mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
71 lines
2.8 KiB
YAML
71 lines
2.8 KiB
YAML
|
# Follow-up of fly-build, with access to secrets for making deployments.
|
||
|
# This workflow runs in the target repo context. It does not, and should never execute user-supplied code.
|
||
|
# See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
|
||
|
|
||
|
name: fly.io Deploy
|
||
|
on:
|
||
|
workflow_run:
|
||
|
workflows: ["fly.io Build"]
|
||
|
types:
|
||
|
- completed
|
||
|
|
||
|
jobs:
|
||
|
deploy:
|
||
|
name: Deploy app to fly.io
|
||
|
runs-on: ubuntu-latest
|
||
|
if: |
|
||
|
github.event.workflow_run.event == 'pull_request' &&
|
||
|
github.event.workflow_run.conclusion == 'success'
|
||
|
steps:
|
||
|
- uses: actions/checkout@v4
|
||
|
- name: Set up flyctl
|
||
|
uses: superfly/flyctl-actions/setup-flyctl@master
|
||
|
with:
|
||
|
version: 0.2.72
|
||
|
- name: Download artifacts
|
||
|
uses: actions/github-script@v7
|
||
|
with:
|
||
|
script: |
|
||
|
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
|
||
|
owner: context.repo.owner,
|
||
|
repo: context.repo.repo,
|
||
|
run_id: ${{ github.event.workflow_run.id }},
|
||
|
});
|
||
|
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
|
||
|
return artifact.name == "docker-image"
|
||
|
})[0];
|
||
|
var download = await github.rest.actions.downloadArtifact({
|
||
|
owner: context.repo.owner,
|
||
|
repo: context.repo.repo,
|
||
|
artifact_id: matchArtifact.id,
|
||
|
archive_format: 'zip',
|
||
|
});
|
||
|
var fs = require('fs');
|
||
|
fs.writeFileSync('${{github.workspace}}/docker-image.zip', Buffer.from(download.data));
|
||
|
- name: Extract artifacts
|
||
|
id: extract_artifacts
|
||
|
run: |
|
||
|
unzip docker-image.zip
|
||
|
cat ./pr-info.txt >> $GITHUB_OUTPUT
|
||
|
- name: Load Docker image
|
||
|
run: docker load --input grist-core.tar
|
||
|
- name: Deploy to fly.io
|
||
|
id: fly_deploy
|
||
|
env:
|
||
|
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
|
||
|
BRANCH_NAME: ${{ steps.extract_artifacts.outputs.PR_SOURCE }}
|
||
|
run: |
|
||
|
node buildtools/fly-deploy.js deploy
|
||
|
flyctl config -c ./fly.toml env | awk '/APP_HOME_URL/{print "DEPLOY_URL=" $2}' >> $GITHUB_OUTPUT
|
||
|
flyctl config -c ./fly.toml env | awk '/FLY_DEPLOY_EXPIRATION/{print "EXPIRES=" $2}' >> $GITHUB_OUTPUT
|
||
|
- name: Comment on PR
|
||
|
uses: actions/github-script@v7
|
||
|
with:
|
||
|
script: |
|
||
|
github.rest.issues.createComment({
|
||
|
issue_number: ${{ steps.extract_artifacts.outputs.PR_NUMBER }},
|
||
|
owner: context.repo.owner,
|
||
|
repo: context.repo.repo,
|
||
|
body: `Deployed commit \`${{ steps.extract_artifacts.outputs.PR_SHASUM }}\` as ${{ steps.fly_deploy.outputs.DEPLOY_URL }} (until ${{ steps.fly_deploy.outputs.EXPIRES }})`
|
||
|
})
|