Skip to content

Commit 26e5a0f

Browse files
Copilotcommjoen
Copilot
and
commjoen
committed
Add GitHub preview action for container builds and deployment instructions
Co-authored-by: commjoen <[email protected]>
1 parent b506634 commit 26e5a0f

File tree

1 file changed

+260
-0
lines changed

1 file changed

+260
-0
lines changed

.github/workflows/preview.yml

Lines changed: 260 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,260 @@
1+
name: "Preview Deployment"
2+
3+
on:
4+
pull_request:
5+
types: [opened, synchronize, reopened]
6+
push:
7+
branches: [main]
8+
9+
permissions:
10+
contents: read
11+
packages: write
12+
pull-requests: write
13+
14+
env:
15+
REGISTRY: ghcr.io
16+
IMAGE_PREFIX: ghcr.io/${{ github.repository_owner }}
17+
18+
jobs:
19+
build-and-publish:
20+
name: "Build and Publish Preview Images"
21+
runs-on: ubuntu-latest
22+
strategy:
23+
matrix:
24+
component:
25+
- wrongsecrets-balancer
26+
- cleaner
27+
outputs:
28+
tag: ${{ steps.set-tag.outputs.tag }}
29+
steps:
30+
- name: Checkout
31+
uses: actions/checkout@v5
32+
33+
- name: Set up Docker Buildx
34+
uses: docker/setup-buildx-action@v3
35+
36+
- name: Log in to Container Registry
37+
uses: docker/login-action@v3
38+
with:
39+
registry: ${{ env.REGISTRY }}
40+
username: ${{ github.actor }}
41+
password: ${{ secrets.GITHUB_TOKEN }}
42+
43+
- name: Set output tag
44+
id: set-tag
45+
run: |
46+
if [ "${{ github.event_name }}" == "pull_request" ]; then
47+
echo "tag=pr-${{ github.event.number }}" >> $GITHUB_OUTPUT
48+
else
49+
echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
50+
fi
51+
52+
- name: Generate metadata
53+
id: meta
54+
uses: docker/metadata-action@v5
55+
with:
56+
images: ${{ env.IMAGE_PREFIX }}/${{ matrix.component }}
57+
tags: |
58+
type=ref,event=branch
59+
type=ref,event=pr
60+
type=sha,prefix={{branch}}-
61+
62+
- name: Build and push
63+
uses: docker/build-push-action@v6
64+
with:
65+
context: ./${{ matrix.component }}
66+
file: ./${{ matrix.component }}/Dockerfile
67+
push: true
68+
tags: ${{ steps.meta.outputs.tags }}
69+
labels: ${{ steps.meta.outputs.labels }}
70+
platforms: linux/amd64
71+
72+
generate-preview-instructions:
73+
name: "Generate Preview Instructions"
74+
runs-on: ubuntu-latest
75+
needs: build-and-publish
76+
if: github.event_name == 'pull_request'
77+
steps:
78+
- name: Checkout
79+
uses: actions/checkout@v5
80+
81+
- name: Install yq
82+
run: |
83+
sudo snap install yq
84+
85+
- name: Determine image tag
86+
id: tag
87+
run: |
88+
if [ "${{ github.event_name }}" == "pull_request" ]; then
89+
echo "tag=pr-${{ github.event.number }}" >> $GITHUB_OUTPUT
90+
else
91+
echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
92+
fi
93+
94+
- name: Generate preview values
95+
id: values
96+
run: |
97+
# Create a preview values file
98+
cat > preview-values.yaml << EOF
99+
balancer:
100+
repository: ${{ env.IMAGE_PREFIX }}/wrongsecrets-balancer
101+
tag: ${{ steps.tag.outputs.tag }}
102+
103+
wrongsecretsCleanup:
104+
repository: ${{ env.IMAGE_PREFIX }}/cleaner
105+
tag: ${{ steps.tag.outputs.tag }}
106+
107+
# Preview configuration
108+
ingress:
109+
enabled: true
110+
hosts:
111+
- host: preview-${{ steps.tag.outputs.tag }}.wrongsecrets.local
112+
paths:
113+
- "/"
114+
EOF
115+
116+
# Output the content for use in the comment
117+
echo "values<<EOF" >> $GITHUB_OUTPUT
118+
cat preview-values.yaml >> $GITHUB_OUTPUT
119+
echo "EOF" >> $GITHUB_OUTPUT
120+
121+
- name: Create deployment instructions
122+
id: instructions
123+
run: |
124+
cat > instructions.md << 'EOF'
125+
## 🚀 Preview Deployment Ready!
126+
127+
Your pull request has been built and is ready for preview deployment. Here's how to test your changes:
128+
129+
### Container Images Built
130+
131+
- **Balancer**: `${{ env.IMAGE_PREFIX }}/wrongsecrets-balancer:${{ steps.tag.outputs.tag }}`
132+
- **Cleaner**: `${{ env.IMAGE_PREFIX }}/cleaner:${{ steps.tag.outputs.tag }}`
133+
134+
### Quick Deploy with Helm
135+
136+
```bash
137+
# Add the wrongsecrets helm repository
138+
helm repo add wrongsecrets https://owasp.org/wrongsecrets-ctf-party
139+
helm repo update
140+
141+
# Deploy with preview images
142+
helm install my-preview wrongsecrets/wrongsecrets-ctf-party \
143+
--set balancer.repository=${{ env.IMAGE_PREFIX }}/wrongsecrets-balancer \
144+
--set balancer.tag=${{ steps.tag.outputs.tag }} \
145+
--set wrongsecretsCleanup.repository=${{ env.IMAGE_PREFIX }}/cleaner \
146+
--set wrongsecretsCleanup.tag=${{ steps.tag.outputs.tag }} \
147+
--set imagePullPolicy=Always
148+
149+
# Port forward to access locally
150+
kubectl port-forward service/wrongsecrets-balancer 3000:3000
151+
```
152+
153+
### Deploy with Custom Values
154+
155+
<details>
156+
<summary>Click to see preview-values.yaml</summary>
157+
158+
```yaml
159+
${{ steps.values.outputs.values }}
160+
```
161+
162+
</details>
163+
164+
```bash
165+
# Save the above values to preview-values.yaml, then:
166+
helm install my-preview wrongsecrets/wrongsecrets-ctf-party -f preview-values.yaml
167+
```
168+
169+
### Deploy with Local Build Scripts
170+
171+
```bash
172+
# Clone this PR
173+
git fetch origin pull/${{ github.event.number }}/head:pr-${{ github.event.number }}
174+
git checkout pr-${{ github.event.number }}
175+
176+
# Use the existing deployment script with custom images
177+
./build-and-deploy.sh
178+
```
179+
180+
### Test the Changes
181+
182+
1. Access the application at http://localhost:3000
183+
2. Create a team and verify functionality
184+
3. Test any new features or bug fixes
185+
186+
### Container Registry
187+
188+
The preview images are available at:
189+
- https://github.com/${{ github.repository_owner }}/wrongsecrets-ctf-party/pkgs/container/wrongsecrets-balancer
190+
- https://github.com/${{ github.repository_owner }}/wrongsecrets-ctf-party/pkgs/container/cleaner
191+
192+
---
193+
194+
*This preview was automatically generated for PR #${{ github.event.number }}*
195+
EOF
196+
197+
echo "content<<EOF" >> $GITHUB_OUTPUT
198+
cat instructions.md >> $GITHUB_OUTPUT
199+
echo "EOF" >> $GITHUB_OUTPUT
200+
201+
- name: Comment on PR
202+
uses: actions/github-script@v7
203+
with:
204+
script: |
205+
const { owner, repo } = context.repo;
206+
const issue_number = context.issue.number;
207+
208+
// Find existing preview comment
209+
const comments = await github.rest.issues.listComments({
210+
owner,
211+
repo,
212+
issue_number,
213+
});
214+
215+
const existingComment = comments.data.find(comment =>
216+
comment.user.login === 'github-actions[bot]' &&
217+
comment.body.includes('🚀 Preview Deployment Ready!')
218+
);
219+
220+
const body = `${{ steps.instructions.outputs.content }}`;
221+
222+
if (existingComment) {
223+
// Update existing comment
224+
await github.rest.issues.updateComment({
225+
owner,
226+
repo,
227+
comment_id: existingComment.id,
228+
body
229+
});
230+
} else {
231+
// Create new comment
232+
await github.rest.issues.createComment({
233+
owner,
234+
repo,
235+
issue_number,
236+
body
237+
});
238+
}
239+
240+
notify-main-branch:
241+
name: "Notify Main Branch Build"
242+
runs-on: ubuntu-latest
243+
needs: build-and-publish
244+
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
245+
steps:
246+
- name: Determine image tag
247+
id: tag
248+
run: |
249+
echo "tag=main" >> $GITHUB_OUTPUT
250+
251+
- name: Create main branch notification
252+
run: |
253+
echo "## 🚀 Main Branch Preview Images Updated!"
254+
echo ""
255+
echo "New preview images have been built for the main branch:"
256+
echo ""
257+
echo "- **Balancer**: \`${{ env.IMAGE_PREFIX }}/wrongsecrets-balancer:${{ steps.tag.outputs.tag }}\`"
258+
echo "- **Cleaner**: \`${{ env.IMAGE_PREFIX }}/cleaner:${{ steps.tag.outputs.tag }}\`"
259+
echo ""
260+
echo "These can be used for testing the latest main branch changes."

0 commit comments

Comments
 (0)