From 69dfea3601e46a329e8b974100ec0283664dc877 Mon Sep 17 00:00:00 2001
From: James Hodgkinson <james@terminaloutcomes.com>
Date: Wed, 28 Jun 2023 10:34:17 +1000
Subject: [PATCH] Still trying to fix the docs. (#1709)

* docs build/deploy fixes
* let us see if this makes the automerge less bad
---
 .github/workflows/dependabot_auto_merge.yml  |  17 +---
 .github/workflows/kanidm_book.yml            | 101 ++++++++++++-------
 .github/workflows/kanidm_individual_book.yml |   9 +-
 book/src/ssh_key_dist.md                     |   6 +-
 scripts/dependabot_automerge_check.sh        |  26 +++++
 5 files changed, 107 insertions(+), 52 deletions(-)
 create mode 100755 scripts/dependabot_automerge_check.sh

diff --git a/.github/workflows/dependabot_auto_merge.yml b/.github/workflows/dependabot_auto_merge.yml
index 23df31618..128b589c6 100644
--- a/.github/workflows/dependabot_auto_merge.yml
+++ b/.github/workflows/dependabot_auto_merge.yml
@@ -21,20 +21,13 @@ jobs:
           alert-lookup: true
           compat-lookup: true
       - uses: actions/checkout@v3
-      - name: Approve a PR if not already approved
-
-        run: |
-          # sets the upstream metadata for `gh pr status`
-          gh pr checkout "$PR_URL"
-          if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
-          then gh pr review --approve "$PR_URL"
-          else echo "PR already approved, skipping additional approvals to minimize emails/notification noise.";
-          fi
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
       - name: Enable auto-merge for Dependabot PRs
         run: gh pr merge --auto --squash "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Approve a PR if not already approved
+        run: scripts/dependabot_automerge_check.sh "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/kanidm_book.yml b/.github/workflows/kanidm_book.yml
index 2422e98f1..b2aee1c68 100644
--- a/.github/workflows/kanidm_book.yml
+++ b/.github/workflows/kanidm_book.yml
@@ -19,41 +19,46 @@ permissions:
   statuses: read
   pages: write
 
+env:
+  ACTIONS_RUNNER_DEBUG: true
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 jobs:
-  generate_tags:
+  pre_deploy:
     runs-on: ubuntu-latest
     outputs:
-      tags: ${{ steps.tags.outputs.tags}}
-      latest: ${{ steps.previoustag.outputs.tag }}
+      latest: ${{ steps.branchname.outputs.latest }}
     steps:
-      - id: tags
-        name: pull tags
-        uses: oraad/get-tags-action@v1.0.0
-        with:
-          repo: ${{ github.repository }}
-          limit: 100
-          github-token: ${{ github.token }}
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - name: 'Get Previous tag'
-        id: previoustag
-        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+      - name: Latest branch
+        run: |
+          echo "latest=$(git branch -a  | awk '{print $1}' | sort -t. -k3n,3 -k4n,4 | awk -F'/' '{print $NF}' | tail -n1)" >> $GITHUB_OUTPUT
+        id: branchname
+      - name: Move redirector page
+        run: |
+          mkdir docs
+          cp book/index_redirect.html ./docs/index.html
+          find ./docs > docs/manifest.txt
+      - name: Upload redirector artifact
+        # https://github.com/actions/upload-artifact
+        uses: actions/upload-artifact@v3
         with:
-          prefix: v1
+          name: base
+          path: docs/index.html
+
   fanout:
     uses: './.github/workflows/kanidm_individual_book.yml'
-    needs: generate_tags
+    needs: pre_deploy
 
     strategy:
       fail-fast: false
       matrix:
-        # tag: ${{ fromJson(needs.generate_tags.outputs.tags) }}
         tag:
-          - ${{ needs.generate_tags.outputs.latest}}
+          - ${{ needs.pre_deploy.outputs.latest}}
     with:
       tag: ${{ matrix.tag }}
       parent_id: ${{ github.ref }}
@@ -67,34 +72,61 @@ jobs:
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
-    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
-
     needs:
+      - pre_deploy
       - fanout
       - docs_master
-      - generate_tags
     runs-on: ubuntu-latest
     steps:
-      - name: Download previously built docs
-        uses: actions/download-artifact@v3
-        with:
-          name: docs
+      - name: Setup Pages
+        uses: actions/configure-pages@v3
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - name: Setup Pages
-        uses: actions/configure-pages@v3
+      - name: Download base artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: base
+          path: ./docs/
+        env:
+          ACTIONS_RUNNER_DEBUG: true
+      - name: Download individual artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: individual
+          path: ./docs/
+        env:
+          ACTIONS_RUNNER_DEBUG: true
+      # - name: Log more stuff
+      #   run: |
+      #     echo "Currently in $(pwd)"
+      #     mkdir -p docs && find $(pwd) -ls > ./docs/manifest.txt
+      #   env:
+      #     ACTIONS_RUNNER_DEBUG: true
+      # - name: Upload docs dir as an artifact
+      #   # https://github.com/actions/upload-artifact
+      #   uses: actions/upload-artifact@v3
+      #   with:
+      #     name: logs
+      #     path: docs/
       - name: Extract the files
         run: |
-          find . -name '*.tar.gz' -exec tar zxf "{}" \;
+          pwd
+          echo "doing find $(pwd) -ls maxdepth 2"
+          find $(pwd) -ls -maxdepth 2
+          echo "doing find tar.gz ls"
+          find $(pwd) -name '*.tar.gz' -ls
+          echo "extracting"
+          find $(pwd) -name '*.tar.gz' -ls -exec tar zxvf "{}" \;
+          echo "Carrying on..."
+          mkdir -p docs
+          cd docs && cp -R "$(git branch -a  | awk '{print $1}' | sort -t. -k3n,3 -k4n,4 | awk -F'/' '{print $NF}' | tail -n1)/" stable && cd ..
           ls -la docs/
-          cd docs && \
-          ln -s ${{ needs.generate_tags.outputs.latest}}/ stable && \
-          cd ..
-          cp book/index_redirect.html docs/index.html
-          ls -la docs/
-
-      - name: Upload artifact
+          echo "Cleaning up docs archives"
+          rm docs/*.tar.gz
+        env:
+          ACTIONS_RUNNER_DEBUG: true
+      - name: Upload pages artifacts
         uses: actions/upload-pages-artifact@v1
         with:
           # Upload entire repository
@@ -102,3 +134,4 @@ jobs:
       - name: Deploy to GitHub Pages
         id: deployment
         uses: actions/deploy-pages@v2
+        if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
diff --git a/.github/workflows/kanidm_individual_book.yml b/.github/workflows/kanidm_individual_book.yml
index 798de9ad5..0db3b5a06 100644
--- a/.github/workflows/kanidm_individual_book.yml
+++ b/.github/workflows/kanidm_individual_book.yml
@@ -14,7 +14,7 @@ name: "Github Pages - Branch"
 env:
   SCCACHE_GHA_ENABLED: "true"
   RUSTC_WRAPPER: "sccache"
-
+  ACTIONS_RUNNER_DEBUG: true
 jobs:
   generate_mdbook:
     runs-on: ubuntu-latest
@@ -67,14 +67,17 @@ jobs:
           cd ..
           mv pykanidm/site ./docs/${{ inputs.tag }}/pykanidm
         continue-on-error: true
-
       - name: archive things
         run: |
           tar czvf ${{ inputs.tag }}.tar.gz ./docs/
 
+        env:
+          ACTIONS_RUNNER_DEBUG: true
       - name: Upload artifact
         # https://github.com/actions/upload-artifact
         uses: actions/upload-artifact@v3
         with:
-          name: docs
+          name: individual
           path: ${{inputs.tag }}.tar.gz
+        env:
+          ACTIONS_RUNNER_DEBUG: true
diff --git a/book/src/ssh_key_dist.md b/book/src/ssh_key_dist.md
index 530c24562..58caa0c74 100644
--- a/book/src/ssh_key_dist.md
+++ b/book/src/ssh_key_dist.md
@@ -63,7 +63,7 @@ If the account has SSH public keys you should see them listed, one per line.
 To configure servers to accept these keys, you must change their /etc/ssh/sshd_config to contain the
 lines:
 
-```
+```text
 PubkeyAuthentication yes
 UsePAM yes
 AuthorizedKeysCommand /usr/bin/kanidm_ssh_authorizedkeys %u
@@ -78,7 +78,7 @@ management tool such as salt or ansible.
 > **NOTICE:** With a working SSH key setup, you should also consider adding the following
 > sshd\_config options as hardening.
 
-```
+```text
 PermitRootLogin no
 PasswordAuthentication no
 PermitEmptyPasswords no
@@ -111,7 +111,7 @@ If the account has SSH public keys you should see them listed, one per line.
 To configure servers to accept these keys, you must change their /etc/ssh/sshd\_config to contain
 the lines:
 
-```
+```text
 PubkeyAuthentication yes
 UsePAM yes
 AuthorizedKeysCommand /usr/bin/kanidm_ssh_authorizedkeys_direct -D anonymous %u
diff --git a/scripts/dependabot_automerge_check.sh b/scripts/dependabot_automerge_check.sh
new file mode 100755
index 000000000..1d56d4d89
--- /dev/null
+++ b/scripts/dependabot_automerge_check.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+    echo "Specify the PR URL"
+    exit 1
+fi
+
+PR_URL="$1"
+
+# are we good?
+CONCLUSIONS="$(gh pr status --json statusCheckRollup | jq '.currentBranch | .[] | .[] | select(.conclusion != "SUCCESS") | select(.conclusion != "NEUTRAL")| {status: .status, workfFlowName: .workFlowName, conclusion: .conclusion}')"
+# check approval
+APPROVED="$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)"
+
+# sets the upstream metadata for `gh pr status`
+gh pr checkout "$PR_URL"
+if [ "${APPROVED}" != "APPROVED" ]; then
+    echo "PR not approved!"
+    exit 1
+fi
+
+if [ "$(echo "${CONCLUSIONS}" | wc -l)" -eq 0 ]; then
+    gh pr review --approve "$PR_URL"
+else
+    echo "Already running or failed: ${CONCLUSIONS}";
+fi