ci-github-publish/.github/workflows/clean-deploy.yml at a44d3a803236e29b44daabf03cf11340fe145a88 · hoverkraft-tech/ci-github-publish · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
# Reusable workflow to clean some deployment.
#
# Deletes one or more deployments and runs a follow-up "clean" action
# (for example a repository-dispatch) to perform any repository-specific cleanup required after deployment removal.
# The workflow can be triggered on-demand via a given comment trigger (e.g. `/undeploy`).
#
# Behavior / outputs:
#
# - Deletes matching deployment(s) via the local action at `./actions/deployment/delete`.
# - Exposes deleted environments in step output `environments`.
# - If environments were deleted the workflow will optionally trigger the configured clean action
#   (e.g. repository-dispatch) against the target repository and post a summary comment.

name: "Clean deploy"

on:
  workflow_call:
    inputs:
      runs-on:
        description: |
          JSON array of runner(s) to use.
          See https://docs.github.com/en/actions/using-jobs/choosing-the-runner-for-a-job.
        type: string
        default: '["ubuntu-latest"]'
        required: false
      github-app-id:
        description: |
          GitHub App ID to generate GitHub token in place of github-token.
          See https://github.com/actions/create-github-app-token.
        required: false
        type: string
      clean-deploy-type:
        description: |
          Type of clean-deploy action.
          Supported values:
            - [`repository-dispatch`](../../actions/clean-deploy/repository-dispatch/README.md).
        type: string
        required: false
        default: repository-dispatch
      clean-deploy-parameters:
        description: |
          Inputs to pass to the clean action.
          JSON object, depending on the clean-deploy-type.
          For example, for `repository-dispatch`:
          ```json
          {
            "repository": "my-org/my-repo"
          }
          ```
        type: string
      trigger-on-comment:
        description: |
          Comment trigger to start the workflow.
          See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment.
        type: string
        default: "/undeploy"
        required: false
    secrets:
      github-token:
        description: |
          GitHub token for deploying.
          Permissions:
            - contents: write
      github-app-key:
        description: |
          GitHub App private key to generate GitHub token in place of github-token.
          See https://github.com/actions/create-github-app-token.

permissions: {}

jobs:
  prepare-clean-deploy:
    name: Check if should clean deploy
    runs-on: ${{ fromJson(inputs.runs-on) }}
    permissions:
      issues: write
    outputs:
      trigger: ${{ steps.trigger.outputs.trigger }}
    steps:
      # jscpd:ignore-start
      - id: not-created-issue-comment
        if: github.event_name != 'issue_comment'
        run: echo "result=true" >> "$GITHUB_OUTPUT"

      - uses: shanegenschaw/pull-request-comment-trigger@de309e4a2e83bb08877cada483e3e2b13b8d8e4b # v3.0.0
        id: trigger-on-comment
        if: ${{ steps.not-created-issue-comment.outputs.result != 'true' && inputs.trigger-on-comment }}
        with:
          trigger: ${{ inputs.trigger-on-comment }}
          prefix_only: true
          reaction: eyes
        env:
          GITHUB_TOKEN: "${{ github.token }}"

      - id: trigger
        if: ${{ steps.not-created-issue-comment.outputs.result == 'true' || steps.trigger-on-comment.outputs.triggered == 'true' }}
        run: |
          if [ "${{ steps.not-created-issue-comment.outputs.result }}" = "true" ]; then
            echo "trigger=${{ github.event_name }}" >> "$GITHUB_OUTPUT"
            exit 0
          fi

          if [ "${{ steps.trigger-on-comment.outputs.triggered }}" = "true" ]; then
            echo "trigger=${{ github.event_name }}" >> "$GITHUB_OUTPUT"
            exit 0
          fi
      # jscpd:ignore-end

  clean-deploy:
    name: Clean deploy
    runs-on: ${{ fromJson(inputs.runs-on) }}
    needs: prepare-clean-deploy
    if: needs.prepare-clean-deploy.outputs.trigger
    permissions:
      actions: read
      deployments: write
      issues: write
      pull-requests: write
      id-token: write # Needed for getting local workflow actions
    steps:
      - id: local-workflow-actions
        uses: hoverkraft-tech/ci-github-common/actions/local-workflow-actions@4b53189212d5810f710bed89711002626977215b # 0.33.0
        with:
          actions-path: actions

      - id: prepare-cleaning
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        env:
          REPOSITORY: ${{ fromJSON(inputs.clean-deploy-parameters).repository }}
        with:
          script: |
            // Repository
            const repository = process.env.REPOSITORY.trim();

            if (repository) {
              core.setOutput("repository", repository);

              const [ownerName, repoName] = repository.split('/');
              core.setOutput("owner", ownerName);
            }

      - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
        if: ${{ inputs.github-app-id }}
        id: generate-token
        with:
          app-id: ${{ inputs.github-app-id }}
          private-key: ${{ secrets.github-app-key }}
          owner: ${{ steps.prepare-cleaning.outputs.owner }}

      - id: delete-deployment
        uses: ./self-workflow/actions/deployment/delete
        with:
          token: ${{ steps.generate-token.outputs.token || secrets.github-token || github.token }}

      - uses: ./self-workflow/actions/clean-deploy/repository-dispatch
        if: ${{ steps.delete-deployment.outputs.environments && steps.delete-deployment.outputs.environments != '[]' && inputs.clean-deploy-type == 'repository-dispatch' }}
        with:
          repository: ${{ steps.prepare-cleaning.outputs.repository }}
          environment: ${{ fromJSON(steps.delete-deployment.outputs.environments)[0] }}
          github-token: ${{ steps.generate-token.outputs.token || secrets.github-token || github.token }}

      - uses: hoverkraft-tech/ci-github-common/actions/create-or-update-comment@4b53189212d5810f710bed89711002626977215b # 0.33.0
        if: ${{ steps.delete-deployment.outputs.environments && steps.delete-deployment.outputs.environments != '[]' }}
        with:
          title: "Deployment(s) have been deleted :wastebasket:."
          body: "The following deployment(s) have been deleted:\n\n- ${{ join(fromJSON(steps.delete-deployment.outputs.environments),'\n- ') }}"

      # jscpd:ignore-start
      - uses: hoverkraft-tech/ci-github-common/actions/local-workflow-actions@4b53189212d5810f710bed89711002626977215b # 0.33.0
        if: always() && steps.local-workflow-actions.outputs.repository
        with:
          actions-path: actions
          repository: ${{ steps.local-workflow-actions.outputs.repository }}
          ref: ${{ steps.local-workflow-actions.outputs.ref }}
      # jscpd:ignore-end