Run Argo CD app sync after image is published from PR (#11750)

* Run Argo CD app sync after image is published from PR * Add test file * Set name to capitlized to avoid masking * Use gh cli instead of curl to get PR labels * Fix comment * Fix jq to work with gh cli * Set GH token as an env var for the cli * Combine labels to one line, comma delimited * Make comment valid
smartcontractkit · Jan 12, 2024 · a69a78d · a69a78d
1 parent e595f5b
commit a69a78d
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 2 deletions.
diff --git a/.github/workflows/build-publish-pr.yml b/.github/workflows/build-publish-pr.yml
@@ -2,8 +2,8 @@ name: "Build and Publish from PR"
 
 ##
 # This workflow builds and publishes a Docker image for Chainlink from a PR.
-# It doesn't use an environment, has its own special IAM role, does not sign
-# the image, and publishes to a special ECR repo.
+# It has its own special IAM role, does not sign the image, and publishes to
+# a special ECR repo.
 ##
 
 on:
@@ -13,6 +13,7 @@ jobs:
   build-publish-untrusted:
     if: ${{ ! startsWith(github.ref_name, 'release/') }}
     runs-on: ubuntu-20.04
+    environment: sdlc
     permissions:
       id-token: write
       contents: read
@@ -53,6 +54,51 @@ jobs:
           dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }}
           dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }}
 
+      - name: Get PR labels
+        id: pr-labels
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PR_NUMBER: ${{ github.event.number }}
+        run: |
+          RESPONSE=$(gh pr view ${PR_NUMBER} --json labels)
+          # Check if the labels command was successful
+          if [[ $? -ne 0 ]]; then
+            echo "Error fetching labels"
+            exit 1
+          fi
+          echo "RESPONSE=${RESPONSE}"
+          LABELS=$(echo "$RESPONSE" | jq -r '.labels | map(.name) | join(", ")')
+          # Check if any labels were found
+          if [[ -z "${LABELS:-}" ]]; then
+            echo "No labels found"
+          else
+            echo "labels=${LABELS}" | tee -a "${GITHUB_OUTPUT}"
+          fi
+
+      - name: Setup GAP
+        if: contains(steps.pr-labels.outputs.labels, 'crib')
+        uses: smartcontractkit/.github/actions/setup-gap@main
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-role-arn: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }}
+          api-gateway-host: ${{ secrets.AWS_API_GW_HOST_ARGO_SAND }}
+          use-argocd: "true"
+          argocd-user: ${{ secrets.ARGOCD_USER_SAND }}
+          argocd-pass: ${{ secrets.ARGOCD_PASS_SAND }}
+
+      # Run an Argo CD sync after the image is built.
+      - name: Argo CD App Sync
+        if: contains(steps.pr-labels.outputs.labels, 'crib')
+        shell: bash
+        env:
+          PR_NUMBER: ${{ github.event.number }}
+        run: |
+          argocd app sync \
+            --plaintext \
+            --grpc-web \
+            --async \
+            "crib-chainlink-${PR_NUMBER}"
+
       - name: Collect Metrics
         if: always()
         id: collect-gha-metrics

diff --git a/test.txt b/test.txt