-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3521 from CityOfBoston/master
(production) GA updates, SAML and timeouts
- Loading branch information
Showing
22 changed files
with
170 additions
and
89 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,7 +35,7 @@ jobs: | |
MakeRelease: | ||
# installed software: https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md | ||
runs-on: ubuntu-latest | ||
if: ${{ github.event.workflow_run.conclusion == 'success' }} | ||
if: github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' | ||
defaults: | ||
run: | ||
shell: bash | ||
|
@@ -47,17 +47,18 @@ jobs: | |
with: | ||
path: private | ||
depth: 5 | ||
|
||
# | ||
# Create the GitHub private repo Release Note. | ||
- name: Generate Release Note | ||
if: ${{ vars.DRY_RUN == 0 }} | ||
env: | ||
GH_TOKEN: ${{ secrets.PUBLISH_GITHUB_TOKEN }} | ||
TITLE: ${{ vars.THIS_TITLE }} | ||
TICKETS: ${{ vars.THIS_BODY }} | ||
TAG: ${{ vars.THIS_TAG }} | ||
RELEASE_NOTES: "[PM to complete]" | ||
RELEASE_NUMBER: ${{ vars.THIS_RELEASE }} | ||
WORKING_FILE: "private/CHANGELOG.md" | ||
WORKING_FILE: "CHANGELOG.md" | ||
DRAFT: 0 # 1 = ReleaseNote is draft - else is published | ||
run: | | ||
cd private | ||
|
@@ -75,8 +76,9 @@ jobs: | |
options="$options --notes-file ${{ env.WORKING_FILE }}" | ||
options="$options --title ${{ env.RELEASE_NUMBER }}" | ||
[ ${{ env.DRAFT }} == 1 ] && options="--draft $options" | ||
[ ${{ vars.DRY_RUN }} == 0 ] && gh release create ${{ env.ACQUIA_TAG }} $options | ||
[ ${{ vars.DRY_RUN }} == 0 ] && gh release create ${{ env.TAG }} $options | ||
# | ||
# Send FAIL message to slack. | ||
- name: Post to Slack - failure | ||
uses: act10ns/[email protected] | ||
if: ${{ failure() }} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,7 +27,6 @@ on: | |
workflows: [Publish to Public Repo] | ||
branches: [production] | ||
env: | ||
GH_TOKEN: ${{ secrets.PUBLISH_GITHUB_TOKEN }} | ||
GITHUB_TOKEN: ${{ secrets.PUBLISH_GITHUB_TOKEN }} | ||
DEV_EMAIL: "[email protected]" | ||
USER: "City of Boston Deploy Pipeline" | ||
|
@@ -37,7 +36,7 @@ jobs: | |
MakeRelease: | ||
# installed software: https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md | ||
runs-on: ubuntu-latest | ||
if: ${{ github.event.workflow_run.conclusion == 'success' }} | ||
if: github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' | ||
defaults: | ||
run: | ||
shell: bash | ||
|
@@ -46,6 +45,8 @@ jobs: | |
# Checkout THE public repo, set remote correctly. | ||
- name: Checkout Public repository | ||
id: Checkout-Public-Repo | ||
env: | ||
GH_TOKEN: ${{ secrets.PUBLISH_GITHUB_TOKEN }} | ||
run: | | ||
URL=${{ secrets.PUBLIC_REPO_TARGET }} | ||
echo "gh repo clone $URL public -- --depth 10 --branch ${{ secrets.PUBLIC_REPO_TARGET_BRANCH }}" | ||
|
@@ -54,24 +55,18 @@ jobs: | |
git fetch origin ${{ secrets.PUBLIC_REPO_TARGET_BRANCH }} | ||
git reset --hard FETCH_HEAD | ||
# Tag the branch and push to remote. | ||
- name: Tag the branch | ||
run: | | ||
cd public | ||
git config --global user.email "${{ env.DEV_EMAIL }}" | ||
git config --global user.name "${{ env.USER }}" | ||
git tag -a "${{ vars.THIS_RELEASE }}" -m "${{ vars.THIS_RELEASE }}" | ||
[ ${{ vars.DRY_RUN }} == 0 ] && git push origin ${{ vars.THIS_RELEASE }} | ||
# Create the GitHub PUBLIC repo Release Note. | ||
- name: Generate Release Notes | ||
if: ${{ vars.DRY_RUN == 0 }} | ||
env: | ||
GH_TOKEN: ${{ secrets.PUBLISH_GITHUB_TOKEN }} | ||
TITLE: ${{ vars.THIS_TITLE }} | ||
TICKETS: ${{ vars.THIS_BODY }} | ||
TAG: ${{ vars.THIS_TAG }} | ||
RELEASE_NOTES: "[PM to complete]" | ||
RELEASE_NUMBER: ${{ vars.THIS_RELEASE }} | ||
WORKING_FILE: "public/CHANGELOG.md" | ||
WORKING_FILE: "CHANGELOG.md" | ||
DRAFT: 1 # 1 = ReleaseNote is draft - else is published | ||
run: | | ||
cd public | ||
|
@@ -81,12 +76,14 @@ jobs: | |
### Release Notes | ||
${{ env.RELEASE_NOTES }}" > ${{ env.WORKING_FILE }} | ||
options="--latest --generate-notes" | ||
options="$options --notes-start-tag ${{ vars.LAST_RELEASE }}" | ||
options="$options --notes-start-tag ${{ vars.LAST_TAG }}" | ||
options="$options --notes-file ${{ env.WORKING_FILE }}" | ||
options="$options --title ${{ env.RELEASE_NUMBER }}" | ||
[ ${{ env.DRAFT }} == 1 ] && options="--draft $options" | ||
[ ${{ vars.DRY_RUN }} == 0 ] && gh release create ${{ env.ACQUIA_TAG }} $options | ||
[ ${{ vars.DRY_RUN }} == 0 ] && gh release create ${{ env.TAG }} $options | ||
# | ||
# Send FAIL message to slack. | ||
- name: Post to Slack - failure | ||
uses: act10ns/[email protected] | ||
if: ${{ failure() }} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -42,7 +42,6 @@ on: | |
- production | ||
|
||
env: | ||
GH_TOKEN: ${{ secrets.PUBLISH_GITHUB_TOKEN }} | ||
GITHUB_TOKEN: ${{ secrets.PUBLISH_GITHUB_TOKEN }} | ||
DEV_EMAIL: "[email protected]" | ||
PR_USER: ${{ github.event.pull_request.merged_by.login }} | ||
|
@@ -150,7 +149,7 @@ jobs: | |
# | ||
# Commit and push latest code to Public repository | ||
- name: Push to the Public Repo | ||
- name: Tag and Push to the Public Repo | ||
run: | | ||
cd publish | ||
err='' | ||
|
@@ -186,6 +185,9 @@ jobs: | |
[[ ${{ vars.DRY_RUN }} == 1 ]] && pushopts="$pushopts --dry-run" | ||
if [[ $(echo "$res" | grep "nothing to commit") == "" ]]; then | ||
git tag -a "${{ env.THIS_TAG }}" -m "${{ env.THIS_RELEASE }}" | ||
echo "changes=1" >> "$GITHUB_OUTPUT" | ||
echo "git push --set-upstream origin ${{ secrets.PUBLIC_REPO_TARGET_BRANCH }}:${{ secrets.PUBLIC_REPO_TARGET_BRANCH }} ${pushopts}" | ||
git push --set-upstream origin ${{ secrets.PUBLIC_REPO_TARGET_BRANCH }}:${{ secrets.PUBLIC_REPO_TARGET_BRANCH }} ${pushopts} || err="$err: Problem pushing changes to Public Repo" | ||
|
@@ -208,6 +210,8 @@ jobs: | |
# On success, save GitHub variables for future use. | ||
- name: Update Variables on success | ||
if: ${{ success() && vars.DRY_RUN == 0 }} | ||
env: | ||
GH_TOKEN: ${{ secrets.PUBLISH_GITHUB_TOKEN }} | ||
run: | | ||
cd private | ||
gh variable set LAST_TAG --body "${{ vars.THIS_TAG }}" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
uuid: 907217d3-2f35-4445-8d07-5105b6409c0a | ||
langcode: en | ||
status: true | ||
dependencies: | ||
module: | ||
- key_asymmetric | ||
id: iam_dir_sso | ||
label: 'IAM-DIR SSO' | ||
description: '' | ||
key_type: asymmetric_public | ||
key_type_settings: | ||
private_key: '' | ||
key_provider: env | ||
key_provider_settings: | ||
env_variable: iam_x509_cert | ||
strip_line_breaks: true | ||
key_input: none | ||
key_input_settings: { } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,27 @@ | ||
_core: | ||
default_config_hash: zJS1GknUylh656CJSNXOupqKSqm6Xw200h1cq1eI970 | ||
enabled: true | ||
timeout: 1800 | ||
max_timeout: 172800 | ||
padding: 20 | ||
logout_regardless_of_activity: false | ||
no_individual_logout_threshold: false | ||
role_logout: false | ||
role_logout_max: false | ||
redirect_url: / | ||
include_destination: true | ||
no_dialog: false | ||
message: 'Your session is about to expire. Do you want to reset it?' | ||
message: 'We are about to log you out for inactivity. If we do, you will lose any unsaved work. Do you need more time?' | ||
inactivity_message: 'You have been logged out due to inactivity.' | ||
inactivity_message_type: status | ||
modal_width: null | ||
enforce_admin: true | ||
jstimer_format: '%hours%:%mins%:%secs%' | ||
jstimer_js_load_option: false | ||
use_alt_logout_method: false | ||
use_watchdog: false | ||
dialog_title: 'Boston.gov Alert' | ||
disable_buttons: false | ||
yes_button: '' | ||
no_button: '' | ||
whitelisted_ip_addresses: '' |
Oops, something went wrong.