e55ff5ac4a
It seems that content: write is needed so that external contributors can dispatch workflows
44 lines
1.6 KiB
YAML
44 lines
1.6 KiB
YAML
name: 'Preview Environment Dispatch'
|
|
|
|
on:
|
|
# Using pull_request_target instead of pull_request to have access to secrets for external contributors
|
|
# Security note: This is safe because we're only using the repository-dispatch action with limited scope
|
|
# and not checking out or running any code from the external contributor's PR
|
|
pull_request_target:
|
|
types: [opened, synchronize, reopened, labeled]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: write
|
|
actions: write
|
|
pull-requests: read
|
|
|
|
jobs:
|
|
changed-files-check:
|
|
uses: ./.github/workflows/changed-files.yaml
|
|
with:
|
|
files: |
|
|
.github/workflows/preview-env-dispatch.yaml
|
|
.github/workflows/preview-env-keepalive.yaml
|
|
packages/twenty-docker/**
|
|
docker-compose.yml
|
|
packages/twenty-server/**
|
|
packages/twenty-front/**
|
|
|
|
trigger-preview:
|
|
needs: changed-files-check
|
|
if: needs.changed-files-check.outputs.any_changed == 'true' || contains(github.event.pull_request.labels.*.name, 'preview')
|
|
timeout-minutes: 5
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Trigger preview environment workflow
|
|
uses: peter-evans/repository-dispatch@v2
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
repository: ${{ github.repository }}
|
|
event-type: preview-environment
|
|
client-payload: '{"pr_number": "${{ github.event.pull_request.number }}", "pr_head_sha": "${{ github.event.pull_request.head.sha }}", "repo_full_name": "${{ github.repository }}"}'
|