Skip to content

Deployment workflow updates #6540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vfalconisumo wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Deployment workflow updates #6540

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
30b41c7
Replace third-party Action with shell script
vfalconisumo Apr 2, 2026
7df849b
Make the trigger cause more clear
vfalconisumo Apr 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .github/workflows/job_pantheon.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,11 +95,13 @@ jobs:
echo "PANTHEON_BRANCH=$NORMLIZED_STAGING_ENV_NAME" >> $GITHUB_ENV
- name: Commit build and deploy to Pantheon repo
run: |
DEFAULT_REASON="${{ github.workflow }} run #${{ github.run_number }}"
REASON="DOCS@$(echo "${{ github.sha }}" | cut -c 1-7): ${{ github.event.pull_request.title || github.event.head_commit.message || '$DEFAULT_REASON' }}"
terminus local:clone --yes --branch="${{ env.PANTHEON_BRANCH }}" ${{ inputs.PANTHEON_SITE_ID }}
rsync --archive --delete --exclude="cid.php" ./build/ "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}/${{ inputs.SITE_PATH }}"
chmod -R 755 $HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}/${{ inputs.SITE_PATH }}
git -C "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}" add .
git -C "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}" commit -m "Added content from ${{ github.repository }} at ${{ github.sha }}"
git -C "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}" commit -m "$REASON"
WATCH_COMMIT=$(git -C "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}" rev-parse --verify HEAD)
git -C "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}" push origin
terminus workflow:wait --max 600 --commit $WATCH_COMMIT -- ${{ inputs.PANTHEON_SITE_ID }}.${{ env.PANTHEON_ENV }}
Expand Down
38 changes: 29 additions & 9 deletions .github/workflows/job_trigger-jenkins-pipeline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,6 @@ name: Trigger Jenkins pipeline

on:
workflow_call:
inputs:
JENKINS_TRIGGER_SOURCE:
default: "${{ github.event_name }} on ${{ github.ref_name }} in ${{ github.repository }} at ${{ github.sha }}"
type: string
secrets:
WEBOPS_AWS_REGION:
required: true
Expand All @@ -27,10 +23,34 @@ jobs:
id-token: write
contents: read
steps:
- name: Get runner IP
- name: Get runner public IP
if: always()
id: ip
uses: haythem/public-ip@v1.3
run: |
set -euo pipefail

MAX_RETRIES=5
RETRY=0

# Get IPv4
until IPV4=$(curl -sSLf --max-time 5 https://api4.ipify.org) || [ $RETRY -ge $MAX_RETRIES ]; do
RETRY=$((RETRY + 1))
echo "IPv4 attempt $RETRY of $MAX_RETRIES failed, retrying..."
sleep 2
done

if [ -z "$IPV4" ]; then
echo "Failed to retrieve public IPv4 after $MAX_RETRIES attempts"
exit 1
fi

echo "v4=$IPV4" >> $GITHUB_OUTPUT
- name: Get cause
id: cause
run: |
DEFAULT_REASON="${{ github.workflow }} run #${{ github.run_number }}"
REASON="DOCS@$(echo "${{ github.sha }}" | cut -c 1-7): ${{ github.event.pull_request.title || github.event.head_commit.message || '$DEFAULT_REASON' }}"
echo "reason=$REASON" >> $GITHUB_OUTPUT
- name: Authenticate to AWS via OIDC
env:
AWS_ROLE_ARN: ${{ secrets.WEBOPS_AWS_ROLE_JENKINS }}
Expand All @@ -57,13 +77,13 @@ jobs:
echo "AWS_SESSION_TOKEN=$(echo $CREDS | jq -r '.SessionToken')" >> $GITHUB_ENV
echo "AWS_REGION=$AWS_REGION" >> $GITHUB_ENV
- name: Add runner to AWS security group ingress
run: aws ec2 authorize-security-group-ingress --group-name ${{ secrets.WEBOPS_AWS_SG_NAME }} --protocol tcp --port ${{ secrets.WEBOPS_JENKINS_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
run: aws ec2 authorize-security-group-ingress --group-name ${{ secrets.WEBOPS_AWS_SG_NAME }} --protocol tcp --port ${{ secrets.WEBOPS_JENKINS_PORT }} --cidr ${{ steps.ip.outputs.v4 }}/32
- name: Trigger Jenkins pipeline
run: |
curl -H 'Content-Type: application/json' \
-d '{ "TRIGGER_SOURCE": "${{ inputs.JENKINS_TRIGGER_SOURCE }}" }' \
-d '{ "TRIGGER_SOURCE": "${{ steps.cause.outputs.reason }}" }' \
-X POST \
${{ secrets.WEBOPS_JENKINS_HOST }}:${{ secrets.WEBOPS_JENKINS_PORT || '80' }}/generic-webhook-trigger/invoke?token=${{ secrets.WEBOPS_WEBHOOK_TOKEN }}
- name: Remove runner from AWS security group ingress
if: always()
run: aws ec2 revoke-security-group-ingress --group-name ${{ secrets.WEBOPS_AWS_SG_NAME }} --protocol tcp --port ${{ secrets.WEBOPS_JENKINS_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
run: aws ec2 revoke-security-group-ingress --group-name ${{ secrets.WEBOPS_AWS_SG_NAME }} --protocol tcp --port ${{ secrets.WEBOPS_JENKINS_PORT }} --cidr ${{ steps.ip.outputs.v4 }}/32