-
Notifications
You must be signed in to change notification settings - Fork 0
164 lines (150 loc) · 6.74 KB
/
Copy pathclean-deploy.yml
File metadata and controls
164 lines (150 loc) · 6.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
# Reusable workflow to clean some deployment.
#
# Deletes one or more deployments and runs a follow-up "clean" action
# (for example a repository-dispatch) to perform any repository-specific cleanup required after deployment removal.
# The workflow can be triggered on-demand via a given comment trigger (e.g. `/undeploy`).
#
# Behavior / outputs:
#
# - Deletes matching deployment(s) via the local action at `./actions/deployment/delete`.
# - Exposes deleted environments in step output `environments`.
# - If environments were deleted the workflow will optionally trigger the configured clean action
# (e.g. repository-dispatch) against the target repository and post a summary comment.
name: "Clean deploy"
on:
workflow_call:
inputs:
runs-on:
description: |
JSON array of runner(s) to use.
See https://docs.github.com/en/actions/using-jobs/choosing-the-runner-for-a-job.
type: string
default: '["ubuntu-latest"]'
required: false
github-app-client-id:
description: |
GitHub App Client ID to generate GitHub token in place of github-token.
See https://github.com/actions/create-github-app-token.
required: false
type: string
clean-deploy-type:
description: |
Type of clean-deploy action.
Supported values:
- [`repository-dispatch`](../../actions/clean-deploy/repository-dispatch/README.md).
type: string
required: false
default: repository-dispatch
clean-deploy-parameters:
description: |
Inputs to pass to the clean action.
JSON object, depending on the clean-deploy-type.
For example, for `repository-dispatch`:
```json
{
"repository": "my-org/my-repo"
}
```
type: string
trigger-on-comment:
description: |
Comment trigger to start the workflow.
See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment.
type: string
default: "/undeploy"
required: false
secrets:
github-token:
description: |
GitHub token for deploying.
Permissions:
- contents: write
github-app-key:
description: |
GitHub App private key to generate GitHub token in place of github-token.
See https://github.com/actions/create-github-app-token.
permissions: {}
jobs:
prepare-clean-deploy:
name: Check if should clean deploy
runs-on: ${{ fromJson(inputs.runs-on) }}
permissions:
issues: write
outputs:
trigger: ${{ steps.trigger.outputs.trigger }}
steps:
- id: not-created-issue-comment
if: github.event_name != 'issue_comment'
run: echo "result=true" >> "$GITHUB_OUTPUT"
- uses: shanegenschaw/pull-request-comment-trigger@447b2d08faa9eda4f4e5064b84538cebd8b5ca29 # v3.0.1
id: trigger-on-comment
if: ${{ steps.not-created-issue-comment.outputs.result != 'true' && inputs.trigger-on-comment }}
with:
trigger: ${{ inputs.trigger-on-comment }}
prefix_only: true
reaction: eyes
env:
GITHUB_TOKEN: "${{ github.token }}"
- id: trigger
if: ${{ steps.not-created-issue-comment.outputs.result == 'true' || steps.trigger-on-comment.outputs.triggered == 'true' }}
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
NOT_CREATED_ISSUE_COMMENT: ${{ steps.not-created-issue-comment.outputs.result }}
TRIGGERED: ${{ steps.trigger-on-comment.outputs.triggered }}
EVENT_NAME: ${{ github.event_name }}
with:
script: |
const shouldTrigger = process.env.NOT_CREATED_ISSUE_COMMENT === 'true' || process.env.TRIGGERED === 'true';
if(shouldTrigger) {
core.setOutput("trigger", process.env.EVENT_NAME);
}
clean-deploy:
name: Clean deploy
runs-on: ${{ fromJson(inputs.runs-on) }}
needs: prepare-clean-deploy
if: needs.prepare-clean-deploy.outputs.trigger
permissions:
actions: read
deployments: write
issues: write
pull-requests: write
steps:
- id: local-workflow-actions
uses: hoverkraft-tech/ci-github-common/actions/local-workflow-actions@7034f6ae5bae1ec46a0108e8efb60d102e88961d # 0.37.2
with:
actions-path: actions
- id: prepare-cleaning
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
REPOSITORY: ${{ fromJSON(inputs.clean-deploy-parameters).repository }}
with:
script: |
// Repository
const repository = process.env.REPOSITORY.trim();
if (repository) {
core.setOutput("repository", repository);
const [ownerName, repoName] = repository.split('/');
core.setOutput("owner", ownerName);
}
- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
if: ${{ inputs.github-app-client-id }}
id: generate-token
with:
client-id: ${{ inputs.github-app-client-id }}
private-key: ${{ secrets.github-app-key }} # zizmor: ignore[secrets-outside-env] reusable workflow token override is intentional
owner: ${{ steps.prepare-cleaning.outputs.owner }}
- id: delete-deployment
uses: ./../self-workflow/actions/deployment/delete
with:
token: ${{ steps.generate-token.outputs.token || secrets.github-token || github.token }} # zizmor: ignore[secrets-outside-env] reusable workflow token override is intentional
- uses: ./../self-workflow/actions/clean-deploy/repository-dispatch
if: ${{ steps.delete-deployment.outputs.environments && steps.delete-deployment.outputs.environments != '[]' && inputs.clean-deploy-type == 'repository-dispatch' }}
with:
repository: ${{ steps.prepare-cleaning.outputs.repository }}
environment: ${{ fromJSON(steps.delete-deployment.outputs.environments)[0] }}
github-token: ${{ steps.generate-token.outputs.token || secrets.github-token || github.token }} # zizmor: ignore[secrets-outside-env] reusable workflow token override is intentional
- uses: hoverkraft-tech/ci-github-common/actions/create-or-update-comment@7034f6ae5bae1ec46a0108e8efb60d102e88961d # 0.37.2
if: ${{ steps.delete-deployment.outputs.environments && steps.delete-deployment.outputs.environments != '[]' }}
with:
title: "Deployment(s) have been deleted :wastebasket:."
body: "The following deployment(s) have been deleted:\n\n- ${{ join(fromJSON(steps.delete-deployment.outputs.environments),'\n- ') }}"