|
|
|
|
# GHA workflow which publishes previews of spec PRs to netlify.
|
|
|
|
|
#
|
|
|
|
|
# We keep this in a separate workflow to the main spec build, because it
|
|
|
|
|
# requires access to the Netlify secret. By having it run on `workflow_run`, we
|
|
|
|
|
# will only use the workflow definition file on the default branch, so we can
|
|
|
|
|
# ensure that the secret can't be exfiltrated.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
name: Upload Preview Build to Netlify
|
|
|
|
|
on:
|
|
|
|
|
workflow_run:
|
|
|
|
|
workflows: [Spec]
|
|
|
|
|
types: [completed]
|
|
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
|
build:
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
|
|
|
|
|
steps:
|
|
|
|
|
- name: "dump context data"
|
|
|
|
|
run: |
|
|
|
|
|
jq . < $GITHUB_EVENT_PATH
|
|
|
|
|
|
|
|
|
|
- name: "🔍 Read PR number"
|
|
|
|
|
id: readctx
|
|
|
|
|
# we need to find the PR number that corresponds to the branch, which we do by
|
|
|
|
|
# searching the GH API
|
|
|
|
|
env:
|
|
|
|
|
OWNER_LOGIN: ${{ github.event.workflow_run.head_repository.owner.login }}
|
|
|
|
|
HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
|
|
|
|
|
run: |
|
|
|
|
|
head_branch="${OWNER_LOGIN}:${HEAD_BRANCH}"
|
|
|
|
|
echo "head branch: $head_branch"
|
|
|
|
|
pulls_uri="https://api.github.com/repos/${{ github.repository }}/pulls?head=$(jq -Rr '@uri' <<<$head_branch)"
|
|
|
|
|
pr_number=$(curl -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "$pulls_uri" |
|
|
|
|
|
jq -r '.[] | .number')
|
|
|
|
|
echo "PR number: $pr_number"
|
|
|
|
|
echo "prnumber=$pr_number" >> "$GITHUB_OUTPUT"
|
|
|
|
|
|
|
|
|
|
- name: '📥 Download artifact'
|
|
|
|
|
uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
|
|
|
|
|
with:
|
|
|
|
|
workflow: main.yaml
|
|
|
|
|
run_id: ${{ github.event.workflow_run.id }}
|
|
|
|
|
name: spec-artifact
|
|
|
|
|
|
|
|
|
|
- name: "📦 Extract Artifacts"
|
|
|
|
|
run: tar -xzvf spec.tar.gz && rm spec.tar.gz
|
|
|
|
|
|
|
|
|
|
- name: "📤 Deploy to Netlify"
|
|
|
|
|
id: netlify
|
|
|
|
|
uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 # v3.0.0
|
|
|
|
|
with:
|
|
|
|
|
publish-dir: spec
|
|
|
|
|
deploy-message: "Deploy from GitHub Actions"
|
|
|
|
|
enable-pull-request-comment: false
|
|
|
|
|
enable-commit-comment: false
|
|
|
|
|
alias: pr${{ steps.readctx.outputs.prnumber }}
|
|
|
|
|
env:
|
|
|
|
|
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
|
|
|
|
|
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
|
|
|
|
|
timeout-minutes: 1
|
|
|
|
|
|
|
|
|
|
- name: "📝 Edit PR Description"
|
|
|
|
|
# v1.0.1
|
|
|
|
|
uses: Beakyn/gha-comment-pull-request@2167a7aee24f9e61ce76a23039f322e49a990409
|
|
|
|
|
env:
|
|
|
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
|
with:
|
|
|
|
|
pull-request-number: ${{ steps.readctx.outputs.prnumber }}
|
|
|
|
|
description-message: |
|
|
|
|
|
Preview: ${{ steps.netlify.outputs.deploy-url }}
|
