Setup GitHub actions

Author: nicolo-ribaudo

.github/workflows/pr.yml

@@ -0,0 +1,39 @@
+name: CI
+on:
+  push: {}
+  pull_request_target:
+    types: [opened, reopened, synchronize]
+jobs:
+  build:
+    name: Preview
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      # SECURITY: We are checking out dnsconfig.js and creds.json from the PR.
+      # These two files cannot perform I/O, and cannot thus be used to leak
+      # the secret tokens.
+      # - name: Checkout config from PR
+      #   run: |
+      #     git fetch origin +refs/pull/${{ github.event.pull_request.number }}/head
+      #     git checkout FETCH_HEAD -- dnsconfig.js
+      - name: Generate preview
+        id: preview
+        run: |
+          {
+            echo "dnscontrol<<DNS_CONTROL_PREVIEW_OUTPUT"
+            docker run --rm -v "$(pwd):/dns" --env CLOUDFLARE_ACCOUNT_ID --env CLOUDFLARE_API_TOKEN ghcr.io/stackexchange/dnscontrol:4.18.0 preview
+            echo "DNS_CONTROL_PREVIEW_OUTPUT"
+          } | tee -a $GITHUB_OUTPUT
+        env:
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN_READ_ONLY }}
+      - name: Create comment
+        uses: babel/actions/create-comment@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          issue: 1
+          comment: >
+            Preview output:
+            ```
+            ${{ steps.preview.outputs.dnscontrol }}
+            ```