diff --git a/.github/workflows/pr-preview.yml b/.github/workflows/pr-preview.yml index 430eb172..4a2fcc9b 100644 --- a/.github/workflows/pr-preview.yml +++ b/.github/workflows/pr-preview.yml @@ -1,57 +1,76 @@ -### WARNING -- this file was generated by generate-workflows name: pr-preview -on: pull_request_target +on: + pull_request_target: + issue_comment: + types: [created] + jobs: - build-upload: + check-permissions: + runs-on: ubuntu-latest + if: >- + github.event_name == 'pull_request_target' || + (github.event_name == 'issue_comment' && + github.event.issue.pull_request && + contains(github.event.comment.body, '/deploy-preview')) + outputs: + allowed: ${{ steps.check-team.outputs.allowed }} + pr-number: ${{ steps.check-team.outputs.number }} + steps: + - name: Get PR info and check permissions + id: check-team + env: + EVENT_NAME: ${{ github.event_name }} + PR_NUMBER: ${{ github.event.pull_request.number }} + PR_ASSOCIATION: ${{ github.event.pull_request.author_association }} + COMMENT_NUMBER: ${{ github.event.issue.number }} + COMMENT_ASSOCIATION: ${{ github.event.comment.author_association }} + run: | + if [[ "$EVENT_NAME" == "pull_request_target" ]]; then + echo "number=$PR_NUMBER" >> $GITHUB_OUTPUT + ASSOCIATION="$PR_ASSOCIATION" + else + echo "number=$COMMENT_NUMBER" >> $GITHUB_OUTPUT + ASSOCIATION="$COMMENT_ASSOCIATION" + fi + + if [[ "$ASSOCIATION" == "OWNER" || "$ASSOCIATION" == "MEMBER" || "$ASSOCIATION" == "COLLABORATOR" ]]; then + echo "allowed=true" >> $GITHUB_OUTPUT + echo "User is a repo $ASSOCIATION — allowed" + else + echo "allowed=false" >> $GITHUB_OUTPUT + echo "User association is $ASSOCIATION — not allowed" + fi + + deploy-preview: runs-on: ubuntu-latest + needs: check-permissions + if: needs.check-permissions.outputs.allowed == 'true' env: SURGE_LOGIN: ${{ secrets.SURGE_LOGIN }} SURGE_TOKEN: ${{ secrets.SURGE_TOKEN }} GH_PR_TOKEN: ${{ secrets.GH_PR_TOKEN }} - GH_PR_NUM: ${{ github.event.number }} + GH_PR_NUM: ${{ needs.check-permissions.outputs.pr-number }} steps: - uses: actions/checkout@v4 - # Yes, we really want to checkout the PR - run: | git fetch origin pull/$GH_PR_NUM/head:tmp git checkout tmp - - - run: | - git rev-parse origin/main - git rev-parse HEAD - git rev-parse origin/main..HEAD - git log origin/main..HEAD --format="%b" - - # Yes, we really want to checkout the PR - # Injected by generate-workflows.js - uses: actions/setup-node@v4 with: node-version: '20' - uses: actions/cache@v4 id: npm-cache - name: Load npm deps from cache + name: Cache npm deps with: - path: '**/node_modules' + path: | + node_modules + **/node_modules key: ${{ runner.os }}-npm-14-${{ secrets.CACHE_VERSION }}-${{ hashFiles('package-lock.json') }} - run: npm install --frozen-lockfile --legacy-peer-deps - if: steps.yarn-cache.outputs.cache-hit != 'true' + if: steps.npm-cache.outputs.cache-hit != 'true' - run: npm run build - name: Build component groups - - uses: actions/cache@v4 - id: docs-cache - name: Load webpack cache - with: - path: '.cache' - key: ${{ runner.os }}-v4-${{ hashFiles('yarn.lock') }} + name: Build - run: npm run build:docs name: Build docs - run: node .github/upload-preview.js packages/module/public name: Upload docs - if: always() - - run: npx puppeteer browsers install chrome - name: Install Chrome for Puppeteer - - run: npm run serve:docs & npm run test:a11y - name: a11y tests - - run: node .github/upload-preview.js packages/module/coverage - name: Upload a11y report - if: always()