Skip to content

test github app #1578

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bolyachevets merged 3 commits into from
Sep 4, 2025
Merged

test github app #1578

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6f5aa75
test github app
bolyachevets Sep 3, 2025
3f2fbb8
clean up
bolyachevets Sep 4, 2025
0c707e6
match script name for CI pipeline
bolyachevets Sep 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 90 additions & 23 deletions app/devops/cloudbuild-pr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
steps:
# install / setup ci
# Install / setup CI
- name: node:20.5.1
entrypoint: npm
args: ['install']
dir: app # <-- ADD THIS

# setup .env
# Setup .env
- name: 'bash'
script: |
#!/usr/bin/env bash
cp .env.example .env
dir: app # <-- ADD THIS

#
# Generate the static site
#
- name: node:20.5.1
entrypoint: npm
env:
Expand All @@ -21,38 +21,105 @@ steps:
- 'NUXT_PROJECT_ID=$_NUXT_PROJECT_ID'
- 'NUXT_APP_ID=$_NUXT_APP_ID'
args: ['run', 'build']
dir: app # <-- ADD THIS

#
# Deploy to firebase channel, using the PR #
# store log to /workspace to get the channel URL
#
# Deploy to Firebase channel using the PR #
- name: gcr.io/yfthig-dev/firebase
entrypoint: bash
args: ['-c', 'firebase hosting:channel:deploy --project=yfthig-dev PR-$_PR_NUMBER > /workspace/firebase-deploy.txt']
dir: app # <-- ADD THIS

# Generate GitHub App installation token
- id: "Generate GitHub App token"
name: python:3.11
entrypoint: bash
args:
- -c
- |
pip install pyjwt cryptography requests
python <<EOF
import os, time, jwt, requests
from cryptography.hazmat.primitives import serialization

# Load GitHub App info from env
app_id = os.environ["GITHUB_APP_ID"]
installation_id = os.environ["GITHUB_INSTALLATION_ID"]
private_key = os.environ["GITHUB_APP_PRIVATE_KEY"]

# Build JWT
now = int(time.time())
payload = {
"iat": now,
"exp": now + 540, # 9 minutes
"iss": app_id,
}
key = serialization.load_pem_private_key(private_key.encode(), password=None)
jwt_token = jwt.encode(payload, key, algorithm="RS256")

# Exchange for installation token
headers = {"Authorization": f"Bearer {jwt_token}", "Accept": "application/vnd.github.v3+json"}
url = f"https://api.github.com/app/installations/{installation_id}/access_tokens"
r = requests.post(url, headers=headers)
r.raise_for_status()
token = r.json()["token"]

# Write token for next steps
with open("/workspace/github_token.txt", "w") as f:
f.write(token)
EOF
secretEnv:
- GITHUB_APP_PRIVATE_KEY
- GITHUB_APP_ID
- GITHUB_INSTALLATION_ID

#
# Update the PR with the temporary URL
#
- id: "Update the PR"
name: gcr.io/cloud-builders/curl
entrypoint: bash
args:
- -c
- |
# Read from "/workspace"
cat /workspace/firebase-deploy.txt
url=`cat /workspace/firebase-deploy.txt| grep 'Channel URL' | grep -Eo "https://[a-zA-Z0-9./?=_%:-]*"`
echo "this is the body:"
echo '{"body": "Temporary Url for review:'"$url"'"}'
# Read Firebase URL
url=$(grep 'Channel URL' /workspace/firebase-deploy.txt | grep -Eo "https://[a-zA-Z0-9./?=_%:-]*")
echo "Posting PR comment with URL: $url"

# Read GitHub App installation token
GITHUB_TOKEN=$(cat /workspace/github_token.txt)

curl -X POST \
https://api.github.com/repos/bcgov/name-examination/issues/$_PR_NUMBER/comments \
--header "Authorization: token $$GITHUB_TOKEN" \
--header "Accept: application/vnd.github.v3+json" \
--data-binary '{"body": "Temporary Url for review: '"$url"'"}'

# Run smoke test workflow
- id: "Run Smoke Test"
name: gcr.io/cloud-builders/curl
entrypoint: bash
args:
- -c
- |
# Read Firebase URL
url=$(grep 'Channel URL' /workspace/firebase-deploy.txt | grep -Eo "https://[a-zA-Z0-9./?=_%:-]*")
echo "Triggering smoke test workflow with URL: $url"

# Read GitHub App installation token
GITHUB_TOKEN=$(cat /workspace/github_token.txt)

curl -X POST \
https://api.github.com/repos/bcgov/name-examination/issues/$_PR_NUMBER/comments \
--header "Authorization: Token $$TOKEN" \
--header "Accept: application/vnd.github.v3+json" \
--data-binary '{"body": "Temporary Url for review: '"$url"'"}'
secretEnv: ['TOKEN']
-H "Accept: application/vnd.github+json" \
-H "Authorization: token $$GITHUB_TOKEN" \
https://api.github.com/repos/bcgov/name-examination/actions/workflows/e2e.yml/dispatches \
-d '{"ref":"main","inputs":{"url_parameter":"'"$url"'"}}'

availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/token-pr-review/versions/latest
env: 'TOKEN'
- versionName: projects/$PROJECT_ID/secrets/private-key-pr-review/versions/latest
env: 'GITHUB_APP_PRIVATE_KEY'
- versionName: projects/$PROJECT_ID/secrets/app-id-pr-review/versions/latest
env: 'GITHUB_APP_ID'
- versionName: projects/$PROJECT_ID/secrets/installation-id-pr-review/versions/latest
env: 'GITHUB_INSTALLATION_ID'

options:
dynamic_substitutions: true
dynamicSubstitutions: false
3 changes: 2 additions & 1 deletion app/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
"private": true,
"scripts": {
"build": "nuxt generate",
"build-check": "nuxt generate",
"dev": "nuxt dev",
"generate": "nuxt generate",
"preview": "nuxt preview",
Expand Down Expand Up @@ -78,4 +79,4 @@
"engines": {
"node": "=20.5.1"
}
}
}
Loading