Skip to content

PR review companion #29734

PR review companion

PR review companion #29734

# NOTE! This is a copy of
# https://github.com/mdn/content/blob/main/.github/workflows/pr-review-companion.yml
# with absolutely minor differences.
# Things to do and run after a "PR Test" workflow has finished successfully.
# Note, as of right now, this workflow does a bunch of things. It might be
# worth considering to break it up so there's a dedicated post-PR
# workflow just to posting PR comments about flaws, for example.
name: PR review companion
on:
workflow_run:
workflows: ["PR Test"]
types:
- completed
jobs:
review:
runs-on: ubuntu-latest
if: >
${{ github.repository == 'mdn/translated-content' &&
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success' }}
steps:
- name: "Download artifact"
uses: actions/github-script@v6
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifacts = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "build"
});
if (matchArtifacts.length === 0) {
console.warn(
'No artifacts to download probably just means nothing ' +
'was built in the "PR test" workflow. That\'s OK. ' +
'This is actually not a genuine CI error.'
);
throw new Error(
'No matched build artifacts. ' +
'Perhaps nothing built in the "PR test" workflow'
);
}
var matchArtifact = matchArtifacts[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/build.zip', Buffer.from(download.data));
- name: Unzip what was downloaded
run: |
7z x build.zip -obuild -bb1
- uses: actions/checkout@v4
with:
repository: mdn/yari
path: yari
- name: Install Python
id: setup-python
uses: actions/setup-python@v4
with:
python-version: "3.10"
# See https://www.peterbe.com/plog/install-python-poetry-github-actions-faster
- name: Load cached ~/.local
uses: actions/cache@v3
with:
path: ~/.local
# the trailing number is used to increase for getting
# a different cache key when this file changes
key: dotlocal-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-0
- name: Install Python poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: yari/deployer/.venv
# the trailing number is used to increase for getting
# a different cache key when this file changes
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}-${{ steps.setup-python.outputs.python-version }}-0
- name: Install poetry dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: |
cd yari/deployer
poetry install --no-interaction --no-root
- name: Install Deployer
run: |
cd yari/deployer
poetry install --no-interaction
- name: Deploy and analyze built content
env:
BUILD_OUT_ROOT: ${{ github.workspace }}/build
DEPLOYER_BUCKET_NAME: mdn-content-dev
AWS_ACCESS_KEY_ID: ${{ secrets.DEPLOYER_DEV_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DEPLOYER_DEV_AWS_SECRET_ACCESS_KEY }}
DEPLOYER_LOG_EACH_SUCCESSFUL_UPLOAD: false
run: |
PR_NUMBER=`cat build/NR`
echo "Pull request:"
echo "https://github.com/mdn/translated-content/pull/$PR_NUMBER"
cd yari/deployer
poetry run deployer upload \
--prefix="pr$PR_NUMBER" \
--default-cache-control 0 \
"$BUILD_OUT_ROOT"
poetry run deployer analyze-pr-build \
--prefix="pr$PR_NUMBER" \
--analyze-flaws \
--analyze-dangerous-content \
--github-token="${{secrets.GITHUB_TOKEN}}" \
--repo=$GITHUB_REPOSITORY \
--pr-number=$PR_NUMBER \
--diff-file=$BUILD_OUT_ROOT/DIFF \
$BUILD_OUT_ROOT