Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-09-08 17:51:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update PR-Auto-Deploy-V2.yml

Browse Source
This commit is contained in:
Ludy87 2025-09-03 08:31:59 +02:00
parent f140e52116
commit 9a2c8b8ea1
No known key found for this signature in database
GPG Key ID: 92696155E0220F94
1 changed files with 81 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
.github/workflows/PR-Auto-Deploy-V2.yml vendored
View File

@ -3,6 +3,15 @@ name: Auto PR V2 Deployment
on: on:
pull_request: pull_request:
types: [opened, synchronize, reopened, closed] types: [opened, synchronize, reopened, closed]
workflow_dispatch:
inputs:
pr:
description: "PR number to deploy"
required: true
allow_fork:
description: "Allow deploying fork PR?"
required: false
default: "false"
permissions: permissions:
contents: read contents: read
@ -11,112 +20,96 @@ permissions:
jobs: jobs:
check-pr: check-pr:
if: github.event.action != 'closed' if: (github.event_name == 'pull_request' && github.event.action != 'closed') || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
should_deploy: ${{ steps.check-conditions.outputs.should_deploy }} should_deploy: ${{ steps.decide.outputs.should_deploy }}
is_fork: ${{ steps.detect-fork.outputs.is_fork }} is_fork: ${{ steps.resolve.outputs.is_fork }}
pr_number: ${{ github.event.number }} allow_fork: ${{ steps.decide.outputs.allow_fork }}
pr_repository: ${{ steps.get-pr-info.outputs.repository }} pr_number: ${{ steps.resolve.outputs.pr_number }}
pr_ref: ${{ steps.get-pr-info.outputs.ref }} pr_repository: ${{ steps.resolve.outputs.repository }}
pr_ref: ${{ steps.resolve.outputs.ref }}
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
with: with:
egress-policy: audit egress-policy: audit
- name: Detect fork - name: Resolve PR info
id: detect-fork id: resolve
run: | uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
echo "is_fork=${{ github.event.pull_request.head.repo.fork }}" >> $GITHUB_OUTPUT with:
script: |
const { context, core, github } = require('@actions/github');
const { owner, repo } = context.repo;
let prNumber;
if (context.eventName === 'workflow_dispatch') {
prNumber = parseInt(process.env.INPUT_PR, 10);
if (!Number.isInteger(prNumber)) { core.setFailed('Invalid PR number'); return; }
} else {
prNumber = context.payload.number;
}
const { data: pr } = await github.rest.pulls.get({ owner, repo, pull_number: prNumber });
core.setOutput('pr_number', String(prNumber));
core.setOutput('repository', pr.head.repo.full_name);
core.setOutput('ref', pr.head.ref);
core.setOutput('is_fork', String(pr.head.repo.fork));
core.setOutput('base_ref', pr.base.ref);
core.setOutput('author', pr.user.login);
core.setOutput('state', pr.state);
- name: Check deployment conditions - name: Decide deploy
id: check-conditions id: decide
shell: bash
env: env:
EVENT_NAME: ${{ github.event_name }}
STATE: ${{ steps.resolve.outputs.state }}
IS_FORK: ${{ steps.resolve.outputs.is_fork }}
# nur bei workflow_dispatch gesetzt:
ALLOW_FORK_INPUT: ${{ inputs.allow_fork }}
# für Auto-PR-Logik:
PR_TITLE: ${{ github.event.pull_request.title }} PR_TITLE: ${{ github.event.pull_request.title }}
PR_AUTHOR: ${{ github.event.pull_request.user.login }}
PR_BRANCH: ${{ github.event.pull_request.head.ref }} PR_BRANCH: ${{ github.event.pull_request.head.ref }}
PR_BASE_BRANCH: ${{ github.event.pull_request.base.ref }} PR_BASE: ${{ steps.resolve.outputs.base_ref }}
IS_FORK: ${{ steps.detect-fork.outputs.is_fork }} PR_AUTHOR: ${{ steps.resolve.outputs.author }}
run: | run: |
echo "PR Title: $PR_TITLE" set -e
echo "PR Author: $PR_AUTHOR" # Standard: nichts deployen
echo "PR Branch: $PR_BRANCH" should=false
echo "PR Base Branch: $PR_BASE_BRANCH" allow_fork="$(echo "${ALLOW_FORK_INPUT:-false}" | tr '[:upper:]' '[:lower:]')"
echo "Is Fork: $IS_FORK"
if [ "$IS_FORK" = "true" ]; then if [ "$EVENT_NAME" = "workflow_dispatch" ]; then
echo "❌ Fork PR detected -> skip deployment" if [ "$STATE" != "open" ]; then
echo "should_deploy=false" >> $GITHUB_OUTPUT echo "PR not open -> skip"
exit 0 else
fi if [ "$IS_FORK" = "true" ] && [ "$allow_fork" != "true" ]; then
echo "Fork PR and allow_fork=false -> skip"
# Define authorized users else
authorized_users=( should=true
"Frooodle" fi
"sf298"
"Ludy87"
"LaserKaspar"
"sbplat"
"reecebrowne"
"DarioGii"
"ConnorYoh"
"EthanHealy01"
"jbrunton96"
)
# Check if author is in the authorized list
is_authorized=false
for user in "${authorized_users[@]}"; do
if [[ "$PR_AUTHOR" == "$user" ]]; then
is_authorized=true
break
fi fi
done
# If PR is targeting V2 and user is authorized, deploy unconditionally
if [[ "$PR_BASE_BRANCH" == "V2" && "$is_authorized" == "true" ]]; then
echo "✅ Deployment forced: PR targets V2 and author is authorized."
echo "should_deploy=true" >> $GITHUB_OUTPUT
exit 0
fi
# Otherwise, continue with original keyword checks
has_v2_keyword=false
[[ "$PR_TITLE" =~ [Vv]2|[Vv]ersion.?2|[Vv]ersion.?[Tt]wo ]] && has_v2_keyword=true
has_branch_keyword=false
[[ "$PR_BRANCH" =~ [Vv]2|[Rr]eact ]] && has_branch_keyword=true
if [[ "$is_authorized" == "true" && ( "$has_v2_keyword" == "true" || "$has_branch_keyword" == "true" ) ]]; then
echo "✅ Deployment conditions met"
echo "should_deploy=true" >> $GITHUB_OUTPUT
else else
echo "❌ Deployment conditions not met" auth_users=("Frooodle" "sf298" "Ludy87" "LaserKaspar" "sbplat" "reecebrowne" "DarioGii" "ConnorYoh" "EthanHealy01" "jbrunton96")
echo " - Authorized user: $is_authorized" is_auth=false; for u in "${auth_users[@]}"; do [ "$u" = "$PR_AUTHOR" ] && is_auth=true && break; done
echo " - Has V2 keyword in title: $has_v2_keyword" if [ "$PR_BASE" = "V2" ] && [ "$is_auth" = true ]; then
echo " - Has V2/React keyword in branch: $has_branch_keyword" should=true
echo "should_deploy=false" >> $GITHUB_OUTPUT else
title_has_v2=false; echo "$PR_TITLE" | grep -qiE 'v2|version.?2|version.?two' && title_has_v2=true
branch_has_kw=false; echo "$PR_BRANCH" | grep -qiE 'v2|react' && branch_has_kw=true
if [ "$is_auth" = true ] && { [ "$title_has_v2" = true ] || [ "$branch_has_kw" = true ]; }; then
should=true
fi
fi
fi fi
- name: Get PR repository and ref echo "should_deploy=$should" >> $GITHUB_OUTPUT
id: get-pr-info echo "allow_fork=${allow_fork:-false}" >> $GITHUB_OUTPUT
if: steps.check-conditions.outputs.should_deploy == 'true'
run: |
# For forks, use the full repository name, for internal PRs use the current repo
if [[ "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then
repository="${{ github.event.pull_request.head.repo.full_name }}"
else
repository="${{ github.repository }}"
fi
echo "repository=$repository" >> $GITHUB_OUTPUT
echo "ref=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT
deploy-v2-pr: deploy-v2-pr:
needs: check-pr needs: check-pr
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: needs.check-pr.outputs.should_deploy == 'true' && needs.check-pr.outputs.is_fork == 'false' if: needs.check-pr.outputs.should_deploy == 'true' && (needs.check-pr.outputs.is_fork == 'false' || needs.check-pr.outputs.allow_fork == 'true')
# Concurrency control - only one deployment per PR at a time
concurrency: concurrency:
group: v2-deploy-pr-${{ needs.check-pr.outputs.pr_number }} group: v2-deploy-pr-${{ needs.check-pr.outputs.pr_number }}
cancel-in-progress: true cancel-in-progress: true
@ -201,8 +194,8 @@ jobs:
- name: Get version number - name: Get version number
id: versionNumber id: versionNumber
run: | run: |
VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}' || true) VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
echo "versionNumber=${VERSION:-unknown}" >> $GITHUB_OUTPUT echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
@ -417,6 +410,7 @@ jobs:
contents: read contents: read
issues: write issues: write
pull-requests: write pull-requests: write
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
@ -506,4 +500,4 @@ jobs:
if: always() if: always()
run: | run: |
rm -f ../private.key rm -f ../private.key
continue-on-error: true continue-on-error: true