Deploy to marquee using GitHub actions #321
Conversation
|
The main purpose of this is to make it easier to upgrade marquee, by putting the stuff that would change into org secrets. I don't suggest merging this right away, but if folks like it I could do something similar for the other repos that deploy to marquee as well. |
foolip
force-pushed
the
github-actions-deploy
branch
from
c7b2a01
to
678b0fc
Compare
|
Yes, I've pushed that change now.
It's because of this bit: I tested it all out using an experimental marquee instance though, by changing that condition. It finally worked in https://github.com/whatwg/whatwg.org/runs/758125141?check_suite_focus=true
It's mainly because GitHub Actions has org secrets, and that would be a way to manage a transition like whatwg/misc-server#129 without updating the server name and keys in every repo. But I also do think that GitHub Actions has a brighter future, and have good experiences with it. That being said, I think we should consider this at a higher level, and not switch over in an entirely piecemeal fashion. |
|
At some point there was a thought that this might make it easier for us to return the tweeting bots? That seems kind of true with organization secrets? I saw @hober migrating a repository. Perhaps she has some useful insights. |
|
Yeah, assuming a tweet bot only needs an API key, that'd be fairly easy to do. Some people have already built actions for this it seems, see https://github.com/marketplace?query=twitter. If the infrastructure ever flakes it would miss announcing a tweet, however. |
|
That seems a lot better than the status quo, which is not tweeting at all :-) |
There was a problem hiding this comment.
I like this. I think GitHub actions does indeed have a brighter future.
I think migrating all non-spec repos first, then perhaps spec repos, would make sense as a reasonable transition plan.
How do we manage these secrets variables? Is that something only you can do, or is there some page I should be visiting, or...?
deploy.sh
Outdated
| echo "Full rsync log at https://whatwg.org/rsync-log.txt" | ||
| echo "$SERVER_DEPLOY_KEY" | ssh-add - | ||
| mkdir -p ~/.ssh/ && echo "$SERVER $SERVER_PUBLIC_KEY" > ~/.ssh/known_hosts | ||
| rsync --archive --chmod="D755,F644" --compress --delete --verbose ./whatwg.org ./*.whatwg.org "deploy@$SERVER:/var/www/" |
There was a problem hiding this comment.
This changes --stats --log-file="rsync-log.txt" to --verbose. I don't remember the reasoning but we did decide to output the log to https://whatwg.org/rsync-log.txt so this would be going back on that.
There was a problem hiding this comment.
Yeah, that's okay though. I put it external because of the size causing problems and presumably GitHub Actions is better on that?
There was a problem hiding this comment.
Yes, GitHub Actions doesn't have a problem with the log size. If it does become a problem, we should solve it by uploading a build artifact instead, we need not deploy the logs :)
We've been switching to GitHub Actions for TAG documents mostly because there's less overhead in setting it up (you don't need an account on another service, you don't have to generate a new SSH key, etc.). |
Org admins can see them in https://github.com/organizations/whatwg/settings/secrets. You can't see the values, though, which might be a little inconvenient for This is also where we could put secrets if we want to deploy to a bucket instead of a VM (whatwg/misc-server#107) or if we wanted to change the deploy story around PR Preview (whatwg/misc-server#98). |
|
To be clear, I'm convinced it's worth going in this direction. Feel free to land this. |
|
I've filed whatwg/meta#173 to track the migration for all of our repositories. Before I land this I'll prepare a PR for a few other repos too, to shake out any unexpected issues with the different types of setups we have. |
|
Alright, I'll make a backup of marquee (marquee-1591888355843) and deploy this now, to see that this doesn't blow up the world before proceeding with other things that deploy to marquee. |
|
https://github.com/whatwg/whatwg.org/runs/762311824 worked after I fixed the secrets. |
|
I think this regressed us a tiny bit as before we had shellcheck run always and deploy only run on master. |
|
You're right, I'll fix that. |
Also take this chance to simplify the TODO waiting for Bash 4.4. Ubuntu 20.04 appears to have Bash 5. This regressed in #321.
Also take this chance to simplify the TODO waiting for Bash 4.4. Ubuntu 20.04 appears to have Bash 5. This regressed in #321.
|
Fixed in #323. |
No description provided.