Ghost/.github/workflows/pr-preview.yml at 60583ba2279c519730af67d97df4dee29d43fe19 · TryGhost/Ghost · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: PR Preview

on:
  pull_request_target:
    types: [labeled, unlabeled, closed]

jobs:
  deploy:
    name: Deploy Preview
    # Runs when the "preview" label is added — requires collaborator write access
    if: >-
      github.event.action == 'labeled'
      && github.event.label.name == 'preview'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      actions: read
    env:
      HEAD_SHA: ${{ github.event.pull_request.head.sha }}
    steps:
      - name: Wait for CI build artifacts
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          echo "Waiting for CI to complete Docker build for $HEAD_SHA..."
          TIMEOUT=1800  # 30 minutes
          INTERVAL=30
          START=$(date +%s)

          while true; do
            ELAPSED=$(( $(date +%s) - START ))
            if [ "$ELAPSED" -ge "$TIMEOUT" ]; then
              echo "::error::Timed out waiting for CI (${TIMEOUT}s)"
              exit 1
            fi

            # Find the CI run for this SHA
            RUN=$(gh api "repos/${{ github.repository }}/actions/workflows/ci.yml/runs?head_sha=${HEAD_SHA}&per_page=1" \
              --jq '.workflow_runs[0] | {id, status, conclusion}' 2>/dev/null || echo "")

            if [ -z "$RUN" ] || [ "$RUN" = "null" ]; then
              echo "  No CI run found yet, waiting ${INTERVAL}s... (${ELAPSED}s elapsed)"
              sleep "$INTERVAL"
              continue
            fi

            STATUS=$(echo "$RUN" | jq -r '.status')
            CONCLUSION=$(echo "$RUN" | jq -r '.conclusion // empty')
            RUN_ID=$(echo "$RUN" | jq -r '.id')

            if [ "$STATUS" = "completed" ]; then
              if [ "$CONCLUSION" = "success" ] || [ "$CONCLUSION" = "failure" ]; then
                # Check if Docker build job specifically succeeded (paginate — CI has 30+ jobs)
                BUILD_JOB=$(gh api --paginate "repos/${{ github.repository }}/actions/runs/${RUN_ID}/jobs?per_page=100" \
                  --jq '.jobs[] | select(.name == "Build & Publish Artifacts") | .conclusion')
                if [ -z "$BUILD_JOB" ]; then
                  echo "::error::Build & Publish Artifacts job not found in CI run ${RUN_ID}"
                  exit 1
                elif [ "$BUILD_JOB" = "success" ]; then
                  echo "Docker build ready (CI run $RUN_ID)"
                  break
                else
                  echo "::error::Docker build job did not succeed (conclusion: $BUILD_JOB)"
                  exit 1
                fi
              else
                echo "::error::CI run failed (conclusion: $CONCLUSION)"
                exit 1
              fi
            fi

            echo "  CI still running ($STATUS), waiting ${INTERVAL}s... (${ELAPSED}s elapsed)"
            sleep "$INTERVAL"
          done

      - name: Re-check PR eligibility
        id: recheck
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          PR=$(gh api "repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}" \
            --jq '{state, labels: [.labels[].name]}')

          STATE=$(echo "$PR" | jq -r '.state')
          HAS_LABEL=$(echo "$PR" | jq '.labels | any(. == "preview")')

          if [ "$STATE" != "open" ]; then
            echo "::warning::PR is no longer open ($STATE), skipping dispatch"
            echo "skip=true" >> "$GITHUB_OUTPUT"
          elif [ "$HAS_LABEL" != "true" ]; then
            echo "::warning::preview label was removed, skipping dispatch"
            echo "skip=true" >> "$GITHUB_OUTPUT"
          else
            echo "PR still eligible for preview deploy"
            echo "skip=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Dispatch deploy to Ghost-Moya
        if: steps.recheck.outputs.skip != 'true'
        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4
        with:
          token: ${{ secrets.CANARY_DOCKER_BUILD }}
          repository: TryGhost/Ghost-Moya
          event-type: preview-deploy
          client-payload: >-
            {
              "pr_number": "${{ github.event.pull_request.number }}",
              "action": "deploy",
              "seed": "true"
            }

  destroy:
    name: Destroy Preview
    # Runs when "preview" label is removed, or the PR is closed/merged while labeled
    if: >-
      (github.event.action == 'unlabeled' && github.event.label.name == 'preview')
      || (github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'preview'))
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Dispatch destroy to Ghost-Moya
        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4
        with:
          token: ${{ secrets.CANARY_DOCKER_BUILD }}
          repository: TryGhost/Ghost-Moya
          event-type: preview-destroy
          client-payload: >-
            {
              "pr_number": "${{ github.event.pull_request.number }}",
              "action": "destroy"
            }