Skip to content

Updating workflow to integrate with GH action. #1427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

Updating workflow to integrate with GH action. #1427

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ba99748
Added workflow check for circleci.
richardgaunt Sep 22, 2025
938465a
Update .github/workflows/build-deploy.yml
richardgaunt Sep 22, 2025
9175202
Updated webhook from CircleCI to trigger GH workflow.
richardgaunt Sep 22, 2025
4c8a46e
Update .circleci/config.yml
richardgaunt Sep 22, 2025
1b79c9c
Update .github/workflows/build-deploy.yml
richardgaunt Sep 22, 2025
750634f
Add Quant Cloud migration configuration
stooit Sep 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -457,6 +457,19 @@ jobs:
DREVOPS_DEPLOY_PR_HEAD=$CIRCLE_SHA1 \
./scripts/drevops/deploy.sh
no_output_timeout: 30m
- run:
name: Trigger GitHub workflow for Quant Cloud deployment
command: |
if [ -n "${GITHUB_TOKEN}" ]; then
curl -X POST \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${GITHUB_TOKEN}" \
"https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/dispatches" \
-d "{\"event_type\":\"circleci_success\",\"client_payload\":{\"branch\":\"${CIRCLE_BRANCH}\",\"sha\":\"${CIRCLE_SHA1}\",\"build_url\":\"${CIRCLE_BUILD_URL}\"}}"
echo "Successfully triggered Quant GitHub deploy workflow for branch: ${CIRCLE_BRANCH}"
else
echo "GITHUB_TOKEN not set - skipping GitHub workflow trigger"
fi
- store_artifacts:
path: *artifacts

Expand Down Expand Up @@ -540,6 +553,7 @@ jobs:
done
fi


################################################################################
# WORKFLOWS
################################################################################
Expand Down
23 changes: 10 additions & 13 deletions .github/workflows/build-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,146 +1,143 @@
name: Build and Push civictheme-monorepo-drupal to Quant Cloud
'on':
push:
branches:
- main
- master
- develop
- quant-cloud-migration
- feature/*
- pr-*
- content/*
tags:
- '*'
pull_request:
branches: '*'
# Manual trigger for testing and emergency deployments
workflow_dispatch:

# Trigger when CircleCI notifies via repository dispatch
repository_dispatch:
types: [circleci_success]
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

repository_dispatch doesn’t populate github.ref; you’re building the default branch instead of the CircleCI branch/sha.

On repository_dispatch, actions/checkout defaults to the default branch. Use the payload’s sha/branch, and make the “quant-cloud-migration” override key off that branch too.

Apply:

 on:
   # Manual trigger for testing and emergency deployments
   workflow_dispatch:

   # Trigger when CircleCI notifies via repository dispatch
   repository_dispatch:
     types: [circleci_success]

+permissions:
+  contents: read
+
 jobs:
   build-and-push:
@@
-    - name: Checkout code
-      uses: actions/checkout@v4
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        # Prefer exact commit when dispatched by CircleCI; fall back to ref for manual runs.
+        ref: ${{ github.event.client_payload.sha || github.ref }}
+        fetch-depth: 0
@@
-    - name: Override outputs for quant-cloud-migration branch
+    - name: Override outputs for quant-cloud-migration branch
       id: override-outputs
       run: |-
-        # Override outputs for quant-cloud-migration branch to treat it as production
-        if [[ "${{ github.ref }}" == "refs/heads/quant-cloud-migration" ]]; then
+        # Determine branch from dispatch payload or github.ref_name
+        BRANCH="${{ github.event.client_payload.branch || github.ref_name }}"
+        # Override outputs for quant-cloud-migration branch to treat it as production
+        if [[ "$BRANCH" == "quant-cloud-migration" ]]; then
           echo "image_suffix=-latest" >> $GITHUB_OUTPUT
           echo "image_suffix_clean=latest" >> $GITHUB_OUTPUT
           echo "is_production=true" >> $GITHUB_OUTPUT
           echo "environment_name=production" >> $GITHUB_OUTPUT
           echo "environment_exists=true" >> $GITHUB_OUTPUT
           echo "Overriding outputs for quant-cloud-migration branch: using -latest suffix and production environment"
         else
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Manual trigger for testing and emergency deployments
workflow_dispatch:
# Trigger when CircleCI notifies via repository dispatch
repository_dispatch:
types: [circleci_success]
on:
# Manual trigger for testing and emergency deployments
workflow_dispatch:
# Trigger when CircleCI notifies via repository dispatch
repository_dispatch:
types: [circleci_success]
permissions:
contents: read
🤖 Prompt for AI Agents 
In .github/workflows/build-deploy.yml around lines 3 to 8, repository_dispatch
doesn’t populate github.ref so the workflow is checking out the default branch;
update the checkout step to use the SHA/branch from the repository_dispatch
payload (e.g. github.event.client_payload.sha or
github.event.client_payload.ref/branch) with a fallback to github.ref, and
compute the "quant-cloud-migration" override key from that same payload-derived
branch/sha instead of the default ref so the job builds the CircleCI
commit/branch that triggered the dispatch.


concurrency:
group: build-and-push-${{ github.ref }}
cancel-in-progress: true

jobs:
build-and-push:
# Only run when triggered by CircleCI success or manual dispatch
if: |
github.event_name == 'repository_dispatch' ||
github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:

- name: Checkout code
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Initialize Quant Cloud
uses: quantcdn/[email protected]
id: init
with:
quant_organization: ${{ secrets.QUANT_ORGANIZATION }}
quant_api_key: ${{ secrets.QUANT_API_KEY }}
quant_application: civictheme-monorepo-drupal
master_branch_override: main

- name: Override outputs for quant-cloud-migration branch
id: override-outputs
run: |-
# Override outputs for quant-cloud-migration branch to treat it as production
if [[ "${{ github.ref }}" == "refs/heads/quant-cloud-migration" ]]; then
echo "image_suffix=-latest" >> $GITHUB_OUTPUT
echo "image_suffix_clean=latest" >> $GITHUB_OUTPUT
echo "is_production=true" >> $GITHUB_OUTPUT
echo "environment_name=production" >> $GITHUB_OUTPUT
echo "environment_exists=true" >> $GITHUB_OUTPUT
echo "Overriding outputs for quant-cloud-migration branch: using -latest suffix and production environment"
else
# Use the original action outputs
echo "image_suffix=${{ steps.init.outputs.image_suffix }}" >> $GITHUB_OUTPUT
# Remove leading hyphen from image_suffix for image_suffix parameter
suffix="${{ steps.init.outputs.image_suffix }}"
clean_suffix="${suffix#-}"
echo "image_suffix_clean=$clean_suffix" >> $GITHUB_OUTPUT
echo "is_production=${{ steps.init.outputs.is_production }}" >> $GITHUB_OUTPUT
echo "environment_name=${{ steps.init.outputs.environment_name }}" >> $GITHUB_OUTPUT
echo "environment_exists=${{ steps.init.outputs.environment_exists }}" >> $GITHUB_OUTPUT
fi

- name: Build and push cli image
uses: docker/build-push-action@v5
with:
context: .
file: ./.docker/cli.dockerfile
platforms: linux/arm64
push: true
tags: ${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:cli${{ steps.override-outputs.outputs.image_suffix }}
cache-from: |-
type=gha
type=registry,ref=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application }}:cli-cache
cache-to: type=gha,mode=max
build-args: CLI_IMAGE=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:cli${{ steps.override-outputs.outputs.image_suffix }}

- name: Build and push nginx image
uses: docker/build-push-action@v5
with:
context: .
file: ./.docker/nginx-drupal.dockerfile
platforms: linux/arm64
push: true
tags: ${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:nginx${{ steps.override-outputs.outputs.image_suffix }}
cache-from: |-
type=gha
type=registry,ref=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application }}:nginx-cache
cache-to: type=gha,mode=max
build-args: CLI_IMAGE=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:cli${{ steps.override-outputs.outputs.image_suffix }}

- name: Build and push php image
uses: docker/build-push-action@v5
with:
context: .
file: ./.docker/php.dockerfile
platforms: linux/arm64
push: true
tags: ${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:php${{ steps.override-outputs.outputs.image_suffix }}
cache-from: |-
type=gha
type=registry,ref=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application }}:php-cache
cache-to: type=gha,mode=max
build-args: CLI_IMAGE=${{ steps.init.outputs.stripped_endpoint }}/${{ secrets.QUANT_ORGANIZATION }}/${{ steps.init.outputs.quant_application
}}:cli${{ steps.override-outputs.outputs.image_suffix }}

- name: Create environment if it doesn't exist
if: ${{ !startsWith(github.ref, 'refs/tags/') && steps.override-outputs.outputs.environment_exists == 'false' }}
uses: quantcdn/[email protected]
with:
api_key: ${{ secrets.QUANT_API_KEY }}
organization: ${{ secrets.QUANT_ORGANIZATION }}
app_name: ${{ steps.init.outputs.quant_application }}
environment_name: ${{ steps.override-outputs.outputs.environment_name }}
from_environment: production
image_suffix: ${{ steps.override-outputs.outputs.image_suffix_clean }}

- name: Sync database from production to new environment
if: ${{ !startsWith(github.ref, 'refs/tags/') && steps.override-outputs.outputs.environment_exists == 'false' && steps.override-outputs.outputs.environment_name
!= 'production' }}
uses: quantcdn/[email protected]
with:
api_key: ${{ secrets.QUANT_API_KEY }}
organization: ${{ secrets.QUANT_ORGANIZATION }}
app_name: ${{ steps.init.outputs.quant_application }}
environment_name: ${{ steps.override-outputs.outputs.environment_name }}
source: production
type: database
wait: true
wait_interval: 10
max_retries: 30

- name: Redeploy existing environment
if: ${{ !startsWith(github.ref, 'refs/tags/') && steps.override-outputs.outputs.environment_exists == 'true' }}
uses: quantcdn/quant-cloud-environment-state-action@v1
with:
api_key: ${{ secrets.QUANT_API_KEY }}
organization: ${{ secrets.QUANT_ORGANIZATION }}
application: ${{ steps.init.outputs.quant_application }}
environment: ${{ steps.override-outputs.outputs.environment_name }}
action: redeploy

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}