Fixes to drainpipe-dev deployments (#495)

* Add workflow to drainpipe-dev to automatically create release on tags. * Update drainpipe-dev workflow to push directly using deploy key. * Ensure release has a title. * Test on pull request to ensure it works. * More testing for pull request. * Fixing syntax. * Test on push not pull_request. * Add a git branch call first. * Testing removing a file. * Add regular branch name to git reset. * Revert "Testing removing a file." This reverts commit 30841e3. * Test "Workaround" for 'quotes' in commit message. * Test "Workaround" for 'quotes' in commit message. * Test renamed file. * Revert "Test renamed file." This reverts commit fa82901. * Update to use application credentials. * Try to use signed commits. * Revert "Try to use signed commits." This reverts commit d28aeb1. * Ensure at least an empty commit is pushed before tag. * Test empty commit. * Remove test branch from workflow. * Add lockdown workflow for drainpipe-dev. * Update repo-lockdown.yml * Update .github/workflows/DrainpipeDev.yml Co-authored-by: Sally Young <[email protected]> --------- Co-authored-by: Sally Young <[email protected]>
Lullabot · Apr 11, 2024 · 7ce78a4 · 7ce78a4
1 parent 47fb6f0
commit 7ce78a4
Show file tree

Hide file tree

Showing 3 changed files with 93 additions and 31 deletions.
diff --git a/.github/workflows/DrainpipeDev.yml b/.github/workflows/DrainpipeDev.yml
@@ -1,4 +1,4 @@
-name: "Push Drainpipe Dev Package"
+name: Push Drainpipe Dev Package
 
 on:
   push:
@@ -8,43 +8,51 @@ on:
       - 'v*'
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  group: drainpipe-dev
   cancel-in-progress: false
 
+permissions:
+  contents: read
+
 jobs:
   Drainpipe-Dev:
-    runs-on: ubuntu-22.04
+    name: Push branch to drainpipe-dev
+    runs-on: ubuntu-latest
     steps:
-
-      - name: Create a Drupal project
-        run: composer create-project drupal/recommended-project . --ignore-platform-req=ext-gd
-
       - uses: actions/checkout@v4
-        with:
-          path: drainpipe
 
-      - uses: ./drainpipe/scaffold/github/actions/common/set-env
-
-      - name: Install DDEV
-        uses: ./drainpipe/scaffold/github/actions/common/ddev
+      - name: Add drainpipe-dev deploy key in order to run git clone
+        uses: webfactory/[email protected]
         with:
-          git-name: Drainpipe Bot
-          git-email: [email protected]
-          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
-          ssh-known-hosts: ${{ secrets.SSH_KNOWN_HOSTS }}
+          ssh-private-key: ${{ secrets.DRAINPIPE_DEV_DEPLOY_KEY }}
+          log-public-key: false
 
-      - name: Setup Project
+      # Commits made by the https://github.com/apps/lullabot-drainpipe application.
+      # @see https://github.com/orgs/community/discussions/24664
+      - name: Create git checkout of drainpipe-dev
+        working-directory: drainpipe-dev
+        run: |
+          git init
+          git branch -m ${{ github.ref_name }}
+          git remote add origin [email protected]:Lullabot/drainpipe-dev.git
+          git fetch origin
+          git reset --mixed origin/${{ github.ref_name }}
+          git config user.name "Lullabot-Drainpipe[bot]"
+          git config user.email "157769597+Lullabot-Drainpipe[bot]@users.noreply.github.com"
+
+      - name: Push branch to drainpipe-dev
+        working-directory: drainpipe-dev
+        run: |
+          git add -A
+          git commit -m "$COMMIT_MESSAGE" --allow-empty
+          git push origin ${{ github.ref_name }}
+        env:
+          # Workaround if the commit message contains quotes.
+          COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
+
+      - name: Push tag to drainpipe-dev
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        working-directory: drainpipe-dev
         run: |
-          ddev config --auto
-          ddev start
-          ddev composer config extra.drupal-scaffold.gitignore true
-          ddev composer config --json extra.drupal-scaffold.allowed-packages \[\"lullabot/drainpipe\"]
-          ddev composer config --no-plugins allow-plugins.composer/installers true
-          ddev composer config --no-plugins allow-plugins.drupal/core-composer-scaffold true
-          ddev composer config --no-plugins allow-plugins.lullabot/drainpipe true
-          ddev composer config repositories.drainpipe --json '{"type": "path", "url": "drainpipe", "options": {"symlink": false}}'
-          ddev composer config minimum-stability dev
-          ddev composer require lullabot/drainpipe --with-all-dependencies
-
-      - name: Push drainpipe-dev
-        run: ddev exec "./vendor/bin/task deploy:git directory=/var/www/html/drainpipe/drainpipe-dev branch=${{ github.ref_name }} remote=https://${{ secrets.DRAINPIPE_DEV_GITHUB_TOKEN_USERNAME }}:${{ secrets.DRAINPIPE_DEV_GITHUB_TOKEN }}@github.com/lullabot/drainpipe-dev.git message=\"${{ github.event.head_commit.message }}\""
+          git tag ${{ github.ref_name }}
+          git push origin ${{ github.ref_name }}
diff --git a/drainpipe-dev/.github/workflows/release.yml b/drainpipe-dev/.github/workflows/release.yml
@@ -0,0 +1,27 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref || github.sha }}
+  cancel-in-progress: false
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Create release
+        run: |
+          gh release create ${{ github.ref_name }} \
+            --title "${{ github.ref_name }}" \
+            --notes "See https://github.com/Lullabot/drainpipe/releases/tag/${{ github.ref_name }}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/drainpipe-dev/.github/workflows/repo-lockdown.yml b/drainpipe-dev/.github/workflows/repo-lockdown.yml
@@ -0,0 +1,27 @@
+name: Repo Lockdown
+
+on:
+  issues:
+    types: opened
+  pull_request_target:
+    types: opened
+  schedule:
+    - cron: '0 * * * *'
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/repo-lockdown@v4
+        with:
+          issue-comment: >
+            Please file your issue in the upstream Drainpipe repository at https://github.com/Lullabot/drainpipe/issues.
+          skip-closed-issue-comment: true
+          pr-comment: >
+            Please submit your pull request against the upstream Drainpipe repository at https://github.com/Lullabot/drainpipe/pulls.
+            Note that the drainpipe-dev code is contained inside the root `/drainpipe-dev` directory.
+          skip-closed-pr-comment: true