Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Repo sync #34952

Merged
merged 2 commits into from
Oct 15, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .github/branch_protection_settings/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
"workflows",
"lint-code",
"secret-scanning",
"pagelist"
],
"contexts_url": "https://api.github.com/repos/github/docs-internal/branches/main/protection/required_status_checks/contexts",
"checks": [
Expand Down Expand Up @@ -83,7 +84,8 @@
{ "context": "products", "app_id": 15368 },
{ "context": "workflows", "app_id": 15368 },
{ "context": "lint-code", "app_id": 15368 },
{ "context": "secret-scanning", "app_id": 15368 }
{ "context": "secret-scanning", "app_id": 15368 },
{ "context": "pagelist", "app_id": 15368 }
]
},
"restrictions": {
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/alert-changed-branch-protections.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ name: Alert Changed Branch Protections
on:
branch_protection_rule:
workflow_dispatch:
schedule:
- cron: '20 16 * * 3' # Run every Wednesday at 16:30 UTC / 8:30 PST

permissions:
contents: read
Expand Down
34 changes: 22 additions & 12 deletions .github/workflows/azure-prod-build-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,23 +34,14 @@ jobs:
RESOURCE_GROUP_NAME: docs-prod
APP_SERVICE_NAME: ghdocs-prod
SLOT_NAME: canary
ACR_TOKEN_NAME: acrToken

steps:
- name: 'Az CLI login'
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # pin @v2
with:
creds: ${{ secrets.PROD_AZURE_CREDENTIALS }}

- name: 'Docker login'
uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
with:
login-server: ${{ secrets.PROD_REGISTRY_SERVER }}
username: ${{ secrets.PROD_REGISTRY_USERNAME }}
password: ${{ secrets.PROD_REGISTRY_PASSWORD }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db

- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
Expand All @@ -64,11 +55,30 @@ jobs:
node-version-file: 'package.json'
cache: npm

# Currently we only need this to run dependencies in
# src/workflows/check-canary-slots.js
# We need this to run a few scripts that were easier to write in JS/TS
- name: Install dependencies
run: npm install

# Create a temporary token for the Azure Container Registry
# and set it as a GitHub Actions environment variable
# Then clean up by deleting the temp token.
# Created token are viewable in the ACR resource UI
# under Repository permissions > Tokens
- name: 'Create Azure Container Registry Token'
env:
PROD_REGISTRY_SERVER: ${{ secrets.PROD_REGISTRY_SERVER }}
run: npm run create-acr-token

- name: 'Docker login'
uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
with:
login-server: ${{ secrets.PROD_REGISTRY_SERVER }}
username: ${{ env.ACR_TOKEN_NAME }}
password: ${{ env.ACR_TOKEN_VALUE }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db

- name: Clone docs-early-access
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
Expand Down
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"content-changes-table-comment": "tsx src/workflows/content-changes-table-comment.ts",
"copy-fixture-data": "node src/tests/scripts/copy-fixture-data.js",
"count-translation-corruptions": "tsx src/languages/scripts/count-translation-corruptions.ts",
"create-acr-token": "tsx src/workflows/acr-create-token.js",
"debug": "cross-env NODE_ENV=development ENABLED_LANGUAGES=en nodemon --inspect src/frame/server.ts",
"delete-orphan-translation-files": "tsx src/workflows/delete-orphan-translation-files.ts",
"deleted-features-pr-comment": "tsx src/data-directory/scripts/deleted-features-pr-comment.ts",
Expand Down
54 changes: 54 additions & 0 deletions src/workflows/acr-create-token.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
#!/usr/bin/env node
import { execSync } from 'child_process'
import * as core from '@actions/core'
import dotenv from 'dotenv'

type IsoDateString = string

// For local testing set environment variables in the .env file
dotenv.config()

const acrTokenName = process.env.ACR_TOKEN_NAME
const acrProdRegistryServer = process.env.PROD_REGISTRY_SERVER
const repo = process.env.GITHUB_REPOSITORY

function main() {
// Get the current time and add 30 minutes to it
// Convert Date format from YYYY-MM-DDTHH:mm:ss.sssZ to
// YYYY-MM-DDTHH:mm:ssZ (remove .sss)
const expirationDate: IsoDateString =
new Date(Date.now() + 30 * 60 * 1000).toISOString().split('.')[0] + 'Z'

let resp
try {
const cmd = `az acr token create \
--name ${acrTokenName} \
--registry ${acrProdRegistryServer} \
--repository ${repo} \
content/write \
content/read \
--expiration ${expirationDate} \
--output json`

console.log('Executing az acr token create command.')
resp = JSON.parse(execSync(cmd, { encoding: 'utf8' }))
} catch (error) {
console.error('An error occurred while creating ACR token with the Azure CLI')
throw error
}

const acrTokenValue = resp?.credentials?.passwords[0]?.value
if (!acrTokenValue) {
throw new Error(
'The response from the Azure CLI was not in the expected format: \n' +
JSON.stringify(resp, null, 2),
)
}

// Set the ACR_TOKEN_VALUE environment variable so
// that it can be used in the subsequent steps
core.exportVariable('ACR_TOKEN_VALUE', acrTokenValue)
execSync(`echo $ACR_TOKEN_VALUE`)
}

main()
Loading