CD #26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | |
| on: | |
| workflow_run: | |
| workflows: [CI] | |
| types: [completed] | |
| branches: [main, master] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: cd-${{ github.event.workflow_run.head_branch }} | |
| cancel-in-progress: false | |
| jobs: | |
| deploy: | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Deploy | |
| uses: appleboy/ssh-action@0ff4204d59e8e51228ff73bce53f80d53301dee2 # v1.2.5 | |
| with: | |
| host: ${{ secrets.SSH_HOST }} | |
| port: ${{ secrets.SSH_PORT }} | |
| username: ${{ secrets.SSH_USER }} | |
| key: ${{ secrets.SSH_KEY }} | |
| script: | | |
| set -e | |
| cd Projects/azalea | |
| git pull origin main | |
| bash scripts/deploy.sh | |
| - name: Checkout source for Sentry release | |
| # Read package.json + commit history. The release ID must match | |
| # `Sentry.init`'s `release` value (name@version) so issues link | |
| # back to the deploy that introduced them. Checkout is cheap, so | |
| # always run; the actual release step no-ops if Sentry is unset. | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha }} | |
| fetch-depth: 0 | |
| - name: Sentry release | |
| # Becomes a no-op silently when SENTRY_AUTH_TOKEN is unset, which | |
| # makes the release step fully opt-in. Failures are non-fatal — | |
| # the deploy already succeeded; release tagging is best-effort. | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG: ${{ vars.SENTRY_ORG }} | |
| SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }} | |
| run: | | |
| if [ -z "$SENTRY_AUTH_TOKEN" ]; then | |
| echo "SENTRY_AUTH_TOKEN not set; skipping Sentry release." | |
| exit 0 | |
| fi | |
| NAME="$(node -p "require('./package.json').name")" | |
| VERSION="$(node -p "require('./package.json').version")" | |
| RELEASE="${NAME}@${VERSION}" | |
| curl -sL https://sentry.io/get-cli/ | bash | |
| sentry-cli releases new "$RELEASE" | |
| sentry-cli releases set-commits "$RELEASE" --auto || true | |
| sentry-cli releases finalize "$RELEASE" | |
| sentry-cli releases deploys "$RELEASE" new --env "${SENTRY_ENVIRONMENT:-production}" | |
| - name: Notify Discord | |
| # Always runs so failures are reported too. Becomes a no-op | |
| # silently when the DISCORD_WEBHOOK_URL secret is unset, which | |
| # makes the notification fully opt-in. | |
| if: always() | |
| env: | |
| DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| STATUS: ${{ job.status }} | |
| REPO: ${{ github.repository }} | |
| SHA: ${{ github.event.workflow_run.head_sha }} | |
| BRANCH: ${{ github.event.workflow_run.head_branch }} | |
| MESSAGE: ${{ github.event.workflow_run.head_commit.message }} | |
| ACTOR: ${{ github.event.workflow_run.actor.login }} | |
| RUN_URL: ${{ github.event.workflow_run.html_url }} | |
| run: | | |
| if [ -z "$DISCORD_WEBHOOK_URL" ]; then | |
| echo "DISCORD_WEBHOOK_URL not set; skipping notification." | |
| exit 0 | |
| fi | |
| case "$STATUS" in | |
| success) COLOR=3066993; TITLE="✅ azalea deploy succeeded";; | |
| failure) COLOR=15158332; TITLE="❌ azalea deploy failed";; | |
| cancelled) COLOR=10070709; TITLE="🟤 azalea deploy cancelled";; | |
| *) COLOR=10070709; TITLE="ℹ️ azalea deploy ${STATUS}";; | |
| esac | |
| SHORT_SHA="${SHA:0:7}" | |
| FIRST_LINE="$(printf '%s' "$MESSAGE" | head -1)" | |
| jq -n \ | |
| --arg title "$TITLE" \ | |
| --argjson color "$COLOR" \ | |
| --arg description "$FIRST_LINE" \ | |
| --arg repo "$REPO" \ | |
| --arg branch "$BRANCH" \ | |
| --arg short_sha "$SHORT_SHA" \ | |
| --arg full_sha "$SHA" \ | |
| --arg actor "$ACTOR" \ | |
| --arg run_url "$RUN_URL" \ | |
| '{ | |
| embeds: [{ | |
| title: $title, | |
| url: $run_url, | |
| color: $color, | |
| description: $description, | |
| fields: [ | |
| { name: "Repo", value: $repo, inline: true }, | |
| { name: "Branch", value: $branch, inline: true }, | |
| { name: "Commit", value: ("[`" + $short_sha + "`](https://github.com/" + $repo + "/commit/" + $full_sha + ")"), inline: true }, | |
| { name: "Actor", value: $actor, inline: true } | |
| ], | |
| timestamp: (now | todate) | |
| }] | |
| }' \ | |
| | curl -fsS -X POST -H "Content-Type: application/json" --data-binary @- "$DISCORD_WEBHOOK_URL" |