From bf976706f7c2e8f741e59d9953d2884d4aaddf21 Mon Sep 17 00:00:00 2001 From: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com> Date: Tue, 22 Oct 2024 10:24:25 -0600 Subject: [PATCH] Manage ephemeral configs (#4926) * Add ephemeral-environment label and cleanup workflow call * Update workflow call to main * switch to process.env --- .../cleanup-ephemeral-environment.yml | 59 +++++++++++++++++++ .github/workflows/enforce-labels.yml | 6 +- 2 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/cleanup-ephemeral-environment.yml diff --git a/.github/workflows/cleanup-ephemeral-environment.yml b/.github/workflows/cleanup-ephemeral-environment.yml new file mode 100644 index 000000000..d5c34a7bb --- /dev/null +++ b/.github/workflows/cleanup-ephemeral-environment.yml @@ -0,0 +1,59 @@ +name: Ephemeral environment cleanup + +on: + pull_request: + types: [unlabeled] + +jobs: + validate-pr: + name: Validate PR + runs-on: ubuntu-24.04 + outputs: + config-exists: ${{ steps.validate-config.outputs.config-exists }} + steps: + - name: Checkout PR + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + + - name: Validate config exists in path + id: validate-config + run: | + if [[ -f "ephemeral-environments/$GITHUB_HEAD_REF.yaml" ]]; then + echo "Ephemeral environment config found in path, continuing." + echo "config-exists=true" >> $GITHUB_OUTPUT + fi + + + cleanup-config: + name: Cleanup ephemeral environment + runs-on: ubuntu-24.04 + needs: validate-pr + if: ${{ needs.validate-pr.outputs.config-exists }} + steps: + - name: Log in to Azure - CI subscription + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve GitHub PAT secrets + id: retrieve-secret-pat + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "github-pat-bitwarden-devops-bot-repo-scope" + + - name: Trigger Ephemeral Environment cleanup + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }} + script: | + await github.rest.actions.createWorkflowDispatch({ + owner: 'bitwarden', + repo: 'devops', + workflow_id: '_ephemeral_environment_pr_manager.yml', + ref: 'main', + inputs: { + ephemeral_env_branch: process.env.GITHUB_HEAD_REF, + cleanup_config: true, + project: 'server' + } + }) diff --git a/.github/workflows/enforce-labels.yml b/.github/workflows/enforce-labels.yml index 97e6381b0..11d565493 100644 --- a/.github/workflows/enforce-labels.yml +++ b/.github/workflows/enforce-labels.yml @@ -6,13 +6,13 @@ on: types: [labeled, unlabeled, opened, reopened, synchronize] jobs: enforce-label: - if: ${{ contains(github.event.*.labels.*.name, 'hold') || contains(github.event.*.labels.*.name, 'needs-qa') || contains(github.event.*.labels.*.name, 'DB-migrations-changed') }} + if: ${{ contains(github.event.*.labels.*.name, 'hold') || contains(github.event.*.labels.*.name, 'needs-qa') || contains(github.event.*.labels.*.name, 'DB-migrations-changed') || contains(github.event.*.labels.*.name, 'ephemeral-environment') }} name: Enforce label runs-on: ubuntu-22.04 steps: - name: Check for label run: | - echo "PRs with the hold or needs-qa labels cannot be merged" - echo "### :x: PRs with the hold or needs-qa labels cannot be merged" >> $GITHUB_STEP_SUMMARY + echo "PRs with the hold, needs-qa or ephemeral-environment labels cannot be merged" + echo "### :x: PRs with the hold, needs-qa or ephemeral-environment labels cannot be merged" >> $GITHUB_STEP_SUMMARY exit 1