[pull] next from storybookjs:next #2755

Workflow file for this run

.github/workflows/trigger-circle-ci-workflow.yml at 64ab797

	###################################################################################################
	# #
	# ██ #
	# ██░░██ #
	# ░░ ░░ ██░░░░░░██ ░░░░ #
	# ██░░░░░░░░░░██ #
	# ██░░░░░░░░░░██ #
	# ██░░░░░░░░░░░░░░██ #
	# ██░░░░░░██████░░░░░░██ #
	# ██░░░░░░██████░░░░░░██ #
	# ██░░░░░░░░██████░░░░░░░░██ #
	# ██░░░░░░░░██████░░░░░░░░██ #
	# ██░░░░░░░░░░██████░░░░░░░░░░██ #
	# ██░░░░░░░░░░░░██████░░░░░░░░░░░░██ #
	# ██░░░░░░░░░░░░██████░░░░░░░░░░░░██ #
	# ██░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░██ #
	# ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██ #
	# ██░░░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░░░██ #
	# ██░░░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░░░██ #
	# ██░░░░░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░░░░░██ #
	# ░░ ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██ #
	# ██████████████████████████████████████████ #
	# #
	# #
	# SECURITY WARNING: Ensure your `pull_request_target` job respects the following rules: #
	# #
	# - Never write to GitHub Actions cache, as it would allow cache poisoning attacks #
	# - Only call third-party systems that are aware the code passed to them could be untrustworthy #
	# - Always set explicit permissions on your PR to limit the capabilities of secrets.GITHUB_TOKEN #
	# #
	###################################################################################################

	name: Trigger CircleCI workflow

	# Start with empty permissions on `pull_request_target`, then set permissions per job as needed.
	permissions: {}

	on:
	# zizmor: ignore[dangerous-triggers] # required for fork PRs; no fork code is checked out — only the Circle CI API is called
	pull_request_target:
	types: [opened, synchronize, labeled, reopened]
	push:
	branches:
	- next
	- main

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	get-branch:
	if: github.repository_owner == 'storybookjs'
	runs-on: ubuntu-latest
	permissions: {}
	steps:
	- id: get-branch
	env:
	REF_NAME: ${{ github.ref_name }}
	PR_REF_NAME: ${{ github.event.pull_request.head.ref }}
	PR_NUMBER: ${{ github.event.pull_request.number }}
	IS_FORK: ${{ github.event.pull_request.head.repo.fork }}
	EVENT_NAME: ${{ github.event_name }}
	run: \|
	if [ "$IS_FORK" = "true" ]; then
	BRANCH="pull/${PR_NUMBER}/head"
	elif [ "$EVENT_NAME" = "push" ]; then
	BRANCH="$REF_NAME"
	else
	BRANCH="$PR_REF_NAME"
	fi
	echo "$BRANCH"
	echo "branch=$BRANCH" >> "$GITHUB_OUTPUT"
	outputs:
	branch: ${{ steps.get-branch.outputs.branch }}

	get-parameters:
	if: github.repository_owner == 'storybookjs'
	runs-on: ubuntu-latest
	permissions: {}
	steps:
	- id: normal
	if: github.event_name == 'pull_request_target' && (contains(github.event.pull_request.labels.*.name, 'ci:normal'))
	run: echo "workflow=normal" >> "$GITHUB_OUTPUT"
	- id: docs
	if: github.event_name == 'pull_request_target' && (contains(github.event.pull_request.labels.*.name, 'ci:docs'))
	run: echo "workflow=docs" >> "$GITHUB_OUTPUT"
	- id: merged
	if: github.event_name == 'push' \|\| contains(github.event.pull_request.labels.*.name, 'ci:merged')
	run: echo "workflow=merged" >> "$GITHUB_OUTPUT"
	- id: daily
	if: github.event_name == 'pull_request_target' && (contains(github.event.pull_request.labels.*.name, 'ci:daily'))
	run: echo "workflow=daily" >> "$GITHUB_OUTPUT"
	- id: trusted-author
	env:
	EVENT_NAME: ${{ github.event_name }}
	ASSOCIATION: ${{ github.event.pull_request.author_association }}
	USER_TYPE: ${{ github.event.pull_request.user.type }}
	USER_LOGIN: ${{ github.event.pull_request.user.login }}
	run: \|
	# You can only push to `main` and `next` as a core team member, so the content is trustworthy.
	if [ "$EVENT_NAME" = "push" ]; then
	echo "result=true" >> "$GITHUB_OUTPUT"
	# These commits are made by the release actions, which are gated to core team members.
	elif [ "$USER_LOGIN" = "github-actions[bot]" ] && [ "$USER_TYPE" = "Bot" ]; then
	echo "result=true" >> "$GITHUB_OUTPUT"
	# Trusted members of the organization can also write to cache (core team, DX, and a few maintainers)
	elif { [ "$ASSOCIATION" = "OWNER" ] \|\| [ "$ASSOCIATION" = "MEMBER" ]; } && [ "$USER_TYPE" != "Bot" ]; then
	echo "result=true" >> "$GITHUB_OUTPUT"
	else
	echo "result=false" >> "$GITHUB_OUTPUT"
	fi
	outputs:
	workflow: ${{ steps.normal.outputs.workflow \|\| steps.docs.outputs.workflow \|\| steps.merged.outputs.workflow \|\| steps.daily.outputs.workflow }}
	ghBaseBranch: ${{ github.event.pull_request.base.ref }}
	ghPrNumber: ${{ github.event.pull_request.number }}
	ghTrustedAuthor: ${{ steps.trusted-author.outputs.result }}

	trigger-circle-ci-workflow:
	runs-on: ubuntu-latest
	needs: [get-branch, get-parameters]
	if: github.repository_owner == 'storybookjs' && needs.get-parameters.outputs.workflow != ''
	permissions: {}
	steps:
	- name: Trigger CircleCI pipeline
	env:
	CIRCLE_CI_TOKEN: ${{ secrets.CIRCLE_CI_TOKEN }}
	BRANCH: ${{ needs.get-branch.outputs.branch }}
	WORKFLOW: ${{ needs.get-parameters.outputs.workflow }}
	GH_BASE_BRANCH: ${{ needs.get-parameters.outputs.ghBaseBranch }}
	GH_PR_NUMBER: ${{ needs.get-parameters.outputs.ghPrNumber }}
	run: \|
	PARAMETERS=$(jq -nc \
	--arg workflow "$WORKFLOW" \
	--arg ghBaseBranch "$GH_BASE_BRANCH" \
	--arg ghPrNumber "$GH_PR_NUMBER" \
	'{workflow: $workflow, ghBaseBranch: $ghBaseBranch, ghPrNumber: $ghPrNumber}')
	PAYLOAD=$(jq -nc --arg branch "$BRANCH" --argjson parameters "$PARAMETERS" \
	'{branch: $branch, parameters: $parameters}')
	curl -sS --fail-with-body -X POST \
	-H "Content-Type: application/json" \
	-H "Circle-Token: $CIRCLE_CI_TOKEN" \
	-d "$PAYLOAD" \
	"https://circleci.com/api/v2/project/gh/storybookjs/storybook/pipeline"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[pull] next from storybookjs:next #2755

Workflow file

[pull] next from storybookjs:next #2755

Uh oh!

Workflow file for this run