ci: Implement gated automated PR building

Only checkout/build PR branches if labelled first
FoxxMD · Jun 26, 2024 · 13d64d2 · 13d64d2
1 parent ddb7fb3
commit 13d64d2
Show file tree

Hide file tree

Showing 2 changed files with 124 additions and 5 deletions.
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -0,0 +1,121 @@
+name: PR Workflow
+
+on:
+  pull_request_target:
+    types:
+      - labeled
+      - synchronize
+      - reopened
+      - opened
+    branches:
+      - 'develop'
+
+jobs:
+  test:
+    name: Run Tests
+    runs-on: ubuntu-latest
+    if: contains(github.event.pull_request.labels.*.name, 'safe to test')
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      - name: Use Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '18.x'
+          cache: 'npm'
+      - name: Install dev dependencies
+        run: npm ci
+      - name: Build Backend
+        run: 'npm run build:backend'
+      - name: Test Backend
+        run: npm run test
+
+  release-snapshot:
+    name: Release snapshot
+    runs-on: ubuntu-latest
+    needs: test
+    if: contains(github.event.pull_request.labels.*.name, 'safe to test')
+    permissions:
+      packages: write
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - dockerfile: ./Dockerfile
+            suffix: ''
+            platforms: 'linux/amd64,linux/arm64'
+          - dockerfile: ./debian.Dockerfile
+            suffix: '-debian'
+            platforms: 'linux/amd64,linux/arm64'
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            foxxmd/multi-scrobbler
+            ghcr.io/foxxmd/multi-scrobbler
+          tags: |
+            type=ref,event=pr,suffix=${{ matrix.suffix }}
+          flavor: |
+            latest=false
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v5
+        env:
+          APP_VERSION: ${{ format('pr{0}-{1}', github.event.number, github.event.pull_request.head.sha ) }}
+        with:
+          context: .
+          push: true
+          file: ${{ matrix.dockerfile }}
+          tags: ${{ steps.meta.outputs.tags }}
+          platforms: ${{ matrix.platforms }}
+          build-args: |
+            APP_BUILD_VERSION=${{env.APP_VERSION}}
+
+  combine-and-comment:
+    name: Leave comment
+    runs-on: ubuntu-latest
+    needs: release-snapshot
+    if: contains(github.event.pull_request.labels.*.name, 'safe to test')
+    steps:
+      - name: Create comment
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          recreate: true
+          header: "pr-release"
+          message: |
+            #### :package: A new release has been made for this pull request.
+
+            To play around with this PR, pull an image:
+            * `foxxmd/multi-scrobbler:pr-${{ github.event.number }}`
+            * `foxxmd/multi-scrobbler:pr-${{ github.event.number }}-debian`.
+
+            Images are available for x86_64 and ARM64.
+
+            > Latest commit: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/publishImage.yml b/.github/workflows/publishImage.yml
@@ -19,6 +19,7 @@ on:
 jobs:
   test:
     name: Run Tests
+    if: github.event_name != 'pull_request'
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
@@ -37,6 +38,7 @@ jobs:
 
   push_to_registry:
     name: Build and push container images
+    if: github.event_name != 'pull_request'
     runs-on: ubuntu-latest
     needs: test
     strategy:
@@ -48,8 +50,6 @@ jobs:
             platforms: 'linux/amd64,linux/arm64'
           - dockerfile: ./debian.Dockerfile
             suffix: '-debian'
-            # can't build arm64 due to a TLS issue when running npm install??
-            # https://github.com/FoxxMD/multi-scrobbler/issues/126
             platforms: 'linux/amd64,linux/arm64'
     # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
     permissions:
@@ -70,14 +70,12 @@ jobs:
           echo "COMMIT_BRANCH=$branchName" >> $GITHUB_ENV
 
       - name: Log in to Docker Hub
-        if: github.event_name != 'pull_request'
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GitHub Container Registry
-        if: github.event_name != 'pull_request'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -121,7 +119,7 @@ jobs:
           build-args: |
             APP_BUILD_VERSION=${{env.APP_VERSION}}
           file: ${{ matrix.dockerfile }}
-          push: ${{ github.event_name != 'pull_request' && !env.ACT}}
+          push: ${{ !env.ACT}}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           platforms: ${{ matrix.platforms }}