mirror of
https://github.com/openfrontio/OpenFrontIO.git
synced 2026-06-21 17:46:46 +00:00
dependabot[bot]
5b6796a9ea
Bumps the updates group with 1 update: [actions/github-script](https://github.com/actions/github-script). Updates `actions/github-script` from 8 to 9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v9.0.0</h2> <p><strong>New features:</strong></p> <ul> <li><strong><code>getOctokit</code> factory function</strong> — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See <a href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating additional clients with <code>getOctokit</code></a> for details and examples.</li> <li><strong>Orchestration ID in user-agent</strong> — The <code>ACTIONS_ORCHESTRATION_ID</code> environment variable is automatically appended to the user-agent string for request tracing.</li> </ul> <p><strong>Breaking changes:</strong></p> <ul> <li><strong><code>require('@actions/github')</code> no longer works in scripts.</strong> The upgrade to <code>@actions/github</code> v9 (ESM-only) means <code>require('@actions/github')</code> will fail at runtime. If you previously used patterns like <code>const { getOctokit } = require('@actions/github')</code> to create secondary clients, use the new injected <code>getOctokit</code> function instead — it's available directly in the script context with no imports needed.</li> <li><code>getOctokit</code> is now an injected function parameter. Scripts that declare <code>const getOctokit = ...</code> or <code>let getOctokit = ...</code> will get a <code>SyntaxError</code> because JavaScript does not allow <code>const</code>/<code>let</code> redeclaration of function parameters. Use the injected <code>getOctokit</code> directly, or use <code>var getOctokit = ...</code> if you need to redeclare it.</li> <li>If your script accesses other <code>@actions/github</code> internals beyond the standard <code>github</code>/<code>octokit</code> client, you may need to update those references for v9 compatibility.</li> </ul> <h2>What's Changed</h2> <ul> <li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> <li>ci: use deployment: false for integration test environments by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li> <li>feat!: add getOctokit to script context, upgrade <code>@actions/github</code> v9, <code>@octokit/core</code> v7, and related packages by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3"><code>3a2844b</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/700">#700</a> from actions/salmanmkc/expose-getoctokit + prepare re...</li> <li><a href="https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079"><code>ca10bbd</code></a> fix: use <code>@octokit/core/</code>types import for v7 compatibility</li> <li><a href="https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b"><code>86e48e2</code></a> merge: incorporate main branch changes</li> <li><a href="https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9"><code>c108472</code></a> chore: rebuild dist for v9 upgrade and getOctokit factory</li> <li><a href="https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d"><code>afff112</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/712">#712</a> from actions/salmanmkc/deployment-false + fix user-ag...</li> <li><a href="https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817"><code>ff8117e</code></a> ci: fix user-agent test to handle orchestration ID</li> <li><a href="https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d"><code>81c6b78</code></a> ci: use deployment: false to suppress deployment noise from integration tests</li> <li><a href="https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7"><code>3953caf</code></a> docs: update README examples from <a href="https://github.com/v8"><code>@v8</code></a> to <a href="https://github.com/v9"><code>@v9</code></a>, add getOctokit docs and v9 brea...</li> <li><a href="https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78"><code>c17d55b</code></a> ci: add getOctokit integration test job</li> <li><a href="https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408"><code>a047196</code></a> test: add getOctokit integration tests via callAsyncFunction</li> <li>Additional commits viewable in <a href="https://github.com/actions/github-script/compare/v8...v9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
200 lines
8.0 KiB
YAML
200 lines
8.0 KiB
YAML
name: 🚀 Deploy
|
|
|
|
on:
|
|
# Allow contributors to schedule manual deployments.
|
|
# Permission to deploy can be restricted by requiring approval in environment configuration.
|
|
workflow_dispatch:
|
|
inputs:
|
|
target_domain:
|
|
description: "Deployment Domain"
|
|
required: true
|
|
default: "openfront.dev"
|
|
type: choice
|
|
options:
|
|
- openfront.io
|
|
- openfront.dev
|
|
target_host:
|
|
description: "Deployment Host"
|
|
required: true
|
|
default: "staging"
|
|
type: choice
|
|
options:
|
|
- masters
|
|
- staging
|
|
- falk2
|
|
target_subdomain:
|
|
description: "Deployment Subdomain"
|
|
required: false
|
|
default: ""
|
|
type: string
|
|
|
|
# Automatic deployment on push
|
|
# See https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore
|
|
push:
|
|
branches:
|
|
- "*"
|
|
|
|
# Nightly build: rebuild and deploy main to nightly.openfront.dev
|
|
# 07:00 UTC = 11:00 PM PST (midnight PDT during summer)
|
|
schedule:
|
|
- cron: "0 7 * * *"
|
|
|
|
permissions: {}
|
|
|
|
concurrency:
|
|
group: ${{ github.event_name == 'workflow_dispatch' && inputs.target_host || 'staging' }}
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
deploy:
|
|
# Don't deploy on push if this is a fork; always deploy on schedule and workflow_dispatch
|
|
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' || github.repository == 'openfrontio/OpenFrontIO' }}
|
|
# Use different logic based on event type
|
|
name: Deploy to ${{ inputs.target_domain || 'openfront.dev' }}
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
environment: ${{ inputs.target_domain == 'openfront.io' && 'prod' || '' }}
|
|
env:
|
|
DOMAIN: ${{ inputs.target_domain || 'openfront.dev' }}
|
|
SUBDOMAIN: ${{ github.event_name == 'schedule' && 'nightly' || github.event_name == 'push' && github.ref_name || inputs.target_subdomain || 'main' }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- name: 📝 Update job summary
|
|
env:
|
|
FQDN: ${{ env.SUBDOMAIN && format('{0}.{1}', env.SUBDOMAIN, env.DOMAIN) || env.DOMAIN || 'openfront.dev' }}
|
|
run: |
|
|
echo "FQDN=$FQDN" >> $GITHUB_ENV
|
|
cat <<EOF >> $GITHUB_STEP_SUMMARY
|
|
### In progress :ship:
|
|
|
|
Deploying from $GITHUB_REF to $FQDN
|
|
EOF
|
|
- uses: actions/create-github-app-token@v3
|
|
id: generate-token
|
|
if: ${{ github.repository == 'openfrontio/OpenFrontIO' }}
|
|
with:
|
|
app-id: ${{ vars.APP_ID }}
|
|
private-key: ${{ secrets.APP_PRIVATE_KEY }}
|
|
- name: Export the token
|
|
if: ${{ github.repository == 'openfrontio/OpenFrontIO' }}
|
|
env:
|
|
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
|
|
run: |
|
|
echo "GH_TOKEN=$GH_TOKEN" >> $GITHUB_ENV
|
|
gh api octocat
|
|
- name: 📝 Create deployment
|
|
if: ${{ github.repository == 'openfrontio/OpenFrontIO' && steps.generate-token.outputs.token != '' }}
|
|
uses: actions/github-script@v9
|
|
id: deployment
|
|
env:
|
|
ENVIRONMENT: ${{ inputs.target_domain == 'openfront.io' && 'prod' || 'staging' }}
|
|
FQDN: ${{ env.FQDN }}
|
|
with:
|
|
github-token: ${{ steps.generate-token.outputs.token }}
|
|
script: |
|
|
const response = await github.rest.repos.createDeployment({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
ref: process.env.GITHUB_SHA,
|
|
environment: process.env.ENVIRONMENT,
|
|
description: 'Deployment to ' + process.env.FQDN,
|
|
auto_merge: false,
|
|
required_contexts: [],
|
|
transient_environment: process.env.ENVIRONMENT === 'staging' && context.ref !== 'refs/heads/main',
|
|
production_environment: process.env.ENVIRONMENT === 'prod'
|
|
});
|
|
const deployment = response.data;
|
|
if (!deployment || !deployment.id) {
|
|
core.setFailed('Failed to create deployment');
|
|
return;
|
|
}
|
|
core.setOutput('deployment_id', deployment.id);
|
|
- name: 🔗 Log in to GHCR
|
|
uses: docker/login-action@v4
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ vars.GHCR_USERNAME }}
|
|
password: ${{ secrets.GHCR_TOKEN }}
|
|
- name: 🔑 Create SSH private key
|
|
env:
|
|
SERVER_HOST_MASTERS: ${{ secrets.SERVER_HOST_MASTERS }}
|
|
SERVER_HOST_FALK2: ${{ secrets.SERVER_HOST_FALK2 }}
|
|
SERVER_HOST_STAGING: ${{ secrets.SERVER_HOST_STAGING }}
|
|
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
|
|
run: |
|
|
set -euxo pipefail
|
|
mkdir -p ~/.ssh
|
|
echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
|
|
test -n "$SERVER_HOST_MASTERS" && ssh-keyscan -H "$SERVER_HOST_MASTERS" >> ~/.ssh/known_hosts
|
|
test -n "$SERVER_HOST_FALK2" && ssh-keyscan -H "$SERVER_HOST_FALK2" >> ~/.ssh/known_hosts
|
|
test -n "$SERVER_HOST_STAGING" && ssh-keyscan -H "$SERVER_HOST_STAGING" >> ~/.ssh/known_hosts
|
|
chmod 600 ~/.ssh/id_rsa
|
|
- name: 🚢 Deploy
|
|
env:
|
|
GHCR_REPO: ${{ vars.GHCR_REPO }}
|
|
GHCR_USERNAME: ${{ vars.GHCR_USERNAME }}
|
|
ENV: ${{ inputs.target_domain == 'openfront.io' && 'prod' || 'staging' }}
|
|
HOST: ${{ github.event_name == 'workflow_dispatch' && inputs.target_host || 'staging' }} # schedule and push both use staging
|
|
OTEL_EXPORTER_OTLP_ENDPOINT: ${{ secrets.OTEL_EXPORTER_OTLP_ENDPOINT }}
|
|
OTEL_AUTH_HEADER: ${{ secrets.OTEL_AUTH_HEADER }}
|
|
TURNSTILE_SECRET_KEY: ${{ secrets.TURNSTILE_SECRET_KEY }}
|
|
API_KEY: ${{ secrets.API_KEY }}
|
|
SERVER_HOST_MASTERS: ${{ secrets.SERVER_HOST_MASTERS }}
|
|
SERVER_HOST_FALK2: ${{ secrets.SERVER_HOST_FALK2 }}
|
|
SERVER_HOST_STAGING: ${{ secrets.SERVER_HOST_STAGING }}
|
|
SSH_KEY: ~/.ssh/id_rsa
|
|
VERSION_TAG: latest
|
|
run: |
|
|
echo "::group::deploy.sh"
|
|
./build-deploy.sh "$ENV" "$HOST" "$SUBDOMAIN"
|
|
echo "Deployment created in ${SECONDS} seconds" >> $GITHUB_STEP_SUMMARY
|
|
echo "::endgroup::"
|
|
- name: ⏳ Wait for deployment to start
|
|
env:
|
|
API_KEY: ${{ secrets.API_KEY }}
|
|
run: |
|
|
echo "::group::Wait for deployment to start"
|
|
set -euxo pipefail
|
|
while [ "$(curl -s -H "X-API-Key: ${API_KEY}" https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do
|
|
if [ "$SECONDS" -ge 300 ]; then
|
|
echo "Timeout: deployment did not start within 5 minutes"
|
|
exit 1
|
|
fi
|
|
sleep 10
|
|
done
|
|
echo "Deployment started in ${SECONDS} seconds" >> $GITHUB_STEP_SUMMARY
|
|
echo "::endgroup::"
|
|
- name: 🔄 Update deployment status
|
|
if: ${{ always() && github.repository == 'openfrontio/OpenFrontIO' && steps.generate-token.outputs.token != '' && steps.deployment.outcome == 'success' && steps.deployment.outputs.deployment_id != '' }}
|
|
uses: actions/github-script@v9
|
|
env:
|
|
FQDN: ${{ env.FQDN }}
|
|
DEPLOYMENT_ID: ${{ steps.deployment.outputs.deployment_id }}
|
|
STATUS: ${{ job.status }}
|
|
with:
|
|
github-token: ${{ steps.generate-token.outputs.token }}
|
|
script: |
|
|
await github.rest.repos.createDeploymentStatus({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
deployment_id: process.env.DEPLOYMENT_ID,
|
|
state: process.env.STATUS === 'success' ? 'success' : 'failure',
|
|
environment_url: 'https://' + process.env.FQDN
|
|
});
|
|
- name: ✅ Update job summary
|
|
if: success()
|
|
run: |
|
|
cat <<EOF >> $GITHUB_STEP_SUMMARY
|
|
### Success! :rocket:
|
|
|
|
Deployed from $GITHUB_REF to $FQDN
|
|
EOF
|
|
- name: ❌ Update job summary
|
|
if: failure()
|
|
run: |
|
|
cat <<EOF >> $GITHUB_STEP_SUMMARY
|
|
### Failure! :fire:
|
|
|
|
Unable to deploy from $GITHUB_REF to $FQDN
|
|
EOF
|