[eclipse-theia] Please active github pages for https://github.com/eclipse-theia/theia-website

We'd like to move the hosting of the Theia Website (https://www.theia-ide.org) to Github pages. Therefore, please active Github Pages for https://github.com/eclipse-theia/theia-website.

Also, please create a Github secret, if necessary, with which we can push to the Github pages branch (e.g. gh-pages) from a Github workflow.

Once this is ready, we'll prepare the Github workflows. Once we are ready, we will ping you again here and ask you to configure theia-ide.org to be the custom domain for the Github page of this repo. But please wait with that until we confirm everything is ready.

Thank you very much!

Related: #3874 (closed)

added ~16280 ~21670 team:infra team:releng labels

I've enabled Github pages and pointed it at the gh-pages branch.

The RelEng team should be able to hook you up with the requested secret.

assigned to @pstankie

added statewip label

added IT-prioritylow IT-severitylow labels

@planger

this also sounds like a good opportunity to enable self-service (https://www.eclipse.org/projects/handbook/#resources-github-self-service) for your project at GitHub. This will capture the existing configuration as code in a separate repo (.eclipsefdn) and any committers can create PRs against this repo to change the configuration to fit your needs. The PRs will need to be approved by EF staff (and project leads if needed) before being merged and the changes finally being applied to GitHub. Here is for example a PR from another project enabling consistent branch protection rules for all repos: https://github.com/eclipse-velocitas/.eclipsefdn/pull/1 Here you can see a list of all Eclipse project that have this already enabled: https://eclipsefdn.github.io/otterdog-configs/

Please let us know if you'd like to proceed with setting up self-service.

FYI @jonas @mdumais

Looks good to me!

Thanks, yes I'm certainly in favor of installing the self-service for Theia projects on Github! Thank you!

marked this issue as related to #1561 (closed)

Otterdog has been enabled for the eclipse-theia organization. The following repo has been created:

https://github.com/eclipse-theia/.eclipsefdn

You can find the current configuration at https://github.com/eclipse-theia/.eclipsefdn/blob/main/otterdog/eclipse-theia.jsonnet

A dashboard ui of the configuration can also be accessed at https://eclipse-theia.github.io/.eclipsefdn/ which also provides a playground to test snippets before making a PR.

When you want to suggest changes, fork the repo, make changes and create a PR. A workflow will automatically run and show you the changes that will be applied and validate that the configuration is correctly formatted and composed.

The documentation of all supported settings can be found here:

https://otterdog.readthedocs.io/en/latest/reference/resource-format/

A list of all Eclipse projects that have it also enabled can be accessed here: https://eclipsefdn.github.io/otterdog-configs/

That is often quite helpful to get ideas about others do their configurations.

If you have any problems let us know.

TOKEN secret has been added.

Closing, please reopen if needed.

closed

removed statewip label

We restarted our work on migrating the Theia Website to Github Pages, including preview functionality. Therefore, we used the Langium website as a template (including Langium's preview repository).

What we already have:

• gh-pages for the theia-website repository (see above)
• Work-in-progress PR which adds Github workflows for
  • Publishing
  • Previews
• A Github repository hosting the previews (see also https://github.com/eclipse-theia/.eclipsefdn/pull/3)

What we would need:

• A token for the preview workflow in the Theia website repo enabling us to push to the Github pages of the preview repository
• A token for the publish workflow to push the build result from master of Theia website repo to the gh-pages in the same repository.

Can you please arrange for adding those secrets containing the tokens for our workflows? Thank you very much!

Eventually, once everything works, we need to add theia-ide.org as a custom domain of the Github page at https://eclipse-theia.github.io/theia-website. But before doing, a few things need to be verified and tested (e.g. base URLs of Gatsby builds, etc.). We'll ping you once we are ready for the domain switch.

reopened

from what I can see is that the theia-website repo has now switched to deploying pages via workflow. In any case you dont need a separate token for pushing the page to the gh-pages branch, you can configure that in your workflow, see:

https://github.com/eclipse-langium/langium-website/blob/main/.github/workflows/deploy.yml

this workflow should also work for theia afaict.

I will create and provision the token for deploying the previews to the repo.

Created https://github.com/eclipse-theia/.eclipsefdn/pull/4

Thank you very much for your help, @netomi!

We adjusted our preview workflow to use the new token. However, we still seem to miss a piece somewhere because the push in our preview workflow step fails with an authentication error:

/usr/bin/git commit -m Deploy preview for PR 466 🛫 --quiet --no-verify
Pushing changes… (attempt 1 of 3)
/usr/bin/git push --porcelain ***github.com/eclipse-theia/theia-website-previews.git github-pages-deploy-action/d851r9r0w:previews
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/eclipse-theia/theia-website-previews.git/'
Changes committed to the previews branch… 📦
Running post deployment cleanup jobs… 🗑️
/usr/bin/git checkout -B github-pages-deploy-action/d851r9r0w
Reset branch 'github-pages-deploy-action/d851r9r0w'
/usr/bin/chmod -R +rw github-pages-deploy-action-temp-deployment-folder
/usr/bin/git worktree remove github-pages-deploy-action-temp-deployment-folder --force
Completed deployment successfully! ✅
Run echo "url=https://eclipse-theia.github.io/theia-website-previews/pr-previews/pr-466/"  >> $GITHUB_OUTPUT
Run marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
Error: Resource not accessible by integration

We tried to keep our workflow as close as possible to the Langium one. Do you have any ideas about what we are doing wrong?

The reason for that failure is because the workflow was triggered from a pull_request event from a PR coming from a fork.

In such cases, no secrets or write tokens are available, but the workflow tries to write to the PR to add a comment and push the content ofc to the other repo.

For this purpose there is the pull_request_target trigger, which is dangerous but we gave such workflows a minimal set of permissions to avoid harm.

Furthermore we can adjust settings such that ANY workflow action run from PRs coming from forks needs approval first, but that's up to you at this point. In the long run that should be the default imho. Its a setting not yet supported by the self-service, but we look into supporting it, we can make this change manually for now.

pull_request: # this is just for testing

that wont work in general unless the PR comes from a committer or is from a branch in the same repo.

Removing that trigger should make the workflow work imho, it probably takes precedence over the pull_request_target one. Have not seen that before and the GitHub doc is not detailed about such a case, but I assume only one of the 2 will be triggered at the same time.

also afaict, you cant test such a workflow in a PR itself that creates the workflow, as it needs to be present in the default branch as well, if you look at the history at langium you should also see that it started to work once it was merged to main.

@netomi Thank you very much for the fast clarification. That makes sense!

also afaict, you cant test such a workflow in a PR itself that creates the workflow, as it needs to be present in the default branch as well, if you look at the history at langium you should also see that it started to work once it was merged to main.

Yeah, looks like it. I tried (as a committer) to push the same branch without the pull_request: trigger to the same repo and open a PR from there, but it looks like both workflows aren't executed. See https://github.com/eclipse-theia/theia-website/pull/536

I guess we'll then have to merge those changes and test them from the main branch. In this case it shouldn't do any harm as the gh-pages aren't really live anyway.

for langium I tested the whole thing in a fork before creating the PR for the langium website itself. I also had to push the workflow first to the main branch. So yes, GitHub Actions have their pitfalls and annoyances as well :-)

Thank you very much @netomi, everything works perfectly now. We'll just briefly double-check with the Theia project leads and get back to you, but we should be ready to configure the theia-ide.org domain for the GH-page at https://eclipse-theia.github.io/theia-website soon.

Thank you very much again!

ok super, with the domain change somebody else will be able to help, I am missing super powers there.

Let us know when your ready to move theia-ide.org to GH-pages and we'll sort the DNS records.

@mward After a test period and announcement, we are ready to make the move and switch theia-ide.org to the GH-pages. Can you please change the DNS records? Thank you very much and let us know if there is anything you need us to do!

DNS has been updated, and both theia-ide.org and www.theia-ide.org are being served by Github pages.

closed