privacyguides.org/.github/workflows/publish-pr.yml

name: 📦 PR Preview

on:
  workflow_run:
    workflows: [🛠️ Build PR Preview]
    types:
      - completed

permissions:
  actions: read
  contents: read
  pull-requests: write

jobs:
  metadata:
    if: >
      github.event.workflow_run.event == 'pull_request' &&
      github.event.workflow_run.conclusion == 'success'

    runs-on: ubuntu-latest

    outputs:
      pr_number: ${{ steps.metadata.outputs.pr_number }}
      sha: ${{ steps.metadata.outputs.sha }}
      privileged: ${{ steps.metadata.outputs.privileged }}

    steps:
      - name: Download Website Build Artifact
        uses: actions/github-script@v7.0.1
        with:
          script: |
            var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
               owner: context.repo.owner,
               repo: context.repo.repo,
               run_id: ${{github.event.workflow_run.id }},
            });
            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
              return artifact.name == "site-build-combined"
            })[0];
            var download = await github.rest.actions.downloadArtifact({
               owner: context.repo.owner,
               repo: context.repo.repo,
               artifact_id: matchArtifact.id,
               archive_format: 'zip',
            });
            var fs = require('fs');
            fs.writeFileSync('${{github.workspace}}/site-build-combined.zip', Buffer.from(download.data));

      - name: Unpack Website
        run: |
          mkdir -p site
          unzip site-build-combined.zip -d site
          tar -czvf site-build-combined.tar.gz site

      - name: Upload Combined Build Artifact
        uses: actions/upload-artifact@v4
        with:
          name: site-build-combined.tar.gz
          path: site-build-combined.tar.gz
          retention-days: 5

      - name: Download Metadata Artifact
        uses: actions/github-script@v7.0.1
        with:
          script: |
            var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
               owner: context.repo.owner,
               repo: context.repo.repo,
               run_id: ${{github.event.workflow_run.id }},
            });
            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
              return artifact.name == "metadata"
            })[0];
            var download = await github.rest.actions.downloadArtifact({
               owner: context.repo.owner,
               repo: context.repo.repo,
               artifact_id: matchArtifact.id,
               archive_format: 'zip',
            });
            var fs = require('fs');
            fs.writeFileSync('${{github.workspace}}/metadata.zip', Buffer.from(download.data));

      - name: Set Metadata
        id: metadata
        run: |
          mkdir -p metadata
          unzip metadata.zip -d metadata
          echo "pr_number=$(cat metadata/NR)" >> "$GITHUB_OUTPUT"
          echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT"
          echo "privileged=$(cat metadata/PRIVILEGED)" >> "$GITHUB_OUTPUT"

  deploy_garage:
    needs: metadata
    permissions:
      contents: read
    runs-on: ubuntu-latest
    outputs:
      address: ${{ steps.deployment.outputs.address }}
    steps:
      - uses: actions/download-artifact@v4
        with:
          pattern: site-build-combined.tar.gz
          merge-multiple: true

      - run: |
          for file in *.tar.gz; do tar -zxf "$file"; done
          ls -la public/

      - name: Limit length of site alias to 12
        run: echo "SHORT_ALIAS=$(echo "${{ needs.metadata.outputs.pr_number }}" | cut -c1-12)" >> "$GITHUB_ENV"

      - uses: hkdobrev/minio-deploy-action@v1
        with:
          endpoint: https://${{ vars.PREVIEW_GARAGE_HOSTNAME }}
          bucket:  ${{ vars.PREVIEW_GARAGE_BUCKET }}
          access_key: ${{ secrets.PREVIEW_GARAGE_KEY_ID }}
          secret_key: ${{ secrets.PREVIEW_GARAGE_SECRET_KEY }}
          source_dir: "public/"
          target_dir: "/${{ env.SHORT_ALIAS }}/"

      - id: deployment
        run: |
          echo "address=https://pr${{ env.SHORT_ALIAS }}.unreviewed.privacyguides.dev/en/" >> "$GITHUB_OUTPUT"

  comment:
    permissions:
      pull-requests: write
    needs: deploy_garage
    runs-on: ubuntu-latest
    env:
      address: ${{ needs.deploy_garage.outputs.address }}
    steps:
      - uses: thollander/actions-comment-pull-request@v2.5.0
        with:
          pr_number: ${{ needs.metadata.outputs.pr_number }}
          message: |
            ### <span aria-hidden="true">✅</span> Your preview is ready!

            |  Name | Link |
            | :---: | ---- |
            | <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} |
            | <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
          comment_tag: deployment