diff --git a/.github/workflows/_deploy.yml b/.github/workflows/_deploy.yml index 4b6e68a3..4bdfb09e 100644 --- a/.github/workflows/_deploy.yml +++ b/.github/workflows/_deploy.yml @@ -15,6 +15,10 @@ on: description: "Name of the build artifact to download" required: true type: string + build-workflow-run-id: + description: "ID of the workflow run that created the artifact" + type: number + required: false outputs: url: description: "Deployment URL" @@ -24,6 +28,8 @@ permissions: contents: read # Authenticate with GCP. id-token: write + # Download artifact from workflow run. + actions: read concurrency: group: ci-${{ github.workflow }}-${{ inputs.prefix }} @@ -51,6 +57,8 @@ jobs: with: name: ${{ inputs.build-artifact-name }} path: ${{ env.BUILD_OUT_ROOT }} + github-token: ${{ inputs.build-workflow-run-id && github.token || '' }} + run-id: ${{ inputs.build-workflow-run-id || '' }} - name: Authenticate with GCP uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml new file mode 100644 index 00000000..910eda9d --- /dev/null +++ b/.github/workflows/pr-build.yml @@ -0,0 +1,17 @@ +name: PR Build + +on: + pull_request: + branches: + - main + +permissions: + contents: read + +jobs: + build: + if: github.repository_owner == 'mdn' && github.event.pull_request.user.login != 'dependabot[bot]' + uses: ./.github/workflows/_build.yml + secrets: inherit + with: + partial: true diff --git a/.github/workflows/pr-review-companion.yml b/.github/workflows/pr-review-companion.yml index 4521f3bc..7a7128ce 100644 --- a/.github/workflows/pr-review-companion.yml +++ b/.github/workflows/pr-review-companion.yml @@ -1,9 +1,10 @@ name: PR Review Companion on: - pull_request: - branches: - - main + workflow_run: + workflows: ["PR Build"] + types: + - completed permissions: contents: read @@ -11,27 +12,36 @@ permissions: id-token: write # Post comment in pull request. pull-requests: write + # Download artifacts from triggering workflow. + actions: read jobs: - build: - if: github.repository_owner == 'mdn' && github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository - uses: ./.github/workflows/_build.yml - secrets: inherit - with: - partial: true + identify-pr: + if: github.event.workflow_run.conclusion == 'success' + runs-on: ubuntu-latest + outputs: + pr-number: ${{ steps.identify-pr.outputs.number }} + steps: + - name: Identify PR + id: identify-pr + run: | + PR_NUMBER=$(gh api repos/${{ github.repository }}/commits/${{ github.event.workflow_run.head_sha }}/pulls --jq '.[0].number') + echo "number=$PR_NUMBER" >> $GITHUB_OUTPUT + env: + GITHUB_TOKEN: ${{ github.token }} deploy: - needs: build - if: github.repository_owner == 'mdn' && github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository + needs: identify-pr uses: ./.github/workflows/_deploy.yml secrets: inherit with: cancel-in-progress: true - prefix: fred-pr${{ github.event.pull_request.number }} - build-artifact-name: ${{ needs.build.outputs.artifact-name }} + prefix: fred-pr${{ needs.identify-pr.outputs.pr-number }} + build-artifact-name: build-output + build-workflow-run-id: ${{ github.event.workflow_run.id }} comment: - needs: deploy + needs: [identify-pr, deploy] runs-on: ubuntu-latest steps: - name: Comment in PR @@ -52,5 +62,5 @@ jobs: fi env: BODY: "${{ github.sha }} was deployed to: ${{ needs.deploy.outputs.url }}" - PR_NUMBER: ${{ github.event.pull_request.number }} + PR_NUMBER: ${{ needs.identify-pr.outputs.pr-number }} GITHUB_TOKEN: ${{ github.token }}