CI: Support PR Preview #38
Conversation
Update links in pr_preview workflow CI: Merge steps checkout, commit and deploy CI: cd into pr_preview CI: Use global user CI: Use deploy_repo_push link to deploy CI: Push to main branch CI: Define a separate upload_site.sh file
|
It seems the |
|
This is ready. Please possibly review and please share feedback. |
|
I would reuse the workflow that we have: the main purpose of the preview build is to ensure that it will work in production. For that we need to use the exact same steps, including checking out any production repositories etc. Only at the very end, instead of pushing into production, we push into the test repository. |
Shaikh-Ubaid
force-pushed
the
ci_pr_preview
branch
3 times, most recently
from
35d4e79 to
52e70e3
Compare
|
This is ready. Please possibly review and please share feedback. |
|
I transferred the |
ci/upload_site.sh
Outdated
| if [[ ${git_ref} == "refs/heads/main" ]]; then | ||
| # Production version - pipeline triggered from main branch | ||
| deploy_repo_pull="https://github.com/lfortran/lcompilers_frontend.git" | ||
| deploy_repo_push="[email protected]:lfortran/lcompilers_frontend.git" | ||
| else | ||
| # Test version - pipeline triggered from pull request | ||
| deploy_repo_pull="https://github.com/Shaikh-Ubaid/pull_request_preview.git" | ||
| deploy_repo_push="[email protected]:Shaikh-Ubaid/pull_request_preview.git" | ||
| fi |
There was a problem hiding this comment.
Why not:
| if [[ ${git_ref} == "refs/heads/main" ]]; then | |
| # Production version - pipeline triggered from main branch | |
| deploy_repo_pull="https://github.com/lfortran/lcompilers_frontend.git" | |
| deploy_repo_push="[email protected]:lfortran/lcompilers_frontend.git" | |
| else | |
| # Test version - pipeline triggered from pull request | |
| deploy_repo_pull="https://github.com/Shaikh-Ubaid/pull_request_preview.git" | |
| deploy_repo_push="[email protected]:Shaikh-Ubaid/pull_request_preview.git" | |
| fi | |
| deploy_repo_pull="https://github.com/lfortran/lcompilers_frontend.git" | |
| if [[ ${git_ref} == "refs/heads/main" ]]; then | |
| # Production version - pipeline triggered from main branch | |
| deploy_repo_push="[email protected]:lfortran/lcompilers_frontend.git" | |
| else | |
| # Test version - pipeline triggered from pull request | |
| deploy_repo_push="[email protected]:Shaikh-Ubaid/pull_request_preview.git" | |
| fi |
There was a problem hiding this comment.
doubt: Please, could you possibly share if the above approach could lead to errors such as:
(Not an exact error, just an example)
Failed to push refs: The repo is x commits ahead, use git pull
There was a problem hiding this comment.
If we pull the pull_request_preview and then update/push to it, I guess, we are (hopefully) avoiding or reducing the chances of Failed to push refs error.
There was a problem hiding this comment.
Good point. I think in the past I did force push, but force pushing to a production repository might not be a good practice, since it can hide issues.
How are different PRs handled, or do all PRs push into just master, so they overwrite each other?
There was a problem hiding this comment.
How are different PRs handled, or do all PRs push into just master, so they overwrite each other?
Yes, it seems they would overwrite each other.
This reverts commit 0e80d77.
Shaikh-Ubaid
force-pushed
the
ci_pr_preview
branch
from
52e70e3 to
e881b20
Compare
|
I updated the links to point to the new repository at https://github.com/lfortran/pull_request_preview |
|
Ondrej Sir, please, could you possibly share if it would be possible for you to setup the needed |
|
Also, I updated the preview link here 893812e to https://preview.dev.lfortran.org. Please, could someone possibly share if the link is fine and if it is possible to use it? |
If we use a link which has some path after domain (for example: https://dev.lfortran.org/pull_request_preview), we would be needing to update the |
|
This is ready. Please possibly review and please share feedback. |
| with: | ||
| issue-number: ${{ github.event.pull_request.number }} | ||
| body: | | ||
| Your site is deployed at https://preview.dev.lfortran.org/ |
There was a problem hiding this comment.
I don't know how subdomains work --- we can also just use regular github pages, to make it clear it is just a PR preview.
There was a problem hiding this comment.
I don't know how subdomains work --- we can also just use regular github pages, to make it clear it is just a PR preview.
It seems when we use the regular github pages, the site would be available at https://lfortran.github.io/pull_request_preview and thus adding the path /pull_request_preview to the url. Supporting the path might be challenging as I shared here #38 (comment)
ci/upload_site.sh
Outdated
| echo "Note: GIT_PR_PREVIEW_PRIVATE_SSH_KEY is empty, skipping..." | ||
| exit 0 | ||
| fi | ||
| ssh-add <(echo "$GIT_PR_PREVIEW_PRIVATE_SSH_KEY" | base64 -d) |
There was a problem hiding this comment.
We already have ssh keys setup with a different variable (I believe), so this PR will only use GIT_PR_PREVIEW_PRIVATE_SSH_KEY to push even to production?
I think we should use the production keys for production and preview keys for previews, what do you think?
There was a problem hiding this comment.
We already have ssh keys setup with a different variable (I believe), so this PR will only use GIT_PR_PREVIEW_PRIVATE_SSH_KEY to push even to production?
It seems there are no ssh keys required to push to production (as we discussed here #1 (comment) and also tried/tested it by removing the SSH key setup step here c6cee87). We currently need the SSH keys for pushing the test version to pull_request_preview (as pull_request_preview is a separate repository). During production deployment, even if the SSH keys would be available, I guess/think that they would (hopefully) not be used.
There was a problem hiding this comment.
We already have ssh keys setup with a different variable (I believe)
Please, could you possibly share if it would be possible to rename it and setup its public key at https://github.com/lfortran/pull_request_preview, please
There was a problem hiding this comment.
I see. It's a little weird that it would quit to push to production if GIT_PR_PREVIEW_PRIVATE_SSH_KEY is empty. But I guess that's fine. Would it make sense to put this into if [[ ${git_ref} != "refs/heads/main" ]]; then if statement?
|
I setup the keys. I think we should do it to serve in a new branch, such as Regarding the prefix, so that it does not clash, I think that's fine, if it can be done in some clean (hard to break) way. Usually if it works with a prefix, hopefully it will work with an empty prefix too. |
Shaikh-Ubaid
force-pushed
the
ci_pr_preview
branch
from
9d318dc to
292a1f9
Compare
It seems GitHub Pages allow setting only a single branch for deployment. So, it seems everytime we might need to change the branch of deployment. |
|
The way to do it is to use a prefix directory with the PR number. |
Got it. Thank you so much for the guidance. |
|
I came across nf-core/tools#765 and https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. It seems to me that we can support previewing |
I would like to try this out. Please, could you possibly share if we shall create three separate workflows as follows:
Notes:
|
Co-authored-by: Ondřej Čertík <[email protected]>
Ondrej Sir, it seems, the workflow currently overwrites the |
Got it. I looked into the changes of this pull request again and they seem fine to me. Since, this seems to be approved, I am merging this PR for now. |
|
The CI failed to push to I am submitting a new PR which would use the ssh url for the same repository https://github.com/lfortran/lcompilers_frontend for the commit in the main branch. Since, the push to |
I fixed the Also, while updating the |
|
Thanks for fixing it! |
This
PRadds support of previewing apull request. The built site is currently pushed intogh-pagesbranch at https://github.com/Shaikh-Ubaid/pull_request_preview.Example PR: https://github.com/Shaikh-Ubaid/lcompilers_frontend/pull/2