-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.github/actions/deploy-to-github-pages: use Cloudflare API directly #1896
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work! I just had one concern regarding using secrets in a composite Action. Otherwise I like it!
env: | ||
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }} | ||
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I fear that this won't work, as composite GitHub Actions do not allow access to secrets; They have to be passed in as input
s IIRC. Did you get a chance to test this in your fork?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, great catch. I fixed this up in the last commit that I force-pushed back up, which should do the trick.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tested this in my fork here and it works!
log output
2024-10-04T18:40:30.0647106Z ##[group]Run curl "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE/purge_cache" \ 2024-10-04T18:40:30.0648004Z �[36;1mcurl "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE/purge_cache" \�[0m 2024-10-04T18:40:30.0648696Z �[36;1m -H "Authorization: ***" \�[0m 2024-10-04T18:40:30.0649066Z �[36;1m -H "Content-Type: application/json" \�[0m 2024-10-04T18:40:30.0649467Z �[36;1m -d '{ "purge_everything": true }'�[0m 2024-10-04T18:40:30.0673380Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 2024-10-04T18:40:30.0673777Z env: 2024-10-04T18:40:30.0673980Z GITHUB_PAGES: true 2024-10-04T18:40:30.0674224Z HUGO_VERSION: 0.134.3 2024-10-04T18:40:30.0674478Z PAGEFIND_VERSION: 1.1.1 2024-10-04T18:40:30.0674855Z CLOUDFLARE_ZONE: *** 2024-10-04T18:40:30.0675255Z CLOUDFLARE_TOKEN: *** 2024-10-04T18:40:30.0675501Z ##[endgroup] 2024-10-04T18:40:30.0766684Z % Total % Received % Xferd Average Speed Time Time Time Current 2024-10-04T18:40:30.0768611Z Dload Upload Total Spent Left Speed 2024-10-04T18:40:30.0769184Z 2024-10-04T18:40:30.4802046Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2024-10-04T18:40:30.4809963Z 100 148 0 120 100 28 297 69 --:--:-- --:--:-- --:--:-- 366 2024-10-04T18:40:30.4810900Z 100 148 0 120 100 28 296 69 --:--:-- --:--:-- --:--:-- 365 2024-10-04T18:40:30.4811458Z { 2024-10-04T18:40:30.4812102Z "result": { 2024-10-04T18:40:30.4814641Z "id": "***" 2024-10-04T18:40:30.4815018Z }, 2024-10-04T18:40:30.4815341Z "success": true, 2024-10-04T18:40:30.4815737Z "errors": [], 2024-10-04T18:40:30.4816106Z "messages": [] 2024-10-04T18:40:30.4816464Z }
The workflow failure is a result of unrelated test failures, but I think this patch here is good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The workflow failure is a result of unrelated test failures
To be precise, it is (as can be verified by downloading the playwright-report
artifact:
2024-10-04T18:41:07.9809690Z 1) [chrome] › git-scm.spec.js:201:1 › book ───────────────────────────────────────────────────────
2024-10-04T18:41:07.9810522Z
2024-10-04T18:41:07.9811847Z Error: Timed out 5000ms waiting for expect(locator).toHaveURL(expected)
2024-10-04T18:41:07.9812982Z
2024-10-04T18:41:07.9813230Z Locator: locator(':root')
2024-10-04T18:41:07.9814002Z Expected string: "http://ttaylorr.com/git-scm.com/book/en/v2"
2024-10-04T18:41:07.9815314Z Received string: "https://ttaylorr.com/git-scm.com/book/en/v2"
In other words, for some reason the workflow run thinks that the baseURL is an http (unsecured) URL, while the received URL is an https (secure) one.
So yes, this is an unrelated error. Thank you for verifying that it works!
225c7fd
to
3652ebd
Compare
As pointed out in [1], using the cloudflare-purge-action incurs a ~31 second penalty at the start of the "deploy" action, where time is spent building a Docker container to run the action. This is unnecessary, since Cloudflare has a straightforward REST API that we can use cURL to communicate with directly, without the extra start-up cost. Let's do that instead, and move this to run in the deploy-to-github-pages action, which is run from multiple entry points, all of which will want to purge the Cloudflare caches upon deployment. [1]: #1893 (comment) Signed-off-by: Taylor Blau <me@ttaylorr.com>
3652ebd
to
a641435
Compare
Very nice. This run took only 4 minutes and 39 seconds, and the Cloudflare API call contributed less than half a second:
|
As pointed out in [1], using the cloudflare-purge-action incurs a ~31 second penalty at the start of the "deploy" action, where time is spent building a Docker container to run the action.
This is unnecessary, since Cloudflare has a straightforward REST API that we can use cURL to communicate with directly, without the extra start-up cost.
Let's do that instead, and move this to run in the deploy-to-github-pages action, which is run from multiple entry points, all of which will want to purge the Cloudflare caches upon deployment.
[1]: #1893 (comment)
/cc @dscho