This repo contains:
- reusable GitHub workflows (
.github/workflows) - custom GitHub actions (
actions) - Digital Ocean serverless functions (
packages/functions) - scripts for managing issues and pull requests (
scripts)
Typical event handling call stack, e.g. for rocd repo:
-
GitHub generates event in
rocd(e.g.pull_request_review.submitted). -
GitHub invokes webhook, implemented by a digital ocean function in
ci(packages/functions/webhook). -
Webhook translates event to GitHub repository dispatch call in
rocd(e.g. topull_request_review_submitted). -
Repository dispatch triggers some workflow in
rocd(e.g. topr_reviewed.yml). -
The workflow in
rocdmay call reusable workflows fromcito do the actual job (e.g.roc-streaming/ci/.github/workflows/pr_handle_reviewed.yml). -
The workflow from
cimay, among other things, call custom GitHub actions fromci(e.g.actions/post-comment).
Some explanations:
-
Webhook approach allows to untie automation from pull request checks, run it with different permissions, in different security context and on different branch.
-
Reusable workflows allow to reduce duplication of github actions stuff across different repositories (e.g.
roc-toolkitandrocd). -
Custom actions are primarily used to avoid (or reduce) sharing access tokens with third-party actions. Ideally, for all operations with non-default token, we want to use only official actions by GitHub and custom actions from
cirepo. -
Helper scripts in
scriptsdirectory are used both by github actions and by maintainers locally, e.g. to merge pull requests.
Build all github actions:
make build_actions
Encrypt secret (for .env file):
echo -n <secret> | openssl enc -aes-256-cbc -a -salt -pbkdf2 -pass pass:<key> | tr -d '\n'
Deploy all webhooks:
make deploy_webhooks
Determine webhook URL:
doctl serverless functions get functions/webhook --url
Send request:
echo '{"action": "submitted", "repository": {"full_name": "roc-streaming/rocd"}, "pull_request": {"number": 123}}' | http POST <url> x-github-event:pull_request_review