-
Star
(102)
You must be signed in to star a gist -
Fork
(14)
You must be signed in to fork a gist
-
-
Save dhh/c5051aae633ff91bc4ce30528e4f0b60 to your computer and use it in GitHub Desktop.
| #!/usr/bin/env bash | |
| # Abort sign off on any error | |
| set -e | |
| # Start the benchmark timer | |
| SECONDS=0 | |
| # Repository introspection | |
| OWNER=$(gh repo view --json owner --jq .owner.login) | |
| REPO=$(gh repo view --json name --jq .name) | |
| SHA=$(git rev-parse HEAD) | |
| USER=$(git config user.name) | |
| # Progress reporting | |
| GREEN=32; RED=31; BLUE=34 | |
| announce() { echo -e "\033[0;$2m$1\033[0m"; } | |
| run() { | |
| local SPLIT=$SECONDS | |
| announce "\nRun $1" $BLUE | |
| eval "$1" | |
| local INTERVAL=$((SECONDS-SPLIT)) | |
| announce "Completed $1 in $INTERVAL seconds" $GREEN | |
| } | |
| # Sign off requires a clean repository | |
| if [[ -n $(git status --porcelain) ]]; then | |
| announce "Can't sign off on a dirty repository!" $RED | |
| git status | |
| exit 1 | |
| else | |
| announce "Attempting to sign off on $SHA in $OWNER/$REPO as $USER" $GREEN | |
| fi | |
| # Required steps for sign off | |
| run "./bin/rubocop" | |
| run "./bin/bundle-audit check --update" | |
| run "./bin/brakeman -q --no-summary" | |
| run "./bin/rails test" | |
| run "./bin/rails test:system" | |
| # Report successful sign off to GitHub | |
| gh api \ | |
| --method POST --silent \ | |
| -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| /repos/$OWNER/$REPO/statuses/$SHA \ | |
| -f "context=signoff" -f "state=success" -f "description=Signed off by $USER ($SECONDS seconds)" | |
| announce "Signed off on $SHA in $SECONDS seconds" $GREEN |
Does this hook into deployments, e.g. once a commit has a successful signoff status it can be automatically rolled into staging?
Neat, thanks for sharing. Might also consider moving some things into a justfile - we are using that tool heavily across our projects now. Easy to add tasks for linting, formatting, tests, sanity checks, CI, deployment, foreman, builds, setup, whatever. Language agnostic, self documenting, handy for new hires, autocompletes in the shell, etc.
As a variation/alternative/improvement (!) to this, I considered using the devs' machines as runners. We need to assume that the workflows would install the required dependencies etc.
Very much valid what @skyscooby said about running on containers - in my scenario, bare-metal macOS instances are used (not virtualised) and availability can be scarce.
Here's a way to optionally use the devs' machine that when connected to GitHub Actions should have a label with the name of the branch.
If the dev machine is not connected as a dev-hosted runner, the workflow will try to run on self-hosted runners (shared instances), potentially sitting on the queue.
It could be an interesting option for some teams under certain conditions.
- π GitHub-hosted runners
- πΈ self-hosted runners
- π dev-hosted runners
@albertodebortoli or... one of the many drop-in replacements for official runners, but far cheaper? At least for jobs that can't be easily launched / take too long on a dev machine.
Hi @crohr, that is a valid point for Linux and Windows and therefore for most cases. For macOS though, there are not "many" alternatives and I would say that compared to Linux runners, there's nothing "cheap".
How is this used? I'm familiar with the git commit sign-off functionality but this is pushing directly to the GH API and I don't see the statuses reflected on the commits. Maybe there is an enterprise setting for enforced sign-off policies that cause it to be shown or something.
But I'm curious the full use case here rather than doing a more direct git --signoff and pushing a commit (or an amended unpushed commit).
For those landing on this gist from a Google Search, you might want to check the basecamp/gh-signoff repository where I believe this bash script has landed and will be maintained.
It's meant to be used as the last step of a local CI running on the developer's own workstation:
π https://x.com/dhh/status/1898307737991156120
π rails/rails#54693
You must have missed his many other posts on complexity being a temporary bridge to simplicity.. Nix has only gotten more complex since it's inception.
The moment you need to either build your own packages or troubleshoot someone elses, you are faced with mountain of needless complexity. It certainly isn't a tool that should have required a unique turing complete language to achieve.
If everything works out as a user and you never have a Nix language issue, or a need to touch it, then it can work out ok.. but https://containers.dev is a more general solution for developers.