Upgrade to Node.js 24 and modernize dependencies with Jest 30 test isolation fix, TypeScript 5.9.2, and comprehensive GitHub Actions compatibility #17
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- # yamllint disable rule:line-length | |
| name: "Preview Deployment" | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| packages: write | |
| pull-requests: write | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_PREFIX: ghcr.io/${{ github.repository_owner }} | |
| jobs: | |
| set-tag: | |
| name: "Determine Tag" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| tag: ${{ steps.set-tag.outputs.tag }} | |
| steps: | |
| - name: Set output tag | |
| id: set-tag | |
| run: | | |
| if [ "${{ github.event_name }}" == "pull_request" ]; then | |
| echo "tag=pr-${{ github.event.number }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT | |
| fi | |
| build-and-publish: | |
| name: "Build and Publish Preview Images" | |
| runs-on: ubuntu-latest | |
| needs: set-tag | |
| strategy: | |
| matrix: | |
| component: | |
| - wrongsecrets-balancer | |
| - cleaner | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_PREFIX }}/${{ matrix.component }} | |
| tags: | | |
| type=raw,value=${{ needs.set-tag.outputs.tag }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./${{ matrix.component }} | |
| file: ./${{ matrix.component }}/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| generate-preview-instructions: | |
| name: "Generate Preview Instructions" | |
| runs-on: ubuntu-latest | |
| needs: [set-tag, build-and-publish] | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Install yq | |
| run: | | |
| sudo snap install yq | |
| - name: Generate preview values | |
| id: values | |
| run: | | |
| # Create a preview values file | |
| cat > preview-values.yaml << EOF | |
| balancer: | |
| repository: ${{ env.IMAGE_PREFIX }}/wrongsecrets-balancer | |
| tag: ${{ needs.set-tag.outputs.tag }} | |
| wrongsecretsCleanup: | |
| repository: ${{ env.IMAGE_PREFIX }}/cleaner | |
| tag: ${{ needs.set-tag.outputs.tag }} | |
| # Preview configuration | |
| ingress: | |
| enabled: true | |
| hosts: | |
| - host: >- | |
| preview-${{ needs.set-tag.outputs.tag }}.wrongsecrets.local | |
| paths: | |
| - "/" | |
| EOF | |
| # Output the content for use in the comment | |
| echo "values<<EOF" >> $GITHUB_OUTPUT | |
| cat preview-values.yaml >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: Create deployment instructions | |
| id: instructions | |
| run: | | |
| # yamllint disable rule:line-length | |
| cat > instructions.md << 'EOF' | |
| ## 🚀 Preview Deployment Ready! | |
| Your pull request has been built and is ready for preview deployment. | |
| Here's how to test your changes: | |
| ### Container Images Built | |
| - **Balancer**: `${{ env.IMAGE_PREFIX }}/wrongsecrets-balancer:${{ needs.set-tag.outputs.tag }}` | |
| - **Cleaner**: `${{ env.IMAGE_PREFIX }}/cleaner:${{ needs.set-tag.outputs.tag }}` | |
| ### Quick Deploy with Helm | |
| ```bash | |
| # Add the wrongsecrets helm repository | |
| helm repo add wrongsecrets https://owasp.org/wrongsecrets-ctf-party | |
| helm repo update | |
| # Deploy with preview images | |
| helm install my-preview wrongsecrets/wrongsecrets-ctf-party \ | |
| --set balancer.repository=${{ env.IMAGE_PREFIX }}/wrongsecrets-balancer \ | |
| --set balancer.tag=${{ needs.set-tag.outputs.tag }} \ | |
| --set wrongsecretsCleanup.repository=${{ env.IMAGE_PREFIX }}/cleaner \ | |
| --set wrongsecretsCleanup.tag=${{ needs.set-tag.outputs.tag }} \ | |
| --set imagePullPolicy=Always | |
| # Port forward to access locally | |
| kubectl port-forward service/wrongsecrets-balancer 3000:3000 | |
| ``` | |
| ### Deploy with Custom Values | |
| <details> | |
| <summary>Click to see preview-values.yaml</summary> | |
| ```yaml | |
| ${{ steps.values.outputs.values }} | |
| ``` | |
| </details> | |
| ```bash | |
| # Save the above values to preview-values.yaml, then: | |
| helm install my-preview wrongsecrets/wrongsecrets-ctf-party \ | |
| -f preview-values.yaml | |
| ``` | |
| ### Deploy with Local Build Scripts | |
| ```bash | |
| # Clone this PR | |
| git fetch origin pull/${{ github.event.number }}/head:pr-${{ github.event.number }} | |
| git checkout pr-${{ github.event.number }} | |
| # Use the existing deployment script with custom images | |
| ./build-and-deploy.sh | |
| ``` | |
| ### Test the Changes | |
| 1. Access the application at http://localhost:3000 | |
| 2. Create a team and verify functionality | |
| 3. Test any new features or bug fixes | |
| ### Container Registry | |
| The preview images are available at: | |
| - https://github.com/${{ github.repository_owner }}/wrongsecrets-ctf-party/pkgs/container/wrongsecrets-balancer | |
| - https://github.com/${{ github.repository_owner }}/wrongsecrets-ctf-party/pkgs/container/cleaner | |
| --- | |
| *This preview was automatically generated for PR #${{ github.event.number }}* | |
| EOF | |
| # yamllint enable rule:line-length | |
| echo "content<<EOF" >> $GITHUB_OUTPUT | |
| cat instructions.md >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: Comment on PR | |
| uses: actions/github-script@v7 | |
| env: | |
| INSTRUCTIONS_CONTENT: ${{ steps.instructions.outputs.content }} | |
| with: | |
| script: | | |
| const { owner, repo } = context.repo; | |
| const issue_number = context.issue.number; | |
| // Find existing preview comment | |
| const comments = await github.rest.issues.listComments({ | |
| owner, | |
| repo, | |
| issue_number, | |
| }); | |
| const existingComment = comments.data.find(comment => | |
| comment.user.login === 'github-actions[bot]' && | |
| comment.body.includes('🚀 Preview Deployment Ready!') | |
| ); | |
| const body = process.env.INSTRUCTIONS_CONTENT; | |
| if (existingComment) { | |
| // Update existing comment | |
| await github.rest.issues.updateComment({ | |
| owner, | |
| repo, | |
| comment_id: existingComment.id, | |
| body | |
| }); | |
| } else { | |
| // Create new comment | |
| await github.rest.issues.createComment({ | |
| owner, | |
| repo, | |
| issue_number, | |
| body | |
| }); | |
| } | |
| notify-main-branch: | |
| name: "Notify Main Branch Build" | |
| runs-on: ubuntu-latest | |
| needs: [set-tag, build-and-publish] | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Create main branch notification | |
| run: | | |
| # yamllint disable rule:line-length | |
| echo "## 🚀 Main Branch Preview Images Updated!" | |
| echo "" | |
| echo "New preview images have been built for the main branch:" | |
| echo "" | |
| echo "- **Balancer**: \`${{ env.IMAGE_PREFIX }}/wrongsecrets-balancer:${{ needs.set-tag.outputs.tag }}\`" | |
| echo "- **Cleaner**: \`${{ env.IMAGE_PREFIX }}/cleaner:${{ needs.set-tag.outputs.tag }}\`" | |
| echo "" | |
| echo "These can be used for testing the latest main branch changes." | |
| # yamllint enable rule:line-length |