build: setup preview builds for dev-app #23825
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
google-cla
bot
added
the
cla: yes
devversion
requested review from
crisbeto,
jelbourn and
josephperrott
and removed request for
a team
devversion
added
merge safe
target: patch
devversion
commented
Oct 23, 2021
devversion
force-pushed
the
build/preview-builds-for-devapp
branch
from
d308a6d to
b539fbe
Compare
crisbeto
reviewed
Oct 24, 2021
devversion
force-pushed
the
build/preview-builds-for-devapp
branch
7 times, most recently
from
292095d to
4784df7
Compare
Member
Author
|
@crisbeto updated to have the workflow artifact fetching script as external script. The downside is that we now need to install node modules in the deploy workflow as well, but I was able to share the yarn install logic to avoid duplication; so we are good. |
Sets up preview builds for the dev-app. Whenever the `dev-app preview` label is applied to pull requests, a Github action will build the dev-app using RBE and deploy it to a preview channel within a Firebase project. The deployment and building is split up into two individual workflows to guarantee a secure exeuction of these steps. This follows the concept as outlined in https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. In the future, we can try extracting some of this logic into a common tool in the dev-infra repository.. allowing preview builds to be used for other things, or in other repositories as well (or switching AIO away from the rather-complicated docker preview build setup).
Address feedback
Update old links
devversion
force-pushed
the
build/preview-builds-for-devapp
branch
from
aabdb16 to
2f6ee6d
Compare
wagnermaciel
pushed a commit
that referenced
this pull request
Oct 27, 2021
* build: setup preview builds for dev-app Sets up preview builds for the dev-app. Whenever the `dev-app preview` label is applied to pull requests, a Github action will build the dev-app using RBE and deploy it to a preview channel within a Firebase project. The deployment and building is split up into two individual workflows to guarantee a secure exeuction of these steps. This follows the concept as outlined in https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. In the future, we can try extracting some of this logic into a common tool in the dev-infra repository.. allowing preview builds to be used for other things, or in other repositories as well (or switching AIO away from the rather-complicated docker preview build setup). * fixup! build: setup preview builds for dev-app Address feedback * fixup! build: setup preview builds for dev-app Update old links (cherry picked from commit 7ec0139)
wagnermaciel
pushed a commit
that referenced
this pull request
Oct 27, 2021
* build: setup preview builds for dev-app Sets up preview builds for the dev-app. Whenever the `dev-app preview` label is applied to pull requests, a Github action will build the dev-app using RBE and deploy it to a preview channel within a Firebase project. The deployment and building is split up into two individual workflows to guarantee a secure exeuction of these steps. This follows the concept as outlined in https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. In the future, we can try extracting some of this logic into a common tool in the dev-infra repository.. allowing preview builds to be used for other things, or in other repositories as well (or switching AIO away from the rather-complicated docker preview build setup). * fixup! build: setup preview builds for dev-app Address feedback * fixup! build: setup preview builds for dev-app Update old links (cherry picked from commit 7ec0139)
|
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sets up preview builds for the dev-app. Whenever the
dev-app previewlabel is applied to pull requests, a Github action will build the
dev-app using RBE and deploy it to a preview channel within a Firebase
project. This can help with reviews of pull requests as an example.
The deployment and building is split up into two individual workflows
to guarantee a secure exeuction of these steps. This follows the
concept as outlined in
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/.
In the future, we can try extracting some of this logic into a common
tool in the dev-infra repository.. allowing preview builds to be used
for other things, or in other repositories as well (or switching AIO
away from the rather-complicated docker preview build setup).
Example PR on my fork: devversion#57.
Note: We can also run this regardless of a label, so that previews are always available. We probably would also need a team-owned Firebase instance. Right now this is just using my testing one.