Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 56 additions & 11 deletions .github/workflows/dispatch-private-sync.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,16 +68,61 @@ jobs:
echo "client_payload=${payload}"
} >>"${GITHUB_OUTPUT}"

- name: Warn when dispatch token is missing
if: ${{ secrets.PRIVATE_REPO_DISPATCH_TOKEN == '' }}
- name: Dispatch sync event to private repo
shell: bash
env:
PRIVATE_REPO_DISPATCH_TOKEN: ${{ secrets.PRIVATE_REPO_DISPATCH_TOKEN }}
TARGET_REPO: ${{ steps.payload.outputs.target_repo }}
CLIENT_PAYLOAD: ${{ steps.payload.outputs.client_payload }}
run: |
echo "PRIVATE_REPO_DISPATCH_TOKEN is not configured; skipping private repo dispatch."
set -euo pipefail

- name: Dispatch sync event to private repo
if: ${{ secrets.PRIVATE_REPO_DISPATCH_TOKEN != '' }}
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.PRIVATE_REPO_DISPATCH_TOKEN }}
repository: ${{ steps.payload.outputs.target_repo }}
event-type: opendevbrowser_public_sync
client-payload: ${{ steps.payload.outputs.client_payload }}
if [[ -z "${PRIVATE_REPO_DISPATCH_TOKEN:-}" ]]; then
echo "PRIVATE_REPO_DISPATCH_TOKEN is not configured; skipping private repo dispatch."
exit 0
fi

api_base="https://api.github.com/repos/${TARGET_REPO}"
response_file="$(mktemp)"
headers=(
-H "Authorization: Bearer ${PRIVATE_REPO_DISPATCH_TOKEN}"
-H "Accept: application/vnd.github+json"
-H "X-GitHub-Api-Version: 2022-11-28"
)

repo_status=$(curl -sS -o "${response_file}" -w "%{http_code}" "${headers[@]}" "${api_base}")
case "${repo_status}" in
200)
;;
401|403|404)
body="$(tr '\n' ' ' <"${response_file}")"
echo "::warning::Skipping private repo dispatch for ${TARGET_REPO}; token cannot access target repo (HTTP ${repo_status}). ${body}"
exit 0
;;
*)
echo "Unexpected response probing ${TARGET_REPO} (HTTP ${repo_status})." >&2
cat "${response_file}" >&2
exit 1
;;
esac

dispatch_payload="$(printf '{"event_type":"opendevbrowser_public_sync","client_payload":%s}' "${CLIENT_PAYLOAD}")"
dispatch_status=$(curl -sS -o "${response_file}" -w "%{http_code}" -X POST \
"${headers[@]}" \
"${api_base}/dispatches" \
-d "${dispatch_payload}")

case "${dispatch_status}" in
204)
echo "Private repo dispatch accepted for ${TARGET_REPO}."
;;
401|403|404)
body="$(tr '\n' ' ' <"${response_file}")"
echo "::warning::Skipping private repo dispatch for ${TARGET_REPO}; dispatch endpoint returned HTTP ${dispatch_status}. ${body}"
;;
*)
echo "Private repo dispatch failed for ${TARGET_REPO} (HTTP ${dispatch_status})." >&2
cat "${response_file}" >&2
exit 1
;;
esac
1 change: 1 addition & 0 deletions docs/CUTOVER_CHECKLIST.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ Use this checklist when a public release changes mirrored docs, skills, assets,

- [ ] Merge or push the public docs/source update that should mirror into the private repo.
- [ ] Confirm `.github/workflows/dispatch-private-sync.yml` fired, or manually dispatch it with the intended `public_ref` and `public_sha`.
- [ ] If the workflow warns that `PRIVATE_REPO_DISPATCH_TOKEN` cannot access `PRIVATE_WEBSITE_REPO`, treat that as an infra credential issue, fix the token/repo access, and re-dispatch manually.
- [ ] Record the public SHA sent to the private repo.

## Private Repo Validation
Expand Down
1 change: 1 addition & 0 deletions docs/DISTRIBUTION_PLAN.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ Public repo no longer carries the `frontend/` application directory.
- publishes npm package and GitHub release assets
- `.github/workflows/dispatch-private-sync.yml`
- dispatches `repository_dispatch` to private website repo on docs/skills/assets/changelog/tool index updates
- warns and skips instead of failing the public push when the dispatch token is missing or cannot access the configured private repo
- `.github/workflows/chrome-store-publish.yml` (optional lane)
- manual Chrome Web Store upload/publish workflow

Expand Down
Loading