From 00e2559748a8d92af7d664e2532909e69b7cbf36 Mon Sep 17 00:00:00 2001 From: Roger Barker Date: Sat, 16 Aug 2025 20:59:49 -0500 Subject: [PATCH 1/2] chore: Use the firebase github workflows Signed-off-by: Roger Barker --- .github/workflows/firebase-hosting-merge.yml | 27 ++++++++++++++++++ .../firebase-hosting-pull-request.yml | 28 +++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 .github/workflows/firebase-hosting-merge.yml create mode 100644 .github/workflows/firebase-hosting-pull-request.yml diff --git a/.github/workflows/firebase-hosting-merge.yml b/.github/workflows/firebase-hosting-merge.yml new file mode 100644 index 0000000..e9d04a5 --- /dev/null +++ b/.github/workflows/firebase-hosting-merge.yml @@ -0,0 +1,27 @@ +# This file was auto-generated by the Firebase CLI +# https://github.com/firebase/firebase-tools + +name: Deploy to Firebase Hosting on merge +on: + push: + branches: + - main +jobs: + build_and_deploy: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + with: + egress-policy: audit + + - name: Checkout Code + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + + - name: Deploy to Firebase Hosting (live) + uses: FirebaseExtended/action-hosting-deploy@0cbcac4740c2bfb00d632f0b863b57713124eb5a # v0.9.0 + with: + repoToken: ${{ secrets.GITHUB_TOKEN }} + firebaseServiceAccount: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_PANDAS_WHO_CODE }} + channelId: live + projectId: pandas-who-code diff --git a/.github/workflows/firebase-hosting-pull-request.yml b/.github/workflows/firebase-hosting-pull-request.yml new file mode 100644 index 0000000..20337e5 --- /dev/null +++ b/.github/workflows/firebase-hosting-pull-request.yml @@ -0,0 +1,28 @@ +# This file was auto-generated by the Firebase CLI +# https://github.com/firebase/firebase-tools + +name: Deploy to Firebase Hosting on PR +on: pull_request +permissions: + checks: write + contents: read + pull-requests: write +jobs: + build_and_preview: + if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + with: + egress-policy: audit + + - name: Checkout Code + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + + - name: Deploy to Firebase Hosting on PR + uses: FirebaseExtended/action-hosting-deploy@0cbcac4740c2bfb00d632f0b863b57713124eb5a # v0.9.0 + with: + repoToken: ${{ secrets.GITHUB_TOKEN }} + firebaseServiceAccount: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_PANDAS_WHO_CODE }} + projectId: pandas-who-code From af12f3fab4fe06bac9265cd558cbe99ffd11e62b Mon Sep 17 00:00:00 2001 From: Roger Barker Date: Sat, 16 Aug 2025 21:05:52 -0500 Subject: [PATCH 2/2] chore: Add permissions block to firebase-hosting-merge Signed-off-by: Roger Barker --- .github/workflows/firebase-hosting-merge.yml | 5 +++++ .github/workflows/firebase-hosting-pull-request.yml | 3 +++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/firebase-hosting-merge.yml b/.github/workflows/firebase-hosting-merge.yml index e9d04a5..bec85f2 100644 --- a/.github/workflows/firebase-hosting-merge.yml +++ b/.github/workflows/firebase-hosting-merge.yml @@ -2,10 +2,15 @@ # https://github.com/firebase/firebase-tools name: Deploy to Firebase Hosting on merge + on: push: branches: - main + +permissions: + contents: read + jobs: build_and_deploy: runs-on: ubuntu-latest diff --git a/.github/workflows/firebase-hosting-pull-request.yml b/.github/workflows/firebase-hosting-pull-request.yml index 20337e5..99a47a8 100644 --- a/.github/workflows/firebase-hosting-pull-request.yml +++ b/.github/workflows/firebase-hosting-pull-request.yml @@ -2,11 +2,14 @@ # https://github.com/firebase/firebase-tools name: Deploy to Firebase Hosting on PR + on: pull_request + permissions: checks: write contents: read pull-requests: write + jobs: build_and_preview: if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}