GitHub Pantheon GitHub Actions

Pantheon Multidev allows you to spin environments on demand for your branches. So we could use those for creating environments per pull request and test them visually with Diffy.

Please bear in mind that Pantheon limits you with the number of environments you can create

Pantheon has its own repository example-drops-8-composer with the example setup of the CI to build the environments. In our example, we start from scratch with a clean Pantheon's project.

The basic workflow is:

  1. Pull request created in GitHub

  2. Branch copied to Pantheon git repo

  3. Trigger creation of the multidev environment for the new branch

  4. Run all post-deployment jobs (clear caches, import configuration, updatedb)

  5. Trigger visual regression testing

  6. Post results back to GitHub as a check

Our repo with all the configuration set is

There is a great article by Tyler Fahey going deep into setting up similar configuration.

GitHub Actions secrets

DIFFY_API_KEY to be generated from

DIFFY_PROJECT_ID it is your project id. You can find it under project settings, General tab

PANTHEON_MACHINE_TOKEN to be generated in your Pantheon account under Personal Settings / Machine Tokens

KNOWN_HOSTS an empty variable required by shimataro/ssh-key-action@v2 step to populate ssh key to container

PANTHEON_REPO URL to Pantheon's git repo (example ssh://

PANTHEON_SITE_NAME machine name of your Pantheon's site. You can find in the list of all sites under your account.

PANTHEON_SSH_KEY private ssh key to connect to Pantheon so we can push the code to Pantheon's git repo. See section below.

SSH_CONFIG value is below. Used for connecting to Pantheon's git repo.

Host *
  StrictHostKeyChecking no

PANTHEON_SSH_KEY key for git push

You can generate a key pair with

ssh-keygen -m PEM -t rsa -b 4096 -f /tmp/new_key_for_ci -N ''

Copy the public key (/tmp/ and add it to your Pantheon's SSH keys.

Copy the private key (/tmp/new_key_for_ci) and add it as PANTHEON_SSH_KEY secret in GitHub Actions.

Diffy configuration

In order for Diffy to post results back to GitHub as a check you need to add github repo to Diffy's Project settings under Notifications / GitHub and authenticate Diffy's GitHub check by visiting

Full code

Pay attention that we check if we didn't reach the limit of number of multidev environments.

name: Test PRs MultiDev and Diffy

      - master

    runs-on: ubuntu-latest
      - uses: actions/checkout@v1
      - uses: shimataro/ssh-key-action@v2
          key: ${{ secrets.PANTHEON_SSH_KEY }}
          config: ${{ secrets.SSH_CONFIG }}
          known_hosts: ${{ secrets.KNOWN_HOSTS }}
      - name: Install Terminus
        uses: pantheon-systems/terminus-github-actions@main
          pantheon-machine-token: ${{ secrets.PANTHEON_MACHINE_TOKEN }}
      - name: Deploy to MultiDev
          pantheon_repo: '${{ secrets.PANTHEON_REPO }}'
          pantheon_site_name: '${{ secrets.PANTHEON_SITE_NAME }}'
          pr_number: ${{ github.event.number }}
        run: |
          git remote add pantheon $pantheon_repo
          git fetch pantheon
          git push --force pantheon HEAD:refs/heads/$PR_BRANCH
          # Check if current branch environment exists. If so -- delete it first.
          MULTIDEV_EXISTS=$(terminus env:list "${pantheon_site_name}" --format=list | grep "${PR_BRANCH}" | wc -l)
          if (( "${MULTIDEV_EXISTS}" > 0 )); then
            terminus multidev:delete "${pantheon_site_name}"."${PR_BRANCH}" --yes
            # Check if we allowed to create new multidev and if not -- delete old ones.
            # See
            MAX_CDE_COUNT="$(terminus site:info "${pantheon_site_name}" --field='Max Multidevs')"
            echo "Max Multidev Count: ${MAX_CDE_COUNT}"
            DOMAINS="$(terminus env:list "${pantheon_site_name}" --format=string --fields=ID,Created)"

            # Filter out dev, test, live as they don't count agains the Max Multidev count.
            CDE_DOMAINS=$(echo "$DOMAINS" | grep -vE '\b(dev|test|live)\b')
            # Count current environments
            CDE_COUNT="$(echo "$CDE_DOMAINS" | wc -l)"
            # remove whitespace to make the arithmetic work
            echo "There are currently ${CDE_COUNT}/${MAX_CDE_COUNT} multidevs. I need ${NUMBER_OF_CDES_REQUIRED}."
            if (( "${POTENTIAL_CDE_COUNT}" <= "${MAX_CDE_COUNT}" )); then
              echo "There are enough multidevs."
              echo "There are not enough multidevs, deleting the oldest ${NUMBER_OF_CDES_TO_DELETE} environment(s)."
              # Filter out any multidev environments that should never be deleted.
              # This is seperate from filtering out dev/test/live above as they still count towards 'Max Multidev'.
              # Then, sort the list by the timestamps
              SORTED_DOMAINS=$(echo "$CDE_DOMAINS" | grep -vE '\b(drupal10)\b' | sort -n -k2)
              # Delete as many multidevs as we need to make room for testing.
              for (( i = 1; i<=NUMBER_OF_CDES_TO_DELETE; i++ )); do
                ENV_TO_REMOVE="$(echo "$SORTED_DOMAINS" | head -n "$i" | tail -n 1 | cut -f1)"
                echo "Removing '${ENV_TO_REMOVE}'."
                terminus multidev:delete --delete-branch "${pantheon_site_name}.${ENV_TO_REMOVE}" --yes
          echo "Creating multidev ${PR_BRANCH}"
          terminus multidev:create $ $PR_BRANCH

      - name: Cache rebuild, import configuration
          pantheon_site_name: '${{ secrets.PANTHEON_SITE_NAME }}'
          pr_number: ${{ github.event.number }}
        run: |
          terminus remote:drush $pantheon_site_name.$PR_BRANCH cr
          terminus remote:drush $pantheon_site_name.$PR_BRANCH config:import -y
      - name: Trigger Diffy testing
          diffy_api_key: '${{ secrets.DIFFY_API_KEY }}'
          diffy_project_id: '${{ secrets.DIFFY_PROJECT_ID }}'
          pantheon_site_name: '${{ secrets.PANTHEON_SITE_NAME }}'
          pr_number: ${{ github.event.number }}
        run: |
          # Download Diffy-CLI.

          # Authenticate.
          php diffy.phar auth:login $diffy_api_key

          echo ${{ github.event.pull_request.head.sha }}

          # Compare with commit sha so Diffy's github check posts the results. 
          php diffy.phar project:compare $diffy_project_id dev custom --env2Url="${MULTIDEV_SITE_URL}" --commit-sha="${{ github.event.pull_request.head.sha }}"

Last updated