Use custom status embed to signal workflow status to Discord #43
Conversation
I've added a `workflow-run`-triggered workflow that sends an enhanced status embed to our #dev-log GitHub Actions webhook. It will run whenever the main workflow finishes and report its status.
To access information about the PR in the status embed workflow, we need to upload an artifact whenever the forms-backend.yml workflow runs for a `pull_request` trigger. This artifact will be downloaded in the workflow that sends the status embed.
SebastiaanZ
added
area: CI
ghost
added
the
| if: github.event.workflow_run.event == 'pull_request' | ||
| run: | | ||
| curl -s -H "Authorization: token $GITHUB_TOKEN" ${{ github.event.workflow_run.artifacts_url }} > artifacts.json | ||
| DOWNLOAD_URL=$(cat artifacts.json | jq -r '.artifacts[] | select(.name == "pull-request-payload") | .archive_download_url') |
There was a problem hiding this comment.
The cat is unnecessary. jq accepts a filename argument.
| DOWNLOAD_URL=$(cat artifacts.json | jq -r '.artifacts[] | select(.name == "pull-request-payload") | .archive_download_url') | |
| DOWNLOAD_URL=$(jq -r '.artifacts[] | select(.name == "pull-request-payload") | .archive_download_url' artifacts.json) |
| curl -s -H "Authorization: token $GITHUB_TOKEN" ${{ github.event.workflow_run.artifacts_url }} > artifacts.json | ||
| DOWNLOAD_URL=$(cat artifacts.json | jq -r '.artifacts[] | select(.name == "pull-request-payload") | .archive_download_url') | ||
| [ -z "$DOWNLOAD_URL" ] && exit 1 | ||
| wget --quiet --header="Authorization: token $GITHUB_TOKEN" -O pull_request_payload.zip $DOWNLOAD_URL || exit 2 |
There was a problem hiding this comment.
| wget --quiet --header="Authorization: token $GITHUB_TOKEN" -O pull_request_payload.zip $DOWNLOAD_URL || exit 2 | |
| wget --quiet --header="Authorization: token $GITHUB_TOKEN" -O pull_request_payload.zip "$DOWNLOAD_URL" || exit 2 |
| curl -s -H "Authorization: token $GITHUB_TOKEN" ${{ github.event.workflow_run.artifacts_url }} > artifacts.json | ||
| DOWNLOAD_URL=$(cat artifacts.json | jq -r '.artifacts[] | select(.name == "pull-request-payload") | .archive_download_url') | ||
| [ -z "$DOWNLOAD_URL" ] && exit 1 | ||
| wget --quiet --header="Authorization: token $GITHUB_TOKEN" -O pull_request_payload.zip $DOWNLOAD_URL || exit 2 |
There was a problem hiding this comment.
A bit strange to use curl the first time and then switch to wget, but it doesn't really matter.
There was a problem hiding this comment.
I had some inconsistent results with curl while downloading the zip-file that I couldn't quite explain. I'll see if I can dig them up. wget worked reliable every time.
| run: | | ||
| curl -s -H "Authorization: token $GITHUB_TOKEN" ${{ github.event.workflow_run.artifacts_url }} > artifacts.json | ||
| DOWNLOAD_URL=$(cat artifacts.json | jq -r '.artifacts[] | select(.name == "pull-request-payload") | .archive_download_url') | ||
| [ -z "$DOWNLOAD_URL" ] && exit 1 |
There was a problem hiding this comment.
jq returns the string "null" if a value at a key isn't found, so -z is not an adequate check. You can pass -e to jq to make it set its exit code to 1 when the result is false or null. Since -e is set for the whole script (separate from jq's -e argument), the script will exit when it encounters the exit code of 1. Therefore, this check can be removed unless you still want to check for an empty string (this would mean the API returned an existing key with an empty value).
| id: prepare-artifact | ||
| if: always() && github.event_name == 'pull_request' | ||
| continue-on-error: true | ||
| run: cat $GITHUB_EVENT_PATH | jq '.pull_request' > pull_request_payload.json |
There was a problem hiding this comment.
This is probably an absolute path so it can be quoted. If it relies on globs to expand then it shouldn't be quoted. Setting -e to be safe.
| run: cat $GITHUB_EVENT_PATH | jq '.pull_request' > pull_request_payload.json | |
| run: jq -e '.pull_request' "$GITHUB_EVENT_PATH" > pull_request_payload.json |
|
|
||
| jobs: | ||
| status_embed: | ||
| if: github.event.workflow_run.conclusion != 'skipped' |
There was a problem hiding this comment.
Is "skipped" what's set if continue on error is triggered? Is this how it tries to prevent itself from running if the artefact upload in the other workflow failed?
There was a problem hiding this comment.
No, if the artifact was not uploaded, it will send an embed for a non-PR workflow. This is just a safeguard as the action currently only supports success/failure/cancelled as workflow conclusions. It's not really important here, but I added it as a safe guard against a future CI redesign suddenly breaking this action unexpectedly.
| # we fail silently using the `continue-on-error` option. It's | ||
| # nice if this succeeds, but if it fails for any reason, it | ||
| # does not mean that our lint-test checks failed. | ||
| - name: Prepare Pull Request Payload artifact |
There was a problem hiding this comment.
| - name: Prepare Pull Request Payload artifact | |
| - name: Prepare Pull Request Payload Artifact |
| - name: Get Pull Request Information | ||
| id: pr_info | ||
| if: github.event.workflow_run.event == 'pull_request' | ||
| run: | |
There was a problem hiding this comment.
This makes the script safer. e and pipefail I consider essentially for any non-trivial script to get some sane error handling behaviour.
| run: | | |
| run: | | |
| set -euo pipefail |
Also consider setting x, which will output each command as its executed for debugging purposes.
The || exit ... will no longer be necessary after commands unless you want a custom exit code.
| id: pr_info | ||
| if: github.event.workflow_run.event == 'pull_request' | ||
| run: | | ||
| curl -s -H "Authorization: token $GITHUB_TOKEN" ${{ github.event.workflow_run.artifacts_url }} > artifacts.json |
There was a problem hiding this comment.
Likely a good idea to add these. -S shows errors even when silent. -L follows HTTP 3xx redirects.
| curl -s -H "Authorization: token $GITHUB_TOKEN" ${{ github.event.workflow_run.artifacts_url }} > artifacts.json | |
| curl -sSL -H "Authorization: token $GITHUB_TOKEN" ${{ github.event.workflow_run.artifacts_url }} > artifacts.json |
I've added a
workflow-run triggered workflow to send an enhanced status embed to our Discord webhook whenever the "Test & Lint" workflow finishes. If the Test & Lint workflow was triggered for apull_request, it will now upload a build artifact to communicate details about the PR to the status embed workflow.