# GHA workflow which publishes previews of spec PRs to netlify. # # We keep this in a separate workflow to the main spec build, because it # requires access to the Netlify secret. By having it run on `workflow_run`, we # will only use the workflow definition file on the default branch, so we can # ensure that the secret can't be exfiltrated. # name: Upload Preview Build to Netlify on: workflow_run: workflows: [Spec] types: [completed] jobs: build: runs-on: ubuntu-latest if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request' steps: - name: "dump context data" run: | jq . < $GITHUB_EVENT_PATH - name: "🔍 Read PR number" id: readctx # we need to find the PR number that corresponds to the branch, which we do by # searching the GH API run: | head_branch='${{github.event.workflow_run.head_repository.owner.login}}:${{github.event.workflow_run.head_branch}}' echo "head branch: $head_branch" pulls_uri="https://api.github.com/repos/${{ github.repository }}/pulls?head=$(jq -Rr '@uri' <<<$head_branch)" pr_number=$(curl -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "$pulls_uri" | jq -r '.[] | .number') echo "PR number: $pr_number" echo "::set-output name=prnumber::$pr_number" - name: '📥 Download artifact' uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # v2.28.0 with: workflow: main.yaml run_id: ${{ github.event.workflow_run.id }} name: spec-artifact - name: "📦 Extract Artifacts" run: tar -xzvf spec.tar.gz && rm spec.tar.gz - name: "📤 Deploy to Netlify" id: netlify # v2.1.0 uses: nwtgck/actions-netlify@7a92f00dde8c92a5a9e8385ec2919775f7647352 with: publish-dir: spec deploy-message: "Deploy from GitHub Actions" enable-pull-request-comment: false enable-commit-comment: false alias: pr${{ steps.readctx.outputs.prnumber }} env: NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} timeout-minutes: 1 - name: "📝 Edit PR Description" # v1.0.1 uses: Beakyn/gha-comment-pull-request@2167a7aee24f9e61ce76a23039f322e49a990409 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: pull-request-number: ${{ steps.readctx.outputs.prnumber }} description-message: | Preview: ${{ steps.netlify.outputs.deploy-url }}