diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 55e14f0e6e1f7..dbd4bf43b9c33 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -211,7 +211,7 @@ jobs: - name: Check workflow files run: | - bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.6.22 + bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.4 ./actionlint -color -shellcheck= -ignore "set-output" shell: bash diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml index 2ef388f7f9221..6f3a95f681fb8 100644 --- a/.github/workflows/pr-deploy.yaml +++ b/.github/workflows/pr-deploy.yaml @@ -110,7 +110,7 @@ jobs: set -euo pipefail mkdir -p ~/.kube echo "${{ secrets.PR_DEPLOYMENTS_KUBECONFIG_BASE64 }}" | base64 --decode > ~/.kube/config - chmod 644 ~/.kube/config + chmod 600 ~/.kube/config export KUBECONFIG=~/.kube/config - name: Check if the helm deployment already exists @@ -284,7 +284,7 @@ jobs: set -euo pipefail mkdir -p ~/.kube echo "${{ secrets.PR_DEPLOYMENTS_KUBECONFIG_BASE64 }}" | base64 --decode > ~/.kube/config - chmod 644 ~/.kube/config + chmod 600 ~/.kube/config export KUBECONFIG=~/.kube/config - name: Check if image exists @@ -421,14 +421,14 @@ jobs: "${DEST}" version mv "${DEST}" /usr/local/bin/coder - - name: Create first user, template and workspace + - name: Create first user if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true' id: setup_deployment + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -euo pipefail - # Create first user - # create a masked random password 12 characters long password=$(openssl rand -base64 16 | tr -d "=+/" | cut -c1-12) @@ -437,20 +437,22 @@ jobs: echo "password=$password" >> $GITHUB_OUTPUT coder login \ - --first-user-username coder \ + --first-user-username pr${{ env.PR_NUMBER }}-admin \ --first-user-email pr${{ env.PR_NUMBER }}@coder.com \ --first-user-password $password \ --first-user-trial=false \ --use-token-as-session \ https://${{ env.PR_HOSTNAME }} - # Create template - cd ./.github/pr-deployments/template - coder templates push -y --variable namespace=pr${{ env.PR_NUMBER }} kubernetes + # Create a user for the github.actor + # TODO: update once https://github.com/coder/coder/issues/15466 is resolved + # coder users create \ + # --username ${{ github.actor }} \ + # --login-type github - # Create workspace - coder create --template="kubernetes" kube --parameter cpu=2 --parameter memory=4 --parameter home_disk_size=2 -y - coder stop kube -y + # promote the user to admin role + # coder org members edit-role ${{ github.actor }} organization-admin + # TODO: update once https://github.com/coder/internal/issues/207 is resolved - name: Send Slack notification if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true' @@ -462,7 +464,7 @@ jobs: "pr_url": "'"${{ env.PR_URL }}"'", "pr_title": "'"${{ env.PR_TITLE }}"'", "pr_access_url": "'"https://${{ env.PR_HOSTNAME }}"'", - "pr_username": "'"test"'", + "pr_username": "'"pr${{ env.PR_NUMBER }}-admin"'", "pr_email": "'"pr${{ env.PR_NUMBER }}@coder.com"'", "pr_password": "'"${{ steps.setup_deployment.outputs.password }}"'", "pr_actor": "'"${{ github.actor }}"'" @@ -495,3 +497,14 @@ jobs: cc: @${{ github.actor }} reactions: rocket reactions-edit-mode: replace + + - name: Create template and workspace + if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true' + run: | + set -euo pipefail + cd .github/pr-deployments/template + coder templates push -y --variable namespace=pr${{ env.PR_NUMBER }} kubernetes + + # Create workspace + coder create --template="kubernetes" kube --parameter cpu=2 --parameter memory=4 --parameter home_disk_size=2 -y + coder stop kube -y