Aswathy/fix: security issues #73
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Generate ROW preview link | |
on: | |
pull_request_target: | |
types: [opened, synchronize] | |
branches: | |
- '**' | |
env: | |
NODE_OPTIONS: '--max-old-space-size=8192' | |
concurrency: | |
group: cloudflare-row-pages-build-${{github.head_ref}} | |
cancel-in-progress: true | |
jobs: | |
build_row_to_cloudflare_pages: | |
runs-on: Ubuntu-latest | |
permissions: | |
checks: write | |
pull-requests: write | |
steps: | |
- name: Verify user | |
uses: 'deriv-com/shared-actions/.github/actions/verify_user_in_organization@v2' | |
with: | |
username: ${{github.event.pull_request.user.login}} | |
token: ${{ secrets.PREVIEW_LINK_TOKEN }} | |
- name: Checkout to repo | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: 'Generate action link comment' | |
id: generate_action_url | |
uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 | |
with: | |
github-token: ${{ github.token }} | |
script: | | |
const action_url = "${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}" | |
const comment = [ | |
'| Name | Result |', | |
'| :--- | :------ |', | |
`| **ROW Build status** | Building 🔨 |`, | |
`| **ROW Action URL** | [Visit Action](${action_url}) |`, | |
'' | |
].join('\n') | |
core.setOutput("comment", comment); | |
- name: Post Cloudflare Pages Preview comment | |
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 | |
with: | |
header: Cloudflare Pages ROW Preview Comment | |
number: ${{github.event.pull_request.user.login}} | |
message: ${{steps.generate_action_url.outputs.comment}} | |
recreate: true | |
- name: Setup node | |
uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 | |
- name: Get build output from master cache | |
uses: actions/cache/restore@e12d46a63a90f2fae62d114769bbf2a179198b5c | |
with: | |
key: master-cache-public | |
restore-keys: | | |
master-cache-public-replica | |
path: | | |
sites/row/.cache | |
sites/row/public | |
- name: Install Dependencies | |
uses: './.github/actions/npm_install_from_cache' | |
- name: Build project | |
id: build-project | |
env: | |
GATSBY_ENV: staging | |
GATSBY_GROWTHBOOK_CLIENT_KEY: ${{ secrets.GATSBY_GROWTHBOOK_CLIENT_KEY }} | |
GATSBY_GROWTHBOOK_DECRYPTION_KEY: ${{ secrets.GATSBY_GROWTHBOOK_DECRYPTION_KEY }} | |
GATSBY_RUDDERSTACK_STAGING_KEY: ${{ secrets.GATSBY_RUDDERSTACK_STAGING_KEY }} | |
GATSBY_RUDDERSTACK_PRODUCTION_KEY: ${{ secrets.GATSBY_RUDDERSTACK_PRODUCTION_KEY }} | |
GATSBY_STRAPI_TOKEN: ${{ secrets.GATSBY_STRAPI_TOKEN }} | |
GATSBY_GOOGLE_TAG_MANAGER_TRACKING_ID: ${{ secrets.GATSBY_GOOGLE_TAG_MANAGER_TRACKING_ID }} | |
GATSBY_TRUSTPILOT_API_KEY: ${{ secrets.GATSBY_TRUSTPILOT_API_KEY }} | |
GATSBY_HOTJAR_ID: ${{ secrets.GATSBY_HOTJAR_ID }} | |
GATSBY_DATABASE_URL: ${{ secrets.GATSBY_DATABASE_URL }} | |
run: npm run build:row | |
- name: Retrieve PR information | |
env: | |
EVENT_NUMBER: ${{ github.event.number }} | |
EVENT_USERNAME: ${{ github.event.pull_request.user.login }} | |
HEAD_REF: ${{ github.head_ref }} | |
DRAFT: ${{ github.event.pull_request.draft }} | |
run: | | |
mkdir -p .pr | |
echo "$EVENT_NUMBER" > .pr/NR | |
echo "$EVENT_USERNAME" > .pr/USERNAME | |
echo "$HEAD_REF" > .pr/BRANCHNAME | |
echo "$DRAFT" > .pr/DRAFT | |
- name: Publish to Cloudflare Pages | |
id: publish-to-pages | |
env: | |
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_TEST_LINKS_API_TOKEN }} | |
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_TEST_LINKS_ACCOUNT_ID }} | |
HEAD_BRANCH: ${{ github.head_ref }} | |
run: | | |
echo "Installing Wrangler CLI" | |
npm i -g wrangler | |
echo "Deploying build to Cloudflare Pages" | |
directory='sites/row/public' | |
projectName='deriv-com-preview-links' | |
branch=row-$(echo "$HEAD_BRANCH" | head -c 20 | sed 's/[\/_\.]/-/g; s/[^a-zA-Z0-9]$/1/') | |
cf_preview_url=$(wrangler pages deploy $directory --project-name=$projectName --branch=$branch > log.txt 2>&1; echo $?) | |
echo "------" | |
preview_url=https://$branch.deriv-com-preview-links.pages.dev | |
cat log.txt | |
if grep -q "Deployment complete" log.txt; then | |
echo "preview_url=$preview_url" >> "$GITHUB_OUTPUT" | |
echo $preview_url > .pr/PREVIEW_URL | |
else | |
echo "Deployment to Cloudflare Pages failed." | |
exit 1 | |
fi | |
- name: 'Generate preview link comment' | |
if: success() | |
id: generate_preview_url | |
uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 | |
with: | |
github-token: ${{ github.token }} | |
script: | | |
const action_url = "${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}" | |
const preview_url = "${{steps.publish-to-pages.outputs.preview_url}}" | |
const comment = [ | |
`**Preview Link**: ${preview_url}`, | |
'| Name | Result |', | |
'| :--- | :------ |', | |
`| **ROW Build status** | Completed ✅ |`, | |
`| **ROW Preview URL** | [Visit Preview](${preview_url}) |`, | |
`| **ROW Action URL** | [Visit Action](${action_url}) |`, | |
'' | |
].join('\n') | |
core.setOutput("comment", comment); | |
- name: 'Generate failure comment' | |
if: failure() | |
id: generate_failure_comment | |
uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 | |
with: | |
github-token: ${{ github.token }} | |
script: | | |
const action_url = "${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}" | |
const comment = [ | |
'| Name | Result |', | |
'| :--- | :------ |', | |
`| **ROW Build status** | Failed ❌ |`, | |
`| **ROW Action URL** | [Visit Action](${action_url}) |`, | |
'' | |
].join('\n') | |
core.setOutput("comment", comment); | |
- name: Post Cloudflare Pages Preview comment | |
if: success() || failure() | |
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 | |
with: | |
header: Cloudflare Pages Preview Comment | |
number: ${{github.event.number}} | |
message: ${{steps.generate_preview_url.outputs.comment || steps.generate_failure_comment.outputs.comment }} | |
recreate: true | |
- name: Upload PR information to artifact | |
uses: actions/upload-artifact@c24449f33cd45d4826c6702db7e49f7cdb9b551d | |
with: | |
name: 'pr-${{github.run_id}}' | |
path: .pr |