Deploy PR from fork #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Fork PR Preview | |
| on: | |
| pull_request: | |
| types: [labeled] | |
| jobs: | |
| deploy-fork: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.label.name == 'ok-to-deploy' }} | |
| permissions: | |
| contents: read | |
| deployments: write | |
| pull-requests: write | |
| steps: | |
| # Note: fork PR workflows get a read-only GITHUB_TOKEN even if we request | |
| # pull-requests: write, so we can't post PR comments here. | |
| - name: Fetch PR info | |
| id: pr | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const prNumber = context.payload.pull_request.number; | |
| const { data: pr } = await github.rest.pulls.get({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: prNumber, | |
| }); | |
| const labels = pr.labels.map((l) => l.name); | |
| if (!labels.includes("ok-to-deploy")) { | |
| core.setFailed("Missing required label: ok-to-deploy"); | |
| } | |
| core.setOutput("repo", pr.head.repo.full_name); | |
| core.setOutput("ref", pr.head.ref); | |
| core.setOutput("sha", pr.head.sha); | |
| core.setOutput("number", pr.number); | |
| core.setOutput("is_fork", pr.head.repo.fork ? "true" : "false"); | |
| - name: Warn on PR | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| header: fork-preview-warning | |
| message: | | |
| ## Fork preview deployment requested | |
| This workflow checks out **fork code** and runs the build with **Cloudflare secrets**. | |
| Only run this after reviewing the PR for malicious changes. | |
| - name: Checkout PR head | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ steps.pr.outputs.repo }} | |
| ref: ${{ steps.pr.outputs.sha }} | |
| persist-credentials: false | |
| - name: Setup yarn | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".node-version" | |
| cache: "yarn" | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Sync playground bundles | |
| run: yarn build:sync-bundles | |
| - name: Build | |
| run: yarn build | |
| - name: Deploy | |
| id: deploy | |
| uses: cloudflare/wrangler-action@v3 | |
| with: | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| command: pages deploy out --project-name=rescript-lang-org | |
| gitHubToken: ${{ secrets.GITHUB_TOKEN }} | |
| wranglerVersion: 4.61.1 | |
| continue-on-error: true | |
| env: | |
| FORCE_COLOR: 0 | |
| - name: Save deployment info | |
| # This artifact is used by comment-fork-preview.yml, since fork PR runs | |
| # can't write comments directly. | |
| run: | | |
| node -e 'const fs=require("fs"); const data={pr:Number(process.env.PR_NUMBER), deployment_id:process.env.DEPLOYMENT_ID||"", environment:process.env.DEPLOYMENT_ENV||"", command_output:process.env.COMMAND_OUTPUT||""}; fs.writeFileSync("deploy-info.json", JSON.stringify(data, null, 2));' | |
| env: | |
| PR_NUMBER: ${{ steps.pr.outputs.number }} | |
| DEPLOYMENT_ID: ${{ steps.deploy.outputs.pages-deployment-id }} | |
| DEPLOYMENT_ENV: ${{ steps.deploy.outputs.pages-environment }} | |
| COMMAND_OUTPUT: ${{ steps.deploy.outputs.command-output }} | |
| - name: Upload deployment info | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fork-preview-info | |
| path: deploy-info.json |