-
Notifications
You must be signed in to change notification settings - Fork 8.1k
141 lines (120 loc) · 4.77 KB
/
pr-review-companion.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# NOTE! This is a copy of
# https://github.com/mdn/content/blob/main/.github/workflows/pr-review-companion.yml
# with absolutely minor differences.
# Things to do and run after a "PR Test" workflow has finished successfully.
# Note, as of right now, this workflow does a bunch of things. It might be
# worth considering to break it up so there's a dedicated post-PR
# workflow just to posting PR comments about flaws, for example.
name: PR review companion
on:
workflow_run:
workflows: ["PR Test"]
types:
- completed
jobs:
review:
runs-on: ubuntu-latest
if: >
${{ github.repository == 'mdn/translated-content' &&
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success' }}
steps:
- name: "Download artifact"
uses: actions/github-script@v6
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifacts = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "build"
});
if (matchArtifacts.length === 0) {
console.warn(
'No artifacts to download probably just means nothing ' +
'was built in the "PR test" workflow. That\'s OK. ' +
'This is actually not a genuine CI error.'
);
throw new Error(
'No matched build artifacts. ' +
'Perhaps nothing built in the "PR test" workflow'
);
}
var matchArtifact = matchArtifacts[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/build.zip', Buffer.from(download.data));
- name: Unzip what was downloaded
run: |
7z x build.zip -obuild -bb1
- uses: actions/checkout@v3
with:
repository: mdn/yari
path: yari
- name: Install Python
id: setup-python
uses: actions/setup-python@v4
with:
python-version: "3.10"
# See https://www.peterbe.com/plog/install-python-poetry-github-actions-faster
- name: Load cached ~/.local
uses: actions/cache@v3
with:
path: ~/.local
# the trailing number is used to increase for getting
# a different cache key when this file changes
key: dotlocal-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-0
- name: Install Python poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: yari/deployer/.venv
# the trailing number is used to increase for getting
# a different cache key when this file changes
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}-${{ steps.setup-python.outputs.python-version }}-0
- name: Install poetry dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: |
cd yari/deployer
poetry install --no-interaction --no-root
- name: Install Deployer
run: |
cd yari/deployer
poetry install --no-interaction
- name: Deploy and analyze built content
env:
BUILD_OUT_ROOT: ${{ github.workspace }}/build
DEPLOYER_BUCKET_NAME: mdn-content-dev
AWS_ACCESS_KEY_ID: ${{ secrets.DEPLOYER_DEV_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DEPLOYER_DEV_AWS_SECRET_ACCESS_KEY }}
DEPLOYER_LOG_EACH_SUCCESSFUL_UPLOAD: false
run: |
PR_NUMBER=`cat build/NR`
echo "Pull request:"
echo "https://github.com/mdn/translated-content/pull/$PR_NUMBER"
cd yari/deployer
poetry run deployer upload \
--prefix="pr$PR_NUMBER" \
--default-cache-control 0 \
"$BUILD_OUT_ROOT"
poetry run deployer analyze-pr-build \
--prefix="pr$PR_NUMBER" \
--analyze-flaws \
--analyze-dangerous-content \
--github-token="${{secrets.GITHUB_TOKEN}}" \
--repo=$GITHUB_REPOSITORY \
--pr-number=$PR_NUMBER \
--diff-file=$BUILD_OUT_ROOT/DIFF \
$BUILD_OUT_ROOT