feat(ci): added preview wrangler build CI

nekomeowww · nekomeowww · commit eca0c90dcfee · 2025-11-27T01:28:01.000+08:00
diff --git a/.github/workflows/deploy-cloudflare-workers-preview-upload.yml b/.github/workflows/deploy-cloudflare-workers-preview-upload.yml
@@ -0,0 +1,178 @@
+name: Cloudflare Workers (Preview) Comment
+
+on:
+  workflow_run:
+    workflows:
+      - Cloudflare Workers (Preview)
+    types:
+      - completed
+
+env:
+  PR_NUM: 0
+  BRANCH_NAME: main
+
+jobs:
+  on-success:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    name: Deploy
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    strategy:
+      matrix:
+        include:
+          - app_name: stage-web
+            artifact_name: preview-build-stage-web
+            artifact_path: ./apps/stage-web/dist
+            deploy_command: version deploy -c ./apps/stage-web/wrangler.toml
+
+    steps:
+      - uses: actions/checkout@v6
+      # Turborepo
+      - name: Cache turbo build setup
+        uses: actions/cache@v4
+        with:
+          path: .turbo
+          key: ${{ runner.os }}-turbo-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-turbo-
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v6
+        with:
+          node-version: lts/*
+          cache: pnpm
+
+      # NOTICE:
+      #
+      # Here installing wrangler to global is required, or otherwise:
+      # ERR_PNPM_ADDING_TO_ROOT  Running this command will add the dependency to the workspace root...
+      # error occurs.
+      #
+      # Since https://github.com/cloudflare/wrangler-action/pull/339#issuecomment-2667622947 rejected the -g support
+      # by saying un-reasonable 'I'm not sure if it's common ... to install packages to the global scope, ... might be introducing some unintended side effects.'
+      #
+      # Clearly I think installing with `<packageManager> install` brings more unintended side effects...
+      #
+      # As suggested by https://github.com/cloudflare/wrangler-action/issues/181#issuecomment-2127990708, we should pre-install
+      # with our package manager and then use it in the action.
+      - run: pnpm i -g wrangler@4
+
+      - name: Download artifact - PR
+        uses: dawidd6/action-download-artifact@v11
+        with:
+          workflow_conclusion: success
+          run_id: ${{ github.event.workflow_run.id }}
+          name: pr-num
+          path: pr-num
+          allow_forks: true
+
+      - name: Download artifact - PR
+        uses: dawidd6/action-download-artifact@v11
+        with:
+          workflow_conclusion: success
+          run_id: ${{ github.event.workflow_run.id }}
+          name: branch-name
+          path: branch-name
+          allow_forks: true
+
+      - name: Obtain PR number
+        id: pr-num
+        run: |
+          echo "PR_NUM=$(cat pr-num/pr_num)" >> $GITHUB_ENV
+
+      - name: Obtain branch name
+        id: branch-name
+        run: |
+          echo "BRANCH_NAME=$(cat branch-name/branch_name)" >> $GITHUB_ENV
+
+      - name: Download artifact
+        uses: dawidd6/action-download-artifact@v11
+        with:
+          workflow_conclusion: success
+          run_id: ${{ github.event.workflow_run.id }}
+          name: preview-build-stage-web
+          path: ./apps/stage-web/dist
+          allow_forks: true
+
+      - name: Upload
+        id: deploy
+        uses: cloudflare/wrangler-action@v3
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          command: ${{ matrix.deploy_command }}
+          gitHubToken: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Find Comment
+        uses: peter-evans/find-comment@v4
+        id: fc
+        with:
+          issue-number: ${{ env.PR_NUM }}
+          comment-author: 'github-actions[bot]'
+          body-includes: to Cloudflare Workers (Preview) for *${{ matrix.app_name }}*
+
+      - name: Create or update comment
+        uses: peter-evans/create-or-update-comment@v5
+        with:
+          comment-id: ${{ steps.fc.outputs.comment-id }}
+          issue-number: ${{ env.PR_NUM }}
+          edit-mode: replace
+          body: |
+            ## ✅ Deploy to Cloudflare Workers (Preview) for *${{ matrix.app_name }}* ready!
+
+            | Name                   | Link                                                                                         |
+            |:-----------------------|:---------------------------------------------------------------------------------------------|
+            | 🔍 Latest deploy log   | https://github.com/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }} |
+            | 😎 Deploy Preview      | ${{ steps.deploy.outputs.deployment-url }}                                                   |
+
+  on-failure:
+    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
+    name: Failed to build previewing docs
+    runs-on: ubuntu-latest
+
+    permissions:
+      pull-requests: write
+
+    strategy:
+      matrix:
+        include:
+          - app_name: stage-web
+
+    steps:
+      - name: Download artifact - PR
+        uses: dawidd6/action-download-artifact@v11
+        with:
+          workflow_conclusion: success
+          run_id: ${{ github.event.workflow_run.id }}
+          name: pr-num
+          path: pr-num
+          allow_forks: true
+
+      - name: Obtain PR number
+        id: pr-num
+        run: |
+          echo "PR_NUM=$(cat pr-num/pr_num)" >> $GITHUB_ENV
+
+      - name: Find Comment
+        uses: peter-evans/find-comment@v4
+        id: fc
+        with:
+          issue-number: ${{ env.PR_NUM }}
+          comment-author: 'github-actions[bot]'
+          body-includes: to Cloudflare Workers (Preview) for *${{ matrix.app_name }}*
+
+      - name: Create or update comment
+        uses: peter-evans/create-or-update-comment@v5
+        with:
+          comment-id: ${{ steps.fc.outputs.comment-id }}
+          issue-number: ${{ env.PR_NUM }}
+          edit-mode: replace
+          body: |
+            ## ❌ Deploy to Cloudflare Workers (Preview) for *${{ matrix.app_name }}* failed.
+
+            | Name                   | Link                                                                                         |
+            |:-----------------------|:---------------------------------------------------------------------------------------------|
+            | 🔍 Latest deploy log   | https://github.com/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }} |
diff --git a/.github/workflows/deploy-cloudflare-workers-preview.yml b/.github/workflows/deploy-cloudflare-workers-preview.yml
@@ -0,0 +1,91 @@
+name: Cloudflare Workers (Preview)
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'docs/**'
+
+jobs:
+  build:
+    name: Deploy Preview - ${{ matrix.app_name }}
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        include:
+          - app_name: stage-web
+            environment_name: Production
+            environment_url: https://airi.moeru.ai/docs/
+            cloudflare_pages_id: moeru-ai-airi
+            dist_directory: ./apps/stage-web/dist
+            command: |
+              pnpm -F @proj-airi/stage-web run build
+
+              pnpm -F @proj-airi/docs run build:base
+              mv ./docs/.vitepress/dist ./apps/stage-web/dist/docs
+              cp ./apps/stage-web/dist/docs/sitemap.xml ./apps/stage-web/dist/sitemap.xml
+
+              pnpm -F @proj-airi/stage-ui run story:build
+              mv ./packages/stage-ui/.histoire/dist ./apps/stage-web/dist/ui
+
+    steps:
+      # This is quite weird.
+      # Even though this is the *intended* solution introduces in official blog post here
+      # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/.
+      # But still, as https://github.com/orgs/community/discussions/25220#discussioncomment-7856118 stated,
+      # this is vulnerable since there is no source of truth about which PR in the triggered workflow.
+      - name: Persist PR number
+        run: |
+          echo "${{ github.event.number }}" > pr_num
+
+      - name: Persist branch name
+        run: |
+          echo "${{ github.head_ref }}" > branch_name
+
+      - name: Upload PR artifact
+        uses: actions/upload-artifact@v5
+        with:
+          name: pr-num
+          path: ./pr_num
+          overwrite: true
+
+      - name: Upload PR artifact
+        uses: actions/upload-artifact@v5
+        with:
+          name: branch-name
+          path: ./branch_name
+          overwrite: true
+
+      - uses: actions/checkout@v6
+      # Turborepo
+      - name: Cache turbo build setup
+        uses: actions/cache@v4
+        with:
+          path: .turbo
+          key: ${{ runner.os }}-turbo-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-turbo-
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v6
+        with:
+          node-version: lts/*
+          cache: pnpm
+
+      - run: pnpm install --frozen-lockfile
+      - run: pnpm run build:packages
+      - run: ${{ matrix.command }}
+        env:
+          S3_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY_ID }}
+          S3_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_ACCESS_KEY }}
+          S3_ENDPOINT: ${{ secrets.S3_ENDPOINT }}
+          S3_REGION: ${{ secrets.S3_REGION }}
+          WARP_DRIVE_PUBLIC_BASE: ${{ secrets.WARP_DRIVE_PUBLIC_BASE }}
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v5
+        with:
+          name: preview-build-${{ matrix.app_name }}
+          path: ${{ matrix.dist_directory }}
+          overwrite: true
