update Pantheon workflows (#5868)

Signed-off-by: vfalconisumo <[email protected]>
Co-authored-by: Kim (Sumo Logic) <[email protected]>

Author: vfalconisumo

.github/workflows/deploy-to-pantheon.yml

@@ -0,0 +1,45 @@
+name: Build helpdocs site
+
+permissions:
+  contents: read
+
+on:
+  workflow_call:
+
+jobs:
+  build-helpdocs-site:
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+      url: https://www.sumologic.com/
+    env:
+      CI: true
+      NODE_ENV: production
+      NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
+      HOSTNAME: https://www.sumologic.com
+      BASE_URL: /help/
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20.x'
+          cache: 'yarn'
+      - name: Docusaurus Webpack cache
+        uses: actions/cache@v3
+        with:
+          path: node_modules/.cache
+          key: ${{ runner.os }}-webpack-cache-${{ hashFiles('yarn.lock') }}
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+      - name: Build the Docusaurus site
+        run: |
+          yarn build
+      - name: Upload build artifact
+        uses: actions/upload-artifact@v4
+        id: artifact-upload-step
+        with:
+          name: build-output
+          path: ./build/

.github/workflows/job_build-site.yml

@@ -0,0 +1,110 @@
+name: Deploy to Pantheon
+
+permissions:
+  contents: write
+
+on:
+  workflow_call:
+    inputs:
+      SITE_PATH:
+        description: Destination filepath, must include trailing slash and no leading slash (default is empty string, or the / site root)
+        default: ''
+        type: string
+      PANTHEON_SITE_ID:
+        description: Human-readable site ID
+        type: string
+        required: true
+      PANTHEON_STAGING_ENV_NAME:
+        type: string
+        default: "env-${{ github.sha }}"
+        description: Name of the staging environment (11-char max)
+      PANTHEON_DESTINATION:
+        description: Target Pantheon environment, either 'dev' or 'staging'
+        required: true
+        type: string
+    secrets:
+      PANTHEON_SSH_KEY:
+        required: true
+      PANTHEON_KNOWN_HOSTS:
+        required: true
+      PANTHEON_USER_EMAIL:
+        required: true
+      PANTHEON_AUTH_USER:
+        required: true
+      PANTHEON_AUTH_PASSWORD:
+        required: true
+      PANTHEON_MACHINE_TOKEN:
+        required: true
+
+jobs:
+  deploy-to-pantheon:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install SSH key
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.PANTHEON_SSH_KEY }}
+          config: |
+            Host *.drush.in
+               StrictHostKeyChecking no
+          known_hosts: ${{ secrets.PANTHEON_KNOWN_HOSTS }}
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "8.2"
+      - name: Install Terminus
+        run: |
+          sudo apt update
+          sudo apt install -y curl php-common php-cli php-xml php-mbstring php-curl git jq
+          php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+          php -r "if (hash_file('sha384', 'composer-setup.php') === file_get_contents('https://composer.github.io/installer.sig')) { echo 'Installer verified'.PHP_EOL; } else { echo 'Installer corrupt'.PHP_EOL; unlink('composer-setup.php'); exit(1); }"
+          php composer-setup.php
+          php -r "unlink('composer-setup.php');"
+          mv composer.phar /usr/local/bin/composer
+          curl -L https://github.com/pantheon-systems/terminus/releases/download/4.0.3/terminus.phar --output terminus
+          chmod +x terminus
+          mv terminus /usr/local/bin/terminus
+          terminus self:update
+          git config -l | grep 'http\..*\.extraheader' | cut -d= -f1 | xargs -L1 git config --unset-all
+          git config --global user.email "${{ secrets.PANTHEON_USER_EMAIL }}"
+          git config --global user.name "GitHub workflow"
+          echo "PANTHEON_BRANCH=master" >> $GITHUB_ENV
+          echo "PANTHEON_ENV=dev" >> $GITHUB_ENV
+      - name: Retrieve build artifact
+        uses: actions/download-artifact@v5
+        with:
+          name: build-output
+          path: ./build
+      - name: Terminus login
+        run: terminus auth:login --machine-token ${{ secrets.PANTHEON_MACHINE_TOKEN }}
+      - name: Staging environment setup
+        if: inputs.PANTHEON_DESTINATION == 'staging'
+        run: |
+          STAGING_NAME="${{ inputs.PANTHEON_STAGING_ENV_NAME }}"
+          NORMLIZED_STAGING_ENV_NAME="${STAGING_NAME:0:11}"
+          DEV_SITE_EXISTS="$(terminus env:list "${{ inputs.PANTHEON_SITE_ID }}" --format=list | grep "$NORMLIZED_STAGING_ENV_NAME" | wc -l | xargs)"
+          if [ "$DEV_SITE_EXISTS" -eq "0" ]; then
+            terminus multidev:create --no-interaction --no-ansi ${{ inputs.PANTHEON_SITE_ID }}.dev "$NORMLIZED_STAGING_ENV_NAME"
+            terminus lock:enable ${{ inputs.PANTHEON_SITE_ID }}.$NORMLIZED_STAGING_ENV_NAME -- "${{ secrets.PANTHEON_AUTH_USER }}" "${{ secrets.PANTHEON_AUTH_PASSWORD }}"
+          fi
+          terminus connection:set "${{ inputs.PANTHEON_SITE_ID }}.$NORMLIZED_STAGING_ENV_NAME" git
+          echo "PANTHEON_ENV=helpdocs" >> $GITHUB_ENV
+          echo "PANTHEON_BRANCH=$NORMLIZED_STAGING_ENV_NAME" >> $GITHUB_ENV
+      - name: Commit build and deploy to Pantheon repo
+        run: |
+          terminus local:clone --yes --branch="${{ env.PANTHEON_BRANCH }}" ${{ inputs.PANTHEON_SITE_ID }}
+          rsync --archive ./build/ "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}/${{ inputs.SITE_PATH }}"
+          chmod -R 755 $HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}/${{ inputs.SITE_PATH }}
+          git -C "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}" add .
+          git -C "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}" commit -m "Added content from ${{ github.repository }} at ${{ github.sha }}"
+          WATCH_COMMIT=$(git -C "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}" rev-parse --verify HEAD)
+          git -C "$HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}" push origin
+          terminus workflow:wait --max 600 --commit $WATCH_COMMIT -- ${{ inputs.PANTHEON_SITE_ID }}.${{ env.PANTHEON_ENV }}
+      - name: Terminus logout
+        if: always()
+        run: |
+          rm -rf $HOME/pantheon-local-copies/${{ inputs.PANTHEON_SITE_ID }}/${{ inputs.SITE_PATH }}
+          terminus auth:logout

.github/workflows/job_pantheon.yml

@@ -0,0 +1,26 @@
+name: Slack notification
+
+on:
+  workflow_call:
+    inputs:
+      SLACK_MESSAGE:
+        type: string
+        required: true
+    secrets:
+      SLACK_URL:
+        required: true
+
+jobs:
+  notify-channel:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a
+        with:
+          webhook: ${{ secrets.SLACK_URL }}
+          webhook-type: incoming-webhook
+          payload: |
+            blocks:
+              - type: "section"
+                text:
+                  type: "mrkdwn"
+                  text: "${{ inputs.SLACK_MESSAGE }}"

.github/workflows/job_slack-notification.yml

@@ -0,0 +1,51 @@
+name: Trigger Jenkins pipeline
+
+on:
+  workflow_call:
+    inputs:
+      JENKINS_TRIGGER_SOURCE:
+        default: "${{ github.event_name }} on ${{ github.ref_name }} in ${{ github.repository }} at ${{ github.sha }}"
+        type: string
+    secrets:
+      WEBOPS_AWS_REGION:
+        required: true
+      WEBOPS_AWS_SG_NAME:
+        required: true
+      WEBOPS_JENKINS_PORT:
+        required: true
+      WEBOPS_JENKINS_HOST:
+        required: true
+      WEBOPS_AWS_ACCESS_KEY:
+        required: true
+      WEBOPS_AWS_SECRET_KEY:
+        required: true
+      WEBOPS_WEBHOOK_TOKEN:
+        required: true
+
+jobs:
+  trigger-jenkins-pipeline:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get runner IP
+        if: always()
+        id: ip
+        uses: haythem/[email protected]
+      - name: Add runner to AWS security group ingress
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.WEBOPS_AWS_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.WEBOPS_AWS_SECRET_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.WEBOPS_AWS_REGION }}
+        run: aws ec2 authorize-security-group-ingress --group-name ${{ secrets.WEBOPS_AWS_SG_NAME }} --protocol tcp --port ${{ secrets.WEBOPS_JENKINS_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
+      - name: Trigger Jenkins pipeline
+        run: |
+          curl -H 'Content-Type: application/json' \
+            -d '{ "TRIGGER_SOURCE": "${{ inputs.JENKINS_TRIGGER_SOURCE }}" }' \
+            -X POST \
+            ${{ secrets.WEBOPS_JENKINS_HOST }}:${{ secrets.WEBOPS_JENKINS_PORT || '80' }}/generic-webhook-trigger/invoke?token=${{ secrets.WEBOPS_WEBHOOK_TOKEN }}
+      - name: Remove runner from AWS security group ingress
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.WEBOPS_AWS_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.WEBOPS_AWS_SECRET_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.WEBOPS_AWS_REGION }}
+        if: always()
+        run: aws ec2 revoke-security-group-ingress --group-name ${{ secrets.WEBOPS_AWS_SG_NAME }} --protocol tcp --port ${{ secrets.WEBOPS_JENKINS_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32

.github/workflows/job_trigger-jenkins-pipeline.yml

@@ -0,0 +1,49 @@
+name: Deploy to production
+
+permissions:
+  contents: write
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - .github/**
+
+jobs:
+  build-site:
+    uses: ./.github/workflows/job_build-site.yml
+  deploy-to-pantheon:
+    needs: build-site
+    uses: ./.github/workflows/job_pantheon.yml
+    with:
+      PANTHEON_DESTINATION: dev
+      SITE_PATH: help/
+      PANTHEON_SITE_ID: ${{ vars.PANTHEON_SITE_ID }}
+    secrets:
+      PANTHEON_AUTH_PASSWORD: ${{ secrets.PANTHEON_AUTH_PASSWORD }}
+      PANTHEON_AUTH_USER: ${{ secrets.PANTHEON_AUTH_USER }}
+      PANTHEON_KNOWN_HOSTS: ${{ secrets.PANTHEON_KNOWN_HOSTS }}
+      PANTHEON_MACHINE_TOKEN: ${{ secrets.PANTHEON_MACHINE_TOKEN }}
+      PANTHEON_SSH_KEY: ${{ secrets.PANTHEON_SSH_KEY }}
+      PANTHEON_USER_EMAIL: ${{ secrets.PANTHEON_USER_EMAIL }}
+  trigger-jenkins-pipeline:
+    needs: deploy-to-pantheon
+    uses: ./.github/workflows/job_trigger-jenkins-pipeline.yml
+    secrets:
+      WEBOPS_AWS_REGION: ${{ secrets.WEBOPS_AWS_REGION }}
+      WEBOPS_AWS_SG_NAME: ${{ secrets.WEBOPS_AWS_SG_NAME }}
+      WEBOPS_JENKINS_PORT: ${{ secrets.WEBOPS_JENKINS_PORT }}
+      WEBOPS_JENKINS_HOST: ${{ secrets.WEBOPS_JENKINS_HOST }}
+      WEBOPS_AWS_ACCESS_KEY: ${{ secrets.WEBOPS_AWS_ACCESS_KEY }}
+      WEBOPS_AWS_SECRET_KEY: ${{ secrets.WEBOPS_AWS_SECRET_KEY }}
+      WEBOPS_WEBHOOK_TOKEN: ${{ secrets.WEBOPS_WEBHOOK_TOKEN }}
+  notify-channel:
+    needs: [build-site,deploy-to-pantheon,trigger-jenkins-pipeline]
+    if: ${{ failure() }}
+    uses: ./.github/workflows/job_slack-notification.yml
+    with:
+      SLACK_MESSAGE: ":red_circle: helpdocs workflow failed [<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|details>]"
+    secrets:
+      SLACK_URL: ${{ secrets.WEBOPS_SLACK_URL }}