fix: soften private sync dispatch failures #15
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dispatch Private Website Sync | ||
|
Check failure on line 1 in .github/workflows/dispatch-private-sync.yml
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - docs/** | ||
| - skills/** | ||
| - assets/** | ||
| - CHANGELOG.md | ||
| - src/tools/index.ts | ||
| workflow_dispatch: | ||
| inputs: | ||
| public_ref: | ||
| description: "Public repo ref to sync from" | ||
| required: true | ||
| default: "main" | ||
| type: string | ||
| public_sha: | ||
| description: "Optional explicit public SHA" | ||
| required: false | ||
| type: string | ||
| permissions: | ||
| contents: read | ||
| concurrency: | ||
| group: dispatch-private-sync-${{ github.ref_name || 'manual' }} | ||
| cancel-in-progress: false | ||
| jobs: | ||
| dispatch: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Resolve dispatch payload | ||
| id: payload | ||
| shell: bash | ||
| env: | ||
| TARGET_REPO_VAR: ${{ vars.PRIVATE_WEBSITE_REPO }} | ||
| run: | | ||
| set -euo pipefail | ||
| target_repo="${TARGET_REPO_VAR:-freshtechbro/opendevbrowser-website-deploy}" | ||
| if [[ "${GITHUB_EVENT_NAME}" == "push" ]]; then | ||
| public_ref="${GITHUB_REF_NAME}" | ||
| public_sha="${GITHUB_SHA}" | ||
| else | ||
| public_ref="${{ inputs.public_ref }}" | ||
| public_sha="${{ inputs.public_sha }}" | ||
| if [[ -z "${public_sha}" ]]; then | ||
| public_sha="${GITHUB_SHA}" | ||
| fi | ||
| fi | ||
| payload=$(printf '{"public_repo":"%s","public_ref":"%s","public_sha":"%s","trigger":"%s"}' \ | ||
| "${GITHUB_REPOSITORY}" \ | ||
| "${public_ref}" \ | ||
| "${public_sha}" \ | ||
| "${GITHUB_EVENT_NAME}") | ||
| { | ||
| echo "target_repo=${target_repo}" | ||
| echo "public_ref=${public_ref}" | ||
| echo "public_sha=${public_sha}" | ||
| echo "client_payload=${payload}" | ||
| } >>"${GITHUB_OUTPUT}" | ||
| - name: Warn when dispatch token is missing | ||
| if: ${{ secrets.PRIVATE_REPO_DISPATCH_TOKEN == '' }} | ||
| run: | | ||
| echo "PRIVATE_REPO_DISPATCH_TOKEN is not configured; skipping private repo dispatch." | ||
| - name: Dispatch sync event to private repo | ||
| if: ${{ secrets.PRIVATE_REPO_DISPATCH_TOKEN != '' }} | ||
| shell: bash | ||
| env: | ||
| PRIVATE_REPO_DISPATCH_TOKEN: ${{ secrets.PRIVATE_REPO_DISPATCH_TOKEN }} | ||
| TARGET_REPO: ${{ steps.payload.outputs.target_repo }} | ||
| CLIENT_PAYLOAD: ${{ steps.payload.outputs.client_payload }} | ||
| run: | | ||
| set -euo pipefail | ||
| api_base="https://api.github.com/repos/${TARGET_REPO}" | ||
| response_file="$(mktemp)" | ||
| headers=( | ||
| -H "Authorization: Bearer ${PRIVATE_REPO_DISPATCH_TOKEN}" | ||
| -H "Accept: application/vnd.github+json" | ||
| -H "X-GitHub-Api-Version: 2022-11-28" | ||
| ) | ||
| repo_status=$(curl -sS -o "${response_file}" -w "%{http_code}" "${headers[@]}" "${api_base}") | ||
| case "${repo_status}" in | ||
| 200) | ||
| ;; | ||
| 401|403|404) | ||
| body="$(tr '\n' ' ' <"${response_file}")" | ||
| echo "::warning::Skipping private repo dispatch for ${TARGET_REPO}; token cannot access target repo (HTTP ${repo_status}). ${body}" | ||
| exit 0 | ||
| ;; | ||
| *) | ||
| echo "Unexpected response probing ${TARGET_REPO} (HTTP ${repo_status})." >&2 | ||
| cat "${response_file}" >&2 | ||
| exit 1 | ||
| ;; | ||
| esac | ||
| dispatch_payload="$(printf '{"event_type":"opendevbrowser_public_sync","client_payload":%s}' "${CLIENT_PAYLOAD}")" | ||
| dispatch_status=$(curl -sS -o "${response_file}" -w "%{http_code}" -X POST \ | ||
| "${headers[@]}" \ | ||
| "${api_base}/dispatches" \ | ||
| -d "${dispatch_payload}") | ||
| case "${dispatch_status}" in | ||
| 204) | ||
| echo "Private repo dispatch accepted for ${TARGET_REPO}." | ||
| ;; | ||
| 401|403|404) | ||
| body="$(tr '\n' ' ' <"${response_file}")" | ||
| echo "::warning::Skipping private repo dispatch for ${TARGET_REPO}; dispatch endpoint returned HTTP ${dispatch_status}. ${body}" | ||
| ;; | ||
| *) | ||
| echo "Private repo dispatch failed for ${TARGET_REPO} (HTTP ${dispatch_status})." >&2 | ||
| cat "${response_file}" >&2 | ||
| exit 1 | ||
| ;; | ||
| esac | ||