Merge pull request #35403 from github/repo-sync #8604
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Azure Production - Build and Deploy | |
# **What it does**: Builds and deploys the default branch to production | |
# **Why we have it**: To enable us to deploy the latest to production whenever necessary rather than relying on PR merges. | |
# **Who does it impact**: All contributors. | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
permissions: | |
contents: read | |
deployments: write | |
# This allows a subsequently queued workflow run to take priority over | |
# previously queued runs but NOT interrupt currently executing runs | |
concurrency: | |
group: '${{ github.workflow }}' | |
cancel-in-progress: false | |
jobs: | |
azure-prod-build-and-deploy: | |
if: ${{ github.repository == 'github/docs-internal' }} | |
runs-on: ubuntu-20.04-xl | |
timeout-minutes: 20 | |
environment: | |
name: production | |
url: 'https://docs.github.com' | |
env: | |
DOCKER_IMAGE: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:${{ github.sha }} | |
DOCKER_IMAGE_CACHE_REF: ${{ secrets.PROD_REGISTRY_SERVER }}/${{ github.repository }}:main-production | |
RESOURCE_GROUP_NAME: docs-prod | |
APP_SERVICE_NAME: ghdocs-prod | |
SLOT_NAME: canary | |
ACR_TOKEN_NAME: acrToken | |
steps: | |
- name: 'Az CLI login' | |
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2 | |
with: | |
creds: ${{ secrets.PROD_AZURE_CREDENTIALS }} | |
- name: Check out repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: ${{ github.sha }} | |
# To prevent issues with cloning early access content later | |
persist-credentials: 'false' | |
- name: Setup Node.js | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version-file: 'package.json' | |
cache: npm | |
# We need this to run a few scripts that were easier to write in JS/TS | |
- name: Install dependencies | |
run: npm install | |
# Create a temporary token for the Azure Container Registry | |
# and set it as a GitHub Actions environment variable | |
# Created token are viewable in the ACR resource UI | |
# under Repository permissions > Tokens | |
- name: 'Create Azure Container Registry Token' | |
env: | |
CONTAINER_REGISTRY_SERVER: ${{ secrets.PROD_REGISTRY_SERVER }} | |
run: npm run create-acr-token | |
- name: 'Docker login' | |
uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c | |
with: | |
login-server: ${{ secrets.PROD_REGISTRY_SERVER }} | |
username: ${{ env.ACR_TOKEN_NAME }} | |
password: ${{ env.ACR_TOKEN_VALUE }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db | |
- name: Clone docs-early-access | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: github/docs-early-access | |
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} | |
path: docs-early-access | |
- name: Merge docs-early-access repo's folders | |
run: src/early-access/scripts/merge-early-access.sh | |
- uses: ./.github/actions/warmup-remotejson-cache | |
with: | |
restore-only: true | |
- uses: ./.github/actions/precompute-pageinfo | |
with: | |
restore-only: true | |
- uses: ./.github/actions/clone-translations | |
with: | |
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} | |
- name: 'Build and push image' | |
uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 | |
with: | |
context: . | |
push: true | |
target: production | |
tags: ${{ env.DOCKER_IMAGE }}, ${{ env.DOCKER_IMAGE_CACHE_REF }} | |
cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_CACHE_REF }} | |
cache-to: type=registry,mode=max,ref=${{ env.DOCKER_IMAGE_CACHE_REF }} | |
build-args: | | |
BUILD_SHA=${{ github.sha }} | |
- name: 'Update docker-compose.prod.yaml template file' | |
run: | | |
sed 's|#{IMAGE}#|${{ env.DOCKER_IMAGE }}|g' src/workflows/docker-compose.prod.tmpl.yaml > docker-compose.prod.yaml | |
- name: 'Apply updated docker-compose.prod.yaml config to canary slot' | |
run: | | |
az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.prod.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} | |
# Watch canary slot instances to see when all the instances are ready | |
- name: Check that canary slot is ready | |
env: | |
CHECK_INTERVAL: 10000 | |
EXPECTED_SHA: ${{ github.sha }} | |
CANARY_BUILD_URL: https://ghdocs-prod-canary.azurewebsites.net/_build | |
run: src/workflows/check-canary-slots.js | |
- name: 'Swap canary slot to production' | |
run: | | |
az webapp deployment slot swap --slot ${{ env.SLOT_NAME }} --target-slot production -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} | |
- uses: ./.github/actions/slack-alert | |
if: ${{ failure() && github.event_name != 'workflow_dispatch' }} | |
with: | |
slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }} | |
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }} |