Skip to content

Commit 321e44f

Browse files
authored
Split workflows based on permissions (#414)
1 parent 7151a6c commit 321e44f

File tree

8 files changed

+90
-120
lines changed

8 files changed

+90
-120
lines changed

.github/workflows/autofix.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@ on:
44
branches-ignore: ["changeset-release/main"]
55
push:
66
branches: ["main"]
7+
workflow_dispatch:
8+
79
permissions:
810
contents: read
911

@@ -20,11 +22,9 @@ jobs:
2022
node-version: 22
2123

2224
- name: Install Rust
23-
uses: actions-rs/toolchain@v1
25+
uses: dtolnay/rust-toolchain@stable
2426
with:
25-
toolchain: stable
26-
profile: minimal
27-
override: true
27+
targets: wasm32-wasip1
2828
- name: Enable caching
2929
uses: Swatinem/rust-cache@v2
3030
with:

.github/workflows/changeset.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@ on:
44
pull_request:
55
branches:
66
- main
7+
workflow_dispatch:
8+
9+
permissions:
10+
contents: read
711

812
jobs:
913
check-changeset:

.github/workflows/codspeed.yml

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@ on:
1717
- ".github/workflows/codspeed.yml"
1818
workflow_dispatch:
1919

20+
permissions:
21+
contents: read
22+
2023
jobs:
2124
benchmarks:
2225
runs-on: ubuntu-latest
@@ -36,14 +39,9 @@ jobs:
3639
run_install: false
3740

3841
- name: Install Rust
39-
uses: actions-rs/toolchain@v1
42+
uses: dtolnay/rust-toolchain@stable
4043
with:
41-
toolchain: stable
42-
profile: minimal
43-
override: true
44-
45-
- name: Add wasm32-wasip1 target
46-
run: rustup target add wasm32-wasip1
44+
targets: wasm32-wasip1
4745

4846
- name: Enable caching
4947
uses: Swatinem/rust-cache@v2

.github/workflows/docs.yml

Lines changed: 26 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,6 @@ env:
44
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
55

66
on:
7-
workflow_dispatch:
8-
inputs:
9-
pr_number:
10-
description: "Pull Request Number"
11-
required: true
12-
type: string
137
push:
148
branches:
159
- main
@@ -18,23 +12,27 @@ on:
1812
- "packages/yak-swc/**"
1913
- "packages/next-yak/**"
2014
- ".github/workflows/docs.yml"
21-
pull_request:
22-
branches:
23-
- main
24-
paths:
25-
- "packages/docs/**"
26-
- "packages/yak-swc/**"
27-
- "packages/next-yak/**"
28-
- ".github/workflows/docs.yml"
15+
workflow_dispatch:
16+
inputs:
17+
pr_number:
18+
description: "Pull Request Number"
19+
required: true
20+
type: string
21+
22+
permissions:
23+
contents: read
2924

3025
jobs:
3126
build-and-deploy:
3227
runs-on: ubuntu-latest
28+
env:
29+
IS_PRODUCTION: ${{ github.event_name == 'push' }}
30+
PR_NUMBER: ${{ github.event.inputs.pr_number }}
3331
steps:
3432
- name: Checkout
3533
uses: actions/checkout@v3
3634
with:
37-
ref: ${{ github.event.pull_request.head.sha || github.event.inputs.pr_number && format('refs/pull/{0}/head', github.event.inputs.pr_number) || github.ref }}
35+
ref: ${{ github.event.inputs.pr_number && format('refs/pull/{0}/head', github.event.inputs.pr_number) || github.ref }}
3836

3937
- name: Install pnpm
4038
uses: pnpm/action-setup@v4
@@ -52,14 +50,9 @@ jobs:
5250
run: pnpm install
5351

5452
- name: Install Rust
55-
uses: actions-rs/toolchain@v1
53+
uses: dtolnay/rust-toolchain@stable
5654
with:
57-
toolchain: stable
58-
profile: minimal
59-
override: true
60-
61-
- name: Add wasm32-wasip1 target
62-
run: rustup target add wasm32-wasip1
55+
targets: wasm32-wasip1
6356

6457
- name: Install wasm-pack
6558
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
@@ -80,48 +73,30 @@ jobs:
8073

8174
# Preview deployment (for pull requests, manual triggers, and non-main pushes)
8275
- name: Pull Vercel environment information (Preview)
83-
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref != 'refs/heads/main')
76+
if: env.IS_PRODUCTION == 'false'
8477
run: vercel pull --yes --environment=preview --token ${{ secrets.VERCEL_TOKEN }}
78+
8579
- name: Build project artifacts (Preview)
86-
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref != 'refs/heads/main')
80+
if: env.IS_PRODUCTION == 'false'
8781
run: vercel build --token ${{ secrets.VERCEL_TOKEN }}
82+
8883
- name: Deploy to Vercel (Preview)
8984
id: deploy-preview
90-
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref != 'refs/heads/main')
85+
if: env.IS_PRODUCTION == 'false'
9186
run: |
9287
DEPLOYMENT_URL=$(vercel deploy --prebuilt --token ${{ secrets.VERCEL_TOKEN }})
9388
echo "deployment_url=$DEPLOYMENT_URL" >> $GITHUB_OUTPUT
94-
- name: Find Documentation Comment
95-
uses: peter-evans/find-comment@v3
96-
id: find-comment
97-
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch'
98-
with:
99-
issue-number: ${{ github.event.number || github.event.inputs.pr_number }}
100-
comment-author: "github-actions[bot]"
101-
body-includes: "📚 Documentation Preview Deployed!"
102-
- name: Create or Update Documentation Comment
103-
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch'
104-
uses: peter-evans/create-or-update-comment@v4
105-
with:
106-
comment-id: ${{ steps.find-comment.outputs.comment-id }}
107-
issue-number: ${{ github.event.number || github.event.inputs.pr_number }}
108-
body: |
109-
## 📚 Documentation Preview Deployed!
110-
111-
A preview of the documentation changes in this PR has been deployed to Vercel:
112-
113-
🔗 [View Documentation Preview](${{ steps.deploy-preview.outputs.deployment_url }})
114-
115-
This preview will update automatically with new commits to this PR.
116-
edit-mode: replace
89+
echo "Preview deployment URL: $DEPLOYMENT_URL"
11790
11891
# Production deployment (for main branch pushes)
11992
- name: Pull Vercel environment information (Production)
120-
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
93+
if: env.IS_PRODUCTION == 'true'
12194
run: vercel pull --yes --environment=production --token ${{ secrets.VERCEL_TOKEN }}
95+
12296
- name: Build project artifacts (Production)
123-
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
97+
if: env.IS_PRODUCTION == 'true'
12498
run: vercel build --prod --token ${{ secrets.VERCEL_TOKEN }}
99+
125100
- name: Deploy to Vercel (Production)
126-
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
101+
if: env.IS_PRODUCTION == 'true'
127102
run: vercel deploy --prebuilt --prod --token ${{ secrets.VERCEL_TOKEN }}

.github/workflows/example.yml

Lines changed: 35 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,10 @@
11
name: Build and Deploy packages/example
2+
23
env:
34
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
45
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
56

67
on:
7-
workflow_dispatch:
8-
inputs:
9-
pr_number:
10-
description: "Pull Request Number"
11-
required: true
12-
type: string
138
push:
149
branches:
1510
- main
@@ -18,33 +13,42 @@ on:
1813
- "packages/yak-swc/**"
1914
- "packages/next-yak/**"
2015
- ".github/workflows/example.yml"
21-
pull_request:
22-
branches:
23-
- main
24-
paths:
25-
- "packages/example/**"
26-
- "packages/yak-swc/**"
27-
- "packages/next-yak/**"
28-
- ".github/workflows/example.yml"
16+
workflow_dispatch:
17+
inputs:
18+
pr_number:
19+
description: "Pull Request Number"
20+
required: true
21+
type: string
22+
23+
permissions:
24+
contents: read
2925

3026
jobs:
3127
build-and-deploy:
3228
runs-on: ubuntu-latest
29+
# Define whether this is a production deployment
30+
env:
31+
IS_PRODUCTION: ${{ github.event_name == 'push' }}
32+
PR_NUMBER: ${{ github.event.inputs.pr_number }}
33+
3334
steps:
3435
- name: Checkout
3536
uses: actions/checkout@v3
3637
with:
37-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
38+
ref: ${{ github.event.inputs.pr_number && format('refs/pull/{0}/head', github.event.inputs.pr_number) || github.ref }}
39+
3840
- uses: pnpm/action-setup@v4
3941
name: Install pnpm
4042
with:
4143
version: 10.15.0
4244
run_install: false
45+
4346
- name: Install Node.js
4447
uses: actions/setup-node@v3
4548
with:
4649
node-version: 22
4750
cache: "pnpm"
51+
4852
- name: Install node_modules
4953
run: pnpm install
5054

@@ -55,13 +59,10 @@ jobs:
5559
run: pnpm --filter next-yak-example lint
5660

5761
- name: Install Rust
58-
uses: actions-rs/toolchain@v1
62+
uses: dtolnay/rust-toolchain@stable
5963
with:
60-
toolchain: stable
61-
profile: minimal
62-
override: true
63-
- name: Add wasm32-wasip1 target
64-
run: rustup target add wasm32-wasip1
64+
targets: wasm32-wasip1
65+
6566
- name: Enable caching
6667
uses: Swatinem/rust-cache@v2
6768
with:
@@ -72,53 +73,36 @@ jobs:
7273

7374
- name: Install Vercel CLI
7475
run: npm install -g vercel@35
76+
7577
- name: Link Vercel project
7678
run: vercel link --yes --token ${{ secrets.VERCEL_TOKEN }}
7779

78-
# Preview deployment (for pull requests and non-main pushes)
80+
# Preview deployment (for workflow_dispatch)
7981
- name: Pull Vercel environment information (Preview)
80-
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref != 'refs/heads/main')
82+
if: env.IS_PRODUCTION == 'false'
8183
run: vercel pull --yes --environment=preview --token ${{ secrets.VERCEL_TOKEN }}
84+
8285
- name: Build project artifacts (Preview)
83-
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref != 'refs/heads/main')
86+
if: env.IS_PRODUCTION == 'false'
8487
run: vercel build --token ${{ secrets.VERCEL_TOKEN }}
88+
8589
- name: Deploy to Vercel (Preview)
8690
id: deploy-preview
87-
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref != 'refs/heads/main')
91+
if: env.IS_PRODUCTION == 'false'
8892
run: |
8993
DEPLOYMENT_URL=$(vercel deploy --prebuilt --token ${{ secrets.VERCEL_TOKEN }})
9094
echo "deployment_url=$DEPLOYMENT_URL" >> $GITHUB_OUTPUT
91-
- name: Find Documentation Comment
92-
uses: peter-evans/find-comment@v3
93-
id: find-comment
94-
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch'
95-
with:
96-
issue-number: ${{ github.event.number }}
97-
comment-author: "github-actions[bot]"
98-
body-includes: "🧪 Example App Preview Deployed!"
99-
- name: Create or Update Documentation Comment
100-
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch'
101-
uses: peter-evans/create-or-update-comment@v4
102-
with:
103-
comment-id: ${{ steps.find-comment.outputs.comment-id }}
104-
issue-number: ${{ github.event.number }}
105-
body: |
106-
## 🧪 Example App Preview Deployed!
107-
108-
A preview of the example app changes in this PR has been deployed to Vercel:
109-
110-
🔗 [View Example App Preview](${{ steps.deploy-preview.outputs.deployment_url }})
111-
112-
This preview will update automatically with new commits to this PR.
113-
edit-mode: replace
95+
echo "Preview deployment URL: $DEPLOYMENT_URL"
11496
11597
# Production deployment (for main branch pushes)
11698
- name: Pull Vercel environment information (Production)
117-
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
99+
if: env.IS_PRODUCTION == 'true'
118100
run: vercel pull --yes --environment=production --token ${{ secrets.VERCEL_TOKEN }}
101+
119102
- name: Build project artifacts (Production)
120-
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
103+
if: env.IS_PRODUCTION == 'true'
121104
run: vercel build --prod --token ${{ secrets.VERCEL_TOKEN }}
105+
122106
- name: Deploy to Vercel (Production)
123-
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
107+
if: env.IS_PRODUCTION == 'true'
124108
run: vercel deploy --prebuilt --prod --token ${{ secrets.VERCEL_TOKEN }}

.github/workflows/release.yml

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,11 @@ on:
77

88
concurrency: ${{ github.workflow }}-${{ github.ref }}
99

10+
permissions:
11+
contents: write
12+
pull-requests: write
13+
id-token: write
14+
1015
jobs:
1116
release:
1217
name: Release
@@ -29,13 +34,9 @@ jobs:
2934
run_install: false
3035

3136
- name: Install Rust
32-
uses: actions-rs/toolchain@v1
37+
uses: dtolnay/rust-toolchain@stable
3338
with:
34-
toolchain: stable
35-
profile: minimal
36-
override: true
37-
- name: Add wasm32-wasip1 target
38-
run: rustup target add wasm32-wasip1
39+
targets: wasm32-wasip1
3940
- name: Enable caching
4041
uses: Swatinem/rust-cache@v2
4142
with:

.github/workflows/swc.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@ on:
44
branches:
55
- main
66
pull_request:
7+
workflow_dispatch:
8+
9+
permissions:
10+
contents: read
711

812
env:
913
CARGO_TERM_COLOR: always
@@ -28,4 +32,4 @@ jobs:
2832
- name: Run cargo fmt
2933
run: cargo fmt --manifest-path packages/yak-swc/Cargo.toml --all -- --check
3034
- name: Run cargo clippy
31-
run: cargo clippy --manifest-path packages/yak-swc/Cargo.toml
35+
run: cargo clippy --manifest-path packages/yak-swc/Cargo.toml
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,10 @@ on:
1515
- "packages/next-yak/**"
1616
- "packages/yak-swc/**"
1717
- ".github/workflows/node.js.yml"
18+
workflow_dispatch:
19+
20+
permissions:
21+
contents: read
1822

1923
jobs:
2024
build:

0 commit comments

Comments
 (0)