From 1a4d8ed772409703d92f1e89e2438df663c7b8b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20BIDAULT?=
 <sebastien.bidault@prestashop.com>
Date: Tue, 11 Feb 2025 16:01:50 +0100
Subject: [PATCH] Deployment workflow PS 9 (#1305)

---
 .github/workflows/deploy.yml               |  99 ++++++++++
 .github/workflows/php.yml                  |   2 +-
 .github/workflows/ps8-build-release.yml    | 220 ---------------------
 .github/workflows/push-to-bucket.yml       |  87 ++++++++
 .github/workflows/push-to-repository.yml   |  87 ++++++++
 .github/workflows/update-release-draft.yml |  57 ++++++
 6 files changed, 331 insertions(+), 221 deletions(-)
 create mode 100644 .github/workflows/deploy.yml
 delete mode 100644 .github/workflows/ps8-build-release.yml
 create mode 100644 .github/workflows/push-to-bucket.yml
 create mode 100644 .github/workflows/push-to-repository.yml
 create mode 100644 .github/workflows/update-release-draft.yml

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 000000000..29acdf918
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,99 @@
+name: PrestaShop 9 - Deployment
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, edited, labeled]
+  push:
+    tags:
+      - v9.*
+    branches:
+      - prestashop/9.x
+
+jobs:
+  zip-name-matrix:
+    name: Generate zip file name
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        env:
+          - integration
+          - preproduction
+    outputs:
+      integration: ${{ steps.zip-name.outputs.integration }}
+      preproduction: ${{ steps.zip-name.outputs.preproduction }}
+      production: ${{ github.event.repository.name }}.zip
+
+    steps:
+      - name: Generate zip file name
+        id: zip-name
+        run: |
+          date=$(date -d '+2 hours' +'%Y-%m-%d_%H-%M-%S')
+          echo "$ENV=$REPOSITORY-$PS_VERSION-$ENV-$PR_NUMBER-$date.zip" >> "$GITHUB_OUTPUT"
+        env:
+          ENV: ${{ matrix.env }}
+          REPOSITORY: ${{ github.event.repository.name }}
+          PS_VERSION: ps9
+          PR_NUMBER: pr${{ github.event.number }}
+
+  push-to-repository-matrix:
+    name: ${{ matrix.env.upper }} - Push to GitHub repository
+    needs: [zip-name-matrix]
+    strategy:
+      fail-fast: false
+      matrix:
+        env:
+          - upper: INTEGRATION
+            lower: integration
+            triggered: ${{ contains(github.event.pull_request.labels.*.name, 'integration deployment') }}
+          - upper: PREPRODUCTION
+            lower: preproduction
+            triggered: ${{ contains(github.event.pull_request.labels.*.name, 'preproduction deployment') }}
+          - upper: PRODUCTION
+            lower: production
+            triggered: ${{ github.event_name == 'push' }}
+    uses: ./.github/workflows/push-to-repository.yml
+    with:
+      env-upper: ${{ matrix.env.upper }}
+      env-lower: ${{ matrix.env.lower }}
+      triggered: ${{ matrix.env.triggered }}
+      zip-name: ${{ needs.zip-name-matrix.outputs[matrix.env.lower] }}
+      repository-name: ${{ github.event.repository.name }}
+    secrets: inherit
+
+  push-to-bucket-matrix:
+    name: ${{ matrix.env.upper }} - Push to GCP bucket storage
+    needs: [zip-name-matrix, push-to-repository-matrix]
+    strategy:
+      fail-fast: false
+      matrix:
+        env:
+          - lower: integration
+            upper: INTEGRATION
+            triggered: ${{ contains(github.event.pull_request.labels.*.name, 'integration deployment') }}
+          - lower: preproduction
+            upper: PREPRODUCTION
+            triggered: ${{ contains(github.event.pull_request.labels.*.name, 'preproduction deployment') }}
+          - upper: PRODUCTION
+            lower: production
+            triggered: ${{ github.event_name == 'push' }}
+    uses: ./.github/workflows/push-to-bucket.yml
+    with:
+      env-upper: ${{ matrix.env.upper }}
+      env-lower: ${{ matrix.env.lower }}
+      triggered: ${{ matrix.env.triggered }}
+      zip-name: ${{ needs.zip-name-matrix.outputs[matrix.env.lower] }}
+      repository-name: ${{ github.event.repository.name }}
+      prestashop-version: ps9
+      pr-number: pr${{ github.event.number }}
+    secrets: inherit
+
+  update-release-draft:
+    name: PRODUCTION - Update release draft
+    needs: [push-to-repository-matrix]
+    uses: ./.github/workflows/update-release-draft.yml
+    with:
+      env-lower: production
+      triggered: ${{ github.event_name == 'push' }}
+      repository-name: ${{ github.event.repository.name }}
+    secrets: inherit
diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
index 4ac598609..22d249272 100644
--- a/.github/workflows/php.yml
+++ b/.github/workflows/php.yml
@@ -2,7 +2,7 @@ name: PHP tests
 on:
   push:
   pull_request:
-    types: [opened, reopened, synchronize, edited]
+    types: [opened, reopened, synchronize, edited, labeled]
 
 jobs:
   header-stamp:
diff --git a/.github/workflows/ps8-build-release.yml b/.github/workflows/ps8-build-release.yml
deleted file mode 100644
index 4d63fdd39..000000000
--- a/.github/workflows/ps8-build-release.yml
+++ /dev/null
@@ -1,220 +0,0 @@
-name: PrestaShop 8 - Build & Release draft
-
-on:
-  pull_request:
-    types: [opened, reopened, synchronize, edited, labeled]
-  push:
-    tags:
-      - "v8.*"
-    branches:
-      - "prestashop/8.x"
-
-env:
-  ZIP_NAME: ${{ github.event.repository.name }}-${{ github.ref_name }}
-
-jobs:
-  current_date:
-    name: Get current date
-    runs-on: ubuntu-latest
-    outputs:
-      date: ${{ steps.date.outputs.date }}
-
-    steps:
-      - name: Date
-        id: date
-        run: echo "date=$(date -d '+2 hours' +'%Y-%m-%d_%H-%M-%S')" >> "$GITHUB_OUTPUT"
-
-  deploy_integration:
-    name: INTEGRATION - Build dependencies & create artifact
-    runs-on: ubuntu-latest
-    needs: [current_date]
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: write
-    if: contains(github.event.pull_request.labels.*.name, 'integration deployment')
-    env:
-      ZIP_NAME: ${{ github.event.repository.name }}-integration-pr${{ github.event.number }}-${{ needs.current_date.outputs.date }}
-
-    steps:
-      - name: Checkout the repository 🎁
-        uses: actions/checkout@v4
-
-      - name: Auth GCP
-        uses: ./.github/actions/auth-gcp
-        with:
-          auth-mode: "workload-federation"
-          provider: ${{ secrets.WI_PROVIDER_V2_INTEGRATION }}
-          service-account: ${{ secrets.WI_SA_V2_INTEGRATION }}
-          registry-login: true
-          setup-gcloud: true
-
-      - name: Write .env file
-        run: gcloud --quiet beta secrets versions access latest --project=$GCP_PROJECT --secret="module-env" > .env
-        env:
-          GCP_PROJECT: ${{ secrets.GCP_PROJECT_INTEGRATION }}
-
-      - name: Install composer dependencies
-        run: composer install --no-dev -o
-
-      # It's mandatory to generate the zip inside a folder named ps_checkout, to make the zip installation working on PrestaShop
-      - name: Generate zip
-        run: |
-          cd ../
-          zip -r ${{ env.ZIP_NAME }}.zip ${{ github.event.repository.name }} -x '*.git*' '*/.php_cs.*' '*/node_modules' '*/.npmrc' '*/composer.*' '*/package.*' '*/.editorconfig' '*_dev*' '*test*' '*/gha-creds-*.json'
-          cp ${{ env.ZIP_NAME }}.zip ${{ github.event.repository.name }}
-
-      - name: Push to GCP bucket storage
-        shell: bash
-        run: gsutil cp ${{ env.ZIP_NAME }}.zip gs://ps-eu-w1-checkout-assets-integration/zips/ps8
-
-  deploy_preproduction:
-    name: PREPRODUCTION - Build dependencies & create artifact
-    runs-on: ubuntu-latest
-    needs: [current_date]
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: write
-    if: contains(github.event.pull_request.labels.*.name, 'preproduction deployment')
-    env:
-      ZIP_NAME: ${{ github.event.repository.name }}-preproduction-pr${{ github.event.number }}-${{ needs.current_date.outputs.date }}
-
-    steps:
-      - name: Checkout the repository 🎁
-        uses: actions/checkout@v4
-
-      - name: Auth GCP
-        uses: ./.github/actions/auth-gcp
-        with:
-          auth-mode: "workload-federation"
-          provider: ${{ secrets.WI_PROVIDER_V2_PREPRODUCTION }}
-          service-account: ${{ secrets.WI_SA_V2_PREPRODUCTION }}
-          registry-login: true
-          setup-gcloud: true
-
-      - name: Write .env file
-        run: gcloud --quiet beta secrets versions access latest --project=$GCP_PROJECT --secret="module-env" > .env
-        env:
-          GCP_PROJECT: ${{ secrets.GCP_PROJECT_PREPRODUCTION }}
-
-      - name: Install composer dependencies
-        run: composer install --no-dev -o
-
-      # It's mandatory to generate the zip inside a folder named ps_checkout, to make the zip installation working on PrestaShop
-      - name: Generate zip
-        run: |
-          cd ../
-          zip -r ${{ env.ZIP_NAME }}.zip ${{ github.event.repository.name }} -x '*.git*' '*/.php_cs.*' '*/node_modules' '*/.npmrc' '*/composer.*' '*/package.*' '*/.editorconfig' '*_dev*' '*test*' '*/gha-creds-*.json'
-          cp ${{ env.ZIP_NAME }}.zip ${{ github.event.repository.name }}
-
-      - name: Push to GCP bucket storage
-        shell: bash
-        run: gsutil cp ${{ env.ZIP_NAME }}.zip gs://ps-eu-w1-checkout-assets-preproduction/zips/ps8
-
-  deploy_production:
-    name: PRODUCTION - Build dependencies & create artifact
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: write
-    if: startsWith(github.ref, 'refs/tags')
-
-    steps:
-      - name: Checkout the repository 🎁
-        uses: actions/checkout@v4
-
-      - name: Auth GCP
-        uses: ./.github/actions/auth-gcp
-        with:
-          auth-mode: "workload-federation"
-          provider: ${{ secrets.WI_PROVIDER_V2_PRODUCTION }}
-          service-account: ${{ secrets.WI_SA_V2_PRODUCTION }}
-          registry-login: true
-          setup-gcloud: true
-
-      - name: Write .env file
-        run: |
-          gcloud --quiet beta secrets versions access latest --project=$GCP_PROJECT --secret="module-env" > .env
-        env:
-          GCLOUD_PROJECT: ${{ secrets.GCLOUD_PROJECT_PRODUCTION }}
-
-      - name: Install composer dependencies
-        run: composer install --no-dev -o
-
-      - name: Create directory with repo name and move files
-        run: |
-          repo_name="${{ github.event.repository.name }}"
-          mkdir "$repo_name"
-          shopt -s dotglob nullglob
-          for file in *; do
-            if [ "$file" != "$repo_name" ]; then
-              mv "$file" "$repo_name/"
-            fi
-          done
-
-      - name: Create & upload artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ env.ZIP_NAME }}
-          path: .
-
-      - name: Move files at root project
-        run: |
-          cd "${{ github.event.repository.name }}"
-          shopt -s dotglob nullglob
-          for file in *; do
-            mv "$file" ../
-          done
-          cd ../
-          rm -Rf "${{ github.event.repository.name }}"
-
-  update_release_draft_production:
-    name: PRODUCTION - Update release draft
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: write
-    needs: [deploy_production]
-    if: github.event_name == 'push'
-
-    steps:
-      - name: Download artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ env.ZIP_NAME }}
-
-      - name: Release drafter
-        id: release_info
-        uses: toolmantim/release-drafter@v6
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Prepare for Release
-        run: |
-          cd ${{ github.event.repository.name }}
-          zip -r ${{ env.ZIP_NAME }}.zip . -x '*.git*' '*/.php_cs.*' '*/node_modules' '*/.npmrc' '*/composer.*' '*/package.*' '*/.editorconfig' '*_dev*' '*test*' '*/gha-creds-*.json'
-
-      - name: Clean existing assets
-        shell: bash
-        run: |
-          curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1
-          assets=`bin/hub api -t repos/${{ github.repository }}/releases/${{ steps.release_info.outputs.id }}/assets | awk '/\].url/ { print $2 }'`
-          for asset in $assets
-          do
-            bin/hub api -X DELETE $asset
-          done
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Publish to GitHub Release
-        uses: actions/upload-release-asset@v1.0.2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.release_info.outputs.upload_url }}
-          asset_path: ./${{ github.event.repository.name }}/${{ env.ZIP_NAME }}.zip
-          asset_name: ${{ env.ZIP_NAME }}.zip
-          asset_content_type: application/zip
diff --git a/.github/workflows/push-to-bucket.yml b/.github/workflows/push-to-bucket.yml
new file mode 100644
index 000000000..c4fcffcb1
--- /dev/null
+++ b/.github/workflows/push-to-bucket.yml
@@ -0,0 +1,87 @@
+name: Push to GCP bucket storage
+
+on:
+  workflow_call:
+    inputs:
+      env-upper:
+        required: true
+        type: string
+      env-lower:
+        required: true
+        type: string
+      triggered:
+        required: true
+        type: boolean
+      zip-name:
+        required: true
+        type: string
+      repository-name:
+        required: true
+        type: string
+        default: "ps_checkout"
+      prestashop-version:
+        required: true
+        type: string
+      pr-number:
+        required: true
+        type: string
+
+jobs:
+  bucket-zip-name:
+    name: Generate zip file name for GCP bucket
+    runs-on: ubuntu-latest
+    outputs:
+      integration: ${{ inputs.zip-name }}
+      preproduction: ${{ inputs.zip-name }}
+      production: ${{ steps.zip-name.outputs.name }}
+
+    steps:
+      - name: Generate zip file name
+        id: zip-name
+        run: |
+          date=$(date -d '+2 hours' +'%Y-%m-%d_%H-%M-%S')
+          echo "name=$REPOSITORY-$PS_VERSION-$ENV-$PR_NUMBER-$date.zip" >> "$GITHUB_OUTPUT"
+        env:
+          ENV: production
+          REPOSITORY: ${{ inputs.repository-name }}
+          PS_VERSION: ${{ inputs.prestashop-version }}
+          PR_NUMBER: ${{ inputs.pr-number }}
+
+  push-to-bucket:
+    name: ${{ inputs.env-upper }} - Create zip file and push to GCP bucket storage
+    runs-on: ubuntu-latest
+    needs: [bucket-zip-name]
+    environment: ${{ inputs.env-lower }}
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+    if: inputs.triggered == true
+
+    steps:
+      - name: Checkout the repository 🎁
+        uses: actions/checkout@v4
+
+      - name: Auth GCP 🔑
+        uses: ./.github/actions/auth-gcp
+        with:
+          auth-mode: "workload-federation"
+          provider: ${{ secrets[format('WI_PROVIDER_V2_{0}', inputs.env-upper)] }}
+          service-account: ${{ secrets[format('WI_SA_V2_{0}', inputs.env-upper)] }}
+          registry-login: true
+          setup-gcloud: true
+
+      - name: Download artifact 🚚
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.zip-name }}
+
+      - name: Prepare zip for push 👷
+        run: |
+          cd ${{ inputs.repository-name }}
+          zip -r ../${{ needs.bucket-zip-name.outputs[inputs.env-lower] }} . -x '*.DS_Store*' '*.git*' '*/.php_cs.*' '*__MACOSX*' '*/node_modules' '*/.npmrc' '*/composer.*' '*/package.*' '*/.editorconfig' '*_dev*' '*test*' '*/tests/*' '*/Test/*' '*/Tests/*' '*/gha-creds-*.json'
+
+      - name: Push to GCP bucket storage 🛩️
+        shell: bash
+        run: |
+          gsutil cp ${{ needs.bucket-zip-name.outputs[inputs.env-lower] }} gs://ps-eu-w1-checkout-assets-${{ inputs.env-lower }}
diff --git a/.github/workflows/push-to-repository.yml b/.github/workflows/push-to-repository.yml
new file mode 100644
index 000000000..2b0981956
--- /dev/null
+++ b/.github/workflows/push-to-repository.yml
@@ -0,0 +1,87 @@
+name: Push to GitHub repository
+
+on:
+  workflow_call:
+    inputs:
+      env-upper:
+        required: true
+        type: string
+      env-lower:
+        required: true
+        type: string
+      triggered:
+        required: true
+        type: boolean
+      zip-name:
+        required: true
+        type: string
+      repository-name:
+        required: true
+        type: string
+        default: "ps_checkout"
+
+jobs:
+  push-to-repository:
+    name: ${{ inputs.env-upper }} - Create zip file and push to GitHub repository
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.env-lower }}
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+    if: inputs.triggered == true
+
+    steps:
+      - name: Checkout the repository 🎁
+        uses: actions/checkout@v4
+
+      - name: Auth GCP 🔑
+        uses: ./.github/actions/auth-gcp
+        with:
+          auth-mode: "workload-federation"
+          provider: ${{ secrets[format('WI_PROVIDER_V2_{0}', inputs.env-upper)] }}
+          service-account: ${{ secrets[format('WI_SA_V2_{0}', inputs.env-upper)] }}
+          registry-login: true
+          setup-gcloud: true
+
+      - name: Write .env file 🌳
+        run: gcloud --quiet beta secrets versions access latest --project=$GCP_PROJECT --secret="module-env" > .env
+        env:
+          GCP_PROJECT: ${{ secrets[format('GCP_PROJECT_{0}', inputs.env-upper)] }}
+
+      - name: Install composer dependencies 👷
+        run: composer install --no-dev -o
+
+      - name: Create directory with repo name and move files 🏗️
+        run: |
+          repo_name="${{ inputs.repository-name }}"
+          mkdir "$repo_name"
+          shopt -s dotglob nullglob
+          for file in *; do
+            if [ "$file" != "$repo_name" ]; then
+              mv "$file" "$repo_name/"
+            fi
+          done
+
+      - name: Workaround actions/upload-artifact#176 🚧
+        id: artifacts
+        run: |
+          echo "path=$(realpath ..)" >> "$GITHUB_OUTPUT"
+
+      - name: Create & upload artifact 🛩️
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.zip-name }}
+          path: ${{ steps.artifacts.outputs.path }}
+          include-hidden-files: true
+          retention-days: ${{ (inputs.env-lower == 'production' && 90) || 1 }}
+
+      - name: Move files at root project 🏗️
+        run: |
+          cd "${{ inputs.repository-name }}"
+          shopt -s dotglob nullglob
+          for file in *; do
+            mv "$file" ../
+          done
+          cd ../
+          rm -Rf "${{ inputs.repository-name }}"
diff --git a/.github/workflows/update-release-draft.yml b/.github/workflows/update-release-draft.yml
new file mode 100644
index 000000000..fd607e221
--- /dev/null
+++ b/.github/workflows/update-release-draft.yml
@@ -0,0 +1,57 @@
+name: Update release draft
+
+on:
+  workflow_call:
+    inputs:
+      env-lower:
+        required: true
+        type: string
+      triggered:
+        required: true
+        type: boolean
+      repository-name:
+        required: true
+        type: string
+        default: "ps_checkout"
+
+jobs:
+  update-release-draft:
+    name: PRODUCTION - Update release draft
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.env-lower }}
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+    if: inputs.triggered == true
+    env:
+      ZIP_NAME: ${{ inputs.repository-name }}.zip
+
+    steps:
+      - name: Download artifact 🚚
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ env.ZIP_NAME }}
+
+      - name: Release drafter 🏗️
+        id: release_info
+        uses: toolmantim/release-drafter@v6
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          commitish: prestashop/9.x
+
+      - name: Prepare zip for release 👷
+        run: |
+          cd ${{ inputs.repository-name }}
+          zip -r ../${{ env.ZIP_NAME }} . -x '*.DS_Store*' '*.git*' '*/.php_cs.*' '*__MACOSX*' '*/node_modules' '*/.npmrc' '*/composer.*' '*/package.*' '*/.editorconfig' '*_dev*' '*test*' '*/tests/*' '*/Test/*' '*/Tests/*' '*/gha-creds-*.json'
+
+      - name: Publish to GitHub Release 🛩️
+        uses: actions/upload-release-asset@v1.0.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.release_info.outputs.upload_url }}
+          asset_path: ./${{ env.ZIP_NAME }}
+          asset_name: ${{ env.ZIP_NAME }}
+          asset_content_type: application/zip