switch fomo-l10n and donate-l10n from travis to github actions

[Pomax]

Dedicated l10n followup to https://github.com/mozilla/foundation.mozilla.org/issues/5685, we should switch these l10n repositoris from travis-ci.org to github actions.

• fomo-l10n
  • bucket: foundation-site-translations
  • [x] workflow file created
  • [x] workflow enabled in the repo's settings => branches -> Branch protection rules for master
  • [x] project CI turned off on the travis website
• donate-l10n
  • bucket: donate-wagtail-translations
  • [x] workflow file created
  • [x] workflow enabled in the repo's settings => branches -> Branch protection rules for master
  • [x] project CI turned off on the travis website

the changes involved are pretty straight forward, as long as someone has access to the Settings for both projects, so that the branch protection rules can be updated to use github actions rather than travis integration, and they have the rights to add values to the github secrets for those repositories (.travis.yml files use encrypted variables in the file itself, github action instead looks them up by consulting the github action runtime environment)

Once done, this will close https://github.com/MozillaFoundation/mofo-devops/issues/801

[flodolo]

I double checked, and @TheoChevalier already has admin access to both, so he should be able to make those changes.

[TheoChevalier]

Yup, can do. @Pomax just let me know when it should be done

[Pomax]

The easiest is probably to have a look at how we mapped https://github.com/mozilla/foundation.mozilla.org/blob/master/.travis.yml to https://github.com/mozilla/foundation.mozilla.org/blob/master/.github/workflows/continous-integration.yml, they're very similar formats with the main difference being how environment variables are referenced.

[Pomax]

For S3 syncing you can probably look at https://github.com/mozilla/foundation.mozilla.org/blob/master/.github/workflows/maintenance-page.yml

We're in the process of seeing if we can get the aws-actions account's actions added to the list of allowed actions (we're currently restricted to the moco policy of "only repo-hosted actions, or github's own actions", but we should be able to trust AWS enough to allow those. If we can't make that work, we'll have to copy the S3 syncing action files in our own repos... that's not a lot of work, but hopefully won't be necessary)

[Pomax]

@TheoChevalier the aws-actions have been cleared for use by MoCo so we should be able to move ahead with this \o/

(the action in the maintenance-page.yml file now works, as can be seen on https://github.com/mozilla/foundation.mozilla.org/runs/1720843465?check_suite_focus=true)

[TheoChevalier]

@Pomax WIP PR here https://github.com/mozilla-l10n/fomo-l10n/pull/32 I think I’m getting close, but I’m missing a couple things:

• I don’t have access to secret keys stored in Travis, and I’m guessing they need to be moved to the repo Settings > Environment > Add secret?
• I’m getting a complain that this env var is not set https://github.com/mozilla-l10n/fomo-l10n/blob/master/foundation/translations/settings.py#L135-L137 in https://github.com/mozilla-l10n/fomo-l10n/pull/32/checks?check_run_id=1742888627 Similarly, I suppose it was set up as an env var in Travis, but I can’t see it in Travis-ci.org settings and don’t know what the value should be :/

[Pomax]

most of the secrets should be available through the mofo password vault, although @tomusher should be able to help either find them or generate new values that we can use.

As for the env vars, you can set these as a github "secret" in the project settings:

and then:

Then in the action yml you add the variable to the env section (so here: https://github.com/mozilla-l10n/fomo-l10n/blob/github-actions/.github/workflows/continuous-integration.yml#L13-L16) using templating code:

    ...
    env:
      ALLOWED_HOSTS: localhost
      DEBUG: False
      SECRET_KEY: secret
      SLACK_WEBHOOK_PONTOON: ${{ secrets.SLACK_WEBHOOK_PONTOON }}

We do this over on https://github.com/mozilla/foundation.mozilla.org/blob/master/.github/workflows/continous-integration.yml#L19 for example, too.

That said slack webhooks are generated by the slack webhook app, and I think we can generate those ourselves for new projects, using https://api.slack.com/apps

I suspect it's this one?

[jamilasnell]

@TheoChevalier please re-estimate this ticket if need be!

[TheoChevalier]

Alright, I’ve got actions passing on both repos, with help from Tom for the AWS credentials:

https://github.com/mozilla-l10n/donate-l10n/pull/27 https://github.com/mozilla-l10n/fomo-l10n/pull/32

@Pomax the only missing piece is the Webhook URL from the Slack app. That’s indeed the app you posted, do you know who owns it, or who I need to ask to get that URL? Tom mentioned we will need to file a bug on Bugzilla?

[TheoChevalier]

@Pomax Actually, looking at the app page, you may be able to?

[Pomax]

Ah, we have a fun problem here: I indeed have access to that app, but I don't have access to the repo settings for donate-l10n and foundation-l10n so I can't add the slack hook value to the github actions secrets... could I be added as admin to those two repos?

[TheoChevalier]

The CI is enabled and working for both repos, @pomax I’ll give you the honor of disabling Travis from the website (also because I don’t have access :p), then we should be able to close this

[Pomax]