-
-
Notifications
You must be signed in to change notification settings - Fork 31
59 lines (56 loc) · 2.12 KB
/
deploy_preview.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: Daffodil PR Preview
on:
workflow_run:
workflows: ["Daffodil Build"]
branches-ignore: ["master", "main", "develop"]
types:
- completed
#####
# WARNING: This code operates in a privileged context.
#####
# We only allow workflow runs from forks that we know are safe via a control
# in the Github UI called "Require approval for all outside collaborators".
#
# It's a little painful to have to keep clicking the button in the UI,
# but it's generally safer for us (from a security standpoint),
# while still allowing trusted users to contribute
# to the project without annoying CI failures.
#
# We have understood the risk and attempted to handle the concern outlined here:
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
jobs:
deploy_daffio:
name: Deploy Daff.io
runs-on: ubuntu-latest
if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
steps:
- uses: graycoreio/github-actions/angular-universal-vercel-wflw-run@main
id: vercel
with:
artifact: daffio-20.18.x
artifact-zip-name: daffio.zip
vercel-token: ${{ secrets.VERCEL_TOKEN }}
vercel-org: ${{ secrets.VERCEL_ORG }}
vercel-project-id: ${{ secrets.VERCEL_DAFFIO_NEXT_PROJECT_ID }}
ng-version: '17'
- name: Create Deployment
uses: actions/github-script@v7
with:
script: |
const { data } = await github.rest.repos.createDeployment({
owner: context.repo.owner,
repo: context.repo.repo,
ref: "${{ github.event.workflow_run.head_branch }}",
auto_merge: false,
required_contexts: [],
environment: 'preview'
});
await github.rest.repos.createDeploymentStatus({
owner: context.repo.owner,
repo: context.repo.repo,
deployment_id: data.id,
state: 'success',
log_url: "${{ github.event.workflow_run.workflow_url }}",
environment_url: "${{ steps.vercel.outputs.url }}",
description: 'Deployment succeeded!',
});