Deploy previews for PRs #5260
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy previews for PRs | |
| on: | |
| # zizmor: ignore[dangerous-triggers] | |
| # Reason: This is now restricted to internal PRs only using the 'if' condition below. | |
| workflow_run: | |
| workflows: ["Build"] | |
| types: | |
| - completed | |
| jobs: | |
| prdetails: | |
| # Logic: | |
| # 1. Build must be successful | |
| # 2. Event must be a pull_request | |
| # 3. Head repository must be the SAME as the base repository (No Forks!) | |
| if: > | |
| github.event.workflow_run.conclusion == 'success' && | |
| github.event.workflow_run.event == 'pull_request' && | |
| github.event.workflow_run.head_repository.full_name == github.repository | |
| runs-on: ubuntu-latest | |
| outputs: | |
| pr_number: ${{ steps.prdetails.outputs.pr_id }} | |
| pr_data_json: ${{ steps.prdetails.outputs.data }} | |
| steps: | |
| - id: prdetails | |
| uses: matrix-org/pr-details-action@15bde5285d7850ba276cc3bd8a03733e3f24622a # v1.3 | |
| continue-on-error: true | |
| with: | |
| owner: ${{ github.event.workflow_run.head_repository.owner.login }} | |
| branch: ${{ github.event.workflow_run.head_branch }} | |
| netlify-full: | |
| needs: prdetails | |
| permissions: | |
| deployments: write | |
| uses: ./.github/workflows/deploy-to-netlify.yaml | |
| with: | |
| artifact_run_id: ${{ github.event.workflow_run.id || github.run_id }} | |
| pr_number: ${{ needs.prdetails.outputs.pr_number }} | |
| pr_head_full_name: ${{ github.event.workflow_run.head_repository.full_name }} | |
| pr_head_ref: ${{ needs.prdetails.outputs.pr_data_json && fromJSON(needs.prdetails.outputs.pr_data_json).head.ref }} | |
| deployment_ref: ${{ needs.prdetails.outputs.pr_data_json && fromJSON(needs.prdetails.outputs.pr_data_json).head.sha || github.ref || github.head_ref }} | |
| package: full | |
| secrets: | |
| ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }} | |
| NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
| NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} | |
| netlify-sdk: | |
| needs: prdetails | |
| permissions: | |
| deployments: write | |
| uses: ./.github/workflows/deploy-to-netlify.yaml | |
| with: | |
| artifact_run_id: ${{ github.event.workflow_run.id || github.run_id }} | |
| pr_number: ${{ needs.prdetails.outputs.pr_number }} | |
| pr_head_full_name: ${{ github.event.workflow_run.head_repository.full_name }} | |
| pr_head_ref: ${{ needs.prdetails.outputs.pr_data_json && fromJSON(needs.prdetails.outputs.pr_data_json).head.ref }} | |
| deployment_ref: ${{ needs.prdetails.outputs.pr_data_json && fromJSON(needs.prdetails.outputs.pr_data_json).head.sha || github.ref || github.head_ref }} | |
| package: sdk | |
| secrets: | |
| ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }} | |
| NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
| NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} | |
| docker: | |
| if: ${{ needs.prdetails.outputs.pr_data_json && contains(fromJSON(needs.prdetails.outputs.pr_data_json).labels.*.name, 'docker build') }} | |
| needs: prdetails | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| uses: ./.github/workflows/build-and-publish-docker.yaml | |
| secrets: inherit | |
| with: | |
| artifact_run_id: ${{ github.event.workflow_run.id || github.run_id }} | |
| docker_tags: | | |
| type=sha,format=short,event=branch | |
| type=raw,value=pr_${{ needs.prdetails.outputs.pr_number }} |