Safer Workflow

Signed-off-by: Tommy <contact@tommytran.io>
2024-12-21 20:31:33 -05:00 · 2022-07-19 07:47:08 -04:00 · 2022-07-19 07:47:08 -04:00 · 422c26c6ce
commit 422c26c6ce
parent a698a0ac54
2 changed files with 64 additions and 21 deletions
--- a/.github/workflows/firebase-hosting-pull-request.yml
+++ b/.github/workflows/firebase-hosting-pull-request.yml
@ -1,32 +1,44 @@
-# This file was auto-generated by the Firebase CLI
-# https://github.com/firebase/firebase-tools
-
 name: Deploy to Firebase Hosting on PR
-'on': pull_request_target
+on:
+  workflow_run:
+    workflows: ["Build Hugo site on PR"]
+    types:
+      - completed
+
 jobs:
-  Build_and_Preview:
+  Preview:
    runs-on: ubuntu-latest
+    if: >
+      ${{ github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.conclusion == 'success' }}
    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
+      - name: Download artifact
+        uses: actions/github-script@v3.1.0
        with:
-          submodules: true  # Fetch Hugo themes (true OR recursive)
-          fetch-depth: 0    # Fetch all history for .GitInfo and .Lastmod
+          script: |
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{github.event.workflow_run.id }},
+            });
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "public"
+            })[0];
+            var download = await github.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/public.zip', Buffer.from(download.data));

-      #- name: Fecth External Blog
-      #  run: ./external-blogs.sh
+      - name: Unzip artifact
+        run: unzip public.zip

-      - name: Hugo setup
-        uses: peaceiris/actions-hugo@v2
-        with:
-          hugo-version: 'latest'
-
-      - name: Build
-        run: hugo --minify
-
-      - name: Deploy
+      - name: Deploy to Firebase
        uses: FirebaseExtended/action-hosting-deploy@v0
        with:
          repoToken: '${{ secrets.GITHUB_TOKEN }}'
          firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_PRIVSEC_356523 }}'
-          projectId: privsec-356523
+          projectId: privsec-356523
--- a/.github/workflows/pull-request-reciever.yml
+++ b/.github/workflows/pull-request-reciever.yml
@ -0,0 +1,31 @@
+# This file was auto-generated by the Firebase CLI
+# https://github.com/firebase/firebase-tools
+
+name: Build Hugo site on PR
+'on': pull_request
+jobs:
+  Build_Hugo_Site:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: true  # Fetch Hugo themes (true OR recursive)
+          fetch-depth: 0    # Fetch all history for .GitInfo and .Lastmod
+
+      #- name: Fecth External Blog
+      #  run: ./external-blogs.sh
+
+      - name: Hugo setup
+        uses: peaceiris/actions-hugo@v2
+        with:
+          hugo-version: 'latest'
+
+      - name: Build Hugo site
+        run: hugo --minify
+          
+      - name: Upload artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: public
+          path: public/