Skip to content

Continuous Integration #5489

Continuous Integration

Continuous Integration #5489

name: Continuous Integration
on:
push:
pull_request:
schedule:
# Every four hours, avoiding o'clock because GitHub actions
# are slower at exactly :00.
- cron: '42 1,5,9,13,17,21 * * *'
permissions:
id-token: write
contents: write
pull-requests: write
jobs:
build:
name: Build and Test
strategy:
matrix:
os: [ ubuntu ]
hhvm: [ '4.164' ]
runs-on: ${{matrix.os}}-latest
steps:
- uses: actions/checkout@v3
- name: Fetch docker images
run: |
docker pull hhvm/hhvm:${{matrix.hhvm}}-latest
docker pull hhvm/hhvm-proxygen:${{matrix.hhvm}}-latest
- name: Build
run: docker build -t hhvm/user-documentation:scratch -f .deploy/built-site.Dockerfile .
- name: Typecheck
run: docker run --rm -w /var/www hhvm/user-documentation:scratch hh_server --check .
- name: Run tests
run: docker run --rm -w /var/www hhvm/user-documentation:scratch vendor/bin/hacktest tests/
- name: Lint
run: docker run --rm -w /var/www hhvm/user-documentation:scratch vendor/bin/hhast-lint
- name: Verify codegen is unchanged
run: docker run --rm -w /var/www hhvm/user-documentation:scratch vendor/bin/hh-codegen-verify-signatures src
- name: Set up cache for Docker image
uses: actions/cache@v3
with:
key: ${{github.run_id}}
path: hack-docs.tar
- name: Export Docker image
run: docker save hhvm/user-documentation:scratch -o hack-docs.tar
update-docker-image:
concurrency: ${{github.ref}}
if: github.ref == 'refs/heads/main'
name: Deploy
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: download-tar
name: Set up cache for Docker image
uses: actions/cache@v3
with:
key: ${{github.run_id}}
path: hack-docs.tar
- name: Import Docker image
run: docker load --input hack-docs.tar
- name: Build HHBC repo
run: |
mkdir ${{runner.temp}}/repo-out
docker run --rm \
-v ${{runner.temp}}/repo-out:/var/out \
-w /var/www \
hhvm/user-documentation:scratch \
.deploy/build-repo.sh
- name: Set image tag/name variables
run: |
DEPLOY_REV=$(git rev-parse --short HEAD)
HHVM_VERSION=$(awk '/APIProduct::HACK/{print $NF}' src/codegen/PRODUCT_TAGS.php | cut -f2 -d- | cut -f1-2 -d.)
IMAGE_TAG="HHVM-${HHVM_VERSION}-$(date +%Y-%m-%d)-${DEPLOY_REV}"
IMAGE_NAME="hhvm/user-documentation:$IMAGE_TAG"
echo "DEPLOY_REV=$DEPLOY_REV" >> $GITHUB_ENV
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
- name: Build repo-authoritative Docker image
run: |
cp hhvm.prod.ini ${{runner.temp}}/repo-out
cp .deploy/prod.Dockerfile ${{runner.temp}}/repo-out/Dockerfile
(
cd ${{runner.temp}}/repo-out
docker build -t ${IMAGE_NAME} .
)
- name: Log in to DockerHub
run: |
echo "${{secrets.DOCKERHUB_PASSWORD}}" | docker login -u "${{secrets.DOCKERHUB_USER}}" \
--password-stdin
- name: Push image to DockerHub
run: |
docker push "$IMAGE_NAME"
- if: github.ref == 'refs/heads/main'
name: Update the latest tag to DockerHub
run: |
docker tag "$IMAGE_NAME" hhvm/user-documentation:latest
docker push "hhvm/user-documentation:latest"
- name: Checkout the existing deploy branch
id: checkout-existing-deploy-branch
continue-on-error: true
uses: actions/checkout@v3
with:
path: .var/tmp/deploy
ref: deploy/prod-${{github.ref_name}}
- name: Checkout the default deploy branch
if: steps.checkout-existing-deploy-branch.outcome == 'failure'
uses: actions/checkout@v3
with:
path: .var/tmp/deploy
ref: deploy/prod-main
- run: |
cat > .var/tmp/deploy/terraform.tfvars <<EOF
container_image = "$IMAGE_NAME"
EOF
- uses: aws-actions/configure-aws-credentials@v1
with:
role-duration-seconds: 7000
role-to-assume: arn:aws:iam::223121549624:role/hhvm-user-documentation-github-actions
aws-region: us-west-2
- uses: hashicorp/setup-terraform@v2
- name: Push to staging branch
uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: Update the Docker image name to ${{env.IMAGE_TAG}}, which was built from ${{github.sha}}
repository: .var/tmp/deploy
create_branch: true
push_options: --force
branch: deploy/staging-${{github.run_id}}
- name: Deploy staging server
run: |
terraform init &&
(terraform workspace select "$WORKSPACE_NAME" || terraform workspace new "$WORKSPACE_NAME") &&
terraform apply -auto-approve
working-directory: .var/tmp/deploy/
env:
WORKSPACE_NAME: staging-${{github.run_id}}
- name: Print staging host name
id: print-staging-host-name
run: terraform output -raw aws_lb_lb_dns_name
working-directory: .var/tmp/deploy/
- name: Wait until the server is up
run: wget --retry-connrefused --retry-on-http-error=503,504 --tries=720 --no-http-keep-alive --output-document=- "http://${{steps.print-staging-host-name.outputs.stdout}}/"
- name: Run test suite against staging
run: |
docker run --rm \
-w /var/www \
-e "REMOTE_TEST_HOST=${{steps.print-staging-host-name.outputs.stdout}}" \
hhvm/user-documentation:scratch \
vendor/bin/hacktest \
--filter-groups remote \
tests/
- name: Destroy staging server and branch
run: |
terraform workspace select "$WORKSPACE_NAME" && \
terraform destroy -auto-approve && \
git push origin :deploy/staging-${{github.run_id}}
if: always()
working-directory: .var/tmp/deploy/
env:
WORKSPACE_NAME: staging-${{github.run_id}}
- name: Push to prod branch
uses: ad-m/github-push-action@master
with:
directory: .var/tmp/deploy
branch: deploy/prod-${{github.ref_name}}
- name: Deploy prod server
run: |
(terraform workspace select "$WORKSPACE_NAME" || terraform workspace new "$WORKSPACE_NAME") &&
terraform apply -auto-approve
working-directory: .var/tmp/deploy/
env:
WORKSPACE_NAME: prod-${{github.ref_name}}