I'm trying to deploy a serverless application on merge into develop & master AND on PR request. I want the stage name to correspond to the branch name OR pull request number.
This is the step in question, but github.event.push.ref is the entire branch ref (i.e. ref/head/master) etc. And I just want "master" or "develop". Is there anyway to use this same syntax as below to get pull_request number OR branch name?
# Deploy API Tests
- name: Deploy API
run: yarn deploy --stage ${{ github.event.pull_request.number || github.event.push.ref }}
working-directory: api
If the shell you're using is bash or another POSIX shell, it's easy enough to do this:
run: 'yarn deploy --stage $(echo "${{ github.event.pull_request.number || github.event.push.ref }}" | sed -e 's!^refs/heads/!!')'
That will strip off the refs/heads/ prefix and leave you with just the branch name. If you were not using a PR, then you could also use this, which would have Git abbreviate the name to just the branch or tag name:
run: 'yarn deploy --stage $(git rev-parse --abbrev-ref "${{ github.event.push.ref }}")'
Related
I use dependabots with Maven environment to receive pull requests on pom.xml files for version upgrades on all dependencies.
However, for an Eclipse plug-in project, more files need update:
MANIFEST.MF
build.properties
How do I configure dependabots in an Eclipse plugin project so that not only the pom.xml is updated but also MANIFEST.MF and build.properties?
An open feature request exists on dependabots
https://github.com/dependabot/dependabot-core/issues/5676
Meanwhile, I'm trying to tweak this with a Github Action that will checkout the branch from dependabots pull request and replace the version number in the files.
I've built this workflow file:
name: "Update dependabots"
on:
push:
branches: [ 'dependabot/**' ]
# Set the access for individual scopes, or use permissions: write-all
permissions:
pull-requests: write
issues: write
repository-projects: write
jobs:
build:
runs-on: ubuntu-latest
if: "contains(github.event.head_commit.message, 'Bump')"
steps:
- name: Checkout repository
uses: actions/checkout#v3
with:
ref: ${{ github.ref }}
- name: Setup git user
run: |
git config --global user.email "action#github.com"
git config --global user.name "GitHub Action"
- name: Update Version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git log | grep -w Bump | cut -d' ' -f6,8,10 | xargs -n3 bash -c 'shopt -s globstar && sed -bi "s/$1-$2/$1-$3/g" **/MANIFEST.MF **/build.properties' sh-replace-in-files
git commit -a -m "Updated versions in **/MANIFEST.MF **/build.properties"
git push
But when the workflow runs, it complains that user github-actions[bot] is not allowed for my repository :
remote: Permission to myusername/myrepo.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/myusername/myrepo/': The requested URL returned error: 403
Error: Process completed with exit code 128.
I tried to replace GITHUB_TOKEN with a PAT_TOKEN but no luck with that.
What should I do ?
I have a Github Actions workflow where I am trying to use the branch name in my commit.
- name: Commit files
run: |
git config --local user.email github.actions#domain.com
git config --local user.name "username"
git add -A
if ! git diff-index --quiet HEAD; then
git commit -am "${GITHUB_REF#refs/heads/} ${{ env.TAG_NAME }} on ${{ env.CLUSTER_ENV }}"
git push
fi
My commit will fail if I do not have the branch name there. For some reason the output is the same as TAG_NAME.
I have also tried ${{ github.ref_name }} and ${GITHUB_REF##*/}, but the result is the same. How can I display the branch name in my commit message here?
I am starting the workflow from the command line in my local. Not sure if anymore information is needed.
I am having an issue with the following segment of a Github Action/Workflow which is meant to pull the PR list (with some filtering) of a remote, private repo (e.g. not the repo that contains the Action itself).
- run: echo "PR2=$( gh pr list --head "${{ env.BRANCH_NAME }}" --repo github.com/[OWNER]/[REMOTE_REPO] | tr -s [:space:] ' ' | cut -d' ' -f1 )" >> $GITHUB_ENV
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
However, I am getting the following error: GraphQL: Could not resolve to a Repository with the name '[OWNER]/[REMOTE_REPO]'. (repository)
I gather there is some issue with authentication somewhere, since the commands runs perfectly in a terminal after authenticating with gh auth. I'm new to Github as a whole, Actions, and CLI, so any advice as to how to properly authenticate inside an action would be amazing.
Edit: Found a solution/workaround.
Use git ls-remote to get a list of PRs and branches, then link the two using the ID. For future reference:
id=$(git ls-remote git#github.com:[OWNER]/[REMOTE_REPO] | grep "${{ env.BRANCH_NAME }}" | head -c 40)
PR=$(git ls-remote git#github.com:[OWNER]/[REMOTE_REPO] | grep "${id}.*refs/pull" | cut -b 52- | rev | cut -b 6- | rev)
There is an open feature request for authenticating non-interactively: Add flags to gh auth login to replace the interactive prompts
You can use github-script though:
steps:
- name: Find Pull Request
uses: actions/github-script#v5
with:
github-token: ${{ secrets.TOKEN_FOR_PRIVATE_REPO }}
script: |
const pulls = github.rest.pulls.list({
owner: '[OWNER]',
head: '${{ env.BRANCH_NAME }}',
repo: '[REMOTE_REPO]',
});
Note how it passes a separate github-token. The default token (secrets.GITHUB_TOKEN) cannot access your other private repository, so you'll have to issue another token and set that up as a secret.
If you don't want to use github script, you could also use plain curl with the newly issued token. Here's the doc on the REST API: https://docs.github.com/en/rest/reference/pulls#list-pull-requests and how to use the token: https://docs.github.com/en/rest/overview/other-authentication-methods#via-oauth-and-personal-access-tokens
You don't need to specifically authenticate using gh auth, but you should be using a generated PAT which has access to the private repo in this case.
For example, generate a PAT which can access your private repo, steps: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
Add the PAT as a secret to the repo where you have your workflow, say PRIVATE_REPO_PAT , steps: https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository
Then, you can use that in your workflow like:
- run: echo "PR2=$( gh pr list --head "${{ env.BRANCH_NAME }}" --repo github.com/[OWNER]/[REMOTE_REPO] | tr -s [:space:] ' ' | cut -d' ' -f1 )" >> $GITHUB_ENV
env:
GITHUB_TOKEN: ${{ secrets.PRIVATE_REPO_PAT }}
Note that, if you do want to use gh auth 'non-interactively', say in a shell script, you could always do it using :
echo "$GH_CONFIG_TOKEN" | gh auth login --with-token
where GH_CONFIG_TOKEN is either the default GITHUB_TOKEN or a generated PAT.
For use in Github Actions, this auth is implicit when you pass in the correct GITHUB_TOKEN in the env variables.
I want to push docker images to Docker Hub on tagged commits on the master branch.
Everything I've tried (How to get branch name on GitHub action?, lots of action plugins, like https://github.com/tj-actions/branch-names) only give me the tag name, but I need to know the branch name.
Specifically what I want to do is push a docker image to docker hub on tagged commits on master branch.
After a while I understood why this was not possible: When running a build based on the tagging event, the git checkout is not on a branch at all (it is a detached head).
It is possible to find the branch though, using git branch -a --contains <tag name> and a full checkout (fetch-depth: 0).
docker_tagged:
name: Tagged - Docker push to tag based on git tag. Also push 'latest' if on master
needs: tests
runs-on: ubuntu-latest
if: startsWith(github.event.ref, 'refs/tags')
steps:
- uses: actions/checkout#v2
with:
fetch-depth: 0
- run: echo "TAG=${GITHUB_REF#refs/*/}" | tee -a $GITHUB_ENV
- run: echo "BRANCH=$(git branch -a --contains ${{ env.TAG }} | grep -v HEAD | cut -d '/' -f3)" | tee -a $GITHUB_ENV
- uses: docker/login-action#v1
with:
username: locustbuild
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- uses: docker/build-push-action#v2
with:
push: true
tags: locustio/locust:${{ env.TAG }}${{ ( env.BRANCH == 'master' && ',locustio/locust:latest') || '' }}
(note that this will probably break if a tag is on master and another branch too)
How can I setup a CI/CD workflow with gitlab (or GitHub Actions) that generates my own Read the Docs site and is hosted for free using gitlab pages?
Is there a fork-ready example repo on gitlab or github that I can use to self-generate and self-host my own Read the Docs site?
You can host a sphinx-powered site (optionally using the Read the Docs theme) on GitHub Pages using GitHub Actions to wrap sphinx-build and push your html static assets to your GitHub Pages source, such as the gh-pages branch..
You need to define a GitHub Actions workflow to execute a build script.
Here's an example workflow that will execute buildDocs.sh every time there's a push to master
name: docs_pages_workflow
# execute this workflow automatically when a we push to master
on:
push:
branches: [ master ]
jobs:
build_docs_job:
runs-on: ubuntu-latest
container: debian:buster-slim
steps:
- name: Prereqs
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
apt-get update
apt-get install -y git
git clone --depth 1 "https://token:${GITHUB_TOKEN}#github.com/${GITHUB_REPOSITORY}.git" .
shell: bash
- name: Execute script to build our documentation and update pages
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: "docs/buildDocs.sh"
shell: bash
And here's an example buildDocs.sh script that's executed by the workflow above:
#!/bin/bash
################################################################################
# File: buildDocs.sh
# Purpose: Script that builds our documentation using sphinx and updates GitHub
# Pages. This script is executed by:
# .github/workflows/docs_pages_workflow.yml
#
# Authors: Michael Altfield <michael#michaelaltfield.net>
# Created: 2020-07-17
# Updated: 2020-07-17
# Version: 0.1
################################################################################
###################
# INSTALL DEPENDS #
###################
apt-get update
apt-get -y install git rsync python3-sphinx python3-sphinx-rtd-theme
#####################
# DECLARE VARIABLES #
#####################
pwd
ls -lah
export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
##############
# BUILD DOCS #
##############
# build our documentation with sphinx (see docs/conf.py)
# * https://www.sphinx-doc.org/en/master/usage/quickstart.html#running-the-build
make -C docs clean
make -C docs html
#######################
# Update GitHub Pages #
#######################
git config --global user.name "${GITHUB_ACTOR}"
git config --global user.email "${GITHUB_ACTOR}#users.noreply.github.com"
docroot=`mktemp -d`
rsync -av "docs/_build/html/" "${docroot}/"
pushd "${docroot}"
# don't bother maintaining history; just generate fresh
git init
git remote add deploy "https://token:${GITHUB_TOKEN}#github.com/${GITHUB_REPOSITORY}.git"
git checkout -b gh-pages
# add .nojekyll to the root so that github won't 404 on content added to dirs
# that start with an underscore (_), such as our "_content" dir..
touch .nojekyll
# Add README
cat > README.md <<EOF
# GitHub Pages Cache
Nothing to see here. The contents of this branch are essentially a cache that's not intended to be viewed on github.com.
If you're looking to update our documentation, check the relevant development branch's 'docs/' dir.
For more information on how this documentation is built using Sphinx, Read the Docs, and GitHub Actions/Pages, see:
* https://tech.michaelaltfield.net/2020/07/18/sphinx-rtd-github-pages-1
EOF
# copy the resulting html pages built from sphinx above to our new git repo
git add .
# commit all the new files
msg="Updating Docs for commit ${GITHUB_SHA} made on `date -d"#${SOURCE_DATE_EPOCH}" --iso-8601=seconds` from ${GITHUB_REF} by ${GITHUB_ACTOR}"
git commit -am "${msg}"
# overwrite the contents of the gh-pages branch on our github.com repo
git push deploy gh-pages --force
popd # return to main repo sandbox root
I wrote an article that describes how to run your own Read the Docs site on GitHub Pages that describes the above files in more detail.
I adapted #Michael Altfield's solution into a single GitHub Action:
name: docs_pages_workflow
on:
push:
branches: [ main ]
jobs:
build_docs_job:
runs-on: ubuntu-latest
env:
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout#v2.3.4
- name: Set up Python
uses: actions/setup-python#v2.2.1
with:
python-version: 3.9
- name: Install dependencies
run: |
python -m pip install -U sphinx
python -m pip install sphinx-rtd-theme
- name: make the sphinx docs
run: |
make -C docs clean
make -C docs html
- name: Init new repo in dist folder and commit
run: |
cd docs/build/html/
git init
touch .nojekyll
git add -A
git config --local user.email "action#github.com"
git config --local user.name "GitHub Action"
git commit -m 'deploy'
- name: Force push to destination branch
uses: ad-m/github-push-action#v0.5.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: gh-pages
force: true
directory: ./docs/build/html
Note, my Makefile builds to build not _build directory. The last line with directory: is saying to push from the .docs/build/html directory where we just created the new Git repo. This avoids his rsync and pushd commands. Otherwise the logic follows #Michael Altfield's solution.