forked from cartsnitch/cartsnitch
Merge pull request 'ci: deploy-dev/deploy-uat: report success on infra-main approval gate (CAR-1212)' (#276) from betty/car-1212-approval-gate-exit0 into dev
This commit is contained in:
+40
-4
@@ -567,18 +567,36 @@ jobs:
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
echo "Opened cartsnitch/infra PR #${PR_NUM} (head=${BRANCH})"
|
echo "Opened cartsnitch/infra PR #${PR_NUM} (head=${BRANCH})"
|
||||||
|
# Request CTO (cs_savannah) review as the GitOps hand-off. Best-effort:
|
||||||
|
# log on non-2xx but never fail the job for this.
|
||||||
|
REVIEW_HTTP=$(curl -sS -o /dev/null -w '%{http_code}' -X POST \
|
||||||
|
-H "Authorization: token ${CI_GITEA_TOKEN}" \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
-d '{"reviewers":["cs_savannah"]}' \
|
||||||
|
"https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/requested_reviewers")
|
||||||
|
if [ "${REVIEW_HTTP}" -lt 200 ] || [ "${REVIEW_HTTP}" -ge 300 ]; then
|
||||||
|
echo "::notice::Failed to request reviewers for cartsnitch/infra PR #${PR_NUM} (HTTP ${REVIEW_HTTP}); continuing"
|
||||||
|
fi
|
||||||
MERGE_RESP=$(curl -sS -X POST \
|
MERGE_RESP=$(curl -sS -X POST \
|
||||||
-H "Authorization: token ${CI_GITEA_TOKEN}" \
|
-H "Authorization: token ${CI_GITEA_TOKEN}" \
|
||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
-d '{"Do":"merge","delete_branch_after_merge":true}' \
|
-d '{"Do":"merge","delete_branch_after_merge":true}' \
|
||||||
"https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/merge")
|
"https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/merge")
|
||||||
MERGED=$(echo "$MERGE_RESP" | jq -r '.merged // false')
|
MERGED=$(echo "$MERGE_RESP" | jq -r '.merged // false')
|
||||||
if [ "$MERGED" != "true" ]; then
|
if [ "$MERGED" = "true" ]; then
|
||||||
|
echo "PR #${PR_NUM} merged into cartsnitch/infra main"
|
||||||
|
elif echo "$MERGE_RESP" | grep -qi 'does not have enough approvals'; then
|
||||||
|
# GitOps approval gate: the PR is correctly opened and surfaces in
|
||||||
|
# the CTO queue via the reviewers request above. Treat as success
|
||||||
|
# (exit 0) so the deploy job does not hard-fail on the approvals
|
||||||
|
# requirement that only a human maintainer can satisfy.
|
||||||
|
echo "::notice::infra PR #${PR_NUM} opened and awaiting CTO (cs_savannah) approve+merge — GitOps approval gate, not a failure"
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
echo "::error::Auto-merge of cartsnitch/infra PR #${PR_NUM} failed: $MERGE_RESP"
|
echo "::error::Auto-merge of cartsnitch/infra PR #${PR_NUM} failed: $MERGE_RESP"
|
||||||
echo "::error::Reassign to cs_savannah (authorized merger for cartsnitch/infra main) for backstop merge."
|
echo "::error::Reassign to cs_savannah (authorized merger for cartsnitch/infra main) for backstop merge."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
echo "PR #${PR_NUM} merged into cartsnitch/infra main"
|
|
||||||
|
|
||||||
deploy-uat:
|
deploy-uat:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
@@ -693,15 +711,33 @@ jobs:
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
echo "Opened cartsnitch/infra PR #${PR_NUM} (head=${BRANCH})"
|
echo "Opened cartsnitch/infra PR #${PR_NUM} (head=${BRANCH})"
|
||||||
|
# Request CTO (cs_savannah) review as the GitOps hand-off. Best-effort:
|
||||||
|
# log on non-2xx but never fail the job for this.
|
||||||
|
REVIEW_HTTP=$(curl -sS -o /dev/null -w '%{http_code}' -X POST \
|
||||||
|
-H "Authorization: token ${CI_GITEA_TOKEN}" \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
-d '{"reviewers":["cs_savannah"]}' \
|
||||||
|
"https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/requested_reviewers")
|
||||||
|
if [ "${REVIEW_HTTP}" -lt 200 ] || [ "${REVIEW_HTTP}" -ge 300 ]; then
|
||||||
|
echo "::notice::Failed to request reviewers for cartsnitch/infra PR #${PR_NUM} (HTTP ${REVIEW_HTTP}); continuing"
|
||||||
|
fi
|
||||||
MERGE_RESP=$(curl -sS -X POST \
|
MERGE_RESP=$(curl -sS -X POST \
|
||||||
-H "Authorization: token ${CI_GITEA_TOKEN}" \
|
-H "Authorization: token ${CI_GITEA_TOKEN}" \
|
||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
-d '{"Do":"merge","delete_branch_after_merge":true}' \
|
-d '{"Do":"merge","delete_branch_after_merge":true}' \
|
||||||
"https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/merge")
|
"https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/merge")
|
||||||
MERGED=$(echo "$MERGE_RESP" | jq -r '.merged // false')
|
MERGED=$(echo "$MERGE_RESP" | jq -r '.merged // false')
|
||||||
if [ "$MERGED" != "true" ]; then
|
if [ "$MERGED" = "true" ]; then
|
||||||
|
echo "PR #${PR_NUM} merged into cartsnitch/infra main"
|
||||||
|
elif echo "$MERGE_RESP" | grep -qi 'does not have enough approvals'; then
|
||||||
|
# GitOps approval gate: the PR is correctly opened and surfaces in
|
||||||
|
# the CTO queue via the reviewers request above. Treat as success
|
||||||
|
# (exit 0) so the deploy job does not hard-fail on the approvals
|
||||||
|
# requirement that only a human maintainer can satisfy.
|
||||||
|
echo "::notice::infra PR #${PR_NUM} opened and awaiting CTO (cs_savannah) approve+merge — GitOps approval gate, not a failure"
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
echo "::error::Auto-merge of cartsnitch/infra PR #${PR_NUM} failed: $MERGE_RESP"
|
echo "::error::Auto-merge of cartsnitch/infra PR #${PR_NUM} failed: $MERGE_RESP"
|
||||||
echo "::error::Reassign to cs_savannah (authorized merger for cartsnitch/infra main) for backstop merge."
|
echo "::error::Reassign to cs_savannah (authorized merger for cartsnitch/infra main) for backstop merge."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
echo "PR #${PR_NUM} merged into cartsnitch/infra main"
|
|
||||||
|
|||||||
Reference in New Issue
Block a user