Track Publishes #34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Track Publishes | |
| on: | |
| schedule: | |
| - cron: '35 */23 * * *' | |
| workflow_dispatch: | |
| permissions: | |
| actions: read # required to access workflow runs | |
| contents: write # required to access the repository, for the dispatch event | |
| jobs: | |
| check-token-expiry: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check JWT token expiration | |
| run: | | |
| # Function to decode JWT token part | |
| decode_base64_url() { | |
| local len=$((${#1} % 4)) | |
| local result="$1" | |
| if [ $len -eq 2 ]; then result="$1"'==' | |
| elif [ $len -eq 3 ]; then result="$1"'=' | |
| fi | |
| echo "$result" | tr '_-' '/+' | base64 -d | |
| } | |
| # Get the token | |
| TOKEN="${{ secrets.AEM_LIVE_ADMIN_TOKEN_EXPRESS }}" | |
| # Extract the payload (second part of the JWT) | |
| PAYLOAD=$(echo -n $TOKEN | cut -d '.' -f 2) | |
| # Decode the payload | |
| DECODED_PAYLOAD=$(decode_base64_url $PAYLOAD) | |
| # Extract expiration timestamp | |
| EXPIRY=$(echo $DECODED_PAYLOAD | jq -r .exp) | |
| CURRENT_TIME=$(date +%s) | |
| ONE_WEEK_FROM_NOW=$((CURRENT_TIME + 7*24*60*60)) | |
| echo "Token expires at: $(date -d @$EXPIRY)" | |
| echo "Current time: $(date -d @$CURRENT_TIME)" | |
| echo "One week from now: $(date -d @$ONE_WEEK_FROM_NOW)" | |
| if [ $EXPIRY -lt $ONE_WEEK_FROM_NOW ]; then | |
| echo "::warning::AEM_LIVE_ADMIN_TOKEN_EXPRESS will expire in less than a week (on $(date -d @$EXPIRY)). Please renew the token soon." | |
| echo "Token expiration is approaching" >> $GITHUB_STEP_SUMMARY | |
| echo "The AEM_LIVE_ADMIN_TOKEN_EXPRESS will expire on $(date -d @$EXPIRY)" >> $GITHUB_STEP_SUMMARY | |
| echo "Please generate a new token and update the repository secret." >> $GITHUB_STEP_SUMMARY | |
| fi | |
| if [ $EXPIRY -lt $CURRENT_TIME ]; then | |
| echo "::error::AEM_LIVE_ADMIN_TOKEN_EXPRESS has expired on $(date -d @$EXPIRY)" | |
| exit 1 | |
| fi | |
| check-last-run: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| workflow-id: ${{ steps.workflow-id.outputs.WORKFLOW_ID }} | |
| last-run-iso: ${{ steps.last-run.outputs.LAST_CREATED_AT_ISO }} # ISO 8601 | |
| last-run-unix: ${{ steps.last-run.outputs.LAST_CREATED_AT_UNIX }} # Unix timestamp | |
| branch-name: ${{ steps.branch-name.outputs.BRANCH_NAME }} | |
| steps: | |
| - name: Get branch name | |
| id: branch-name | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if [[ ${GITHUB_EVENT_NAME} == "pull_request" ]] | |
| then | |
| echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_OUTPUT | |
| else | |
| echo "BRANCH_NAME=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Get workflow id | |
| id: workflow-id | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| WORKFLOW_ID=$(gh api /repos/${{ github.repository }}/actions/runs/${{ github.run_id }} | jq -r .workflow_id) | |
| echo "WORKFLOW_ID=$WORKFLOW_ID" >> $GITHUB_OUTPUT | |
| echo "Workflow id: ${WORKFLOW_ID}" | |
| - name: Get previous build status | |
| shell: bash | |
| id: last-run | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MAX_PAGES: "5" # Maximum number of pages to check before giving up | |
| run: | | |
| LAST_CREATED_AT_ISO="" | |
| page=1 | |
| while [[ $page -le $MAX_PAGES ]]; do | |
| echo "Checking page $page for successful runs..." | |
| # Get workflow runs for current page | |
| WORKFLOW_RUNS=$(gh api "/repos/${{ github.repository }}/actions/workflows/${{ steps.workflow-id.outputs.WORKFLOW_ID }}/runs?status=completed&branch=${{ steps.branch-name.outputs.BRANCH_NAME }}&page=$page&per_page=100") | |
| # Check if we got any runs | |
| TOTAL_COUNT=$(echo "$WORKFLOW_RUNS" | jq '.total_count') | |
| if [[ $TOTAL_COUNT -eq 0 || $(echo "$WORKFLOW_RUNS" | jq '.workflow_runs | length') -eq 0 ]]; then | |
| echo "No more workflow runs found." | |
| break | |
| fi | |
| # Try to find a successful run on this page | |
| LAST_CREATED_AT_ISO=$(echo "$WORKFLOW_RUNS" | jq -r "[.workflow_runs[] | select(.conclusion == \"success\") | .created_at][0]") | |
| if [[ "$LAST_CREATED_AT_ISO" != "null" ]]; then | |
| echo "Found successful run on page $page" | |
| break | |
| fi | |
| # Store first run's timestamp as fallback if we haven't stored one yet | |
| if [[ $page -eq 1 ]]; then | |
| FALLBACK_TIMESTAMP=$(echo "$WORKFLOW_RUNS" | jq -r "[.workflow_runs[].created_at][0]") | |
| if [[ "$FALLBACK_TIMESTAMP" != "null" ]]; then | |
| echo "Storing fallback timestamp from first page: $FALLBACK_TIMESTAMP" | |
| FIRST_RUN_ISO=$FALLBACK_TIMESTAMP | |
| fi | |
| fi | |
| ((page++)) | |
| done | |
| # If we didn't find a successful run, use fallback strategies | |
| if [[ "$LAST_CREATED_AT_ISO" == "null" || -z "$LAST_CREATED_AT_ISO" ]]; then | |
| echo "::warning::No successful workflow runs found in the last $MAX_PAGES pages." | |
| if [[ -n "$FIRST_RUN_ISO" ]]; then | |
| echo "Using timestamp from earliest found run as fallback" | |
| LAST_CREATED_AT_ISO=$FIRST_RUN_ISO | |
| # Add information about recent failures to the job summary | |
| echo "Recent workflow run history:" >> $GITHUB_STEP_SUMMARY | |
| echo "$WORKFLOW_RUNS" | jq -r '.workflow_runs | map({conclusion, created_at, html_url}) | .[:5]' >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "::warning::No previous runs found at all. Using a timestamp from 5 minutes ago as fallback." | |
| LAST_CREATED_AT_ISO=$(date -u -d "5 minutes ago" "+%Y-%m-%dT%H:%M:%SZ") | |
| fi | |
| fi | |
| LAST_CREATED_AT_UNIX=$(date -d "$LAST_CREATED_AT_ISO" +%s) | |
| echo "LAST_CREATED_AT_ISO=$LAST_CREATED_AT_ISO" >> $GITHUB_OUTPUT | |
| echo "LAST_CREATED_AT_UNIX=$LAST_CREATED_AT_UNIX" >> $GITHUB_OUTPUT | |
| echo "Previous build created at: $LAST_CREATED_AT_ISO" | |
| poll-log: | |
| runs-on: ubuntu-latest | |
| needs: check-last-run | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - name: Check for required secrets | |
| run: | | |
| if [[ -z "${{ secrets.AEM_LIVE_ADMIN_TOKEN_EXPRESS }}" ]]; then | |
| echo "::error::The AEM_LIVE_ADMIN_TOKEN_EXPRESS secret is not configured. Please add this secret to your repository settings." | |
| exit 1 | |
| fi | |
| - name: Set up Node.js | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 | |
| with: | |
| node-version: 21 | |
| - name: Install dependencies | |
| run: cd ./.github/workflows/import/ && npm install | |
| - name: Run poll-logs.js | |
| env: | |
| AEM_LIVE_ADMIN_TOKEN: ${{ secrets.AEM_LIVE_ADMIN_TOKEN_EXPRESS }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ROLLING_IMPORT_ORG: "adobecom" | |
| ROLLING_IMPORT_REPO: "da-express-milo" | |
| ROLLING_IMPORT_SLACK: ${{ secrets.ROLLING_IMPORT_SLACK }} | |
| LAST_RUN_ISO: ${{ needs.check-last-run.outputs.last-run-iso }} | |
| ROLLING_IMPORT_IMS_URL: ${{ secrets.ROLLING_IMPORT_IMS_URL }} | |
| ROLLING_IMPORT_CLIENT_ID: ${{ secrets.ROLLING_IMPORT_CLIENT_ID }} | |
| ROLLING_IMPORT_CLIENT_SECRET: ${{ secrets.ROLLING_IMPORT_CLIENT_SECRET }} | |
| ROLLING_IMPORT_CODE: ${{ secrets.ROLLING_IMPORT_CODE }} | |
| ROLLING_IMPORT_GRANT_TYPE: ${{ secrets.ROLLING_IMPORT_GRANT_TYPE }} | |
| ENABLE_DEBUG_LOGS: ${{ secrets.ENABLE_DEBUG_LOGS }} | |
| ROLLING_IMPORT_IMPORT_FROM: ${{ secrets.ROLLING_IMPORT_IMPORT_FROM_EXPRESS }} | |
| ROLLING_IMPORT_LIVE_DOMAIN: ${{ secrets.ROLLING_IMPORT_LIVE_DOMAIN_EXPRESS }} | |
| ROLLING_IMPORT_POLL_LOGS_FROM_REPO: ${{ secrets.ROLLING_IMPORT_POLL_LOGS_FROM_REPO_EXPRESS }} | |
| run: node ./.github/workflows/import/poll-logs.js |