From 51592c76e39bf0aa1b0ed84cb14e1b21abdef2a4 Mon Sep 17 00:00:00 2001 From: grantbirki Date: Sat, 17 Jun 2023 22:06:26 -0600 Subject: [PATCH 1/3] add the 'unlock on merge' workflow --- .github/workflows/unlock-on-merge.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/unlock-on-merge.yml diff --git a/.github/workflows/unlock-on-merge.yml b/.github/workflows/unlock-on-merge.yml new file mode 100644 index 00000000..5d328460 --- /dev/null +++ b/.github/workflows/unlock-on-merge.yml @@ -0,0 +1,22 @@ +# https://github.com/github/branch-deploy/blob/d3c24bd92505e623615b75ffdfac5ed5259adbdb/docs/unlock-on-merge.md + +name: Unlock On Merge + +on: + pull_request: + types: [closed] + +permissions: + contents: write + +jobs: + unlock-on-merge: + runs-on: ubuntu-latest + + steps: + - name: unlock on merge + uses: github/branch-deploy@v6.0.0 + id: unlock-on-merge + with: + unlock_on_merge_mode: "true" # <-- indicates that this is the "Unlock on Merge Mode" workflow + environment_targets: production,development From f2944cdbb755677d41ee7857238b55e7fa5416c4 Mon Sep 17 00:00:00 2001 From: grantbirki Date: Sat, 17 Jun 2023 22:08:31 -0600 Subject: [PATCH 2/3] add deployment check step --- .github/workflows/deploy.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 5c0fbe0d..a8d019f9 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,7 +9,23 @@ permissions: contents: read jobs: + deployment-check: + runs-on: ubuntu-latest + outputs: # set outputs for use in downstream jobs + continue: ${{ steps.deployment-check.outputs.continue }} + + steps: + # https://github.com/github/branch-deploy/blob/d3c24bd92505e623615b75ffdfac5ed5259adbdb/docs/merge-commit-strategy.md + - name: deployment check + uses: github/branch-deploy@v6.0.0 + id: deployment-check + with: + merge_deploy_mode: "true" + environment: production + deploy: + if: ${{ needs.deployment-check.outputs.continue == 'true' }} + needs: deployment-check environment: production runs-on: ubuntu-latest From ccebb4f13bfd70a38e5b58ecc1ce2b77f8e89eab Mon Sep 17 00:00:00 2001 From: grantbirki Date: Sat, 17 Jun 2023 22:15:42 -0600 Subject: [PATCH 3/3] add notes --- docs/maintainer-notes.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 docs/maintainer-notes.md diff --git a/docs/maintainer-notes.md b/docs/maintainer-notes.md new file mode 100644 index 00000000..7acec8b2 --- /dev/null +++ b/docs/maintainer-notes.md @@ -0,0 +1,23 @@ +# Maintainer Notes + +This is a living document for the maintainers of this repository. + +## Deployment Process + +This is a simple run down of how review / deploy a pull request. + +1. A pull request is opened +2. We review the code +3. We comment `.deploy to development` and ensure the creator of the pull request is happy with the changes +4. We comment `.deploy` to deploy to production. We "let it bake" and ensure everything is working as expected for a few minutes to a few days depending on the complexity of the changes. +5. We approve the pull request and merge it into `main` + +> It should be noted that the approval step can come before the deployment steps if that suits the situation better. + +## CI Failures + +A known issue (I am not sure of the cause) for CI failures is when dependabot opens a pull request. For some very strange reason, the necessary secrets are not injected into the Actions workflow when the pull request comes from dependabot. This causes the wrangler environment in CI to fail because it lacks the proper credentials to authenticate with Cloudflare. + +The fix: Simply push a commit to the branch in question. It can be an empty commit if you like. This will trigger the CI workflow again and the secrets will be injected properly. + +IDK why this happens, but it does. ¯\\\_(ツ)\_/¯