From d4796915f6a829d1ad8aebc9e31fa83dbec3f261 Mon Sep 17 00:00:00 2001 From: Jan Calanog Date: Wed, 22 Jan 2025 23:50:46 +0100 Subject: [PATCH 1/7] Create action to authenticate with AWS using the generated role name --- .github/actions/aws-auth/action.yml | 43 +++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/actions/aws-auth/action.yml diff --git a/.github/actions/aws-auth/action.yml b/.github/actions/aws-auth/action.yml new file mode 100644 index 00000000..c384b672 --- /dev/null +++ b/.github/actions/aws-auth/action.yml @@ -0,0 +1,43 @@ +name: AWS Auth + +description: | + This is an opinionated action to authenticate with AWS. + It will generate a role ARN based on the repository name and the AWS account ID. + +inputs: + aws_account_id: + description: 'The AWS account ID to generate the role ARN for' + required: true + default: '197730964718' # elastic-web + aws_region: + description: 'The AWS region to use' + required: false + default: 'us-east-1' + aws_role_name_prefix: + description: 'The prefix for the role name' + required: false + default: 'elastic-docs-v3-preview-' + +runs: + using: composite + steps: + - name: Generate AWS Role ARN + id: role_arn + shell: python + env: + AWS_ACCOUNT_ID: ${{ inputs.aws_account_id }} + ROLE_NAME_PREFIX: ${{ inputs.aws_role_name_prefix }} + run: | + import hashlib + import os + prefix = os.environ["ROLE_NAME_PREFIX"] + m = hashlib.sha256() + m.update(os.environ["GITHUB_REPOSITORY"].encode('utf-8')) + hash = m.hexdigest()[:64-len(prefix)] + with open(os.environ["GITHUB_OUTPUT"], "a") as f: + f.write(f"result=arn:aws:iam::{os.environ["AWS_ACCOUNT_ID"]}:role/{prefix}{hash}") + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + role-to-assume: ${{ steps.role_arn.outputs.result }} + aws-region: ${{ inputs.aws_region }} From 5126893f0e38ae8d1c96b00df26f97d85ced30ca Mon Sep 17 00:00:00 2001 From: Jan Calanog Date: Wed, 22 Jan 2025 23:51:04 +0100 Subject: [PATCH 2/7] Create preview reusable workflow --- .github/workflows/preview.yml | 85 +++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 .github/workflows/preview.yml diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml new file mode 100644 index 00000000..f182006a --- /dev/null +++ b/.github/workflows/preview.yml @@ -0,0 +1,85 @@ +name: preview + +on: + workflow_call: ~ + +permissions: + id-token: write + pull-requests: write + deployments: write + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Create Deployment + uses: actions/github-script@v7 + id: deployment + with: + result-encoding: string + script: | + const { owner, repo } = context.repo; + const deployment = await github.rest.repos.createDeployment({ + issue_number: context.issue.number, + owner, + repo, + ref: context.payload.pull_request.head.ref, + environment: `preview-${context.issue.number}`, + description: `Preview deployment for PR ${context.issue.number}`, + auto_merge: false, + required_contexts: [], + }) + await github.rest.repos.createDeploymentStatus({ + deployment_id: deployment.data.id, + owner, + repo, + state: "in_progress", + description: "Deployment created", + log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}?pr=${context.issue.number}`, + }) + return deployment.data.id + + - uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: docs + path: .artifacts/docs/html + + - uses: ./.github/actions/aws-auth + + - name: Upload to S3 + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + run: | + aws s3 sync .artifacts/docs/html "s3://elastic-docs-v3-website-preview/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" --delete + aws cloudfront create-invalidation --distribution-id EKT7LT5PM8RKS --paths "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}/*" + + - name: Update deployment status + uses: actions/github-script@v7 + if: steps.deployment.outputs.result + with: + script: | + await github.rest.repos.createDeploymentStatus({ + owner: context.repo.owner, + repo: context.repo.repo, + deployment_id: ${{ steps.deployment.outputs.result }}, + state: "success", + description: "Deployment completed", + environment_url: `https://docs-v3-preview.elastic.dev/${context.repo.owner}/${context.repo.repo}/pull/${context.issue.number}`, + log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}?pr=${context.issue.number}`, + }) + + - name: Update Deployment Status on Failure + if: failure() && steps.deployment.outputs.result + uses: actions/github-script@v7 + with: + script: | + await github.rest.repos.createDeploymentStatus({ + owner: context.repo.owner, + repo: context.repo.repo, + deployment_id: ${{ steps.deployment.outputs.result }}, + state: "failure", + description: "Deployment failed", + log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}?pr=${context.issue.number}`, + }) From fa2093d53a2786a6256eba751fec614783cf5241 Mon Sep 17 00:00:00 2001 From: Jan Calanog Date: Wed, 22 Jan 2025 23:51:49 +0100 Subject: [PATCH 3/7] Trigger reusable workflow in PR workflow --- .github/workflows/pr.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index dd6d7906..6138b55f 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -6,6 +6,9 @@ on: permissions: contents: read packages: read + id-token: write + pull-requests: write + deployments: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -36,4 +39,17 @@ jobs: # we run our artifact directly please use the prebuild # elastic/docs-builder@main GitHub Action for all other repositories! - name: Build documentation - run: .artifacts/publish/docs-builder/release/docs-builder --strict + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + run: .artifacts/publish/docs-builder/release/docs-builder --strict --path-prefix "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" + + - uses: actions/upload-artifact@v4 + with: + name: docs + path: .artifacts/docs/html + if-no-files-found: error + retention-days: 1 + + preview: + needs: build + uses: ./.github/workflows/preview.yml From c0a2f5b2cf90810f1992f59e0ca00499d87c56d6 Mon Sep 17 00:00:00 2001 From: Jan Calanog Date: Wed, 22 Jan 2025 23:51:58 +0100 Subject: [PATCH 4/7] Add cleanup workflow --- .github/workflows/preview-cleanup.yml | 55 +++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .github/workflows/preview-cleanup.yml diff --git a/.github/workflows/preview-cleanup.yml b/.github/workflows/preview-cleanup.yml new file mode 100644 index 00000000..796a5566 --- /dev/null +++ b/.github/workflows/preview-cleanup.yml @@ -0,0 +1,55 @@ +name: preview-cleanup + +on: + pull_request_target: + types: [closed] + +permissions: + deployments: write + id-token: write + +jobs: + cleanup: + runs-on: ubuntu-latest + environment: preview-${{ github.event.pull_request.number }} + steps: + - uses: ./.github/actions/aws-auth + - name: Delete s3 objects + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + run: | + aws s3 rm "s3://elastic-docs-v3-website-preview/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" --recursive + + - name: Delete GitHub environment + uses: actions/github-script@v7 + with: + script: | + const { owner, repo } = context.repo; + const deployments = await github.rest.repos.listDeployments({ + owner, + repo, + environment: `preview-${context.issue.number}` + }); + for (const deployment of deployments.data) { + await github.rest.repos.createDeploymentStatus({ + owner, + repo, + deployment_id: deployment.id, + state: 'inactive', + description: 'Marking deployment as inactive' + }); + await github.rest.repos.deleteDeployment({ + owner, + repo, + deployment_id: deployment.id + }); + } + + octokit.rest.repos.deleteAnEnvironment({ + owner, + repo, + environment_name: `preview-${context.issue.number}`, + }); + + + From eba1e99a465b7ab8ab977a95bbe6a8088c2b991d Mon Sep 17 00:00:00 2001 From: Jan Calanog Date: Thu, 23 Jan 2025 12:02:52 +0100 Subject: [PATCH 5/7] Upload binary instead of built documentation --- .github/workflows/pr.yml | 13 +++---------- .github/workflows/preview.yml | 11 +++++++++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 6138b55f..efe76602 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -35,18 +35,11 @@ jobs: - name: Publish AOT run: ./build.sh publishbinaries - - # we run our artifact directly please use the prebuild - # elastic/docs-builder@main GitHub Action for all other repositories! - - name: Build documentation - env: - PR_NUMBER: ${{ github.event.pull_request.number }} - run: .artifacts/publish/docs-builder/release/docs-builder --strict --path-prefix "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" - + - uses: actions/upload-artifact@v4 with: - name: docs - path: .artifacts/docs/html + name: docs-builder-binary + path: .artifacts/publish/docs-builder/release/docs-builder if-no-files-found: error retention-days: 1 diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml index f182006a..e145da18 100644 --- a/.github/workflows/preview.yml +++ b/.github/workflows/preview.yml @@ -43,8 +43,15 @@ jobs: - uses: actions/download-artifact@v4 with: - name: docs - path: .artifacts/docs/html + name: docs-builder-binary + + # we run our artifact directly please use the prebuild + # elastic/docs-builder@main GitHub Action for all other repositories! + - name: Build documentation + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + run: ./docs-builder --strict --path-prefix "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" + - uses: ./.github/actions/aws-auth From 3debe83c13103a67c7b091dba169a6c0b28195ee Mon Sep 17 00:00:00 2001 From: Jan Calanog Date: Thu, 23 Jan 2025 12:04:27 +0100 Subject: [PATCH 6/7] Remove empty newline --- .github/workflows/preview.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml index e145da18..636a60dd 100644 --- a/.github/workflows/preview.yml +++ b/.github/workflows/preview.yml @@ -52,7 +52,6 @@ jobs: PR_NUMBER: ${{ github.event.pull_request.number }} run: ./docs-builder --strict --path-prefix "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" - - uses: ./.github/actions/aws-auth - name: Upload to S3 From cf696682052f7ac06134bc8789410f289a802d3f Mon Sep 17 00:00:00 2001 From: Jan Calanog Date: Thu, 23 Jan 2025 12:17:57 +0100 Subject: [PATCH 7/7] fix --- .github/workflows/preview.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml index 636a60dd..1fcb79f2 100644 --- a/.github/workflows/preview.yml +++ b/.github/workflows/preview.yml @@ -50,7 +50,9 @@ jobs: - name: Build documentation env: PR_NUMBER: ${{ github.event.pull_request.number }} - run: ./docs-builder --strict --path-prefix "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" + run: | + chmod +x ./docs-builder + ./docs-builder --strict --path-prefix "/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" - uses: ./.github/actions/aws-auth