Skip to content

Deploy preview for PR #79

Deploy preview for PR

Deploy preview for PR #79

name: Deploy preview for PR
on:
workflow_run:
workflows:
- "Build preview for PR"
types:
- completed
permissions:
contents: read
id-token: write
pull-requests: write
concurrency:
group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch }}
cancel-in-progress: false
env:
HUGO_BASEURL: "https://preview-developer.espressif.com/"
AWS_S3_BUCKET: ${{ secrets.PREVIEW_AWS_BUCKET_NAME }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
jobs:
determine-sync-status:
runs-on: ubuntu-latest
outputs:
pr-number: ${{ steps.read-pr-num.outputs.PR_NUMBER }}
sync-status: ${{ steps.check-checksums-s3.outputs.SYNC_STATUS }}
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
steps:
- name: Download artifacts (PR number file)
uses: actions/download-artifact@v4
with:
name: pr-num
path: ./
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Read PR number from file
id: read-pr-num
run: |
echo "PR_NUMBER=$(cat pr-num.txt)" >> $GITHUB_OUTPUT
- name: Check if checksums-s3.txt is in S3 bucket
id: check-checksums-s3
run: |
if aws s3 ls s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr$(cat pr-num.txt)/checksums-s3.txt; then
echo "SYNC_STATUS=update" >> $GITHUB_OUTPUT
else
echo "SYNC_STATUS=replace" >> $GITHUB_OUTPUT
fi
replace-files:
runs-on: ubuntu-latest
needs: determine-sync-status
if: ${{ needs.determine-sync-status.outputs.sync-status == 'replace' }}
steps:
- name: Download artifacts (Public folder)
uses: actions/download-artifact@v4
with:
name: public-folder
path: ./public
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Sync public folder with S3 bucket
run: |
aws s3 sync "$SOURCE_DIR" "$DEST_DIR" --follow-symlinks --delete --cache-control no-cache
env:
SOURCE_DIR: './public'
DEST_DIR: "s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr${{ needs.determine-sync-status.outputs.pr-number }}"
- name: Download checksums-ci.txt from artifacts
uses: actions/download-artifact@v4
with:
name: checksums-ci
path: ./
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Copy checksums-ci.txt to s3 bucket
run: |
aws s3 cp ./checksums-ci.txt s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr${{ needs.determine-sync-status.outputs.pr-number }}/checksums-s3.txt
update-files:
runs-on: ubuntu-latest
needs: determine-sync-status
if: ${{ needs.determine-sync-status.outputs.sync-status == 'update' }}
steps:
- name: Download checksums-s3.txt from S3 bucket
run: |
aws s3 cp s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr${{ needs.determine-sync-status.outputs.pr-number }}/checksums-s3.txt ./checksums-s3.txt
- name: Download checksums-ci.txt from artifacts
uses: actions/download-artifact@v4
with:
name: checksums-ci
path: ./
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Download artifacts (Public folder)
uses: actions/download-artifact@v4
with:
name: public-folder
path: ./public
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Compare checksums and update public-update folder
run: |
mkdir -p ./public-update
# Find outdated files and remove them (unique checksums in checksums-s3.txt)
comm -23 checksums-s3.txt checksums-ci.txt | awk '{print $1}' > outdated-files.txt
if [ -s outdated-files.txt ]; then
echo "Removing outdated files from S3:"
cat outdated-files.txt
for file in $(cat outdated-files.txt); do
aws s3 rm s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr${{ needs.determine-sync-status.outputs.pr-number }}/$file > /dev/null 2>&1
done
fi
# Copy updated files to public-update (unique checksums in checksums-ci.txt)
comm -13 checksums-s3.txt checksums-ci.txt | awk '{print $1}' > updated-files.txt
if [ -s updated-files.txt ]; then
echo "Copying updated files to local sync folder:"
cat updated-files.txt
for file in $(cat updated-files.txt); do
mkdir -p ./public-update/$(dirname "$file")
cp ./public/$file ./public-update/$file
done
fi
- name: Sync public-update with S3 bucket
run: |
aws s3 sync "$SOURCE_DIR" "$DEST_DIR" --follow-symlinks --cache-control no-cache
env:
SOURCE_DIR: './public-update'
DEST_DIR: "s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr${{ needs.determine-sync-status.outputs.pr-number }}"
- name: Copy checksums-ci.txt to s3 bucket
run: |
aws s3 cp ./checksums-ci.txt s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr${{ needs.determine-sync-status.outputs.pr-number }}/checksums-s3.txt
- name: Calculate checksums for S3 bucket files
run: |
TEMP_DIR=$(mktemp -d)
aws s3 sync "s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr${{ needs.determine-sync-status.outputs.pr-number }}" "$TEMP_DIR" --follow-symlinks
cd "$TEMP_DIR"
find . -type f ! -name "checksums-s3.txt" -exec sha256sum {} + | awk '{print $2, $1}' | sort > "$GITHUB_WORKSPACE/checksums-s3-verify.txt"
- name: Compare checksums of S3 bucket and CI files
run: |
cd "$GITHUB_WORKSPACE"
if diff checksums-ci.txt checksums-s3-verify.txt > diff-output.txt; then
echo "Checksums match. No differences found."
else
echo "Checksums do not match! Differences:"
cat diff-output.txt
exit 1
fi
notifications-and-cleanup:
runs-on: ubuntu-latest
needs: [determine-sync-status, replace-files, update-files]
if: |
always()
&& contains(needs.*.result, 'success')
&& !contains(needs.*.result, 'failure')
steps:
- name: Post Preview Link to PR
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
try {
const { data: comments } = await github.rest.issues.listComments({
issue_number: ${{ needs.determine-sync-status.outputs.pr-number }},
owner: context.repo.owner,
repo: context.repo.repo
});
// Define the comment body
const commentBody = `🎉 A preview for this PR is available at: ${{ env.HUGO_BASEURL }}pr${{ needs.determine-sync-status.outputs.pr-number }}/`;
// Look for an existing comment containing the specific text
const existingComment = comments.find(comment =>
comment.body.includes("🎉 A preview for this PR is available at:")
);
if (existingComment) {
// Delete the existing comment
await github.rest.issues.deleteComment({
comment_id: existingComment.id,
owner: context.repo.owner,
repo: context.repo.repo
});
}
// Create a new comment
await github.rest.issues.createComment({
issue_number: ${{ needs.determine-sync-status.outputs.pr-number }},
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});
} catch (error) {
core.setFailed(`Failed to manage PR comment: ${error.message}`);
}
- name: Invalidate CloudFront cache for PR
uses: chetan/invalidate-cloudfront-action@v2
env:
PATHS: "/pr${{ needs.determine-sync-status.outputs.pr-number }}/*"
DISTRIBUTION: ${{ secrets.PREVIEW_CLOUDFRONT_DISTRIBUTION }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}