Deploying adev preview #63
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow runs whenever the ADEV build workflow has completed. Deployment happens | |
| # as part of a dedicated second workflow to avoid security issues where the building would | |
| # otherwise occur in an authorized context where secrets could be leaked. | |
| # | |
| # More details can be found here: | |
| # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. | |
| name: Deploying adev preview | |
| on: | |
| workflow_run: | |
| workflows: ['Build adev for preview deployment'] | |
| types: [completed] | |
| permissions: | |
| # Needed in order to be able to comment on the pull request. | |
| pull-requests: write | |
| # Needed in order to checkout the repository | |
| contents: read | |
| # Needed in order to retrieve the artifacts from the previous job | |
| actions: read | |
| env: | |
| BUILD_DIR: build/dist/bin/adev/build/browser | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download adev preview artifact from previous workflow run | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: adev-preview | |
| path: ${{ env.BUILD_DIR }} | |
| github-token: '${{secrets.GITHUB_TOKEN}}' | |
| run-id: ${{ github.event.workflow_run.id }} | |
| - run: ls -R | |
| - name: Extract pull request number | |
| id: pr-number | |
| run: | | |
| PR_NUMBER=$(cat ./$BUILD_DIR/__metadata__pull_number.txt) | |
| echo "value=$PR_NUMBER" >> $GITHUB_OUTPUT | |
| - name: Extract commit hash | |
| id: commit-hash | |
| run: | | |
| COMMIT_HASH=$(cat ./$BUILD_DIR/__metadata__commit_hash.txt) | |
| echo "value=$COMMIT_HASH" >> $GITHUB_OUTPUT | |
| - run: echo ${{ steps.pr-number.outputs.value }} ${{ steps.commit-hash.outputs.value }} | |
| - name: Deploy to Firebase Hosting Preview | |
| id: firebase-deploy | |
| uses: FirebaseExtended/[email protected] | |
| with: | |
| repoToken: "${{ secrets.GITHUB_TOKEN }}" | |
| firebaseServiceAccount: "${{ secrets.FIREBASE_SERVICE_ACCOUNT }}" | |
| projectId: angular-ja | |
| channelId: pr-${{ steps.pr-number.outputs.value }} | |
| expires: 7d | |
| disableComment: true | |
| - name: Find Comment | |
| uses: peter-evans/find-comment@v3 | |
| id: find-comment | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| issue-number: ${{ steps.pr-number.outputs.value }} | |
| comment-author: 'github-actions[bot]' | |
| body-includes: 'Preview deployed' | |
| - name: Comment on pull request | |
| uses: peter-evans/create-or-update-comment@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| issue-number: ${{ steps.pr-number.outputs.value }} | |
| comment-id: ${{ steps.find-comment.outputs.comment-id }} | |
| edit-mode: replace | |
| body: | | |
| Preview deployed: ${{ steps.firebase-deploy.outputs.details_url }} (commit: ${{ steps.commit-hash.outputs.value }}) | |