Test Build #93
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test Build | |
env: | |
DEFAULT_NOTES: "" | |
on: | |
workflow_dispatch: | |
inputs: | |
rari-branch: | |
description: "rari branch to build (leave blank for npm release)" | |
type: string | |
default: "" | |
content-branch: | |
description: "content branch to build" | |
type: string | |
default: "main" | |
notes: | |
description: "Notes" | |
required: false | |
default: ${DEFAULT_NOTES} | |
invalidate: | |
description: "Invalidate CDN (use only in exceptional circumstances)" | |
type: boolean | |
required: false | |
default: false | |
workflow_call: | |
secrets: | |
GCP_PROJECT_NAME: | |
required: true | |
WIP_PROJECT_ID: | |
required: true | |
permissions: | |
contents: read | |
id-token: write | |
jobs: | |
build: | |
environment: test | |
runs-on: ubuntu-latest | |
# Only run the scheduled workflows on the main repo. | |
if: github.repository == 'mdn/yari' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/checkout@v4 | |
if: ${{ ! vars.SKIP_BUILD || ! vars.SKIP_FUNCTION }} | |
with: | |
repository: mdn/content | |
path: mdn/content | |
# Yes, this means fetch EVERY COMMIT EVER. | |
# It's probably not sustainable in the far future (e.g. past 2021) | |
# but for now it's good enough. We'll need all the history | |
# so we can figure out each document's last-modified date. | |
fetch-depth: 0 | |
ref: ${{ github.event.inputs.content-branch }} | |
- uses: actions/checkout@v4 | |
if: ${{ ! vars.SKIP_BUILD }} | |
with: | |
repository: mdn/mdn-studio | |
path: mdn/mdn-studio | |
lfs: true | |
token: ${{ secrets.MDN_STUDIO_PAT }} | |
- uses: actions/checkout@v4 | |
if: ${{ ! vars.SKIP_BUILD }} | |
with: | |
repository: mdn/generic-content | |
path: mdn/generic-content | |
- uses: actions/checkout@v4 | |
if: ${{ ! vars.SKIP_BUILD }} | |
with: | |
repository: mdn/curriculum | |
path: mdn/curriculum | |
- uses: actions/checkout@v4 | |
if: ${{ ! vars.SKIP_BUILD || ! vars.SKIP_FUNCTION }} | |
with: | |
repository: mdn/translated-content | |
path: mdn/translated-content | |
# See matching warning for mdn/content checkout step | |
fetch-depth: 0 | |
- name: Checkout (translated-content-de) | |
uses: actions/checkout@v4 | |
if: ${{ ! vars.SKIP_BUILD || ! vars.SKIP_FUNCTION }} | |
with: | |
repository: mdn/translated-content-de | |
path: mdn/translated-content-de | |
- name: Move de into translated-content | |
if: ${{ ! vars.SKIP_BUILD || ! vars.SKIP_FUNCTION }} | |
run: | | |
mv mdn/translated-content-de/files/de mdn/translated-content/files/ | |
rm -rf mdn/translated-content-de | |
- name: Clean and commit de | |
if: ${{ ! vars.SKIP_BUILD || ! vars.SKIP_FUNCTION }} | |
working-directory: mdn/translated-content | |
run: | | |
git add files/de | |
git -c user.name='MDN' -c user.email='[email protected]' commit -m 'de' | |
- uses: actions/checkout@v4 | |
if: ${{ ! vars.SKIP_BUILD }} | |
with: | |
repository: mdn/mdn-contributor-spotlight | |
path: mdn/mdn-contributor-spotlight | |
- name: Setup Node.js environment | |
if: ${{ ! vars.SKIP_BUILD || ! vars.SKIP_FUNCTION }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".nvmrc" | |
cache: ${{ github.event.inputs.rari-branch == '' && 'yarn' || '' }} | |
- name: Install all yarn packages | |
if: ${{ ! vars.SKIP_BUILD }} | |
run: yarn --frozen-lockfile | |
env: | |
# Use a GITHUB_TOKEN to bypass rate limiting for ripgrep and rari. | |
# See https://github.com/microsoft/vscode-ripgrep#github-api-limit-note | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/checkout@v4 | |
if: ${{ ! vars.SKIP_BUILD && github.event.inputs.rari-branch != '' }} | |
with: | |
repository: mdn/rari | |
path: mdn/rari | |
ref: ${{ github.event.inputs.rari-branch }} | |
- name: Cache Cargo registry | |
if: ${{ ! vars.SKIP_BUILD && github.event.inputs.rari-branch != '' }} | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
restore-keys: ${{ runner.os }}-cargo- | |
- uses: dtolnay/rust-toolchain@stable | |
if: ${{ ! vars.SKIP_BUILD && github.event.inputs.rari-branch != '' }} | |
- name: sccache-cache | |
if: ${{ ! vars.SKIP_BUILD && github.event.inputs.rari-branch != '' }} | |
uses: mozilla-actions/[email protected] | |
- name: Build rari | |
if: ${{ ! vars.SKIP_BUILD && github.event.inputs.rari-branch != '' }} | |
run: | | |
cd mdn/rari | |
cargo build --release | |
cp target/release/rari ../../node_modules/@mdn/rari/bin/ | |
- name: Print information about build | |
run: | | |
echo "notes: ${{ github.event.inputs.notes || env.DEFAULT_NOTES }}" | |
- name: Print information about CPU | |
run: cat /proc/cpuinfo | |
- name: Build everything | |
if: ${{ ! vars.SKIP_BUILD }} | |
env: | |
# Remember, the mdn/content repo got cloned into `pwd` into a | |
# sub-folder called "mdn/content" | |
CONTENT_ROOT: ${{ github.workspace }}/mdn/content/files | |
CONTENT_TRANSLATED_ROOT: ${{ github.workspace }}/mdn/translated-content/files | |
CONTRIBUTOR_SPOTLIGHT_ROOT: ${{ github.workspace }}/mdn/mdn-contributor-spotlight/contributors | |
BLOG_ROOT: ${{ github.workspace }}/mdn/mdn-studio/content/posts | |
CURRICULUM_ROOT: ${{ github.workspace }}/mdn/curriculum | |
GENERIC_CONTENT_ROOT: ${{ github.workspace }}/mdn/generic-content/files | |
BASE_URL: "https://test.developer.allizom.org" | |
# rari | |
BUILD_OUT_ROOT: "client/build" | |
LIVE_SAMPLES_BASE_URL: https://live.test.mdnyalp.dev | |
INTERACTIVE_EXAMPLES_BASE_URL: https://interactive-examples.mdn.allizom.net | |
ADDITIONAL_LOCALES_FOR_GENERICS_AND_SPAS: de | |
# The default for this environment variable is geared for writers | |
# (aka. local development). Usually defaults are supposed to be for | |
# secure production but this is an exception and default | |
# is not insecure. | |
BUILD_LIVE_SAMPLES_BASE_URL: https://live.test.mdnyalp.dev | |
BUILD_LEGACY_LIVE_SAMPLES_BASE_URL: https://live.test.mdnyalp.dev | |
# Use the stage version of interactive examples. | |
BUILD_INTERACTIVE_EXAMPLES_BASE_URL: https://interactive-examples.mdn.allizom.net | |
# Now is not the time to worry about flaws. | |
BUILD_FLAW_LEVELS: "*:ignore" | |
# This enables the Plus call-to-action banner and the Plus landing page | |
REACT_APP_ENABLE_PLUS: true | |
# This adds the ability to sign in (stage only for now) | |
REACT_APP_DISABLE_AUTH: false | |
# Use the stage version of interactive examples in react app | |
REACT_APP_INTERACTIVE_EXAMPLES_BASE_URL: https://interactive-examples.mdn.allizom.net | |
# Firefox Accounts and SubPlat settings | |
REACT_APP_FXA_SIGNIN_URL: /users/fxa/login/authenticate/ | |
REACT_APP_FXA_SETTINGS_URL: https://accounts.stage.mozaws.net/settings/ | |
REACT_APP_MDN_PLUS_SUBSCRIBE_URL: https://accounts.stage.mozaws.net/subscriptions/products/prod_Jtbg9tyGyLRuB0 | |
REACT_APP_MDN_PLUS_5M_PLAN: price_1JFoTYKb9q6OnNsLalexa03p | |
REACT_APP_MDN_PLUS_5Y_PLAN: price_1JpIPwKb9q6OnNsLJLsIqMp7 | |
REACT_APP_MDN_PLUS_10M_PLAN: price_1K6X7gKb9q6OnNsLi44HdLcC | |
REACT_APP_MDN_PLUS_10Y_PLAN: price_1K6X8VKb9q6OnNsLFlUcEiu4 | |
# No surveys. | |
# Telemetry. | |
REACT_APP_GLEAN_CHANNEL: test | |
REACT_APP_GLEAN_ENABLED: true | |
# Newsletter | |
REACT_APP_NEWSLETTER_ENABLED: false | |
# Placement | |
REACT_APP_PLACEMENT_ENABLED: true | |
# Playground | |
REACT_APP_PLAYGROUND_BASE_HOST: test.mdnyalp.dev | |
# Observatory | |
REACT_APP_OBSERVATORY_API_URL: https://observatory-api.mdn.allizom.net | |
run: | | |
set -eo pipefail | |
# Info about which CONTENT_* environment variables were set and to what. | |
echo "CONTENT_ROOT=$CONTENT_ROOT" | |
echo "CONTENT_TRANSLATED_ROOT=$CONTENT_TRANSLATED_ROOT" | |
echo "BLOG_ROOT=$BLOG_ROOT" | |
# Build the ServiceWorker first | |
yarn build:sw | |
yarn build:client | |
yarn build:ssr | |
yarn tool:legacy build-robots-txt | |
yarn rari content sync-translated-content | |
yarn rari git-history | |
yarn rari build --all --issues client/build/issues.json --templ-stats | |
# SSR all pages | |
yarn render:html | |
# Generate whatsdeployed files. | |
yarn tool:legacy whatsdeployed --output client/build/_whatsdeployed/code.json | |
yarn tool:legacy whatsdeployed $CONTENT_ROOT --output client/build/_whatsdeployed/content.json | |
yarn tool:legacy whatsdeployed $CONTENT_TRANSLATED_ROOT --output client/build/_whatsdeployed/translated-content.json | |
# Sort DE search index by en-US popularity. | |
node scripts/reorder-search-index.mjs client/build/en-us/search-index.json client/build/de/search-index.json | |
- name: Authenticate with GCP | |
uses: google-github-actions/auth@v2 | |
with: | |
token_format: access_token | |
service_account: deploy-test-content@${{ secrets.GCP_PROJECT_NAME }}.iam.gserviceaccount.com | |
workload_identity_provider: projects/${{ secrets.WIP_PROJECT_ID }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
- name: Setup gcloud | |
uses: google-github-actions/setup-gcloud@v2 | |
- name: Sync build | |
if: ${{ ! vars.SKIP_BUILD }} | |
run: |- | |
gsutil -q -m -h "Cache-Control: public, max-age=3600" cp -r client/build/static gs://${{ vars.GCP_BUCKET_NAME }}/main/ | |
gsutil -q -m -h "Cache-Control: public, max-age=3600" rsync -cdrj html,json,txt -y "^static/" client/build gs://${{ vars.GCP_BUCKET_NAME }}/main | |
- name: Authenticate with GCP | |
if: ${{ ! vars.SKIP_FUNCTION }} | |
uses: google-github-actions/auth@v2 | |
with: | |
token_format: access_token | |
service_account: deploy-test-nonprod-mdn-ingres@${{ secrets.GCP_PROJECT_NAME }}.iam.gserviceaccount.com | |
workload_identity_provider: projects/${{ secrets.WIP_PROJECT_ID }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
- name: Setup gcloud | |
if: ${{ ! vars.SKIP_FUNCTION }} | |
uses: google-github-actions/setup-gcloud@v2 | |
with: | |
install_components: "beta" | |
- name: Generate redirects map | |
if: ${{ ! vars.SKIP_FUNCTION }} | |
working-directory: cloud-function | |
env: | |
CONTENT_ROOT: ${{ github.workspace }}/mdn/content/files | |
CONTENT_TRANSLATED_ROOT: ${{ github.workspace }}/mdn/translated-content/files | |
run: | | |
npm ci | |
npm run build-redirects | |
npm run build-canonicals | |
- name: Deploy Function | |
if: ${{ ! vars.SKIP_FUNCTION }} | |
run: |- | |
set -eo pipefail | |
for region in europe-west3; do | |
gcloud beta functions deploy mdn-nonprod-test-$region \ | |
--gen2 \ | |
--runtime=nodejs20 \ | |
--region=$region \ | |
--source=cloud-function \ | |
--trigger-http \ | |
--allow-unauthenticated \ | |
--entry-point=mdnHandler \ | |
--concurrency=100 \ | |
--min-instances=1 \ | |
--max-instances=100 \ | |
--memory=2GB \ | |
--timeout=120s \ | |
--set-env-vars="ORIGIN_MAIN=test.developer.allizom.org" \ | |
--set-env-vars="ORIGIN_LIVE_SAMPLES=live.test.mdnyalp.dev" \ | |
--set-env-vars="ORIGIN_PLAY=test.mdnyalp.dev" \ | |
--set-env-vars="SOURCE_CONTENT=https://storage.googleapis.com/${{ vars.GCP_BUCKET_NAME }}/main/" \ | |
--set-env-vars="SOURCE_API=https://api.developer.allizom.org/" \ | |
--set-env-vars="BSA_ENABLED=true" \ | |
--set-env-vars="SENTRY_DSN=${{ secrets.SENTRY_DSN_CLOUD_FUNCTION }}" \ | |
--set-env-vars="SENTRY_ENVIRONMENT=test" \ | |
--set-env-vars="SENTRY_TRACES_SAMPLE_RATE=${{ vars.SENTRY_TRACES_SAMPLE_RATE }}" \ | |
--set-env-vars="SENTRY_RELEASE=${{ github.sha }}" \ | |
--set-secrets="KEVEL_SITE_ID=projects/${{ secrets.GCP_PROJECT_NAME }}/secrets/stage-kevel-site-id/versions/latest" \ | |
--set-secrets="KEVEL_NETWORK_ID=projects/${{ secrets.GCP_PROJECT_NAME }}/secrets/stage-kevel-network-id/versions/latest" \ | |
--set-secrets="SIGN_SECRET=projects/${{ secrets.GCP_PROJECT_NAME }}/secrets/stage-sign-secret/versions/latest" \ | |
--set-secrets="BSA_ZONE_KEYS=projects/${{ secrets.GCP_PROJECT_NAME }}/secrets/stage-bsa-zone-keys/versions/latest" \ | |
2>&1 | sed "s/^/[$region] /" & | |
pids+=($!) | |
done | |
for pid in "${pids[@]}"; do | |
wait $pid | |
done | |
- name: Invalidate CDN | |
if: ${{ github.event.inputs.invalidate }} | |
run: gcloud compute url-maps invalidate-cdn-cache ${{ secrets.GCP_LOAD_BALANCER_NAME }} --path "/*" --async |