55 types : [opened, reopened, synchronize, ready_for_review, edited, labeled]
66 pull_request :
77 types : [closed] # for teardown
8+ push :
9+ branches : [main]
810
911# Token perms needed for commenting + reading artifacts
1012permissions :
1921
2022jobs :
2123 build :
22- # Build untrusted PR code WITHOUT secrets
23- if : github.event_name == 'pull_request_target' && github.event.pull_request.draft == false
24+ # Build PRs (without secrets) and main branch pushes
25+ if : ${{ ( github.event_name == 'pull_request_target' && github.event.pull_request.draft == false) || (github.event_name == 'push' && github.ref == 'refs/heads/main') }}
2426 name : Build PR
2527 runs-on : ubuntu-latest
2628 defaults :
2729 run :
2830 working-directory : ./website
2931 steps :
3032 - name : Checkout PR head (read-only)
33+ if : github.event_name == 'pull_request_target'
3134 uses : actions/checkout@v4
3235 with :
3336 repository : ${{ github.event.pull_request.head.repo.full_name }}
3437 ref : ${{ github.event.pull_request.head.ref }}
3538 persist-credentials : false
3639 fetch-depth : 0
3740
41+ - name : Checkout main commit
42+ if : github.event_name == 'push'
43+ uses : actions/checkout@v4
44+ with :
45+ fetch-depth : 0
46+
3847 - name : Use Node.js
3948 uses : actions/setup-node@v4
4049 with :
@@ -57,13 +66,13 @@ jobs:
5766 retention-days : 5
5867
5968 deploy :
60- # Pauses at Environment gate until a member approves
61- if : github.event_name == 'pull_request_target' && github.event.pull_request.draft == false
62- name : Deploy Preview to Surge (requires approval)
69+ # Deploy PR previews (with gate) and automatic main previews
70+ if : ${{ ( github.event_name == 'pull_request_target' && github.event.pull_request.draft == false) || (github.event_name == 'push' && github.ref == 'refs/heads/main') }}
71+ name : Deploy Preview to Surge
6372 needs : build
6473 runs-on : ubuntu-latest
6574 environment :
66- name : preview
75+ name : ${{ github.event_name == 'pull_request_target' && ' preview' || 'main-preview' }}
6776 url : ${{ steps.deployed.outputs.preview_url }}
6877
6978 steps :
7988 - name : Compute preview domain + path
8089 id : dom
8190 run : |
82- echo "domain=${{ env.SURGE_DOMAIN_BASE }}-pr-${{ github.event.number }}.surge.sh" >> $GITHUB_OUTPUT
91+ if [ "${{ github.event_name }}" = "pull_request_target" ]; then
92+ domain="${{ env.SURGE_DOMAIN_BASE }}-pr-${{ github.event.number }}.surge.sh"
93+ else
94+ domain="${{ env.SURGE_DOMAIN_BASE }}.surge.sh"
95+ fi
96+ echo "domain=$domain" >> $GITHUB_OUTPUT
8397 echo "path=/${{ env.BASE_PATH }}/" >> $GITHUB_OUTPUT
8498
8599# Stage the Docusaurus output under the baseUrl path (so it serves at /<BASE_PATH>/)
@@ -104,6 +118,7 @@ jobs:
104118
105119# Comment using a purpose-built action (more robust than raw API for forked PRs)
106120 - name : Comment with preview URL
121+ if : github.event_name == 'pull_request_target'
107122 uses : peter-evans/create-or-update-comment@v4
108123 with :
109124 token : ${{ secrets.GITHUB_TOKEN }}
0 commit comments