Files
Stirling-PDF/.github/workflows/PR-Demo-cleanup.yml
T
dependabot[bot]GitHubdependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
c5ae576541 Bump step-security/harden-runner from 2.10.3 to 2.10.4 (#2761)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.10.3 to 2.10.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.10.4</h2>
<h2>What's Changed</h2>
<p>Fixed a potential Harden-Runner post step failure that could occur
when printing agent service logs. The fix gracefully handles failures
without failing the post step.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.10.4">https://github.com/step-security/harden-runner/compare/v2...v2.10.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/cb605e52c26070c328afc4562f0b4ada7618a84e"><code>cb605e5</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/496">#496</a>
from step-security/fix-enobufs</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/61144dda3ba7a45a4e879e99c548ff785b492364"><code>61144dd</code></a>
Update log statement</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/b8be370ff4fa3a7b5d97afe5cbb1921a734fffcc"><code>b8be370</code></a>
Add try catch block</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/6f6fa07e47155133e69ca8a751aad4ff01a292b1"><code>6f6fa07</code></a>
Fix ENOBUFS issue</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/18f6947f131da60743dc12d2a22ff28c2b4ea87f"><code>18f6947</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/495">#495</a>
from AkhigbeEromo/Update-README</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/81f844e74365cf557ddf3715c247f745a115a5b2"><code>81f844e</code></a>
Edit docs</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/4c766de2db7a0b0a47e5728947c16e113c64f377"><code>4c766de</code></a>
Merge branch 'Update-README' of <a
href="https://github.com/AkhigbeEromo/harden-runner">https://github.com/AkhigbeEromo/harden-runner</a>...</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/c9c5f3273c74d0365949a3aa120e85977f51d1ef"><code>c9c5f32</code></a>
Handle Ashish reviews</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/2877824267faf8efc084b00de71c0fe737ff0a76"><code>2877824</code></a>
Merge branch 'main' into Update-README</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/be87de076dd7a9aa9a9220dc9488dea2f8775db0"><code>be87de0</code></a>
Clean up</li>
<li>Additional commits viewable in <a
href="https://github.com/step-security/harden-runner/compare/c95a14d0e5bab51a9f56296a4eb0e416910cd350...cb605e52c26070c328afc4562f0b4ada7618a84e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.10.3&new-version=2.10.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-21 11:11:01 +00:00

86 lines
2.8 KiB
YAML

name: PR Deployment cleanup
on:
pull_request:
types: [opened, synchronize, reopened, closed]
permissions:
contents: read
env:
SERVER_IP: ${{ secrets.VPS_IP }} # Add this to your GitHub secrets
CLEANUP_PERFORMED: "false" # Add flag to track if cleanup occurred
jobs:
cleanup:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
if: github.event.action == 'closed'
steps:
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit
- name: Set up SSH
run: |
mkdir -p ~/.ssh/
echo "${{ secrets.VPS_SSH_KEY }}" > ../private.key
sudo chmod 600 ../private.key
- name: Cleanup PR deployment
id: cleanup
run: |
CLEANUP_STATUS=$(ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH'
if [ -d "/stirling/PR-${{ github.event.pull_request.number }}" ]; then
echo "Found PR directory, proceeding with cleanup..."
# Stop and remove containers
cd /stirling/PR-${{ github.event.pull_request.number }}
docker-compose down || true
# Go back to root before removal
cd /
# Remove PR-specific directories
rm -rf /stirling/PR-${{ github.event.pull_request.number }}
# Remove the Docker image
docker rmi --no-prune ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ github.event.pull_request.number }} || true
echo "PERFORMED_CLEANUP"
else
echo "PR directory not found, nothing to clean up"
echo "NO_CLEANUP_NEEDED"
fi
ENDSSH
)
if [[ $CLEANUP_STATUS == *"PERFORMED_CLEANUP"* ]]; then
echo "cleanup_performed=true" >> $GITHUB_OUTPUT
else
echo "cleanup_performed=false" >> $GITHUB_OUTPUT
fi
- name: Post cleanup notice to PR
if: steps.cleanup.outputs.cleanup_performed == 'true'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const { GITHUB_REPOSITORY } = process.env;
const [repoOwner, repoName] = GITHUB_REPOSITORY.split('/');
const prNumber = context.issue.number;
const commentBody = `## 🧹 Deployment Cleanup\n\n` +
`The test deployment for this PR has been cleaned up.`;
await github.rest.issues.createComment({
owner: repoOwner,
repo: repoName,
issue_number: prNumber,
body: commentBody
});