privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-10-31 03:26:35 +00:00
Code Issues Activity

ci: Allow blog builds from unprivileged forks

Browse Source
This commit is contained in:
Jonah Aragon
2024-11-15 23:11:30 -06:00
parent 155691f94b
commit 7c3424f001
3 changed files with 44 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/build-blog.yml vendored
View File

@@ -65,6 +65,10 @@ jobs:
with: with:
cache: "pipenv" cache: "pipenv"
- name: Install Python (no pipenv)
if: ${{ !inputs.privileged }}
uses: actions/setup-python@v5
- name: Install Python Dependencies - name: Install Python Dependencies
if: inputs.privileged if: inputs.privileged
run: | run: |
@@ -72,10 +76,22 @@ jobs:
pipenv install pipenv install
sudo apt install pngquant sudo apt install pngquant
- name: Build Website - name: Install Python Dependencies (Unprivileged)
if: ${{ !inputs.privileged }}
run: |
pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin
sudo apt install pngquant
- name: Build Website (Privileged)
if: inputs.privileged
run: | run: |
pipenv run mkdocs build --config-file mkdocs.blog.yml pipenv run mkdocs build --config-file mkdocs.blog.yml
- name: Build Website (Unprivileged)
if: ${{ !inputs.privileged }}
run: |
BUILD_INSIDERS=false mkdocs build --config-file mkdocs.blog.yml
- name: Package Website - name: Package Website
run: | run: |
tar -czf site-build-blog.tar.gz site tar -czf site-build-blog.tar.gz site

14
.github/workflows/build-pr.yml vendored
View File

@@ -19,12 +19,19 @@ jobs:
env: env:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }} ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
steps: steps:
- name: Save PR metadata
run: |
mkdir -p ./metadata
echo ${{ github.event.number }} > ./metadata/NR
echo ${{ github.event.pull_request.head.sha }} > ./metadata/SHA
- name: Set submodules for fork - name: Set submodules for fork
if: env.ACTIONS_SSH_KEY == '' if: env.ACTIONS_SSH_KEY == ''
id: submodules-fork id: submodules-fork
run: | run: |
echo 'submodules={"repo":["brand","i18n"]}' >> "$GITHUB_OUTPUT" echo 'submodules={"repo":["brand","i18n"]}' >> "$GITHUB_OUTPUT"
echo "privileged=false" >> "$GITHUB_OUTPUT" echo "privileged=false" >> "$GITHUB_OUTPUT"
echo "false" > ./metadata/PRIVILEGED
- name: Set submodules for main repo - name: Set submodules for main repo
if: env.ACTIONS_SSH_KEY != '' if: env.ACTIONS_SSH_KEY != ''
@@ -32,12 +39,7 @@ jobs:
run: | run: |
echo 'submodules={"repo":["brand","i18n","mkdocs-material-insiders"]}' >> "$GITHUB_OUTPUT" echo 'submodules={"repo":["brand","i18n","mkdocs-material-insiders"]}' >> "$GITHUB_OUTPUT"
echo "privileged=true" >> "$GITHUB_OUTPUT" echo "privileged=true" >> "$GITHUB_OUTPUT"
echo "true" > ./metadata/PRIVILEGED
- name: Save PR metadata
run: |
mkdir -p ./metadata
echo ${{ github.event.number }} > ./metadata/NR
echo ${{ github.event.pull_request.head.sha }} > ./metadata/SHA
- name: Upload metadata as artifact - name: Upload metadata as artifact
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4

19
.github/workflows/publish-pr.yml vendored
View File

@@ -22,6 +22,7 @@ jobs:
outputs: outputs:
pr_number: ${{ steps.metadata.outputs.pr_number }} pr_number: ${{ steps.metadata.outputs.pr_number }}
sha: ${{ steps.metadata.outputs.sha }} sha: ${{ steps.metadata.outputs.sha }}
privileged: ${{ steps.metadata.outputs.privileged }}
steps: steps:
- name: Download Website Build Artifact - name: Download Website Build Artifact
@@ -86,6 +87,7 @@ jobs:
unzip metadata.zip -d metadata unzip metadata.zip -d metadata
echo "pr_number=$(cat metadata/NR)" >> "$GITHUB_OUTPUT" echo "pr_number=$(cat metadata/NR)" >> "$GITHUB_OUTPUT"
echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT" echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT"
echo "privileged=$(cat metadata/PRIVILEGED)" >> "$GITHUB_OUTPUT"
deploy_netlify: deploy_netlify:
needs: metadata needs: metadata
@@ -122,6 +124,7 @@ jobs:
address: ${{ needs.deploy_garage.outputs.address }} address: ${{ needs.deploy_garage.outputs.address }}
steps: steps:
- uses: thollander/actions-comment-pull-request@v2.5.0 - uses: thollander/actions-comment-pull-request@v2.5.0
if: ${{ needs.metadata.outputs.privileged == 'true' }}
with: with:
pr_number: ${{ needs.metadata.outputs.pr_number }} pr_number: ${{ needs.metadata.outputs.pr_number }}
message: | message: |
@@ -132,3 +135,19 @@ jobs:
| <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} | | <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} |
| <span aria-hidden="true">😎</span> Preview | ${{ env.address }} | | <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
comment_tag: deployment comment_tag: deployment
- uses: thollander/actions-comment-pull-request@v2.5.0
if: ${{ needs.metadata.outputs.privileged == 'false' }}
with:
pr_number: ${{ needs.metadata.outputs.pr_number }}
message: |
### <span aria-hidden="true">✅</span> Your preview is ready!
| Name | Link |
| :---: | ---- |
| <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} |
| <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features.
Maintainers should ensure this PR has been reviewed locally with a full build before merging.
comment_tag: deployment