name: "Ephemeral instances" on: issue_comment: types: [created] pull_request: types: [closed] permissions: {} jobs: handle-ephemeral-instances: if: ${{ github.repository_owner == 'grafana' && ((github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-to-hg')) || github.event.action == 'closed') }} runs-on: labels: ubuntu-x64-xlarge continue-on-error: true permissions: # For commenting. pull-requests: write # No contents permission is needed because we will impersonate an app to create the PR instead. id-token: write # required for vault access steps: - name: Get vault secrets id: vault-secrets uses: grafana/shared-workflows/actions/get-vault-secrets@main with: # Secrets placed in ci/repo/grafana/grafana/ repo_secrets: | APP_ID=ephemeral-instances-bot:app-id APP_PEM=ephemeral-instances-bot:app-private-key GCOM_HOST=ephemeral-instances-bot:gcom-host GCOM_TOKEN=ephemeral-instances-bot:gcom-token REGISTRY=ephemeral-instances-bot:registry GCP_SA_ACCOUNT_KEY_BASE64=ephemeral-instances-bot:sa-key - name: Generate a GitHub app installation token id: generate_token uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 # v1.8.0 with: app_id: ${{ env.APP_ID }} private_key: ${{ env.APP_PEM }} - name: Checkout ephemeral instances repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: repository: grafana/ephemeral-grafana-instances-github-action token: ${{ steps.generate_token.outputs.token }} ref: main path: ephemeral persist-credentials: false - name: build and deploy ephemeral instance uses: ./ephemeral with: github-token: ${{ steps.generate_token.outputs.token }} gcom-host: ${{ env.GCOM_HOST }} gcom-token: ${{ env.GCOM_TOKEN }} registry: "${{ env.REGISTRY }}" gcp-service-account-key: ${{ env.GCP_SA_ACCOUNT_KEY_BASE64 }} ephemeral-org-id: ephemeral oss-or-enterprise: oss verbose: true