feat: allow deploying to hetzner #4460
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Updated triggers | |
| on: | |
| pull_request: | |
| types: [labeled, unlabeled, synchronize, closed, reopened, opened] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| pull-requests: write | |
| concurrency: | |
| group: pr-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| # check if the docs are modified | |
| path-filter: | |
| runs-on: ubuntu-latest | |
| if: github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' || github.event.action == 'closed' || github.event.action == 'labeled' || github.event.action == 'unlabeled' | |
| outputs: | |
| docs: ${{ steps.changes.outputs.docs }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: dorny/paths-filter@v3 | |
| id: changes | |
| with: | |
| filters: | | |
| docs: | |
| - 'docs/**' | |
| # you can skip the build by adding 'skip-build' to the commit message, useful when testing e2e tests or experimenting with the deploy | |
| skip_build_sha: | |
| outputs: | |
| last-successful-build-sha: ${{ steps.last-build.outputs.last-successful-build-sha }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Check if skip-build is in the commit message | |
| id: check | |
| run: | | |
| echo "commit message: $(git log -1 --pretty=%B)" | |
| if [[ "$(git log -1 --pretty=%B)" == *"skip-build"* ]]; then | |
| echo "skip-build is in the commit message" | |
| echo "skip-build=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "skip-build is not in the commit message" | |
| echo "skip-build=false" >> $GITHUB_OUTPUT | |
| echo "skip-build-sha=" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Find last successful build SHA | |
| id: last-build | |
| if: ${{ steps.check.outputs.skip-build == 'true' }} | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| pr_number="${{ github.event.pull_request.number }}" | |
| gh api "/repos/${{ github.repository }}/actions/workflows/on_pr.yml/runs?event=pull_request&per_page=100" \ | |
| --jq ".workflow_runs[] | select(.pull_requests[]?.number == ${pr_number}) | select(.id < ${{ github.run_id }}) | {id: .id, sha: .head_sha, created: .created_at}" \ | |
| | jq -s 'sort_by(.created) | reverse | .[].id' -r \ | |
| | while read run_id; do | |
| echo "Checking run: $run_id" | |
| run=$(gh api "/repos/${{ github.repository }}/actions/runs/${run_id}/jobs") | |
| echo "Run: $run" | |
| all_success=$(echo "$run" | jq '[.jobs[] | select(.name | contains("build-all")) | .conclusion] | all(. == "success")') | |
| echo "All success for $run_id: $all_success" | |
| if [ "$all_success" == "true" ]; then | |
| successful_sha=$(gh api "/repos/${{ github.repository }}/actions/runs/${run_id}" --jq '.head_sha') | |
| echo "last-successful-build-sha=${successful_sha}" >> $GITHUB_OUTPUT | |
| echo "Found last successful build at SHA: $successful_sha (run: $run_id)" | |
| exit 0 | |
| fi | |
| done | |
| if [ "$all_success" == "false" ]; then | |
| echo "last-successful-build-sha=" >> $GITHUB_OUTPUT | |
| echo "No previous successful build found in this PR" | |
| fi | |
| ci: | |
| if: github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' || (github.event.action == 'labeled' && github.event.label.name == 'preview') | |
| uses: ./.github/workflows/ci.yml | |
| build-all: | |
| if: (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' || (github.event.action == 'labeled' && github.event.label.name == 'preview')) && (needs.skip_build_sha.outputs.last-successful-build-sha == '') | |
| needs: | |
| - path-filter | |
| - skip_build_sha | |
| permissions: | |
| contents: read | |
| packages: write | |
| uses: ./.github/workflows/ghcr-build-all.yml | |
| secrets: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| e2e: | |
| if: (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize') && always() && (needs.build-all.result == 'success' || needs.build-all.result == 'skipped') | |
| needs: | |
| - path-filter | |
| - build-all | |
| - skip_build_sha | |
| uses: ./.github/workflows/e2e.yml | |
| with: | |
| image-tag-override: ${{ needs.skip_build_sha.outputs.last-successful-build-sha || '' }} | |
| deploy-preview: | |
| if: >- | |
| always() && | |
| contains(github.event.pull_request.labels.*.name, 'preview') && | |
| github.event.action != 'closed' && | |
| github.event.action != 'unlabeled' && | |
| needs.skip_build_sha.result == 'success' && | |
| (needs.build-all.result == 'success' || | |
| (needs.build-all.result == 'skipped' && needs.skip_build_sha.outputs.last-successful-build-sha != '')) | |
| uses: ./.github/workflows/deploy-stack.yml | |
| needs: | |
| - skip_build_sha | |
| - build-all | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| with: | |
| action: deploy | |
| image_tag: ${{ needs.skip_build_sha.outputs.last-successful-build-sha || github.event.pull_request.head.sha }} | |
| stack_name: preview-pr-${{ github.event.pull_request.number }} | |
| hostname: pr-${{ github.event.pull_request.number }}.pubstar.org | |
| env_file: .env.preview.enc | |
| stack_file: stack.preview.yml | |
| uses_gateway: true | |
| ssh_host_secret: SSH_HOST_PREVIEW | |
| secrets: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| SSH_USER: ${{ secrets.SSH_USER }} | |
| SSH_HOST: ${{ secrets.SSH_HOST_PREVIEW }} | |
| GHCR_USER: ${{ secrets.GHCR_USER }} | |
| GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} | |
| close-preview: | |
| if: (github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'preview')) || (github.event.action == 'unlabeled' && github.event.label.name == 'preview') | |
| uses: ./.github/workflows/deploy-stack.yml | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| with: | |
| action: teardown | |
| stack_name: preview-pr-${{ github.event.pull_request.number }} | |
| hostname: pr-${{ github.event.pull_request.number }}.pubstar.org | |
| env_file: .env.preview.enc | |
| stack_file: stack.preview.yml | |
| uses_gateway: true | |
| ssh_host_secret: SSH_HOST_PREVIEW | |
| secrets: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| SSH_USER: ${{ secrets.SSH_USER }} | |
| SSH_HOST: ${{ secrets.SSH_HOST_PREVIEW }} | |
| GHCR_USER: ${{ secrets.GHCR_USER }} | |
| GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} | |
| deploy-docs-preview: | |
| permissions: | |
| contents: write | |
| pages: write | |
| pull-requests: write | |
| needs: | |
| - path-filter | |
| if: (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize') && needs.path-filter.outputs.docs == 'true' | |
| uses: ./.github/workflows/build-docs.yml | |
| with: | |
| preview: true | |
| close-docs-preview: | |
| needs: | |
| - path-filter | |
| permissions: | |
| contents: write | |
| pages: write | |
| pull-requests: write | |
| if: github.event.action == 'closed' && needs.path-filter.outputs.docs == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Close docs preview | |
| uses: rossjrw/pr-preview-action@v1 | |
| with: | |
| source-dir: docs/out | |
| action: remove | |
| status-check: | |
| needs: | |
| - ci | |
| - e2e | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: ok | |
| run: | | |
| echo ok |