🤖 Release PR #5435
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create and deploy a build on all pull requests | |
| name: PR Preview | |
| on: | |
| # use pull_request_target so that secrets accessible from fork | |
| pull_request_target: | |
| # Trigger when labels are changed or more commits added to a PR that contains labels | |
| types: [labeled, synchronize] | |
| # Only create a preview if changes have been made to the main src code or backend functions | |
| paths: | |
| - 'src/**' | |
| - 'functions/**' | |
| - 'packages/components/**' | |
| - '.github/workflows/pr-preview.yml' | |
| - 'package.json' | |
| - 'yarn.lock' | |
| jobs: | |
| build_and_preview: | |
| # NOTE - as we are going to check out and build from forks we also need to add manual | |
| # check that malicious code has not been inserted. This is handled by manually labelling the PR | |
| # https://securitylab.github.com/research/github-actions-preventing-pwn-requests | |
| if: contains(github.event.pull_request.labels.*.name, 'Review allow-preview ✅') | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| # pull the repo from the pull request source, not the default local repo | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '18' | |
| - name: Get yarn cache directory path | |
| id: yarn-cache-dir-path | |
| run: echo "::set-output name=dir::$(yarn config get cacheFolder)" | |
| # Setup yarn 2 cache: https://github.com/actions/cache/blob/main/examples.md#node---yarn | |
| - name: Setup Cache | |
| uses: actions/cache@v2 | |
| id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) | |
| with: | |
| path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
| key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-yarn- | |
| - name: Install npm dependencies | |
| run: yarn install --immutable | |
| - name: Set environment variables | |
| run: export REACT_APP_PROJECT_VERSION=${GITHUB_SHA} | |
| - name: Check environment variables | |
| run: echo $REACT_APP_PROJECT_VERSION | |
| - name: Build for Preview | |
| run: npm run build | |
| env: | |
| # currently some linting fails when CI mode enabled (warnings become errors) | |
| # disable until fully resolved | |
| CI: false | |
| # specify the 'preview' site variant to populate the relevant firebase config | |
| REACT_APP_SITE_VARIANT: preview | |
| # The hosting-deploy action calls firebase tools via npx, however installing globally | |
| # gives us control over what version will be made available | |
| - name: Install firebase-tools globally | |
| run: npm i -g firebase-tools | |
| - uses: FirebaseExtended/action-hosting-deploy@v0 | |
| with: | |
| repoToken: '${{ secrets.GITHUB_TOKEN }}' | |
| # the details of the service account need to be populated to github secrets | |
| # these must match the target projectId account | |
| firebaseServiceAccount: '${{ secrets.ONEARMY_NEXT_FIREBASE_SERVICE_ACCOUNT }}' | |
| expires: 30d | |
| projectId: onearmy-next |