docker-mailserver/.github/workflows/docs-preview-deploy.yml

120 lines
5.3 KiB
YAML
Raw Normal View History

docs(ci): Deploy Previews (#1988) * docs(ci): Support deploy previews for documentation Each PR that contributes to docs will generate a unique (to that PR) URL to preview the PR live for review. * docs(ci): Split workflow To support previews from non-collaborators PR contributions, we cannot rely on secrets access from workflows triggered by the `pull_request` event. To do so securely, according to official advice from Github, we must run the third-party contribution in the restricted `pull_request` context, and then use a 2nd workflow to deploy the build (which requires secrets access). * docs(ci): Rename doc workflows + add commit status Better naming convention for documentation workflows. Split workflow only indicated status on PR of the 1st stage (building the preview to deploy), not the deployment progress/result. This needs to be managed more directly until the action better supports split-workflow scenario. * docs(ci): Add concurrency limit to preview deploy workflow This would be more ideal on the 2nd phase workflow (`workflow_run`), however keeping it simple for now. Limits the concurrency of the initial pull request workflow for documentation contributions that have PRs with multiple event triggers in a small time span (before the workflow triggered would complete). The main benefit is to avoid redundant deploys if the initial workflow has been triggered again to build the PR once more. It only will work against concurrent workflows for that PR in the 1st stage, if an existing `workflow_run` (2nd stage) is active for that PR it will not be cancelled. * docs(ci): Add sponsor branding for deploy preview service A requirement from Netlify for the [sponsored OSS organization plan](https://www.netlify.com/legal/open-source-policy). * docs(ci): Use a shared build script Production and Deploy Preview builds are now maintained via the same shell command, so version updates of docker image is in one place. Additionally deletes unnecessary build output which upstream provides no support to exclude. * docs: Add a custom 404 page This is used by the preview deploys on Netlify. Production deploys on Github Pages require a top-level 404 page manually deployed (since all are deployed to a version subpath). This 404 page was custom built and optimized by me. This is the final minified output, separate source to build is available if needed. --- Likewise the `favicon.ico` is a fallback for browsers that implicitly check the domain root for this file if the SVG isn't supported/preferred. Browsers check for this file without it being present in the HTML head meta elements. On Github Pages the `favicon.ico` isn't likely to be picked up by even top-level as typical deployment has the project name as a subpath. The docs however reference a PNG favicon which should be widely supported. The `favicon.ico` was generated by RealFaviconGenerator online tool with SVG source input. It contains 16px, 32px and 48px sizes. Quality is better than the `favicon.io` generator. * chore: Optimized logo SVG source cleaned up and optimized with SVGO 2.3. Minified versions (`.min.svg` extension) remove unnecessary data and white-space to reduce size further for production use. This extension better differentiates by filename that it's different from the `src` version.
2021-05-20 10:24:46 +00:00
name: 'Documentation (run)'
on:
workflow_run:
workflows: ['Documentation (PR)']
types:
- completed
# Note: If limiting concurrency is required for this workflow:
# 1. Add an additional job prior to `preview` to get the PR number make it an output.
# 2. Assign that new job as a `needs` dependency for the `preview` job.
# It is still required for `preview` job to download the artifact so that it can access the preview build files.
# This workflow runs off the primary branch and has access to secrets as expected.
jobs:
preview:
name: 'Deploy Preview'
runs-on: ubuntu-20.04
if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
steps:
# ======================== #
# Restore workflow context #
# ======================== #
# The official Github Action for downloading artifacts does not support multi-workflow
- name: 'Download build artifact'
uses: dawidd6/action-download-artifact@v2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
run_id: ${{ github.event.workflow_run.id }}
workflow: docs-preview-prepare.yml
name: preview-build
- name: 'Extract build artifact'
run: tar -xf artifact.tar.zst
- name: 'Restore preserved ENV'
run: cat pr.env >> "${GITHUB_ENV}"
# ==================== #
# Deploy preview build #
# ==================== #
# Manage workflow deployment status. `enable-commit-status` from `nwtgck/actions-netlify` would handle this,
# but presently does not work correctly via split workflow. It is useful in a split workflow as the 1st stage
# no longer indicates if the entire workflow/deployment was successful.
- name: 'Commit Status: Set Workflow Status as Pending'
uses: myrotvorets/set-commit-status-action@1.0.2
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: pending
# Should match `env.PR_HEADSHA` when triggered by `pull_request` event workflow,
# Avoids failure of ENV being unavailable if job fails early:
sha: ${{ github.event.workflow_run.head_sha }}
context: 'Deploy Preview (pull_request => workflow_run)'
- name: 'Send preview build to Netlify'
uses: nwtgck/actions-netlify@v1.2
id: preview
timeout-minutes: 1
env:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
# Fail the job early if credentials are missing / invalid:
fails-without-credentials: true
# Sets/creates the Netlify deploy URL prefix.
# Uses the PR number for uniqueness:
alias: ${{ env.NETLIFY_SITE_PREFIX }}
# Only publish the contents of the build output:
publish-dir: ${{ env.BUILD_DIR }}
# Custom message for the deploy log on Netlify:
deploy-message: '${{ env.PR_TITLE }} (PR #${{ env.PR_NUMBER }} @ commit: ${{ env.PR_HEADSHA }})'
# Note: Split workflow incorrectly references latest primary branch commit for deployment.
# Assign to non-default Deployment Environment for better management:
github-deployment-environment: documentation-previews
github-deployment-description: 'Preview deploy for documentation PRs'
# Note - PR context used by this action is incorrect. These features are broken with split workflow:
# https://github.com/nwtgck/actions-netlify/issues/545
# Disable unwanted action defaults:
# Disable adding deploy comment on pre-merge commit (Github creates this for PR diff):
enable-commit-comment: false
# Disable adding a "Netlify - Netlify deployment" check status:
enable-commit-status: false
# Disable. We provide a custom PR comment in the next action:
enable-pull-request-comment: false
# If a `netlify.toml` config is ever needed, enable this:
# netlify-config-path: ./docs/netlify.toml
# If ever switching from Github Pages, enable this conditionally (false by default):
# production-deploy: false
- name: 'Comment on PR: Add/Update deployment status'
uses: marocchino/sticky-pull-request-comment@v2
with:
number: ${{ env.PR_NUMBER }}
header: preview-comment
message: |
[Documentation preview for this PR](${{ steps.preview.outputs.deploy-url }}) is ready! :tada:
Built with commit: ${{ env.PR_HEADSHA }}
- name: 'Commit Status: Update deployment status'
uses: myrotvorets/set-commit-status-action@1.0.2
# Always run this step regardless of job failing early:
if: ${{ always() }}
env:
DEPLOY_SUCCESS: Successfully deployed preview.
DEPLOY_FAILURE: Failed to deploy preview.
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status == 'success' && 'success' || 'failure' }}
sha: ${{ github.event.workflow_run.head_sha }}
context: 'Deploy Preview (pull_request => workflow_run)'
description: ${{ job.status == 'success' && env.DEPLOY_SUCCESS || env.DEPLOY_FAILURE }}