + name: actions-ssh + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + repository: 'privacyguides/${{ inputs.repo }}' + path: ${{ inputs.repo }} + ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} + + - uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.repo }} + path: ${{ inputs.repo }} + retention-days: 1 diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml index be05831c..0c71de90 100644 --- a/.github/workflows/mirror.yml +++ b/.github/workflows/mirror.yml @@ -29,6 +29,9 @@ concurrency: jobs: gitlab: runs-on: ubuntu-latest + environment: + name: actions-ssh + url: https://gitlab.com/privacyguides/privacyguides.org steps: - name: Mirror to GitLab uses: wearerequired/git-mirror-action@v1 @@ -40,6 +43,9 @@ jobs: codeberg: runs-on: ubuntu-latest + environment: + name: actions-ssh + url: https://codeberg.org/privacyguides/privacyguides.org steps: - name: Mirror to Codeberg uses: wearerequired/git-mirror-action@v1 @@ -51,6 +57,9 @@ jobs: sourcehut: runs-on: ubuntu-latest + environment: + name: actions-ssh + url: https://git.sr.ht/~jonaharagon/privacyguides.org steps: - name: Mirror to SourceHut uses: wearerequired/git-mirror-action@v1 diff --git a/.github/workflows/preview-pr.yml b/.github/workflows/preview-pr.yml new file mode 100644 index 00000000..a69bda34 --- /dev/null +++ b/.github/workflows/preview-pr.yml @@ -0,0 +1,86 @@ +# Copyright (c) 2024 Jonah Aragon + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: Build Pull Request Preview + +on: + pull_request_target: + +permissions: + pull-requests: write + contents: read + +jobs: + downloadSubmodules: + strategy: + matrix: + repo: [mkdocs-material-insiders, brand, i18n] + uses: ./.github/workflows/download-repo.yml + with: + repo: ${{ matrix.repo }} + secrets: + ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }} + + build: + needs: downloadSubmodules + strategy: + matrix: + lang: [es, fr, he, it, nl, ru, zh-Hant] + i18n: [true] + include: + - lang: en + i18n: false + fail-fast: false + permissions: + contents: read + uses: ./.github/workflows/build.yml + with: + ref: ${{github.event.pull_request.head.ref}} + repo: ${{github.event.pull_request.head.repo.full_name}} + lang: ${{ matrix.lang }} + i18n: ${{ matrix.i18n }} + + deploy: + needs: build + uses: ./.github/workflows/deploy.yml + with: + netlify: true + netlify_alias: ${{ github.event.pull_request.head.sha }} + secrets: + NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} + + comment: + permissions: + pull-requests: write + needs: deploy + runs-on: ubuntu-latest + env: + address: ${{ needs.deploy.outputs.netlify_address }} + steps: + + - uses: thollander/actions-comment-pull-request@v2 + with: + message: | + This is a test :eyes: ${{ env.address }} + comment_tag: deployment + + cleanup: + needs: deploy + uses: ./.github/workflows/cleanup.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1fea9be0..ac67fd23 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,6 +29,8 @@ jobs: production: name: Push release to production runs-on: ubuntu-latest + environment: + name: actions-ssh permissions: contents: write @@ -47,6 +49,8 @@ jobs: build: name: Create release packages runs-on: ubuntu-latest + environment: + name: actions-ssh steps: - name: Checkout repository