reactos/web-playground-config
1
0
Fork 0
mirror of https://github.com/reactos/web-playground-config.git synced 2024-11-26 21:10:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
web-playground-config/buildbot/deploy
Mark Jansen 76c58ac22a
Add support for deploying with the 'deploy-pr' label, 
instead of adding all users to the trusted list
2022-03-08 21:15:39 +01:00

73 lines
2.9 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# ReactOS Web-Playground BuildBot Build Scripts
# deploy - Make the built website available at a subdomain of *.web-content.reactos.org if the commit author is trusted
#
# Parameter $1 - Branch we're building.
SCRIPTROOT=`dirname $0`
source ${SCRIPTROOT}/functions
if [[ "$1" == "" ]]; then
echo "Please specify the branch!"
exit 1
fi
branch=$1
# Read secret configuration from credentials.ini.
# Doesn't take INI sections into account, but sufficient for our use case.
source <(grep personal_access_token ${SCRIPTROOT}/credentials.ini)
# These IDs are no secret and can be retrieved by an API call to https://api.github.com/orgs/reactos/teams
developer_group_id=2505522 # "ReactOS Developer Team"
trusted_group_id=3404185 # "Trusted Web-Playground Users"
deploy_label=deploy-pr
subdomain=`get_subdomain ${branch}`
target_directory="/srv/www/web-content/${subdomain}"
target_url="https://${subdomain}.web-content.reactos.org"
pr_message="Thanks for your contribution!\\n\
I have built and deployed your changes to ${target_url} and will also do that for your future changes."
# What branch are we building?
if [[ "${branch}" == "master" ]]; then
# A push to master is only possible by the developer team, so we don't have to check any team memberships.
:
elif [[ "${branch}" =~ ^refs/pull/([0-9]+)/ ]]; then
# Everyone can open a Pull Request against our repository, but we cannot trust everyone to not abuse this system and use it to set up a malicious/spam website.
# First get the GitHub username of the Pull Request author.
pr_number=${BASH_REMATCH[1]}
pr_data=`get_pr_data ${pr_number}`
username=`get_pr_username "${pr_data}"`
labels=`get_pr_labels "${pr_data}"`
# Check if this user is either part of the developer team or the additional group of trusted people.
if ! { check_team_membership ${username} ${developer_group_id} || check_team_membership ${username} ${trusted_group_id} || check_pr_label "${labels}" ${deploy_label}; }; then
echo "This script would usually deploy the build result of your Pull Request to ${target_url}"
echo "However, to prevent abuse, your GitHub account first needs to be added to the trusted user list."
echo "If you want to make use of this feature, ask someone from the developer team to add the 'deploy-pr' label to this PR,"
echo "or to add you to the trusted user list."
exit 0
fi
# Check if this is the first time we are building this particular Pull Request.
# If that's the case, post a message to the PR discussion about the deployment.
if ! [[ -d "${target_directory}" ]]; then
post_to_pr "${pr_number}" "${pr_message}"
fi
else
# Anything else (like a local branch) is not deployed.
echo "Only changes to master and Pull Requests are deployed."
exit 0
fi
# The author is trusted, so move over the built files to deploy the website.
rm -rf ${target_directory}
mv public ${target_directory} || exit 1
echo "Congratulations! The build result has been deployed to ${target_url}"
exit 0
Reference in New Issue View Git Blame Copy Permalink