Deploy documentation PR preview #331
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GHA workflow which publishes previews of the docs to Netlify. | |
| # | |
| # We keep this in a separate workflow to the main build, because it | |
| # requires access to the Netlify secret. By having it run on `workflow_run`, we | |
| # will only use the workflow definition file on the default branch, so we can | |
| # ensure that the secret can't be exfiltrated. This makes `zizmor` unhappy, but | |
| # that's a necessary evil. | |
| name: Deploy documentation PR preview | |
| on: # zizmor: ignore[dangerous-triggers] - see above. | |
| workflow_run: | |
| workflows: ["CI"] | |
| types: | |
| - completed | |
| permissions: {} | |
| jobs: | |
| netlify: | |
| if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request' | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| actions: read | |
| deployments: write | |
| # Tell github to share the right secrets | |
| environment: PR Documentation Preview | |
| steps: | |
| - name: 📥 Download artifact | |
| uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| run-id: ${{ github.event.workflow_run.id }} | |
| name: docs | |
| path: . | |
| - name: 📦 Unwrap tarball | |
| run: | | |
| mkdir docs | |
| tar -xvf artifact.tar -C docs | |
| - name: 📤 Deploy to Netlify | |
| uses: matrix-org/netlify-pr-preview@9805cd123fc9a7e421e35340a05e1ebc5dee46b5 # v3.0.0 | |
| with: | |
| path: docs | |
| # Pass the details of the workflow run that just completed into the action. | |
| # This allows it to figure out the PR number. | |
| owner: ${{ github.event.workflow_run.head_repository.owner.login }} | |
| branch: ${{ github.event.workflow_run.head_branch }} | |
| revision: ${{ github.event.workflow_run.head_sha }} | |
| token: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
| site_id: dcaf4b8b-3a2d-4498-ad8f-ca73f36a43e0 | |
| desc: Documentation preview | |
| deployment_env: PR Documentation Preview |