Skip to content

Commit 06c93ec

Browse files
nicolethoennicolethoen
authored
Merge pull request #29 from patternfly-extension-testing/pr-preview-permissions
fix: gate PR previews on team membership and add /deploy-preview comm…
2 parents 8d183f6 + 4abe196 commit 06c93ec

File tree

1 file changed

+51
-32
lines changed

1 file changed

+51
-32
lines changed

.github/workflows/pr-preview.yml

Lines changed: 51 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,57 +1,76 @@
1-
### WARNING -- this file was generated by generate-workflows
21
name: pr-preview
3-
on: pull_request_target
2+
on:
3+
pull_request_target:
4+
issue_comment:
5+
types: [created]
6+
47
jobs:
5-
build-upload:
8+
check-permissions:
9+
runs-on: ubuntu-latest
10+
if: >-
11+
github.event_name == 'pull_request_target' ||
12+
(github.event_name == 'issue_comment' &&
13+
github.event.issue.pull_request &&
14+
contains(github.event.comment.body, '/deploy-preview'))
15+
outputs:
16+
allowed: ${{ steps.check-team.outputs.allowed }}
17+
pr-number: ${{ steps.check-team.outputs.number }}
18+
steps:
19+
- name: Get PR info and check permissions
20+
id: check-team
21+
env:
22+
EVENT_NAME: ${{ github.event_name }}
23+
PR_NUMBER: ${{ github.event.pull_request.number }}
24+
PR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
25+
COMMENT_NUMBER: ${{ github.event.issue.number }}
26+
COMMENT_ASSOCIATION: ${{ github.event.comment.author_association }}
27+
run: |
28+
if [[ "$EVENT_NAME" == "pull_request_target" ]]; then
29+
echo "number=$PR_NUMBER" >> $GITHUB_OUTPUT
30+
ASSOCIATION="$PR_ASSOCIATION"
31+
else
32+
echo "number=$COMMENT_NUMBER" >> $GITHUB_OUTPUT
33+
ASSOCIATION="$COMMENT_ASSOCIATION"
34+
fi
35+
36+
if [[ "$ASSOCIATION" == "OWNER" || "$ASSOCIATION" == "MEMBER" || "$ASSOCIATION" == "COLLABORATOR" ]]; then
37+
echo "allowed=true" >> $GITHUB_OUTPUT
38+
echo "User is a repo $ASSOCIATION — allowed"
39+
else
40+
echo "allowed=false" >> $GITHUB_OUTPUT
41+
echo "User association is $ASSOCIATION — not allowed"
42+
fi
43+
44+
deploy-preview:
645
runs-on: ubuntu-latest
46+
needs: check-permissions
47+
if: needs.check-permissions.outputs.allowed == 'true'
748
env:
849
SURGE_LOGIN: ${{ secrets.SURGE_LOGIN }}
950
SURGE_TOKEN: ${{ secrets.SURGE_TOKEN }}
1051
GH_PR_TOKEN: ${{ secrets.GH_PR_TOKEN }}
11-
GH_PR_NUM: ${{ github.event.number }}
52+
GH_PR_NUM: ${{ needs.check-permissions.outputs.pr-number }}
1253
steps:
1354
- uses: actions/checkout@v4
14-
# Yes, we really want to checkout the PR
1555
- run: |
1656
git fetch origin pull/$GH_PR_NUM/head:tmp
1757
git checkout tmp
18-
19-
- run: |
20-
git rev-parse origin/main
21-
git rev-parse HEAD
22-
git rev-parse origin/main..HEAD
23-
git log origin/main..HEAD --format="%b"
24-
25-
# Yes, we really want to checkout the PR
26-
# Injected by generate-workflows.js
2758
- uses: actions/setup-node@v4
2859
with:
2960
node-version: '20'
3061
- uses: actions/cache@v4
3162
id: npm-cache
32-
name: Load npm deps from cache
63+
name: Cache npm deps
3364
with:
34-
path: '**/node_modules'
65+
path: |
66+
node_modules
67+
**/node_modules
3568
key: ${{ runner.os }}-npm-14-${{ secrets.CACHE_VERSION }}-${{ hashFiles('package-lock.json') }}
3669
- run: npm install --frozen-lockfile --legacy-peer-deps
37-
if: steps.yarn-cache.outputs.cache-hit != 'true'
70+
if: steps.npm-cache.outputs.cache-hit != 'true'
3871
- run: npm run build
39-
name: Build component groups
40-
- uses: actions/cache@v4
41-
id: docs-cache
42-
name: Load webpack cache
43-
with:
44-
path: '.cache'
45-
key: ${{ runner.os }}-v4-${{ hashFiles('yarn.lock') }}
72+
name: Build
4673
- run: npm run build:docs
4774
name: Build docs
4875
- run: node .github/upload-preview.js packages/module/public
4976
name: Upload docs
50-
if: always()
51-
- run: npx puppeteer browsers install chrome
52-
name: Install Chrome for Puppeteer
53-
- run: npm run serve:docs & npm run test:a11y
54-
name: a11y tests
55-
- run: node .github/upload-preview.js packages/module/coverage
56-
name: Upload a11y report
57-
if: always()

0 commit comments

Comments
 (0)