mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-08-04 18:15:29 +02:00
a599936c4b
This condition was added as an additional guard but was preventing the workflow from running when PRs were from forked repos.
139 lines
6.7 KiB
YAML
139 lines
6.7 KiB
YAML
name: 'Documentation (run)'
|
|
|
|
on:
|
|
workflow_run:
|
|
workflows: ['Documentation (PR)']
|
|
types:
|
|
- completed
|
|
|
|
# Note: If limiting concurrency is required for this workflow:
|
|
# 1. Add an additional job prior to `preview` to get the PR number make it an output.
|
|
# 2. Assign that new job as a `needs` dependency for the `preview` job.
|
|
# It is still required for `preview` job to download the artifact so that it can access the preview build files.
|
|
|
|
# This workflow runs off the primary branch and has access to secrets as expected.
|
|
jobs:
|
|
preview:
|
|
name: 'Deploy Preview'
|
|
runs-on: ubuntu-22.04
|
|
# Requires a PR event triggered `docs-preview-prepare.yml` workflow run that was successful + ensure the head SHA belongs to an associated PR:
|
|
# NOTE: A multi-line `if` GHA expression must avoid wrapping with `${{ }}`, otherwise it is unintentionally parsed as a string:
|
|
# https://github.com/nikitastupin/pwnhub/blob/main/writings/if-condition.md
|
|
if: |
|
|
github.event.workflow_run.conclusion == 'success'
|
|
&& github.event.workflow_run.event == 'pull_request'
|
|
steps:
|
|
|
|
# ======================== #
|
|
# Restore workflow context #
|
|
# ======================== #
|
|
|
|
# Retrieve the build artifact uploaded from the `docs-preview-prepare.yml` workflow run (that triggered this deployment workflow):
|
|
- name: 'Download build artifact'
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: preview-build
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
run-id: ${{ github.event.workflow_run.id }}
|
|
|
|
- name: 'Extract build artifact'
|
|
run: tar -xf artifact.tar.zst
|
|
|
|
# The `workflow_run` metadata contains an array of `pull_requests`, get the `workflow_run` equivalent of `github.event.pull_request.number`.
|
|
# There should only be one PR item in the array, verify that it shares the same `head_sha` (latest commit of PR).
|
|
# NOTE: Careful when using GHA context expressions that may have untrusted input here. The expressions are evaluated before the script content itself is run:
|
|
# https://github.com/docker-mailserver/docker-mailserver/pull/4247#discussion_r1827067475
|
|
- name: 'Get PR number'
|
|
env:
|
|
head_sha: ${{ github.event.workflow_run.head_sha }}
|
|
pull_requests: ${{ tojson(github.event.workflow_run.pull_requests) }}
|
|
run: |
|
|
PR_NUMBER=$(jq -r '[.[] | select(.head.sha == "${{ env.head_sha }}")][0].number' <<< "${pull_requests}")
|
|
{
|
|
echo "PR_NUMBER=${PR_NUMBER}"
|
|
echo 'PR_HEADSHA=${{ env.head_sha }}'
|
|
} >> "${GITHUB_ENV}"
|
|
|
|
# ==================== #
|
|
# Deploy preview build #
|
|
# ==================== #
|
|
|
|
# Manage workflow deployment status. `enable-commit-status` from `nwtgck/actions-netlify` would handle this,
|
|
# but presently does not work correctly via split workflow. It is useful in a split workflow as the 1st stage
|
|
# no longer indicates if the entire workflow/deployment was successful.
|
|
- name: 'Commit Status: Set Workflow Status as Pending'
|
|
uses: myrotvorets/set-commit-status-action@v2.0.1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
status: pending
|
|
# Should match `env.PR_HEADSHA` when triggered by `pull_request` event workflow,
|
|
# Avoids failure of ENV being unavailable if job fails early:
|
|
sha: ${{ github.event.workflow_run.head_sha }}
|
|
context: 'Deploy Preview (pull_request => workflow_run)'
|
|
|
|
- name: 'Send preview build to Netlify'
|
|
uses: nwtgck/actions-netlify@v3.0
|
|
id: preview
|
|
timeout-minutes: 1
|
|
env:
|
|
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
|
|
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
|
|
# Keep these two ENV in sync with the `docs-preview-prepare.yml` workflow:
|
|
BUILD_DIR: docs/site
|
|
NETLIFY_SITE_PREFIX: pullrequest-${{ env.PR_NUMBER }}
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
# Fail the job early if credentials are missing / invalid:
|
|
fails-without-credentials: true
|
|
# Sets/creates the Netlify deploy URL prefix.
|
|
# Uses the PR number for uniqueness:
|
|
alias: ${{ env.NETLIFY_SITE_PREFIX }}
|
|
# Only publish the contents of the build output:
|
|
publish-dir: ${{ env.BUILD_DIR }}
|
|
# Custom message for the deploy log on Netlify:
|
|
deploy-message: 'Preview Build (PR #${{ env.PR_NUMBER }} @ commit: ${{ env.PR_HEADSHA }})'
|
|
|
|
# Note: Split workflow incorrectly references latest primary branch commit for deployment.
|
|
# Assign to non-default Deployment Environment for better management:
|
|
github-deployment-environment: documentation-previews
|
|
github-deployment-description: 'Preview deploy for documentation PRs'
|
|
|
|
# Note - PR context used by this action is incorrect. These features are broken with split workflow:
|
|
# https://github.com/nwtgck/actions-netlify/issues/545
|
|
# Disable unwanted action defaults:
|
|
# Disable adding deploy comment on pre-merge commit (Github creates this for PR diff):
|
|
enable-commit-comment: false
|
|
# Disable adding a "Netlify - Netlify deployment" check status:
|
|
enable-commit-status: false
|
|
# Disable. We provide a custom PR comment in the next action:
|
|
enable-pull-request-comment: false
|
|
|
|
# If a `netlify.toml` config is ever needed, enable this:
|
|
# netlify-config-path: ./docs/netlify.toml
|
|
# If ever switching from Github Pages, enable this conditionally (false by default):
|
|
# production-deploy: false
|
|
|
|
- name: 'Comment on PR: Add/Update deployment status'
|
|
uses: marocchino/sticky-pull-request-comment@v2
|
|
with:
|
|
number: ${{ env.PR_NUMBER }}
|
|
header: preview-comment
|
|
recreate: true
|
|
message: |
|
|
[Documentation preview for this PR](${{ steps.preview.outputs.deploy-url }}) is ready! :tada:
|
|
|
|
Built with commit: ${{ env.PR_HEADSHA }}
|
|
|
|
- name: 'Commit Status: Update deployment status'
|
|
uses: myrotvorets/set-commit-status-action@v2.0.1
|
|
# Always run this step regardless of job failing early:
|
|
if: ${{ always() }}
|
|
env:
|
|
DEPLOY_SUCCESS: Successfully deployed preview.
|
|
DEPLOY_FAILURE: Failed to deploy preview.
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
status: ${{ job.status == 'success' && 'success' || 'failure' }}
|
|
sha: ${{ github.event.workflow_run.head_sha }}
|
|
context: 'Deploy Preview (pull_request => workflow_run)'
|
|
description: ${{ job.status == 'success' && env.DEPLOY_SUCCESS || env.DEPLOY_FAILURE }}
|