deploy: allow deploying in forks

It would be nice if we could deploy the Azure Function contingent on the
presence of the `AZURE_CLIENT_ID` secret. However, this is not possible
in GitHub workflows: the job-level `if:` conditions lack access to the
`secrets` context. Strangely enough, they _do_ have access to the `vars`
context...

To successfully deploy the Azure Function, it needs to know which
`gitgitgadget-workflows` fork to target when triggering workflow runs,
anyway, so let's _require_ a repository variable called
`DEPLOY_WITH_WORKFLOWS` that specifies that fork in the form
`<org>/gitgitgadget-workflows`.

Note that such a `gitgitgadget-workflows` fork _must_ have the `config`
branch, with a `gitgitgadget-config.json` file that contains the
corresponding project configuration; The `deploy` workflow will retrieve
this configuration and overwrite `gitgitgadget-config.json` with it,
augmenting the `workflowsRepo` information on the fly.

Signed-off-by: Johannes Schindelin <[email protected]>

Author: dscho

.github/workflows/deploy.yml

@@ -15,11 +15,39 @@ permissions:
 
 jobs:
   deploy:
-    if: github.event.repository.fork == false
+    if: github.event.repository.fork == false || vars.DEPLOY_WITH_WORKFLOWS != ''
     environment: deploy-to-azure
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
+      - name: parse DEPLOY_WITH_WORKFLOWS
+        if: vars.DEPLOY_WITH_WORKFLOWS != '' && contains(vars.DEPLOY_WITH_WORKFLOWS, '/')
+        id: parsed
+        env:
+          WORKFLOWS_REPO: '${{ vars.DEPLOY_WITH_WORKFLOWS }}'
+        run: |
+          echo "owner=${WORKFLOWS_REPO%%/*}" >>$GITHUB_OUTPUT &&
+          echo "name=${WORKFLOWS_REPO#*/}" >>$GITHUB_OUTPUT
+      - name: retrieve `vars.CONFIG` from workflows repo
+        if: vars.DEPLOY_WITH_WORKFLOWS != ''
+        env:
+          WORKFLOWS_REPO: '${{ vars.DEPLOY_WITH_WORKFLOWS }}'
+          GH_TOKEN: ${{ steps.workflows-repo-token.outputs.token || secrets.GITHUB_TOKEN }}
+        run: |
+          set -x &&
+          if ! curl -fLO https://github.com/"$WORKFLOWS_REPO"/raw/config/gitgitgadget-config.json
+          then
+            echo "::error::Could not retrieve 'gitgitgadget-config.json' from the 'config' branch of $WORKFLOWS_REPO"
+            exit 1
+          fi &&
+          jq '. + {
+            "workflowsRepo": {
+              "owner": "${{ steps.parsed.outputs.owner }}",
+              "name": "${{ steps.parsed.outputs.name }}"
+            }
+          }' <gitgitgadget-config.json >GitGitGadget/gitgitgadget-config.json &&
+          echo "Using the following configuration:" &&
+          cat GitGitGadget/gitgitgadget-config.json
       - name: 'Login via Azure CLI'
         uses: azure/login@v2
         with: