PR Preview Deploy #58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Preview Deploy | |
| # SECURITY: This workflow runs in a trusted context with write permissions. | |
| # The build step (pr-preview-build.yml) runs untrusted PR code without secrets. | |
| # This workflow only processes build artifacts and never executes PR-controlled code. | |
| on: | |
| workflow_run: | |
| workflows: ['PR Preview Build'] | |
| types: [completed] | |
| permissions: | |
| actions: read | |
| contents: write | |
| pull-requests: write | |
| concurrency: | |
| group: pr-preview-deploy | |
| cancel-in-progress: false | |
| jobs: | |
| deploy: | |
| name: Deploy Preview | |
| if: > | |
| github.event.workflow_run.conclusion == 'success' && | |
| github.event.workflow_run.event == 'pull_request' | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Download PR metadata | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: pr-metadata | |
| path: ./pr-metadata | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| run-id: ${{ github.event.workflow_run.id }} | |
| - name: Read PR number | |
| id: pr | |
| run: | | |
| echo "number=$(cat ./pr-metadata/pr-number)" >> "$GITHUB_OUTPUT" | |
| echo "short-sha=$(echo '${{ github.event.workflow_run.head_sha }}' | cut -c1-7)" >> "$GITHUB_OUTPUT" | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| - name: Download preview site | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: preview-site | |
| path: ./preview-site | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| run-id: ${{ github.event.workflow_run.id }} | |
| - name: Deploy preview | |
| uses: rossjrw/pr-preview-action@ffa7509e91a3ec8dfc2e5536c4d5c1acdf7a6de9 # v1.8.1 | |
| id: preview | |
| with: | |
| source-dir: ./preview-site | |
| preview-branch: gh-pages | |
| umbrella-dir: pr-previews | |
| pr-number: ${{ steps.pr.outputs.number }} | |
| action: deploy | |
| comment: false | |
| - name: Comment on PR | |
| uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4 | |
| with: | |
| header: pr-preview | |
| number: ${{ steps.pr.outputs.number }} | |
| message: | | |
| **Preview:** [Open browser example](${{ steps.preview.outputs.deployment-url }}/diagram.html) | |
| Deployed from commit ${{ steps.pr.outputs.short-sha }}. |