-
Notifications
You must be signed in to change notification settings - Fork 800
294 lines (264 loc) · 10.7 KB
/
post-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
name: Post-Build
run-name: Post-Build on ${{ github.event.workflow_run.head_branch }}
on:
workflow_run:
types: [ 'completed' ]
workflows:
- Build
concurrency:
# Cancel concurrent jobs on pull_request but not push, by including the run_id in the concurrency group for the latter.
group: post-build-${{ github.event.workflow_run.event == 'push' && github.run_id || 'pr' }}-${{ github.event.workflow_run.head_branch }}
cancel-in-progress: true
env:
COMPOSER_ROOT_VERSION: "dev-trunk"
SUMMARY: Post-Build run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for Build run [#${{ github.event.workflow_run.id }}](${{ github.event.workflow_run.html_url }})
permissions:
actions: read
contents: read
pull-requests: read
# Note the job logic here is a bit unusual. That's because this workflow is triggered by `workflow_run`, and so is not shown on the PR by default.
# Instead we have to manually report back, including where we could normally just skip or let a failure be handled.
# - If the "Build" job failed, we need to set our status as failed too (build_failed).
# - If the find_artifact job fails for some reason, we need a step to explicitly report that back.
# - If no plugins are found, we need to explicitly report back a "skipped" status.
# - And the upgrade_test job both explicitly sets "in progress" at its start and updates at its end.
#
# If you're wanting to add a new check, you'd want to do the following:
# - Add a step in the `setup` workflow to create your check, and a corresponding output for later steps to have the ID.
# - Add a step in the `build_failed` workflow to set your run to cancelled.
# - Add a job to run whatever tests you need to run, with steps similar to the `upgrade_test` workflow's "Get token", "Notify check in progress", and "Notify final status".
# - Add a step in the `no_plugins` workflow to set your run to skipped if your job only runs when there are plugins built.
jobs:
setup:
name: Setup
runs-on: ubuntu-latest
timeout-minutes: 2 # 2022-12-20: Seems like it should be fast.
outputs:
upgrade_check: ${{ steps.upgrade_check.outputs.id }}
steps:
- name: Log info
run: |
echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY
- uses: actions/checkout@v4
- name: Get token
id: get_token
uses: ./.github/actions/gh-app-token
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: 'Create "Test plugin upgrades" check'
id: upgrade_check
uses: ./.github/actions/check-run
with:
name: Test plugin upgrades
sha: ${{ github.event.workflow_run.head_sha }}
status: queued
title: Test queued...
summary: |
${{ env.SUMMARY }}
token: ${{ steps.get_token.outputs.token }}
build_failed:
name: Handle build failure
runs-on: ubuntu-latest
needs: setup
if: github.event.workflow_run.conclusion != 'success'
timeout-minutes: 2 # 2022-08-26: Seems like it should be fast.
steps:
- uses: actions/checkout@v4
- name: Get token
id: get_token
uses: ./.github/actions/gh-app-token
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: 'Mark "Test plugin upgrades" cancelled'
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.upgrade_check }}
conclusion: cancelled
title: Build failed
summary: |
${{ env.SUMMARY }}
Post-build run aborted because the build did not succeed.
token: ${{ steps.get_token.outputs.token }}
find_artifact:
name: Find artifact
runs-on: ubuntu-latest
needs: setup
if: github.event.workflow_run.conclusion == 'success'
timeout-minutes: 2 # 2022-08-26: Seems like it should be fast.
outputs:
zip_url: ${{ steps.run.outputs.zip_url }}
any_plugins: ${{ steps.run.outputs.any_plugins }}
steps:
- uses: actions/checkout@v4
- name: Find artifact
id: run
env:
TOKEN: ${{ github.token }}
URL: ${{ github.event.workflow_run.artifacts_url }}
run: |
for (( i=1; i<=5; i++ )); do
[[ $i -gt 1 ]] && sleep 10
echo "::group::Fetch list of artifacts (attempt $i/5)"
JSON="$(curl -v -L --get \
--header "Authorization: token $TOKEN" \
--url "$URL"
)"
echo "$JSON"
echo "::endgroup::"
ZIPURL="$(jq -r '.artifacts[] | select( .name == "jetpack-build" ) | .archive_download_url' <<<"$JSON")"
PLUGINS="$(jq -r '.artifacts[] | select( .name == "plugins.tsv" )' <<<"$JSON")"
if [[ -n "$ZIPURL" ]]; then
break
fi
done
[[ -z "$ZIPURL" ]] && { echo "::error::Failed to find artifact."; exit 1; }
echo "Zip URL: $ZIPURL"
echo "zip_url=${ZIPURL}" >> "$GITHUB_OUTPUT"
if [[ -z "$PLUGINS" ]]; then
echo "Any plugins? No"
echo "any_plugins=false" >> "$GITHUB_OUTPUT"
else
echo "Any plugins? Yes"
echo "any_plugins=true" >> "$GITHUB_OUTPUT"
fi
- name: Get token
id: get_token
if: ${{ ! success() }}
uses: ./.github/actions/gh-app-token
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: 'Mark "Test plugin upgrades" failed'
if: ${{ ! success() }}
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.upgrade_check }}
conclusion: failure
title: Failed to find build artifact
summary: |
${{ env.SUMMARY }}
Post-build run aborted because the "Find artifact" step failed.
token: ${{ steps.get_token.outputs.token }}
no_plugins:
name: Handle no-plugins
runs-on: ubuntu-latest
needs: [ setup, find_artifact ]
if: needs.find_artifact.outputs.any_plugins == 'false'
timeout-minutes: 2 # 2022-08-26: Seems like it should be fast.
steps:
- uses: actions/checkout@v4
- name: Get token
id: get_token
uses: ./.github/actions/gh-app-token
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: 'Mark "Test plugin upgrades" skipped'
uses: ./.github/actions/check-run
with:
id: ${{ needs.setup.outputs.upgrade_check }}
conclusion: skipped
title: No plugins were built
summary: |
${{ env.SUMMARY }}
Post-build run skipped because no plugins were built.
token: ${{ steps.get_token.outputs.token }}
upgrade_test:
name: Test plugin upgrades
runs-on: ubuntu-latest
needs: [ setup, find_artifact ]
if: needs.find_artifact.outputs.any_plugins == 'true'
timeout-minutes: 15 # 2022-08-26: Successful runs seem to take about 6 minutes, but give some extra time for the downloads.
services:
db:
image: mariadb:lts
env:
MARIADB_ROOT_PASSWORD: wordpress
ports:
- 3306:3306
options: --health-cmd="healthcheck.sh --su-mysql --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=5
container:
image: ghcr.io/automattic/jetpack-wordpress-dev:latest
env:
WP_DOMAIN: localhost
WP_ADMIN_USER: wordpress
WP_ADMIN_EMAIL: [email protected]
WP_ADMIN_PASSWORD: wordpress
WP_TITLE: Hello World
MYSQL_HOST: db:3306
MYSQL_DATABASE: wordpress
MYSQL_USER: root
MYSQL_PASSWORD: wordpress
HOST_PORT: 80
ports:
- 80:80
steps:
- uses: actions/checkout@v4
with:
path: trunk
- uses: actions/checkout@v4
with:
ref: ${{ github.event.workflow_run.head_commit.id }}
path: commit
- name: Get token
id: get_token
uses: ./trunk/.github/actions/gh-app-token
env:
# Work around a weird node 16/openssl 3 issue in the docker env
OPENSSL_CONF: '/dev/null'
with:
app_id: ${{ secrets.JP_LAUNCH_CONTROL_ID }}
private_key: ${{ secrets.JP_LAUNCH_CONTROL_KEY }}
- name: Notify check in progress
uses: ./trunk/.github/actions/check-run
with:
id: ${{ needs.setup.outputs.upgrade_check }}
status: in_progress
title: Test started...
summary: |
${{ env.SUMMARY }}
See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.
token: ${{ steps.get_token.outputs.token }}
- name: Download build artifact
env:
TOKEN: ${{ github.token }}
ZIPURL: ${{ needs.find_artifact.outputs.zip_url }}
shell: bash
run: |
for (( i=1; i<=2; i++ )); do
[[ $i -gt 1 ]] && sleep 10
echo "::group::Downloading artifact (attempt $i/2)"
curl -v -L --get \
--header "Authorization: token $TOKEN" \
--url "$ZIPURL" \
--output "artifact.zip"
echo "::endgroup::"
if [[ -e "artifact.zip" ]] && zipinfo artifact.zip &>/dev/null; then
break
fi
done
[[ ! -e "artifact.zip" ]] && { echo "::error::Failed to download artifact."; exit 1; }
unzip artifact.zip
tar --xz -xvvf build.tar.xz build
- name: Setup WordPress
run: trunk/.github/files/test-plugin-update/setup.sh
- name: Prepare plugin zips
id: zips
run: trunk/.github/files/test-plugin-update/prepare-zips.sh
- name: Test upgrades
id: tests
run: trunk/.github/files/test-plugin-update/test.sh
- name: Notify final status
if: always()
uses: ./trunk/.github/actions/check-run
with:
id: ${{ needs.setup.outputs.upgrade_check }}
conclusion: ${{ job.status }}
title: ${{ job.status == 'success' && 'Tests passed' || job.status == 'cancelled' && 'Cancelled' || 'Tests failed' }}
summary: |
${{ env.SUMMARY }}
${{ steps.zips.outputs.info }}${{ steps.tests.outputs.info }}
See run [#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.
token: ${{ steps.get_token.outputs.token }}