Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 24 additions & 29 deletions .github/workflows/deployBlocker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,28 +13,22 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Get URL, title, & number of new deploy blocker (issue)
if: ${{ github.event_name == 'issues' }}
env:
TITLE: ${{ github.event.issue.title }}
run: |
{ echo "DEPLOY_BLOCKER_URL=${{ github.event.issue.html_url }}";
echo "DEPLOY_BLOCKER_NUMBER=${{ github.event.issue.number }}";
echo "DEPLOY_BLOCKER_TITLE=$(sed -e "s/'/'\\\\''/g; s/\`/\\\\\`/g; 1s/^/'/; \$s/\$/'/" <<< "$TITLE")";} >> "$GITHUB_ENV"
- uses: ./.github/actions/composite/setupGitForOSBotifyApp
id: setupGitForOSBotify
with:
GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
OS_BOTIFY_APP_ID: ${{ secrets.OS_BOTIFY_APP_ID }}
OS_BOTIFY_PRIVATE_KEY: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}

- name: Update StagingDeployCash with new deploy blocker
uses: Expensify/App/.github/actions/javascript/createOrUpdateStagingDeploy@main
uses: ./.github/actions/javascript/createOrUpdateStagingDeploy
with:
GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
GITHUB_TOKEN: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternatively, I think we could just use github.token here. The GitHub Actions bot is also a GitHub App so has the higher rate limits. That's simpler, but then checklists would no longer be created by OSBotify. AFAIK that's not a problem though.

So I'm inclined to just use github.token here. Thoughts?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does github.token have the correct permissions to create? I thought it was usually just read only

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well looking here: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

It looks like it should have read/write for everything it needs in the context of creating a checklist (issues, pull requests, actions)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy with how code is now, but feel free to adjust if you prefer 👍


- name: Give the issue/PR the Hourly, Engineering labels
uses: andymckay/labeler@978f846c4ca6299fd136f465b42c5e87aca28cac
with:
add-labels: 'Hourly, Engineering'
remove-labels: 'Daily, Weekly, Monthly'
- run: gh issue edit --add-label 'Engineering,Hourly' --remove-label 'Daily,Weekly,Monthly'
env:
GITHUB_TOKEN: ${{ github.token }}

- name: 'Post the issue in the #expensify-open-source slack room'
if: ${{ success() }}
Expand All @@ -46,26 +40,27 @@ jobs:
channel: '#expensify-open-source',
attachments: [{
color: "#DB4545",
text: '💥 We have found a New Expensify Deploy Blocker, if you have any idea which PR could be causing this, please comment in the issue: <${{ env.DEPLOY_BLOCKER_URL }}|'+ `${{ env.DEPLOY_BLOCKER_TITLE }}`.replace(/(^'|'$)/gi, '').replace(/'\''/gi,'\'') + '>',
text: '💥 We have found a New Expensify Deploy Blocker, if you have any idea which PR could be causing this, please comment in the issue: <${{ github.event.issue.html_url }}|${{ toJSON(github.event.issue.title) }}>',
}]
}
env:
GITHUB_TOKEN: ${{ github.token }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

- name: Comment on deferred PR
uses: actions-ecosystem/action-create-comment@cd098164398331c50e7dfdd0dfa1b564a1873fac
with:
github_token: ${{ secrets.OS_BOTIFY_TOKEN }}
number: ${{ env.DEPLOY_BLOCKER_NUMBER }}
body: |
:wave: Friendly reminder that deploy blockers are time-sensitive ⏱ issues! [Check out the open `StagingDeployCash` deploy checklist](https://github.com/Expensify/App/issues?q=is%3Aopen+is%3Aissue+label%3AStagingDeployCash) to see the list of PRs included in this release, then work quickly to do one of the following:
1. Identify the pull request that introduced this issue and revert it.
2. Find someone who can quickly fix the issue.
3. Fix the issue yourself.
- name: Comment on deploy blocker
run: |
gh issue comment ${{ github.event.issue.number }} --body "$(cat <<'EOF'
:wave: Friendly reminder that deploy blockers are time-sensitive ⏱ issues! [Check out the open \`StagingDeployCash\` deploy checklist](https://github.com/Expensify/App/issues?q=is%3Aopen+is%3Aissue+label%3AStagingDeployCash) to see the list of PRs included in this release, then work quickly to do one of the following:
1. Identify the pull request that introduced this issue and revert it.
2. Find someone who can quickly fix the issue.
3. Fix the issue yourself.
EOF
)"
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Announce failed workflow in Slack
if: ${{ failure() }}
uses: Expensify/App/.github/actions/composite/announceFailedWorkflowInSlack@main
uses: ./.github/actions/composite/announceFailedWorkflowInSlack
with:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}