1
0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-10-24 08:12:14 +00:00
Files
privacyguides.org/.github/workflows/publish-pr.yml
2025-09-13 14:55:11 +09:30

141 lines
5.0 KiB
YAML

name: 📦 PR Preview
on:
workflow_run:
workflows: [🛠️ Build PR Preview]
types:
- completed
permissions:
actions: read
contents: read
pull-requests: write
jobs:
metadata:
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
outputs:
pr_number: ${{ steps.metadata.outputs.pr_number }}
sha: ${{ steps.metadata.outputs.sha }}
privileged: ${{ steps.metadata.outputs.privileged }}
steps:
- name: Download Website Build Artifact
uses: actions/github-script@v7.0.1
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "site-build-combined"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/site-build-combined.zip', Buffer.from(download.data));
- name: Unpack Website
run: |
mkdir -p site
unzip site-build-combined.zip -d site
tar -czvf site-build-combined.tar.gz site
- name: Upload Combined Build Artifact
uses: actions/upload-artifact@v4
with:
name: site-build-combined.tar.gz
path: site-build-combined.tar.gz
retention-days: 5
- name: Download Metadata Artifact
uses: actions/github-script@v7.0.1
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "metadata"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/metadata.zip', Buffer.from(download.data));
- name: Set Metadata
id: metadata
run: |
mkdir -p metadata
unzip metadata.zip -d metadata
echo "pr_number=$(cat metadata/NR)" >> "$GITHUB_OUTPUT"
echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT"
echo "privileged=$(cat metadata/PRIVILEGED)" >> "$GITHUB_OUTPUT"
deploy_garage:
needs: metadata
permissions:
contents: read
uses: privacyguides/webserver/.github/workflows/deploy-garage-preview.yml@main
with:
alias: ${{ needs.metadata.outputs.pr_number }}
bucket: ${{ vars.PREVIEW_GARAGE_BUCKET }}
hostname: ${{ vars.PREVIEW_GARAGE_HOSTNAME }}
secrets:
PREVIEW_GARAGE_KEY_ID: ${{ secrets.PREVIEW_GARAGE_KEY_ID }}
PREVIEW_GARAGE_SECRET_KEY: ${{ secrets.PREVIEW_GARAGE_SECRET_KEY }}
comment:
permissions:
pull-requests: write
needs: [deploy_garage, metadata]
runs-on: ubuntu-latest
env:
address: ${{ needs.deploy_garage.outputs.address }}
steps:
- uses: thollander/actions-comment-pull-request@v2.5.0
if: ${{ needs.metadata.outputs.privileged == 'true' }}
with:
pr_number: ${{ needs.metadata.outputs.pr_number }}
message: |
### <span aria-hidden="true">✅</span> Your preview is ready!
| Name | Link |
| :---: | ---- |
| <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} |
| <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
comment_tag: deployment
- uses: thollander/actions-comment-pull-request@v2.5.0
if: ${{ needs.metadata.outputs.privileged == 'false' }}
with:
pr_number: ${{ needs.metadata.outputs.pr_number }}
message: |
### <span aria-hidden="true">✅</span> Your preview is ready!
| Name | Link |
| :---: | ---- |
| <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} |
| <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features. Maintainers should ensure this PR has been reviewed locally with a full build before merging.
comment_tag: deployment