-
Notifications
You must be signed in to change notification settings - Fork 25k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci: set up previews of adev (#53941)
Set up preview actions to allow for a preview of the adev site to be deployed for a PR with the `adev: preview` label. PR Close #53941
- Loading branch information
1 parent
d08f91f
commit 6f6ad02
Showing
4 changed files
with
162 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# This workflow builds the previews for pull requests when a certain label is applied. | ||
# The actual deployment happens as part of a dedicated second workflow to avoid security | ||
# issues where the building would otherwise occur in an authorized context where secrets | ||
# could be leaked. More details can be found here: | ||
|
||
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. | ||
|
||
name: Build adev for preview deployment | ||
|
||
on: | ||
pull_request: | ||
types: [synchronize, labeled] | ||
|
||
permissions: read-all | ||
|
||
jobs: | ||
adev-build: | ||
runs-on: ubuntu-latest | ||
if: | | ||
(github.event.action == 'labeled' && github.event.label.name == 'adev: preview') || | ||
(github.event.action == 'synchronize' && contains(github.event.pull_request.labels.*.name, 'adev: preview')) | ||
steps: | ||
- name: Initialize environment | ||
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@e52eb8237f2ed71195f87ce8046467a176568e58 | ||
- name: Setup Bazel | ||
uses: angular/dev-infra/github-actions/bazel/setup@e52eb8237f2ed71195f87ce8046467a176568e58 | ||
- name: Setup Bazel RBE | ||
uses: angular/dev-infra/github-actions/bazel/configure-remote@e52eb8237f2ed71195f87ce8046467a176568e58 | ||
- name: Install node modules | ||
run: yarn install --frozen-lockfile | ||
- name: Build adev to ensure it continues to work | ||
run: yarn bazel build --config=aio_local_deps //adev:build | ||
- uses: angular/dev-infra/github-actions/previews/pack-and-upload-artifact@73777547f819464aa5f48071b966eed34fd2c402 | ||
with: | ||
workflow-artifact-name: 'adev-preview' | ||
pull-number: '${{github.event.pull_request.number}}' | ||
artifact-build-revision: '${{github.event.pull_request.head.sha}}' | ||
deploy-directory: './dist/bin/adev/build/browser' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
# This workflow runs whenever the ADEV build workflow has completed. Deployment happens | ||
# as part of a dedicated second workflow to avoid security issues where the building would | ||
# otherwise occur in an authorized context where secrets could be leaked. | ||
# | ||
# More details can be found here: | ||
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. | ||
|
||
name: Deploying adev preview to Firebase | ||
|
||
on: | ||
workflow_run: | ||
workflows: ['Build adev for preview deployment'] | ||
types: [completed] | ||
|
||
permissions: | ||
# Needed in order to be able to comment on the pull request. | ||
pull-requests: write | ||
# Needed in order to checkout the repository | ||
contents: read | ||
# Needed in order to retrieve the artifacts from the previous job | ||
actions: read | ||
|
||
env: | ||
PREVIEW_PROJECT: angular-dev-site | ||
PREVIEW_SITE: angular-docs | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
if: ${{ github.event.workflow_run.conclusion == 'success' }} | ||
steps: | ||
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3 | ||
with: | ||
token: '${{secrets.GITHUB_TOKEN}}' | ||
|
||
- name: Configure Firebase deploy target | ||
working-directory: ./ | ||
run: | | ||
# We can use `npx` as the Firebase deploy actions uses it too. | ||
npx -y firebase-tools@latest target:clear --project ${{env.PREVIEW_PROJECT}} hosting angular-docs | ||
npx -y firebase-tools@latest target:apply --project ${{env.PREVIEW_PROJECT}} hosting angular-docs ${{env.PREVIEW_SITE}} | ||
- uses: angular/dev-infra/github-actions/previews/upload-artifacts-to-firebase@73777547f819464aa5f48071b966eed34fd2c402 | ||
with: | ||
github-token: '${{secrets.GITHUB_TOKEN}}' | ||
workflow-artifact-name: 'adev-preview' | ||
firebase-config-dir: './adev' | ||
firebase-public-dir: './dist/bin/adev/build/browser' | ||
firebase-project-id: '${{env.PREVIEW_PROJECT}}' | ||
firebase-service-key: '${{secrets.FIREBASE_PREVIEW_SERVICE_TOKEN}}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
{ | ||
"hosting": { | ||
"target": "angular-docs", | ||
"public": "../dist/bin/adev/build/browser", | ||
"ignore": ["**/.*"], | ||
"headers": [ | ||
{ | ||
"source": "assets/tutorials/common/*.jpg", | ||
"headers": [ | ||
{ | ||
"key": "Cross-Origin-Resource-Policy", | ||
"value": "cross-origin" | ||
}, | ||
{ | ||
"key": "Access-Control-Allow-Origin", | ||
"value": "*" | ||
} | ||
] | ||
}, | ||
{ | ||
"source": "*.[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].+(css|js)", | ||
"headers": [ | ||
{ | ||
"key": "Cache-Control", | ||
"value": "public,max-age=31536000,immutable" | ||
}, | ||
{ | ||
"key": "Access-Control-Allow-Origin", | ||
"value": "*" | ||
} | ||
] | ||
}, | ||
{ | ||
"source": "/[0-9a-f][0-9a-f][0-9a-f].[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].js", | ||
"headers": [ | ||
{ | ||
"key": "Cross-Origin-Embedder-Policy", | ||
"value": "require-corp" | ||
} | ||
] | ||
}, | ||
{ | ||
"source": "/@(ngsw-worker.js|ngsw.json)", | ||
"headers": [ | ||
{ | ||
"key": "Cache-Control", | ||
"value": "no-cache" | ||
} | ||
] | ||
}, | ||
{ | ||
"source": "/**", | ||
"headers": [ | ||
{ | ||
"key": "Cross-Origin-Opener-Policy", | ||
"value": "same-origin" | ||
}, | ||
|
||
{ | ||
"key": "Cross-Origin-Embedder-Policy", | ||
"value": "require-corp" | ||
} | ||
] | ||
} | ||
], | ||
"rewrites": [ | ||
{ | ||
"source": "**", | ||
"destination": "/index.html" | ||
} | ||
] | ||
} | ||
} |