Skip to content

Fix GHA tag/deploy workflow #32

Fix GHA tag/deploy workflow

Fix GHA tag/deploy workflow #32

Workflow file for this run

# When a PR is closed, clean up any associated GitLab CI pipelines & branch
#
# * Cancels all GLCI pipelines associated with the PR HEAD ref (branch)
# * Removes the PR HEAD branch from the corresponding gitlab.com/org/ project
#
# ------------------------------------------------------------------------------
#
# NOTICE: **This file is maintained with puppetsync**
#
# This file is updated automatically as part of a standardized asset baseline.
#
# The next baseline sync will overwrite any local changes to this file!
#
# ==============================================================================
#
# GitHub Action Secrets variables available for this pipeline:
#
# GitHub Secret variable Type Notes
# ------------------------ -------- ----------------------------------------
# GITLAB_API_PRIVATE_TOKEN Secure Should have `api` scope
# GITLAB_API_URL Optional
#
# The secure vars will be filtered in GitHub Actions log output, and aren't
# provided to untrusted builds (i.e, triggered by PR from another repository)
#
# ------------------------------------------------------------------------------
#
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows
#
---
name: PR GLCI Cleanup
on:
pull_request_target:
types: [closed]
jobs:
cleanup-glci-branch:
name: 'Clean up GLCI'
# This conditional provides an extra safety control, in case the workflow's
# `on` section is inadventently modified without considering the security
# implications.
if: github.event_name == 'pull_request_target' && github.event.action == 'closed'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
- name: Trigger CI when user has Repo Permissions
env:
GITLAB_SERVER_URL: ${{ secrets.GITLAB_SERVER_URL }} # https://gitlab.com
GITLAB_API_URL: ${{ secrets.GITLAB_API_URL }} # https://gitlab.com/api/v4
GITLAB_ORG: ${{ github.event.organization.login }}
GITLAB_API_PRIVATE_TOKEN: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
GIT_BRANCH: ${{ github.event.pull_request.head.ref }}
run: |
GITLAB_SERVER_URL="${GITLAB_SERVER_URL:-https://gitlab.com}"
GITLAB_API_URL="${GITLAB_API_URL:-${GITLAB_SERVER_URL}/api/v4}"
GIT_BRANCH="${GIT_BRANCH:-GITHUB_HEAD_REF}"
GITXXB_REPO_NAME="${GITHUB_REPOSITORY/$GITHUB_REPOSITORY_OWNER\//}"
GITLAB_PROJECT_ID="${GITLAB_ORG}%2F${GITXXB_REPO_NAME}"
# --http1.0 avoids an HTTP/2 load balancing issue when run from GA
CURL_CMD=(curl --http1.0 --fail --silent --show-error \
--header "Authorization: Bearer $GITLAB_API_PRIVATE_TOKEN" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
)
# Cancel any active/pending GitLab CI pipelines for the same project+branch
active_pipeline_ids=()
for pipe_status in created waiting_for_resource preparing pending running; do
echo " ---- checking for CI pipelines with status '$pipe_status' for project '$GITLAB_PROJECT_ID', branch '$GIT_BRANCH'"
url="${GITLAB_API_URL}/projects/${GITLAB_PROJECT_ID}/pipelines?ref=${GIT_BRANCH}&status=${pipe_status}"
active_pipelines="$("${CURL_CMD[@]}" "$url" | jq -r '.[] | .id , .web_url')"
active_pipeline_ids+=($(echo "$active_pipelines" | grep -E '^[0-9]*$'))
printf "$active_pipelines\n\n"
done
if [ "${#active_pipeline_ids[@]}" -gt 0 ]; then
printf "\nFound %s active pipeline ids:\n" "${#active_pipeline_ids[@]}"
echo "${active_pipeline_ids[@]}"
for pipe_id in "${active_pipeline_ids[@]}"; do
printf "\n ------ Cancelling pipeline ID %s...\n" "$pipe_id"
"${CURL_CMD[@]}" --request POST "${GITLAB_API_URL}/projects/${GITLAB_PROJECT_ID}/pipelines/${pipe_id}/cancel"
done
else
echo No active pipelines found
fi
echo "== Removing $GIT_BRANCH from gitlab"
git remote add gitlab "https://oauth2:${GITLAB_API_PRIVATE_TOKEN}@${GITLAB_SERVER_URL#*://}/${GITLAB_ORG}/${GITXXB_REPO_NAME}.git"
git push gitlab ":${GIT_BRANCH}" -f || : # attempt to un-weird GLCI's `changed` tracking
### examine_contexts:
### name: 'Examine Context contents'
### if: always()
### runs-on: ubuntu-latest
### steps:
### - name: Dump contexts
### env:
### GITHUB_CONTEXT: ${{ toJson(github) }}
### run: echo "$GITHUB_CONTEXT"
### run: echo "$ENV_CONTEXT"
### - name: Dump env vars
### run: env | sort