CLDC-4236: trigger review app deploys manually (#3216)

* CLDC-4236: make review deploy manual * CLDC-4236: use pr comment trigger * CLDC-4236: refactor * CLDC-4236: add workflow permissions block * CLDC-4236: add manual worflow dispatch method back in * CLDC-4236: clarify workflow dispatch description * CLDC-4236: rename pull_request_id input -> pr_number for consistency
1 week ago · 8a186d096c
2 changed files with 74 additions and 23 deletions
--- a/.github/workflows/review_app_prompt.yml
+++ b/.github/workflows/review_app_prompt.yml
@ -0,0 +1,24 @@
+name: Review app deploy prompt
+
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  prompt:
+    name: Add review app deploy instructions
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+
+    steps:
+      - name: Comment with deploy instructions
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: 'To deploy a review app for this PR, comment `/deploy-review`.',
+            });
--- a/.github/workflows/review_pipeline.yml
+++ b/.github/workflows/review_pipeline.yml
@ -1,57 +1,84 @@
 name: Review app pipeline

-concurrency:
-  group: review-${{ github.event.pull_request.number }}
-
 on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
+  issue_comment:
+    types: [created]
  workflow_dispatch:
+    inputs:
+      pr_number:
+        required: true
+        type: string
+        description: "The number of the PR for which to deploy a review app. Note: this is NOT the ticket number"

-defaults:
-  run:
-    shell: bash
+permissions: {}

 jobs:
+  get_pr_details:
+    name: Get PR details
+    if: github.event_name == 'workflow_dispatch' || (github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-review'))
+    runs-on: ubuntu-latest
+    outputs:
+      pr_number: ${{ steps.get_pr_details.outputs.pr_number }}
+    steps:
+      - name: Get PR number
+        id: get_pr_details
+        uses: actions/github-script@v7
+        with:
+          script: |
+            if (context.eventName === 'workflow_dispatch') {
+              core.setOutput('pr_number', '${{ inputs.pr_number }}');
+            } else {
+              core.setOutput('pr_number', context.issue.number.toString());
+            }
+
  infra:
    name: Deploy review app infrastructure
+    needs: [get_pr_details]
    uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/create_review_app_infra.yml@main
    with:
-      key: ${{ github.event.pull_request.number }}
+      key: ${{ needs.get_pr_details.outputs.pr_number }}
      app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
    permissions:
      id-token: write

  code:
    name: Deploy review app code
-    needs: [infra]
+    needs: [get_pr_details, infra]
    uses: ./.github/workflows/aws_deploy.yml
    with:
      aws_account_id: 837698168072
      aws_role_prefix: core-dev
-      aws_task_prefix: core-review-${{ github.event.pull_request.number }}
-      concurrency_tag: ${{ github.event.pull_request.number }}
+      aws_task_prefix: core-review-${{ needs.get_pr_details.outputs.pr_number }}
+      concurrency_tag: ${{ needs.get_pr_details.outputs.pr_number }}
      environment: review
    permissions:
      id-token: write

  comment:
    name: Add link to PR
-    needs: [code]
+    needs: [get_pr_details, code]
    runs-on: ubuntu-latest
    permissions:
-      issues: write
      pull-requests: write

    steps:
      - name: Comment on PR with URL
-        uses: unsplash/comment-on-pr@v1.3.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        uses: actions/github-script@v7
        with:
-          msg: "Created review app at https://review.submit-social-housing-data.communities.gov.uk/${{ github.event.pull_request.number }}. Note that the review app will be automatically deprovisioned after 30 days and will need the review app pipeline running again."
-          check_for_duplicate_msg: true
-          duplicate_msg_pattern: Created review app at*
+          script: |
+            const prNumber = ${{ needs.get_pr_details.outputs.pr_number }};
+            const body = `Created review app at https://review.submit-social-housing-data.communities.gov.uk/${prNumber}. Note that the review app will be automatically deprovisioned after 30 days and will need the review app pipeline running again.`;
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+            });
+            const duplicate = comments.find(c => c.body.startsWith('Created review app at'));
+            if (!duplicate) {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: prNumber,
+                body: body,
+              });
+            }