Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ci(docs-preview): Acquire PR context via `gh` CLI

This commit is contained in:
Brennan Kinney 2024-11-19 11:29:27 +13:00 committed by GitHub
parent 6b4627ceab
commit 5fac891906
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 24 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
.github/workflows/docs-preview-deploy.yml vendored
View File

@ -16,43 +16,37 @@ permissions:
statuses: write statuses: write
jobs: jobs:
# This could have been another step in the `deploy-preview` job and used `GITHUB_ENV` instead of `GITHUB_OUTPUT`. # NOTE: This is handled as pre-requisite job to minimize the noise from acquiring these two outputs needed for `deploy-preview` ENV:
# It was split out into a separate job for a cleaner overview of `deploy-preview` ENV inputs and to minimize noise
# from that job related to this workaround (_that is incompatible with PRs from forks_).
pr-context: pr-context:
name: 'Restore PR Context' name: 'Acquire PR Context'
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
outputs: outputs:
PR_HEADSHA: ${{ steps.set-pr-context.outputs.PR_HEADSHA }} PR_HEADSHA: ${{ steps.set-pr-context.outputs.head-sha }}
PR_NUMBER: ${{ steps.set-pr-context.outputs.PR_NUMBER }} PR_NUMBER: ${{ steps.set-pr-context.outputs.number }}
# Requires a PR event triggered `docs-preview-prepare.yml` workflow run that was successful + ensure the head SHA belongs to an associated PR: if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request' }}
# NOTE:
# - The `contains` condition checks for event context that is not available when the PR is from a fork. An alternative method would be needed:
# https://stackoverflow.com/questions/59077079/how-to-get-pull-request-number-within-github-actions-workflow/79017997#79017997
# - A multi-line `if` GHA expression must avoid wrapping with `${{ }}`, otherwise it is unintentionally parsed as a string:
# https://github.com/nikitastupin/pwnhub/blob/main/writings/if-condition.md
if: |
github.event.workflow_run.conclusion == 'success'
&& github.event.workflow_run.event == 'pull_request'
&& contains(github.event.workflow_run.pull_requests.*.head.sha, github.event.workflow_run.head_sha)
steps: steps:
# NOTE: - name: 'Get PR context'
# - The `workflow_run` metadata contains an array of `pull_requests`:
# 1. Take the `workflow_run` equivalent of `github.event.pull_request.number`.
# 2. There should only be one PR item in the array, verify that it shares the same `head_sha` (latest commit of PR).
# - Careful when using GHA context expressions that may have untrusted input here. The expressions are evaluated before the script content itself is run:
# https://github.com/docker-mailserver/docker-mailserver/pull/4247#discussion_r1827067475
- name: 'Get PR number'
id: set-pr-context id: set-pr-context
env: env:
head_sha: ${{ github.event.workflow_run.head_sha }} # Token is required for the GH CLI:
pull_requests: ${{ tojson(github.event.workflow_run.pull_requests) }} GH_TOKEN: ${{ github.token }}
# Best practice for scripts is to reference via ENV at runtime. Avoid using GHA context expressions in the script content directly:
# https://github.com/docker-mailserver/docker-mailserver/pull/4247#discussion_r1827067475
PR_TARGET_REPO: ${{ github.repository }}
# If the PR is from a fork, prefix it with `<owner-login>:`, otherwise only the PR branch name is relevant:
PR_BRANCH: |-
${{
(github.event.workflow_run.head_repository.owner.login != github.event.workflow_run.repository.owner.login)
&& format('{0}:{1}', github.event.workflow_run.head_repository.owner.login, github.event.workflow_run.head_branch)
|| github.event.workflow_run.head_branch
}}
# Use the GH CLI to query the PR branch, which provides the PR number and head SHA to assign as outputs:
# (`--jq` formats JSON to `key=value` pairs and renames `headRefOid` to `head-sha`)
run: | run: |
PR_NUMBER=$(jq -r '[.[] | select(.head.sha == "${{ env.head_sha }}")][0].number' <<< "${pull_requests}") gh pr view --repo "${PR_TARGET_REPO}" "${PR_BRANCH}" \
{ --json 'number,headRefOid' \
echo 'PR_HEADSHA=${{ env.head_sha }}' --jq '"number=\(.number)\nhead-sha=\(.headRefOid)"' \
echo "PR_NUMBER=${PR_NUMBER}" >> $GITHUB_OUTPUT
} >> "${GITHUB_OUTPUT}"
deploy-preview: deploy-preview:
name: 'Deploy Preview' name: 'Deploy Preview'