Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish rendered HTML for each Pull Request #348

Closed
zupo opened this issue Oct 22, 2022 · 10 comments
Closed

Publish rendered HTML for each Pull Request #348

zupo opened this issue Oct 22, 2022 · 10 comments
Assignees
@yukiisbored

Comments

@zupo
Copy link
Contributor

zupo commented Oct 22, 2022

As a maintainer of nix.dev documentation, I want to be able to quickly merge trivial PRs.

Current process:

  1. I look at the changes, they look fine.
  2. I open up my terminal, git pull latest nix.dev repo.
  3. Wait a while for the env to build.
  4. Read (for the N-th time) how to generate docs locally.
  5. Generate docs.
  6. Look at the generated HTML to verify the changes are good.

Ideal process:

  1. I look at the changes, they look fine.
  2. I click a link in the PR which takes me to a page with generated HTML
  3. Verify changes are good.
@fricklerhandwerk
Copy link
Collaborator

It already exists, but only for non-fork branches.

@zupo
Copy link
Contributor Author

zupo commented Oct 22, 2022

I'm assuming there are reasons to not build non-fork branches. What are they?

The upside of building non-fork branches too is to save me a bunch of time when reviewing PRs such as #347 and #343.

@zupo
Copy link
Contributor Author

zupo commented Oct 22, 2022

The current process for reviewing non-fork branches is even worse, actually:

  1. I look at the changes, they look fine.
  2. I open up my terminal, git pull latest nix.dev repo.
  3. Google how to pull a remote fork. I never seem to be able to remember this.
  4. Wait a (longer) while for the env to build.
  5. Read (for the N-th time) how to generate docs locally.
  6. Generate docs.
  7. Look at the generated HTML to verify the changes are good.

I.e. I just won't do it. And potentially merge a breaking change.

@zupo
Copy link
Contributor Author

zupo commented Oct 22, 2022

An alternative to building all fork branches by default is only building them when someone with merge access submits a comment like /cloudflare rebuild docs or sth.

@zupo
Copy link
Contributor Author

zupo commented Oct 23, 2022

This is not as trivial as it sounds.

Problem 1: Cloudflare Pages app does not have OOTB support for building branches in forks. We need to use the https://github.com/tomjschuster/cloudflare-pages-deploy-action GitHub Action to achive building pages for branches in forks. This requires some work, but should be doable.

Problem 2: https://github.com/tomjschuster/cloudflare-pages-deploy-action requires the use of Cloudflare API Token. This token is account-wide and cannot be restricted to a single project. Currently, nix.dev project is owned by @domenkozar's personal Cloudflare account, along with his other projects. So it's impossible for us to get the Cloudflare API Token.

Solution:

  1. Get the NixOS Foundation to open an account on Cloudflare.
  2. Migrate nix.dev project to the new Foundation's account.
  3. Generate the suitable Cloudflare API Token and configure https://github.com/tomjschuster/cloudflare-pages-deploy-action.

@lucperkins: could you please work with the foundation to get the Cloudflare account opened? I can then do the rest.

@domenkozar
Copy link
Member

https://github.com/cloudflare/pages-action allows us to do that securely.

@domenkozar domenkozar mentioned this issue Nov 30, 2022
Closed
@zupo
Copy link
Contributor Author

zupo commented Nov 30, 2022

I'll take a look.

@domenkozar
Copy link
Member

Like this: https://github.com/hsjobeki/noogle/blob/main/.github/workflows/main.yml

@yukiisbored
Copy link
Member

I wonder if it's worth looking into other static site host options. I know that nixos.org uses Netlify. Maybe we should consider moving to Netlify if it allows deploy previews on PRs from forks?

@yukiisbored
Copy link
Member

@fricklerhandwerk Could I request to be assigned to this issue? Thanks

yukiisbored added a commit to yukiisbored/nix.dev that referenced this issue Mar 18, 2023
@yukiisbored
Add deploy preview workflow
3280c9b 
This workflow uses Cloudflare's official GitHub Action for invoking manual
deployments from GitHub CI.

workflow_run is used to prevent malicious actors from (ab)using secrets[1].

Closes NixOS#348

[1]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
yukiisbored added a commit to yukiisbored/nix.dev that referenced this issue Mar 18, 2023
@yukiisbored
Add deploy preview workflow
ba9fdf2 
This workflow uses Cloudflare's official GitHub Action for invoking manual
deployments from GitHub CI.

workflow_run is used to prevent malicious actors from (ab)using secrets[1].

Closes NixOS#348

[1]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
yukiisbored added a commit to yukiisbored/nix.dev that referenced this issue Jul 7, 2023
@yukiisbored
Add deploy preview workflow
26b4299 
This workflow uses Cloudflare's official GitHub Action for invoking manual
deployments from GitHub CI.

workflow_run is used to prevent malicious actors from (ab)using secrets[1].

Closes NixOS#348

[1]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yukiisbored yukiisbored

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@domenkozar @zupo @fricklerhandwerk @yukiisbored