Skip to content

chore: modify preview deployment script to work with forks #13404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

chore: modify preview deployment script to work with forks #13404

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
100433f
Modify preview deployment script to work with forks by specifying the…
dannykopping May 30, 2024
d87fc2b
Restrict action to members of the org
dannykopping May 30, 2024
c1e0a11
Use "pr list" instead
dannykopping May 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 13 additions & 2 deletions .github/workflows/pr-deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,17 @@ permissions:
pull-requests: write # needed for commenting on PRs

jobs:
check_membership:
runs-on: ubuntu-latest
steps:
- name: Check if actor is a member
run: |
set -euo pipefail
response=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/orgs/coder/members/${{ github.actor }}")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure this works in each case? For example, https://api.github.com/orgs/coder/members/matifali returns

{
  "message": "User does not exist or is not a public member of the organization",
  "documentation_url": "https://docs.github.com/rest/orgs/members#check-public-organization-membership-for-a-user"
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like it works for private members:

$ curl -s -H "Authorization: token $(gh auth token)" "https://api.github.com/orgs/coder/members/matifali" -v 
...
< HTTP/2 204 
...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm using https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#check-organization-membership-for-a-user

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, all works great. I was testing without the token and always getting a 302. Thank you for adding the check.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to test by deploying the current PR.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried that in #13280 (where I originally had this fix) but GH didn't seem to use the new workflow. Is there a timeout maybe? I'll give it a try though.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Damn, I tried to execute this but I got:

$ ./scripts/deploy-pr.sh -d -b -y                                                                           
branchName: dk/fix-preview
prNumber: 13404
experiments: 
build: true
deploy: true
could not create workflow dispatch event: HTTP 422: No ref found for: dk/fix-preview (https://api.github.com/repos/coder/coder/actions/workflows/60960476/dispatches)

I think the branch has to be in the main repo.
Strange that I didn't get this before, though.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, looks like I must've pushed dk/verify-agent (the branch I was testing with previously) to the main repo somehow?

Copy link
Member

@matifali matifali May 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am noticing the same issue. It's deploying the previous branch I was working on. node-20
#13404 (comment)

if [[ "$response" == "404" ]]; then
echo "Error: Only members of the coder organization can trigger this workflow."
exit 1
fi
check_pr:
runs-on: ubuntu-latest
outputs:
Expand All @@ -47,8 +58,8 @@ jobs:
run: |
set -euo pipefail
pr_open=true
if [[ "$(gh pr view --json state | jq -r '.state')" != "OPEN" ]]; then
echo "PR doesn't exist or is closed."
if [[ "$(gh pr list --repo=coder/coder -H $(git rev-parse --abbrev-ref HEAD) --json state --jq '.[].state')" != "OPEN" ]]; then
>&2 echo "PR doesn't exist or is closed."
pr_open=false
fi
echo "pr_open=$pr_open" >> $GITHUB_OUTPUT
Expand Down
4 changes: 2 additions & 2 deletions scripts/deploy-pr.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,8 @@ fi
gh_auth

# get branch name and pr number
branchName=$(gh pr view --json headRefName | jq -r .headRefName)
prNumber=$(gh pr view --json number | jq -r .number)
branchName=$(git rev-parse --abbrev-ref HEAD)
prNumber=$(gh pr list --repo=coder/coder -H ${branchName} --json number --jq '.[].number')

if [[ "$dryRun" = true ]]; then
echo "dry run"
Expand Down
Loading