diff --git a/.github/workflows/cloudflare-preview.yml b/.github/workflows/cloudflare-preview.yml index a2ca923181..f3917cc05c 100644 --- a/.github/workflows/cloudflare-preview.yml +++ b/.github/workflows/cloudflare-preview.yml @@ -1,30 +1,8 @@ name: Build and Deploy Cloudflare Preview on: - workflow_call: - inputs: - pr_number: - description: 'The pull request number' - required: true - type: string - pr_head_sha: - description: 'The SHA of the PR head commit' - required: true - type: string - pr_checkout_repository: - description: 'The repository to checkout (owner/repo)' - required: true - type: string - secrets: - cloudflare_api_token: - description: 'Cloudflare API Token' - required: true - cloudflare_account_id: - description: 'Cloudflare Account ID' - required: true - matzbot_github_token: - description: 'GitHub Token for Matzbot' - required: true + repository_dispatch: + types: [pr-preview-deploy] permissions: pull-requests: write # To allow commenting on the PR @@ -37,8 +15,8 @@ jobs: - name: Checkout PR Code uses: actions/checkout@v4 with: - repository: ${{ inputs.pr_checkout_repository }} - ref: ${{ inputs.pr_head_sha }} + repository: ${{ github.event.client_payload.pr_checkout_repository }} + ref: ${{ github.event.client_payload.pr_head_sha }} - name: Setup Ruby uses: ruby/setup-ruby@v1 @@ -53,19 +31,19 @@ jobs: id: deploy uses: cloudflare/wrangler-action@v3 with: - apiToken: ${{ secrets.cloudflare_api_token }} - accountId: ${{ secrets.cloudflare_account_id }} - command: pages deploy ./_site --project-name=rdoc --branch="${{ inputs.pr_number }}-preview" + apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} + accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} + command: pages deploy ./_site --project-name=rdoc --branch="${{ github.event.client_payload.pr_number }}-preview" - name: Comment on PR with preview URL uses: actions/github-script@v7 with: - github-token: ${{ secrets.matzbot_github_token }} + github-token: ${{ secrets.MATZBOT_GITHUB_TOKEN }} script: | - const prNumber = ${{ inputs.pr_number }}; + const prNumber = ${{ github.event.client_payload.pr_number }}; const url = "${{ steps.deploy.outputs.deployment-url }}"; const commentMarker = "🚀 Preview deployment available at:"; - const commitSha = '${{ inputs.pr_head_sha }}'; + const commitSha = '${{ github.event.client_payload.pr_head_sha }}'; const comments = await github.rest.issues.listComments({ issue_number: prNumber, @@ -96,4 +74,4 @@ jobs: body: commentBody }); console.log("Created new preview comment"); - } + } \ No newline at end of file diff --git a/.github/workflows/fork-preview-deploy.yml b/.github/workflows/fork-preview-deploy.yml new file mode 100644 index 0000000000..423edd0247 --- /dev/null +++ b/.github/workflows/fork-preview-deploy.yml @@ -0,0 +1,53 @@ +name: Dispatch Fork PR Preview Deployment + +on: + workflow_run: + workflows: ["PR Preview Check"] + types: [completed] + +jobs: + deploy-fork: + name: Trigger Preview Build and Deploy (Fork) + runs-on: ubuntu-latest + if: | + github.event.workflow_run.conclusion == 'success' && + github.event.workflow_run.event == 'pull_request' + steps: + - name: Check and deploy approved fork PR + uses: actions/github-script@v7 + with: + script: | + // Get the PR that triggered the workflow + const pr = context.payload.workflow_run.pull_requests[0]; + if (!pr) { + core.setFailed('No PR found in workflow run'); + return; + } + + // Check if this was a fork PR by checking if approve-fork job ran + const jobs = await github.rest.actions.listJobsForWorkflowRun({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: context.payload.workflow_run.id, + }); + + const approveJob = jobs.data.jobs.find(job => job.name === 'Approve Fork PR'); + if (!approveJob || approveJob.conclusion !== 'success') { + core.setFailed('Not a fork PR approval workflow run'); + return; + } + + console.log(`Deploying approved fork PR #${pr.number}`); + + // Trigger deployment via repository dispatch + await github.rest.repos.createDispatchEvent({ + owner: context.repo.owner, + repo: context.repo.repo, + event_type: 'pr-preview-deploy', + client_payload: { + pr_number: String(pr.number), + pr_head_sha: pr.head.sha, + pr_checkout_repository: pr.head.repo.full_name, + is_fork: 'true' + } + }); diff --git a/.github/workflows/pr-preview-check.yml b/.github/workflows/pr-preview-check.yml index 07397e53cf..33a89307ce 100644 --- a/.github/workflows/pr-preview-check.yml +++ b/.github/workflows/pr-preview-check.yml @@ -1,44 +1,38 @@ -name: PR Preview Check and Trigger +name: PR Preview Check on: pull_request: jobs: - # For PRs from the main repo - direct call to the shared workflow - trigger-main-repo-preview: - name: Trigger Preview (Main Repo) - uses: ./.github/workflows/cloudflare-preview.yml + # Deploy main repo PRs directly + deploy-for-main: + name: Trigger Preview Build and Deploy (Main Repo) + runs-on: ubuntu-latest if: github.event.pull_request.head.repo.fork == false - with: - pr_number: ${{ github.event.pull_request.number }} - pr_head_sha: ${{ github.event.pull_request.head.sha }} - pr_checkout_repository: ${{ github.repository }} - secrets: - cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} - cloudflare_account_id: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - matzbot_github_token: ${{ secrets.MATZBOT_GITHUB_TOKEN }} + steps: + - name: Trigger preview deployment + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.repos.createDispatchEvent({ + owner: context.repo.owner, + repo: context.repo.repo, + event_type: 'pr-preview-deploy', + client_payload: { + pr_number: '${{ github.event.pull_request.number }}', + pr_head_sha: '${{ github.event.pull_request.head.sha }}', + pr_checkout_repository: '${{ github.repository }}', + is_fork: 'false' + } + }); + console.log('Triggered main repo preview deployment'); - # For fork PRs - this job requires approval - wait-for-approval: - name: Wait for Approval (Fork PR) + # Approval gate for fork PRs + approve-for-fork: + name: Approve Fork PR runs-on: ubuntu-latest if: github.event.pull_request.head.repo.fork == true environment: fork-preview-protection - # This job only serves as an approval gate - it doesn't do anything else steps: - - run: echo "Approval granted. Proceeding with preview deployment for commit ${{ github.event.pull_request.head.sha }}." - - # Once approval is granted, call the shared workflow - trigger-fork-preview: - name: Trigger Preview (Fork - After Approval) - needs: wait-for-approval - uses: ./.github/workflows/cloudflare-preview.yml - if: github.event.pull_request.head.repo.fork == true - with: - pr_number: ${{ github.event.pull_request.number }} - pr_head_sha: ${{ github.event.pull_request.head.sha }} - pr_checkout_repository: ${{ github.event.pull_request.head.repo.full_name }} - secrets: - cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} - cloudflare_account_id: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - matzbot_github_token: ${{ secrets.MATZBOT_GITHUB_TOKEN }} + - run: echo "Fork PR ${{ github.event.pull_request.number }} approved for preview deployment"