From 422c26c6ce7e47b3c726e0dae16f48417bda729a Mon Sep 17 00:00:00 2001 From: Tommy Date: Tue, 19 Jul 2022 07:47:08 -0400 Subject: [PATCH] Safer Workflow Signed-off-by: Tommy --- .../firebase-hosting-pull-request.yml | 54 +++++++++++-------- .github/workflows/pull-request-reciever.yml | 31 +++++++++++ 2 files changed, 64 insertions(+), 21 deletions(-) create mode 100644 .github/workflows/pull-request-reciever.yml diff --git a/.github/workflows/firebase-hosting-pull-request.yml b/.github/workflows/firebase-hosting-pull-request.yml index 8392664..95de033 100644 --- a/.github/workflows/firebase-hosting-pull-request.yml +++ b/.github/workflows/firebase-hosting-pull-request.yml @@ -1,32 +1,44 @@ -# This file was auto-generated by the Firebase CLI -# https://github.com/firebase/firebase-tools - name: Deploy to Firebase Hosting on PR -'on': pull_request_target +on: + workflow_run: + workflows: ["Build Hugo site on PR"] + types: + - completed + jobs: - Build_and_Preview: + Preview: runs-on: ubuntu-latest + if: > + ${{ github.event.workflow_run.event == 'pull_request' && + github.event.workflow_run.conclusion == 'success' }} steps: - - name: Checkout - uses: actions/checkout@v2 + - name: Download artifact + uses: actions/github-script@v3.1.0 with: - submodules: true # Fetch Hugo themes (true OR recursive) - fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod + script: | + var artifacts = await github.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: ${{github.event.workflow_run.id }}, + }); + var matchArtifact = artifacts.data.artifacts.filter((artifact) => { + return artifact.name == "public" + })[0]; + var download = await github.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + var fs = require('fs'); + fs.writeFileSync('${{github.workspace}}/public.zip', Buffer.from(download.data)); - #- name: Fecth External Blog - # run: ./external-blogs.sh + - name: Unzip artifact + run: unzip public.zip - - name: Hugo setup - uses: peaceiris/actions-hugo@v2 - with: - hugo-version: 'latest' - - - name: Build - run: hugo --minify - - - name: Deploy + - name: Deploy to Firebase uses: FirebaseExtended/action-hosting-deploy@v0 with: repoToken: '${{ secrets.GITHUB_TOKEN }}' firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_PRIVSEC_356523 }}' - projectId: privsec-356523 + projectId: privsec-356523 \ No newline at end of file diff --git a/.github/workflows/pull-request-reciever.yml b/.github/workflows/pull-request-reciever.yml new file mode 100644 index 0000000..f973b0c --- /dev/null +++ b/.github/workflows/pull-request-reciever.yml @@ -0,0 +1,31 @@ +# This file was auto-generated by the Firebase CLI +# https://github.com/firebase/firebase-tools + +name: Build Hugo site on PR +'on': pull_request +jobs: + Build_Hugo_Site: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + submodules: true # Fetch Hugo themes (true OR recursive) + fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod + + #- name: Fecth External Blog + # run: ./external-blogs.sh + + - name: Hugo setup + uses: peaceiris/actions-hugo@v2 + with: + hugo-version: 'latest' + + - name: Build Hugo site + run: hugo --minify + + - name: Upload artifact + uses: actions/upload-artifact@v2 + with: + name: public + path: public/