diff --git a/.github/actions/aws-auth/action.yml b/.github/actions/aws-auth/action.yml new file mode 100644 index 00000000..c384b672 --- /dev/null +++ b/.github/actions/aws-auth/action.yml @@ -0,0 +1,43 @@ +name: AWS Auth + +description: | + This is an opinionated action to authenticate with AWS. + It will generate a role ARN based on the repository name and the AWS account ID. + +inputs: + aws_account_id: + description: 'The AWS account ID to generate the role ARN for' + required: true + default: '197730964718' # elastic-web + aws_region: + description: 'The AWS region to use' + required: false + default: 'us-east-1' + aws_role_name_prefix: + description: 'The prefix for the role name' + required: false + default: 'elastic-docs-v3-preview-' + +runs: + using: composite + steps: + - name: Generate AWS Role ARN + id: role_arn + shell: python + env: + AWS_ACCOUNT_ID: ${{ inputs.aws_account_id }} + ROLE_NAME_PREFIX: ${{ inputs.aws_role_name_prefix }} + run: | + import hashlib + import os + prefix = os.environ["ROLE_NAME_PREFIX"] + m = hashlib.sha256() + m.update(os.environ["GITHUB_REPOSITORY"].encode('utf-8')) + hash = m.hexdigest()[:64-len(prefix)] + with open(os.environ["GITHUB_OUTPUT"], "a") as f: + f.write(f"result=arn:aws:iam::{os.environ["AWS_ACCOUNT_ID"]}:role/{prefix}{hash}") + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + role-to-assume: ${{ steps.role_arn.outputs.result }} + aws-region: ${{ inputs.aws_region }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index dd6d7906..efe76602 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -6,6 +6,9 @@ on: permissions: contents: read packages: read + id-token: write + pull-requests: write + deployments: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -32,8 +35,14 @@ jobs: - name: Publish AOT run: ./build.sh publishbinaries - - # we run our artifact directly please use the prebuild - # elastic/docs-builder@main GitHub Action for all other repositories! - - name: Build documentation - run: .artifacts/publish/docs-builder/release/docs-builder --strict + + - uses: actions/upload-artifact@v4 + with: + name: docs-builder-binary + path: .artifacts/publish/docs-builder/release/docs-builder + if-no-files-found: error + retention-days: 1 + + preview: + needs: build + uses: ./.github/workflows/preview.yml diff --git a/.github/workflows/preview-cleanup.yml b/.github/workflows/preview-cleanup.yml new file mode 100644 index 00000000..796a5566 --- /dev/null +++ b/.github/workflows/preview-cleanup.yml @@ -0,0 +1,55 @@ +name: preview-cleanup + +on: + pull_request_target: + types: [closed] + +permissions: + deployments: write + id-token: write + +jobs: + cleanup: + runs-on: ubuntu-latest + environment: preview-${{ github.event.pull_request.number }} + steps: + - uses: ./.github/actions/aws-auth + - name: Delete s3 objects + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + run: | + aws s3 rm "s3://elastic-docs-v3-website-preview/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" --recursive + + - name: Delete GitHub environment + uses: actions/github-script@v7 + with: + script: | + const { owner, repo } = context.repo; + const deployments = await github.rest.repos.listDeployments({ + owner, + repo, + environment: `preview-${context.issue.number}` + }); + for (const deployment of deployments.data) { + await github.rest.repos.createDeploymentStatus({ + owner, + repo, + deployment_id: deployment.id, + state: 'inactive', + description: 'Marking deployment as inactive' + }); + await github.rest.repos.deleteDeployment({ + owner, + repo, + deployment_id: deployment.id + }); + } + + octokit.rest.repos.deleteAnEnvironment({ + owner, + repo, + environment_name: `preview-${context.issue.number}`, + }); + + + diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml new file mode 100644 index 00000000..1fcb79f2 --- /dev/null +++ b/.github/workflows/preview.yml @@ -0,0 +1,93 @@ +name: preview + +on: + workflow_call: ~ + +permissions: + id-token: write + pull-requests: write + deployments: write + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Create Deployment + uses: actions/github-script@v7 + id: deployment + with: + result-encoding: string + script: | + const { owner, repo } = context.repo; + const deployment = await github.rest.repos.createDeployment({ + issue_number: context.issue.number, + owner, + repo, + ref: context.payload.pull_request.head.ref, + environment: `preview-${context.issue.number}`, + description: `Preview deployment for PR ${context.issue.number}`, + auto_merge: false, + required_contexts: [], + }) + await github.rest.repos.createDeploymentStatus({ + deployment_id: deployment.data.id, + owner, + repo, + state: "in_progress", + description: "Deployment created", + log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}?pr=${context.issue.number}`, + }) + return deployment.data.id + + - uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: docs-builder-binary + + # we run our artifact directly please use the prebuild + # elastic/docs-builder@main GitHub Action for all other repositories! + - name: Build documentation + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + run: | + chmod +x ./docs-builder + ./docs-builder --strict --path-prefix "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" + + - uses: ./.github/actions/aws-auth + + - name: Upload to S3 + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + run: | + aws s3 sync .artifacts/docs/html "s3://elastic-docs-v3-website-preview/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" --delete + aws cloudfront create-invalidation --distribution-id EKT7LT5PM8RKS --paths "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}/*" + + - name: Update deployment status + uses: actions/github-script@v7 + if: steps.deployment.outputs.result + with: + script: | + await github.rest.repos.createDeploymentStatus({ + owner: context.repo.owner, + repo: context.repo.repo, + deployment_id: ${{ steps.deployment.outputs.result }}, + state: "success", + description: "Deployment completed", + environment_url: `https://docs-v3-preview.elastic.dev/${context.repo.owner}/${context.repo.repo}/pull/${context.issue.number}`, + log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}?pr=${context.issue.number}`, + }) + + - name: Update Deployment Status on Failure + if: failure() && steps.deployment.outputs.result + uses: actions/github-script@v7 + with: + script: | + await github.rest.repos.createDeploymentStatus({ + owner: context.repo.owner, + repo: context.repo.repo, + deployment_id: ${{ steps.deployment.outputs.result }}, + state: "failure", + description: "Deployment failed", + log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}?pr=${context.issue.number}`, + })