feat: Complete **SPAM** blocking of critical data apis. #349
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build PR Image | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, closed] | |
jobs: | |
build-answer: | |
name: Build and push `Answer` | |
runs-on: ubuntu-latest | |
outputs: | |
tags: ${{ steps.meta.outputs.tags }} | |
if: ${{ github.event.action != 'closed' }} | |
steps: | |
- name: Checkout git repo | |
uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Generate UUID image name | |
id: uuid | |
run: echo "UUID_WORKER=$(uuidgen)" >> $GITHUB_ENV | |
- name: Docker metadata | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: registry.uffizzi.com/${{ env.UUID_WORKER }} | |
tags: | | |
type=raw,value=60d | |
- name: Build and Push Image to registry.uffizzi.com - Uffizzi's ephemeral Registry | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./Dockerfile | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: true | |
cache-from: type=gha | |
cache-to: type=gha, mode=max | |
render-compose-file: | |
name: Render Docker Compose File | |
# Pass output of this workflow to another triggered by `workflow_run` event. | |
runs-on: ubuntu-latest | |
needs: | |
- build-answer | |
outputs: | |
compose-file-cache-key: ${{ steps.hash.outputs.hash }} | |
steps: | |
- name: Checkout git repo | |
uses: actions/checkout@v3 | |
- name: Render Compose File | |
run: | | |
ANSWER_IMAGE=${{ needs.build-answer.outputs.tags }} | |
export ANSWER_IMAGE | |
export UFFIZZI_URL=\$UFFIZZI_URL | |
# Render simple template from environment variables. | |
envsubst < docker-compose.uffizzi.yml > docker-compose.rendered.yml | |
cat docker-compose.rendered.yml | |
- name: Upload Rendered Compose File as Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: preview-spec | |
path: docker-compose.rendered.yml | |
retention-days: 2 | |
- name: Serialize PR Event to File | |
run: | | |
cat << EOF > event.json | |
${{ toJSON(github.event) }} | |
EOF | |
- name: Upload PR Event as Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: preview-spec | |
path: event.json | |
retention-days: 2 | |
delete-preview: | |
name: Call for Preview Deletion | |
runs-on: ubuntu-latest | |
if: ${{ github.event.action == 'closed' }} | |
steps: | |
# If this PR is closing, we will not render a compose file nor pass it to the next workflow. | |
- name: Serialize PR Event to File | |
run: | | |
cat << EOF > event.json | |
${{ toJSON(github.event) }} | |
EOF | |
- name: Upload PR Event as Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: preview-spec | |
path: event.json | |
retention-days: 2 |