diff --git a/.github/workflows/sync-staging-repo-files.yml b/.github/workflows/sync-staging-repo-files.yml
index ceed55d3c9e0..736d8cf07b3c 100644
--- a/.github/workflows/sync-staging-repo-files.yml
+++ b/.github/workflows/sync-staging-repo-files.yml
@@ -13,7 +13,8 @@ on:
- 'src/deployments/staging/.github/**'
- 'src/deployments/staging/Dockerfile'
- 'src/deployments/staging/.env.example'
- - 'src/deployments/staging/README.example.md'
+ - 'src/deployments/staging/README.staging.md'
+ - 'src/deployments/staging/ownership.yaml'
- 'src/deployments/staging/config/**'
permissions:
@@ -47,18 +48,21 @@ jobs:
id: generate-repos
run: |
NUMBER_OF_REPOS=${{ steps.read-config.outputs.number_of_repos }}
+ # Since we use 0-based index e.g. docs-staging-0, we need to subtract 1
+ END=$((NUMBER_OF_REPOS - 1))
repos=()
- for i in $(seq 0 $NUMBER_OF_REPOS); do
+ for i in $(seq 0 $END); do
repos+=("{\"repo\": \"github/docs-staging-$i\", \"index\": $i}")
done
json_repos=$(printf '%s\n' "${repos[@]}" | jq -s -c .)
echo "repos=$json_repos" >> $GITHUB_OUTPUT
- - name: Set matrix output with repo and index
+ - name: Set matrix
id: set-matrix
run: |
- repos=${{ steps.generate-repos.outputs.repos }}
- echo "matrix={\"include\": $repos}" >> $GITHUB_OUTPUT
+ echo "matrix={\"include\": $REPOS}" >> $GITHUB_OUTPUT
+ env:
+ REPOS: ${{ steps.generate-repos.outputs.repos }}
- uses: ./.github/actions/slack-alert
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
@@ -77,17 +81,20 @@ jobs:
- name: Checkout source repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
- fetch-depth: 0
+ # Only need latest commits to sync with
+ fetch-depth: 2
- name: Checkout target repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: ${{ matrix.repo }}
- token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
+ token: ${{ secrets.DOCS_BOT_PAT_WORKFLOW }}
path: target_repo
- fetch-depth: 0
+ fetch-depth: 2
- name: Synchronize files to target repo
+ env:
+ INDEX: ${{ matrix.index }}
run: |
# Create necessary directories if they DNE
mkdir -p target_repo/build-scripts
@@ -111,11 +118,14 @@ jobs:
cp src/deployments/staging/.env.example target_repo/.env
fi
- # Conditional copy for README.md if not present
- if [ ! -f target_repo/README.md ]; then
- cp src/deployments/staging/README.example.md target_repo/README.md
+ # Only copy README.md for non-review servers e.g. index >= 2
+ if [ "$INDEX" -ge 2 ]; then
+ cp src/deployments/staging/README.staging.md target_repo/README.md
fi
+ # Copy ownership.yaml
+ cp src/deployments/staging/ownership.yaml target_repo/ownership.yaml
+
- name: Install jq
run: sudo apt-get update && sudo apt-get install -y jq
@@ -146,17 +156,36 @@ jobs:
# If any files still contain {{x}}, replace them with the current index
find target_repo -type f -exec sed -i "s/{{x}}/$INDEX/g" {} +
- - name: Commit and push changes
+ - name: Commit Changes to new branch
+ id: commit_changes
run: |
+ BRANCH_NAME=sync-staging-files-${{ github.run_id }}
cd target_repo
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
+ git checkout -b $BRANCH_NAME
git add .
- # If there are changes, commit and push
if ! git diff --cached --quiet; then
- git commit -m "Synchronize files from source repository with index ${{ matrix.index }}"
- git push
+ git commit -m "Synchronize files from source repository with docs-staging-${{ matrix.index }}"
+ git push origin $BRANCH_NAME
fi
+ echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_OUTPUT
+
+ # We want to create a PR instead of committing directly in order to trigger a deployment
+ - name: Create Pull Request
+ id: create_pr
+ env:
+ GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
+ run: |
+ cd target_repo
+ PR_URL=$(gh pr create \
+ --title "Sync files from docs-internal" \
+ --body "This PR synchronized the files of this repo with the source of truth files in doc-internal. The PR should automatically merge, if it doesn't please fix files in docs-internal so that the fix is applied to every docs-staging-x repo." \
+ --base main \
+ --head ${{ steps.commit_changes.outputs.BRANCH_NAME }} \
+ )
+ # Enable auto-merge on PR
+ gh pr merge $PR_URL --auto --squash
- uses: ./.github/actions/slack-alert
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
diff --git a/.github/workflows/update-docs-staging-x-repo.yml b/.github/workflows/update-docs-staging-x-repo.yml
index 4d9693d5c3e4..352560d94e2d 100644
--- a/.github/workflows/update-docs-staging-x-repo.yml
+++ b/.github/workflows/update-docs-staging-x-repo.yml
@@ -18,7 +18,7 @@ on:
types: [labeled]
permissions:
- contents: read
+ contents: write
jobs:
dispatch-sha:
@@ -72,6 +72,13 @@ jobs:
# Get the commit SHA from the pull request head
COMMIT_SHA="${{ github.event.pull_request.head.sha }}"
+ # Update the docs-staging-x branch to the latest SHA from the PR branch
+ git config user.name "github-actions[bot]"
+ git config user.email "github-actions[bot]@users.noreply.github.com"
+ git checkout docs-staging-$STAGING_NUMBER || { echo "Failed to checkout docs-staging-$STAGING_NUMBER"; exit 1; }
+ git reset --hard $COMMIT_SHA || { echo "Git reset failed"; exit 1; }
+ git push origin docs-staging-$STAGING_NUMBER --force || { echo "Git push failed"; exit 1; }
+
else
echo "Event type $EVENT_TYPE not supported."
echo "should_dispatch=false" >> $GITHUB_OUTPUT
diff --git a/src/deployments/staging/.github/workflows/deploy-on-repo-dispatch.yml b/src/deployments/staging/.github/workflows/deploy-on-repo-dispatch.yml
index 6d22400ee493..72e8dbfb8ac6 100644
--- a/src/deployments/staging/.github/workflows/deploy-on-repo-dispatch.yml
+++ b/src/deployments/staging/.github/workflows/deploy-on-repo-dispatch.yml
@@ -22,51 +22,55 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
- fetch-depth: 0 # Ensure full history for PR creation
+ fetch-depth: 2
- # Extract SHA from the dispatch payload
+ # Extract SHA from the dispatch payload and set it as an output
- name: Set SHA from Payload
id: set_sha
- run: echo "SHA=${{ github.event.client_payload.SHA }}" >> $GITHUB_ENV
+ run: echo "SHA=${{ github.event.client_payload.SHA }}" >> $GITHUB_OUTPUT
# Update the .env file with the new SHA
- name: Update .env File
run: |
+ SHA=${{ steps.set_sha.outputs.SHA }}
if grep -q "^SHA=" .env; then
sed -i "s/^SHA=.*/SHA=${SHA}/" .env
else
echo "SHA=${SHA}" >> .env
+ fi
- name: Commit Changes to new branch
+ id: commit_changes
run: |
BRANCH_NAME=update-sha-${{ github.run_id }}
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git checkout -b $BRANCH_NAME
git add .env
- git commit -m "Update SHA to ${{ env.SHA }}"
- echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
+ git commit -m "Update SHA to ${{ steps.set_sha.outputs.SHA }}"
+ echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_OUTPUT
- name: Push Branch
- run: git push origin ${{ env.BRANCH_NAME }}
+ run: git push origin ${{ steps.commit_changes.outputs.BRANCH_NAME }}
+ # Create a Pull Request and set the PR URL as an output
- name: Create Pull Request
id: create_pr
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PR_URL=$(gh pr create \
- --title "Update SHA to ${{ env.SHA }}" \
- --body "This PR updates the SHA in the \`.env\` file to \`${{ env.SHA }}\`." \
+ --title "Update SHA to ${{ steps.set_sha.outputs.SHA }}" \
+ --body "This PR updates the SHA in the \`.env\` file to \`${{ steps.set_sha.outputs.SHA }}\`." \
--base main \
- --head ${{ env.BRANCH_NAME }} \
- --json url \
- --jq .url)
- echo "PR_URL=$PR_URL" >> $GITHUB_ENV
+ --head ${{ steps.commit_changes.outputs.BRANCH_NAME }} \
+ )
+ echo "PR_URL=${PR_URL}" >> $GITHUB_OUTPUT
+ # Merge the Pull Request
- name: Merge Pull Request
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
- PR_NUMBER=$(gh pr view $PR_URL --json number --jq .number)
- gh pr merge $PR_NUMBER --merge --delete-branch --auto --squash --yes
+ PR_NUMBER=$(gh pr view ${{ steps.create_pr.outputs.PR_URL }} --json number --jq .number)
+ gh pr merge $PR_NUMBER --auto --squash
diff --git a/src/deployments/staging/.github/workflows/moda-ci.yaml b/src/deployments/staging/.github/workflows/moda-ci.yaml
new file mode 100644
index 000000000000..c7c0dc462d9c
--- /dev/null
+++ b/src/deployments/staging/.github/workflows/moda-ci.yaml
@@ -0,0 +1,95 @@
+name: docs-staging-{{x}} Moda CI
+
+# More info on CI actions setup can be found here:
+# https://github.com/github/ops/blob/master/docs/playbooks/build-systems/moving-moda-apps-from-bp-to-actions.md
+
+on:
+ workflow_dispatch:
+ push:
+ branches-ignore:
+ - 'gh-readonly-queue/**'
+ merge_group:
+ types: [checks_requested]
+
+jobs:
+ ##########################
+ # Add DOCS_BOT_PAT_READPUBLICKEY to vault-keys
+ ##########################
+ set-vault-keys:
+ runs-on: ubuntu-latest
+ outputs:
+ modified_vault_keys: ${{ steps.modify_vault_keys.outputs.modified }}
+ steps:
+ - name: Set vault-keys output
+ id: modify_vault_keys
+ run: |
+ if [ -z "${{ vars.VAULT_KEYS }}" ]; then
+ echo "modified=DOCS_BOT_PAT_READPUBLICKEY" >> $GITHUB_OUTPUT
+ else
+ echo "modified=${{ vars.VAULT_KEYS }},DOCS_BOT_PAT_READPUBLICKEY" >> $GITHUB_OUTPUT
+ fi
+
+ #############
+ # Moda jobs
+ #############
+ moda-config-bundle:
+ name: ${{ matrix.ci_job.job }}
+ needs: set-vault-keys
+ strategy:
+ fail-fast: false
+ matrix:
+ ci_job: [{ 'job': 'docs-staging-{{x}}-moda-config-bundle' }]
+ uses: github/internal-actions/.github/workflows/moda.yml@main
+ with:
+ ci-formatted-job-name: ${{ matrix.ci_job.job }}
+ vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }}
+ secrets:
+ dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}
+ datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
+
+ #############
+ # Docker Image jobs
+ #############
+ docker-image:
+ name: ${{ matrix.ci_job.job }}
+ needs: set-vault-keys
+ strategy:
+ fail-fast: false
+ matrix:
+ ci_job: [{ 'job': 'docs-staging-{{x}}-docker-image' }]
+ uses: github/internal-actions/.github/workflows/kube.yml@main
+ with:
+ ci-formatted-job-name: ${{ matrix.ci_job.job }}
+ # Fetches the 'DOCS_BOT_PAT_READPUBLICKEY' secret from Vault to pass to the docker build environment as --secret id=DOCS_BOT_PAT_READPUBLICKEY,src=$(cat DOCS_BOT_PAT_READPUBLICKEY)
+ vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }}
+ docker-build-env-secrets: 'DOCS_BOT_PAT_READPUBLICKEY'
+ secrets:
+ dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}
+ datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
+
+ #############
+ # Docker Security jobs
+ #############
+ docker-security:
+ name: ${{ matrix.ci_job.job }}
+ needs: set-vault-keys
+ strategy:
+ fail-fast: false
+ matrix:
+ ci_job: [{ 'job': 'docs-staging-{{x}}-docker-security' }]
+ uses: github/internal-actions/.github/workflows/docker_security.yml@main
+ with:
+ ci-formatted-job-name: ${{ matrix.ci_job.job }}
+ # Fetches the 'DOCS_BOT_PAT_READPUBLICKEY' secret from Vault to pass to the docker build environment as --secret id=DOCS_BOT_PAT_READPUBLICKEY,src=$(cat DOCS_BOT_PAT_READPUBLICKEY)
+ vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }}
+ docker-build-env-secrets: 'DOCS_BOT_PAT_READPUBLICKEY'
+ secrets:
+ dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}
+ datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
+
+permissions:
+ actions: read
+ checks: read
+ contents: read
+ statuses: read
+ id-token: write
diff --git a/src/deployments/staging/README.example.md b/src/deployments/staging/README.example.md
deleted file mode 100644
index 9a00b81eb635..000000000000
--- a/src/deployments/staging/README.example.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# Staging {{x}}
-
-This is the staging repo and corresponding Moda deployment for the GitHub Docs {{x}} staging server.
-
-> [!NOTE]
-> Do not change any file other than `.env` and `README.md` in this repo. Instead, change the files in [src/deployments/staging of docs-internal](https://github.com/github/docs-internal/tree/main/src/staging/deployments/README.md) which will cascade update the files in each `docs-staging-X` repo (apart from `README.md` and `.env`).
-
-**URL:** https://docs-staging-{{x}}.github.com
-
-**Docs**: [src/deployments/staging of docs-internal](https://github.com/github/docs-internal/tree/main/src/staging/deployments/README.md)
-
-The contents of this repo are kept in a one-directional sync with the contents of `src/deployments/staging` in the [docs-internal](https://github.com/github/docs-internal) repo, where `src/deployments/staging` from `docs-internal` is the source and this repo is the destination.
diff --git a/src/deployments/staging/README.md b/src/deployments/staging/README.md
index 42ad149f63c6..7c2f967ff4c9 100644
--- a/src/deployments/staging/README.md
+++ b/src/deployments/staging/README.md
@@ -26,7 +26,7 @@ The dedicated review servers are deployed in a similar fashion that the staging
Each staging server requires its own `github/` repo in order to deploy to Moda in the form of `github/docs-staging-X` where X is the number of that staging server e.g. `github/docs-staging-0` or `github/docs-staging-1`.
-The URLs of the staging servers also follow this pattern, `docs-staging-x.github.net`, e.g. `docs-staging-2.github.net`
+The URLs of the staging servers also follow this pattern, `https://docs-staging-{{x}}.service.iad.github.net`, e.g. `https://docs-staging-2.service.iad.github.net`
With the exception of the first 2 which are our review servers:
@@ -37,10 +37,13 @@ Ideally there should always be enough staging servers for each developer on the
So we have 8 dedicated staging servers, `docs-staging-{2-9}`:
-- `docs-staging-2` -> https://docs-staging-2.github.net
-- `docs-staging-3` -> https://docs-staging-3.github.net
+- `docs-staging-2` -> https://docs-staging-2.service.iad.github.net
+- `docs-staging-3` -> https://docs-staging-3.service.iad.github.net
- etc
-- `docs-staging-9` -> https://docs-staging-9.github.net
+- `docs-staging-9` -> https://docs-staging-9.service.iad.github.net
+
+> [!NOTE]
+> [Developer VPN](https://thehub.github.com/security/security-operations/developer-vpn-access/) access is required to view a staging server. Initial set up takes some work, but connecting to it after it's configured is rather simple.
## How do staging deploys work from docs-internal?
@@ -60,7 +63,7 @@ sequenceDiagram
WF2->WF2: 1. Extracts SHA from `repository_dispatch` event
2. Updates `.env` in docs-staging-x with SHA value
3. Auto-merges the PR into docs-staging-x
WF2->MD: Auto-merge kicks off Moda deploy
MD->MD: Dockerfile build clones docs-internal code from SHA target set in `.env`
- note over MD: Deployed to
`docs-staging-X.github.net`
+ note over MD: Deployed to
`https://docs-staging-{{x}}.service.iad.github.net`
```
Whenever a developer pushes code to a staging branch in `docs-internal`, e.g. `docs-staging-2`, a pipeline begins with the final result being a staging server running with the latest changes from that branch. See the above diagram, or read below for a textual explanation.
@@ -81,13 +84,14 @@ The pipeline is as follows:
1. The PR merge kicks off an automatic Moda deploy for the `docs-staging-X` server.
-1. At build time, the [Dockerfile](./Dockerfile) clones the `SHA` from `docs-internal` and builds, runs, and deploys it to https://docs-staging-X.github.net which is only accessible behind the devvpn.
+1. At build time, the [Dockerfile](./Dockerfile) clones the `SHA` from `docs-internal` and builds, runs, and deploys it to `https://docs-staging-{{x}}.service.iad.github.net` which is only accessible behind the [Developer VPN](https://thehub.github.com/security/security-operations/developer-vpn-access/).
## How do review server deploys work from docs-internal?
The process is very similar to the process in the previous section for staging servers. The differences are as follows:
1. Review servers live in:
+
1. Repo [docs-staging-0](https://github.com/github/doc-staging-0) (internal) @ https://docs-review.github.com
1. Repo [docs-staging-1](https://gthub.com/github/doc-staging-1) (external) @ https://os-docs-review.github.com
diff --git a/src/deployments/staging/README.staging.md b/src/deployments/staging/README.staging.md
new file mode 100644
index 000000000000..e8c6df4911dd
--- /dev/null
+++ b/src/deployments/staging/README.staging.md
@@ -0,0 +1,38 @@
+# docs-staging-{{x}}
+
+This is the staging repo and corresponding Moda deployment for the GitHub Docs {{x}} staging server.
+
+The contents of this repo are kept in a one-directional sync with the contents of `src/deployments/staging` in the [docs-internal](https://github.com/github/docs-internal) repo, where `src/deployments/staging` from `docs-internal` is the source and this repo is the destination.
+
+> [!NOTE]
+> Do not change any file other than `.env` in this repo. Instead, change the files in [src/deployments/staging of docs-internal](https://github.com/github/docs-internal/tree/main/src/staging/deployments/README.md) which will cascade update the files in each `docs-staging-X` repo (except `.env`).
+
+**URL:** https://docs-staging-{{x}}.service.iad.github.net (can only be accessed behind [Developer VPN](https://thehub.github.com/security/security-operations/developer-vpn-access/))
+
+**Docs**: [src/deployments/staging of docs-internal](https://github.com/github/docs-internal/tree/main/src/deployments/staging/README.md)
+
+## Speed up automatic deploys
+
+When you push to the `docs-staging-{{x}}` branch or add the `docs-staging-{{x}}` label on an open PR, it will kick off an automated process that will open a PR in this repo, and then merge it via the merge queue which will trigger an automatic deployment.
+
+If you begin the above process, and don't want to wait for the slow merge queue process, you can bypass the merge queue and force merge the PR, then in the `#docs-ops` Slack channel you can write,
+
+```
+.deploy docs-staging-{{x}}/main to staging --ignore-required-pipeline
+```
+
+To trigger a staging deploy.
+
+## Manually deploy any docs-internal branch
+
+Adjust the `STAGING_BRANCH` and `SHA` to match a branch + SHA in `docs-internal`. Make sure _both_ values are set.
+
+Make the change to `.env` in a new branch, say `manual-deploy-docs-staging-{{x}}`
+
+Then in the `#docs-ops` Slack channel,
+
+```
+.deploy docs-staging-{{x}}/manual-deploy-docs-staging-{{x}} to staging --ignore-required-pipeline
+```
+
+However, make sure not to merge your `manual-deploy-docs-staging-{{x}}` branch into `main` since it will break automatic staging deploys. Instead, keep it separate and update the `STAGING_BRANCH` and `SHA` as needed.
\ No newline at end of file
diff --git a/src/deployments/staging/build-scripts/fetch-repos.sh b/src/deployments/staging/build-scripts/fetch-repos.sh
index 9408da09cf16..877d13d0a21f 100644
--- a/src/deployments/staging/build-scripts/fetch-repos.sh
+++ b/src/deployments/staging/build-scripts/fetch-repos.sh
@@ -26,20 +26,6 @@ clone_or_use_cached_repo "repo" "docs-internal" "$STAGING_BRANCH" "$SHA"
# Clone other repo from the root of docs-internal
cd repo
-
-# - - - - - - - - - -
-# Early access
-# - - - - - - - - - -
-. ../build-scripts/determine-early-access-branch.sh
-echo "EARLY_ACCESS_BRANCH is set to '${EARLY_ACCESS_BRANCH}'"
-clone_or_use_cached_repo "docs-early-access" "docs-early-access" "$EARLY_ACCESS_BRANCH" ""
-# - - - - - - - - - -
-# !Important!
-# - - - - - - - - - -
-# Note that we use ../build-script instead of the merge-early-access script in the docs-internal that we checked out
-# This is for security. We don't want to run user-supplied code for the build step
-. ../build-scripts/merge-early-access.sh
-
# - - - - - - - - - -
# Clone the translations repos
# - - - - - - - - - -
diff --git a/src/deployments/staging/config.json b/src/deployments/staging/config.json
index af266a1ee425..14032004171e 100644
--- a/src/deployments/staging/config.json
+++ b/src/deployments/staging/config.json
@@ -3,7 +3,7 @@
"server_domain_name": {
"internal": "docs-review.github.com",
"external": "os-docs-review.github.com",
- "docs-staging-x": "docs-staging-{{x}}.github.net"
+ "docs-staging-x": "docs-staging-2.service.%region%.github.net"
},
"load_balancer_type": {
"internal": "public-external-http",
diff --git a/src/deployments/staging/config/kubernetes/staging/services/webapp.yaml b/src/deployments/staging/config/kubernetes/staging/services/webapp.yaml
index d9a1c4431556..167014f23bb2 100644
--- a/src/deployments/staging/config/kubernetes/staging/services/webapp.yaml
+++ b/src/deployments/staging/config/kubernetes/staging/services/webapp.yaml
@@ -6,7 +6,6 @@ metadata:
service: webapp
annotations:
moda.github.net/domain-name: '{{server_domain_name}}'
- moda.github.net/dns-registration-enabled: 'false'
moda.github.net/load-balancer-type: '{{load_balancer_type}}'
spec:
ports:
diff --git a/src/deployments/staging/config/moda/deployment.yaml b/src/deployments/staging/config/moda/deployment.yaml
index 03702830b043..0e9f488cfd5a 100644
--- a/src/deployments/staging/config/moda/deployment.yaml
+++ b/src/deployments/staging/config/moda/deployment.yaml
@@ -1,13 +1,33 @@
-required_builds:
- - docs-staging-{{x}}-moda-config-bundle / docs-staging-{{x}}-moda-config-bundle
- - docs-staging-{{x}}-docker-image / docs-staging-{{x}}-docker-image
- - docs-staging-{{x}}-docker-security / docs-staging-{{x}}-docker-security
+# Deploy configuration reference: https://thehub.github.com/epd/engineering/products-and-services/internal/moda/reference/deployment-yaml/
+
environments:
- name: staging
- auto_deploy: true
+ require_pipeline: true
cluster_selector:
profile: general
region: iad
+
+required_builds:
+ - docs-staging-{{x}}-moda-config-bundle / docs-staging-{{x}}-moda-config-bundle
+ - docs-staging-{{x}}-docker-image / docs-staging-{{x}}-docker-image
+ - docs-staging-{{x}}-docker-security / docs-staging-{{x}}-docker-security
+
+# Make the pipeline start automatically when a PR is enqueued
+auto_start_pipeline: staging_rollout
+
+pipelines:
+ staging_rollout:
+ thread_notifications: true
+ notify_users_via_dm: false
+ timeout: 1200
+ stages:
+ - name: full_staging
+ kind: deployment
+ start_message: We are now going to deploy {{app}}/{{ref}}! Please pause or cancel the pipeline after the deploy if you want more time before auto-merging your pull request(s).
+ config:
+ environment: staging
+ timeout: 1200
+
notifications:
slack_channels:
- '#docs-ops'
diff --git a/src/deployments/staging/ownership.yaml b/src/deployments/staging/ownership.yaml
new file mode 100644
index 000000000000..942f703ba39b
--- /dev/null
+++ b/src/deployments/staging/ownership.yaml
@@ -0,0 +1,25 @@
+---
+version: 1
+ownership:
+ # ownership.yaml describes who is responsible for a service, and how to contact them. If your service is made up
+ # of multiple components, you can define multiple entries in this file.
+ #
+ # Additional documentation on ownership.yaml fields is available at: https://thehub.github.com/engineering/products/service-catalog/service-ownership/#attributes-of-durable-ownership
+ - team: github/docs-engineering
+ repo: https://github.com/github/docs-staging-{{x}}
+ name: docs-staging-{{x}}
+ kind: moda
+ long_name: Docs Staging {{x}}
+ description: The \#{{x}} staging app for GitHub Docs.
+ exec_sponsor: nerdneha
+ maintainer: ebonsignori
+ qos: best_effort
+ tier: 3
+ sev2:
+ issue: https://github.com/github/docs-engineering/issues/
+ tta: 1w
+ sev3:
+ slack: docs-alerts
+ tta: 1d
+ dependencies:
+ - docs