Docs deploy #22262

Workflow file for this run

.github/workflows/docs-deploy.yml at c76324c

	name: Docs deploy
	on:
	workflow_run: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
	workflows: ['Docs build']
	types:
	- completed

	env:
	TG_NON_INTERACTIVE: 'true'

	jobs:
	checks:
	name: Docs Deploy Checks
	runs-on: ubuntu-latest
	permissions:
	actions: read
	pull-requests: read
	outputs:
	parameters: ${{ steps.parameters.outputs.result }}
	artifact: ${{ steps.get-artifact.outputs.result }}
	steps:
	- id: token
	uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
	with:
	app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
	private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

	- if: ${{ github.event.workflow_run.conclusion != 'success' }}
	run: echo 'The triggering workflow did not succeed' && exit 1
	- name: Get artifact
	id: get-artifact
	uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
	with:
	github-token: ${{ steps.token.outputs.token }}
	script: \|
	let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
	owner: context.repo.owner,
	repo: context.repo.repo,
	run_id: context.payload.workflow_run.id,
	});
	let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
	return artifact.name == "docs-build-output"
	})[0];
	if (!matchArtifact) {
	console.log("No artifact found with the name docs-build-output, build job was skipped")
	return { found: false };
	}
	return { found: true, id: matchArtifact.id };
	- name: Determine deploy parameters
	id: parameters
	uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
	env:
	HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
	with:
	github-token: ${{ steps.token.outputs.token }}
	script: \|
	const eventType = context.payload.workflow_run.event;
	const isFork = context.payload.workflow_run.repository.fork;

	let parameters;

	console.log({eventType, isFork});

	if (eventType == "push") {
	const branch = context.payload.workflow_run.head_branch;
	console.log({branch});
	const shouldDeploy = !isFork && branch == "main";
	parameters = {
	event: "branch",
	name: "main",
	shouldDeploy
	};
	} else if (eventType == "pull_request") {
	let pull_number = context.payload.workflow_run.pull_requests[0]?.number;
	if(!pull_number) {
	const {HEAD_SHA} = process.env;
	const response = await github.rest.search.issuesAndPullRequests({q: `repo:${{ github.repository }} is:pr sha:${HEAD_SHA}`,per_page: 1,})
	const items = response.data.items
	if (items.length < 1) {
	throw new Error("No pull request found for the commit")
	}
	const pullRequestNumber = items[0].number
	console.info("Pull request number is", pullRequestNumber)
	pull_number = pullRequestNumber
	}
	const {data: pr} = await github.rest.pulls.get({
	owner: context.repo.owner,
	repo: context.repo.repo,
	pull_number
	});

	console.log({pull_number});

	parameters = {
	event: "pr",
	name: `pr-${pull_number}`,
	pr_number: pull_number,
	shouldDeploy: true
	};
	} else if (eventType == "release") {
	parameters = {
	event: "release",
	name: context.payload.workflow_run.head_branch,
	shouldDeploy: !isFork
	};
	}

	console.log(parameters);
	return parameters;

	deploy:
	name: Docs Deploy
	runs-on: ubuntu-latest
	needs: checks
	permissions:
	contents: read
	actions: read
	pull-requests: write
	if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
	steps:
	- id: token
	uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
	with:
	app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
	private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

	- name: Checkout code
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	token: ${{ steps.token.outputs.token }}

	- name: Setup Mise
	uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0

	- name: Load parameters
	id: parameters
	uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
	env:
	PARAM_JSON: ${{ needs.checks.outputs.parameters }}
	with:
	github-token: ${{ steps.token.outputs.token }}
	script: \|
	const parameters = JSON.parse(process.env.PARAM_JSON);
	core.setOutput("event", parameters.event);
	core.setOutput("name", parameters.name);
	core.setOutput("shouldDeploy", parameters.shouldDeploy);

	- name: Download artifact
	uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
	env:
	ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
	with:
	github-token: ${{ steps.token.outputs.token }}
	script: \|
	let artifact = JSON.parse(process.env.ARTIFACT_JSON);
	let download = await github.rest.actions.downloadArtifact({
	owner: context.repo.owner,
	repo: context.repo.repo,
	artifact_id: artifact.id,
	archive_format: 'zip',
	});
	let fs = require('fs');
	fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/docs-build-output.zip`, Buffer.from(download.data));

	- name: Unzip artifact
	run: unzip "${{ github.workspace }}/docs-build-output.zip" -d "${{ github.workspace }}/docs/build"

	- name: Deploy Docs Subdomain
	env:
	TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
	TF_VAR_prefix_event_type: ${{ steps.parameters.outputs.event }}
	CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
	CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
	TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
	working-directory: 'deployment/modules/cloudflare/docs'
	run: 'mise run tf apply'

	- name: Deploy Docs Subdomain Output
	id: docs-output
	env:
	TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
	TF_VAR_prefix_event_type: ${{ steps.parameters.outputs.event }}
	CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
	CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
	TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
	working-directory: 'deployment/modules/cloudflare/docs'
	run: \|
	mise run tf output -- -json \| jq -r '
	"projectName=\(.pages_project_name.value)",
	"subdomain=\(.immich_app_branch_subdomain.value)"
	' >> $GITHUB_OUTPUT

	- name: Publish to Cloudflare Pages
	# TODO: Action is deprecated
	uses: cloudflare/pages-action@f0a1cd58cd66095dee69bfa18fa5efd1dde93bca # v1.5.0
	with:
	apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
	accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
	projectName: ${{ steps.docs-output.outputs.projectName }}
	workingDirectory: 'docs'
	directory: 'build'
	branch: ${{ steps.parameters.outputs.name }}
	wranglerVersion: '3'

	- name: Deploy Docs Release Domain
	if: ${{ steps.parameters.outputs.event == 'release' }}
	env:
	TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
	CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
	CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
	TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
	working-directory: 'deployment/modules/cloudflare/docs-release'
	run: 'mise run tf apply'

	- name: Comment
	uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
	if: ${{ steps.parameters.outputs.event == 'pr' }}
	with:
	token: ${{ steps.token.outputs.token }}
	number: ${{ fromJson(needs.checks.outputs.parameters).pr_number }}
	body: \|
	📖 Documentation deployed to [${{ steps.docs-output.outputs.subdomain }}](https://${{ steps.docs-output.outputs.subdomain }})
	emojis: 'rocket'
	body-include: '<!-- Docs PR URL -->'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Docs deploy #22262

Workflow file

Docs deploy #22262

Uh oh!

Jobs

Run details

Workflow file for this run