diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3e05b616bc..4bf34f44b1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,6 +6,9 @@ on: push: branches: [main] +permissions: + contents: read + env: CF_PROJECT_NAME: tech-docs CF_BASE_URL: tech-docs-2ac @@ -36,6 +39,11 @@ jobs: build-and-deploy: runs-on: ubuntu-latest needs: checks + if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) }} + permissions: + contents: read + issues: write + pull-requests: write steps: - name: Checkout 🛎️ uses: actions/checkout@v4 @@ -72,14 +80,16 @@ jobs: env: CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} CLOUDFLARE_API_TOKEN: ${{ secrets.CF_API_TOKEN }} + shell: bash run: | + set -o pipefail yarn dlx wrangler@4.7.1 pages deploy --commit-dirty=true --project-name "${CF_PROJECT_NAME}" build ${{ steps.extract_branch.outputs.branch }} | tee output.log sed < output.log -n 's#.*Take a peek over at \(.*\)$#specific_url=\1#p' >> $GITHUB_OUTPUT id: deploy - name: Create commit comment uses: mshick/add-pr-comment@v2 - if: ${{ github.event.number != '' }} + if: ${{ github.event_name == 'pull_request' }} with: message: | ### Deployed with **Cloudflare Pages** :cloud: :rocket: :ok: diff --git a/.github/workflows/cloudflare-pr-preview.yml b/.github/workflows/cloudflare-pr-preview.yml new file mode 100644 index 0000000000..94af3fbe52 --- /dev/null +++ b/.github/workflows/cloudflare-pr-preview.yml @@ -0,0 +1,131 @@ +name: cloudflare-pr-preview + +on: + workflow_dispatch: + inputs: + pr_number: + description: PR number to deploy + required: true + type: number + +env: + CF_PROJECT_NAME: tech-docs + CF_BASE_URL: tech-docs-2ac + +jobs: + build-preview: + name: Build PR preview + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: read + outputs: + preview_url: ${{ steps.pr.outputs.preview_url }} + head_label: ${{ steps.pr.outputs.head_label }} + steps: + - name: Validate pull request + id: pr + env: + GH_TOKEN: ${{ github.token }} + PR_NUMBER: ${{ inputs.pr_number }} + shell: bash + run: | + set -eu + + pr_path="repos/${GITHUB_REPOSITORY}/pulls/${PR_NUMBER}" + state="$(gh api "${pr_path}" --jq '.state')" + base_ref="$(gh api "${pr_path}" --jq '.base.ref')" + head_label="$(gh api "${pr_path}" --jq '.head.label')" + + if [ "${state}" != "open" ]; then + echo "PR #${PR_NUMBER} is ${state}, not open." + exit 1 + fi + + if [ "${base_ref}" != "main" ]; then + echo "PR #${PR_NUMBER} targets ${base_ref}, not main." + exit 1 + fi + + echo "preview_url=https://pr-${PR_NUMBER}.${CF_BASE_URL}.pages.dev" >> "${GITHUB_OUTPUT}" + echo "head_label=${head_label}" >> "${GITHUB_OUTPUT}" + + - name: Checkout PR merge 🛎️ + uses: actions/checkout@v4 + with: + ref: refs/pull/${{ inputs.pr_number }}/merge + fetch-depth: 0 + persist-credentials: false + + - uses: actions/setup-node@v4 + with: + node-version: '20.x' + cache: 'yarn' + + - name: Install ⚙️ + run: yarn install --frozen-lockfile + + - name: Build 🧱 + run: yarn build + + - name: Upload preview artifact + uses: actions/upload-artifact@v4 + with: + name: cloudflare-preview-pr-${{ inputs.pr_number }} + path: build + if-no-files-found: error + retention-days: 3 + + deploy-preview: + name: Deploy PR preview + runs-on: ubuntu-latest + needs: build-preview + environment: cloudflare-preview + permissions: + actions: read + contents: read + issues: write + pull-requests: write + steps: + - name: Download preview artifact + uses: actions/download-artifact@v4 + with: + name: cloudflare-preview-pr-${{ inputs.pr_number }} + path: build + + - name: Deploy to Cloudflare + id: deploy + env: + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} + CLOUDFLARE_API_TOKEN: ${{ secrets.CF_API_TOKEN }} + PR_NUMBER: ${{ inputs.pr_number }} + shell: bash + run: | + set -eu + set -o pipefail + + npx --yes wrangler@4.7.1 pages deploy --commit-dirty=true --project-name "${CF_PROJECT_NAME}" build --branch "pr-${PR_NUMBER}" | tee output.log + + specific_url="$(sed < output.log -n 's#.*Take a peek over at \(.*\)$#\1#p' | tail -n 1)" + echo "preview_url=https://pr-${PR_NUMBER}.${CF_BASE_URL}.pages.dev" >> "${GITHUB_OUTPUT}" + echo "specific_url=${specific_url}" >> "${GITHUB_OUTPUT}" + + - name: Comment with preview URL + env: + GH_TOKEN: ${{ github.token }} + PR_NUMBER: ${{ inputs.pr_number }} + PREVIEW_URL: ${{ steps.deploy.outputs.preview_url }} + SPECIFIC_URL: ${{ steps.deploy.outputs.specific_url }} + HEAD_LABEL: ${{ needs.build-preview.outputs.head_label }} + shell: bash + run: | + set -eu + + cat > comment.md <