Skip to content

Fix "Support kontaktieren" button on our website #1752

Fix "Support kontaktieren" button on our website

Fix "Support kontaktieren" button on our website #1752

# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt)
# Licensed under the EUPL-1.2-or-later.
#
# You may obtain a copy of the Licence at:
# https://joinup.ec.europa.eu/software/page/eupl
#
# SPDX-License-Identifier: EUPL-1.2
# This workflow handles the CI for the website.
#
# Therefore, it's only triggered on pull requests that make changes to the
# website. It only contains jobs that require secrets. The jobs that don't
# require secrets are handled in the "safe_website_ci.yml" workflow.
name: unsafe-website-ci
concurrency:
group: unsafe-website-ci-${{ github.head_ref }}
# In order to conserve the use of GitHub Actions, we cancel the running action
# of the previous commit. This means that if you first commit "A" and then
# commit "B" to the pull request a few minutes later, the workflow for commit
# "A" will be cancelled.
cancel-in-progress: true
on:
# Triggers the workflow on pull request events
pull_request_target:
types:
- opened
- synchronize
- reopened
# It's important to trigger this workflow again when the pull is changing
# from a draft pull request to a ready for review pull request.
#
# Some jobs are skipped when the pull request is a draft. Therefore, we
# need to trigger these jobs again when the pull request is changing to
# ready for review.
- ready_for_review
# Retrigger the workflow when label has been add to run the CI when the
# "safe to test" label is added.
- labeled
merge_group:
types:
- checks_requested
# Set permissions to none.
#
# Using the broad default permissions is considered a bad security practice
# and would cause alerts from our scanning tools.
permissions: {}
env:
CI_CD_DART_SCRIPTS_PACKAGE_PATH: "tools/sz_repo_cli/"
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# It's important that we run this job first, because we need to remove the
# "safe to test" label when the PR comes from a fork in order to ensure that
# every change is reviewed for security implications.
remove-safe-to-build-label:
runs-on: ubuntu-22.04
permissions:
# Required by the remove-safe-to-test-label action
contents: read
pull-requests: write
steps:
- name: Remove "safe to test" label, if PR is from a fork
uses: SharezoneApp/remove-safe-to-test-label@91b378205db41bb08dde8e4c4f2685847eb3d168
# We can't use the official "paths" filter because it has no support for merge
# groups and we would need some kind of fallback CI when a check is required
# but ignored because of the path filter.
#
# See:
# * https://github.com/community/community/discussions/45899 (merge groups)
# * https://github.com/github/docs/commit/4364076e0fb56c2579ae90cd048939eaa2c18954
# (workaround for required checks with path filters)
changes:
needs: remove-safe-to-build-label
runs-on: ubuntu-22.04
outputs:
changesFound: ${{ steps.filter.outputs.changesFound }}
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
with:
# Because we are using the "pull_request_target" event, we need to
# checkout the PR head commit instead of the merge commit.
ref: ${{ github.event.pull_request.head.sha }}
- uses: AurorNZ/paths-filter@3b1f3abc3371cca888d8eb03dfa70bc8a9867629
id: filter
with:
filters: |
changesFound:
# When we change the Flutter version, we need to trigger this workflow.
- ".fvm/fvm_config.json"
# We only build and deploy a new version, when a user relevant files
# changed.
- "website/**"
- "lib/**"
# We trigger also this workflow, if this workflow is changed, so that new
# changes will be applied.
- ".github/workflows/unsafe_website_ci.yml"
# The following paths are excluded from the above paths. It's important to
# list the paths at the end of the file, so that the exclude paths are
# applied.
#
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-including-and-excluding-paths.
- "!**/*.md"
- "!**/*.mdx"
- "!**/*.gitignore"
- "!**/firebase.json"
- "!**/.firebaserc"
# We are building for every PR a web preview, which will be deployed to
# Firebase Hosting. The link to the website will posted as comment (like:
# https://github.com/SharezoneApp/sharezone-app/pull/119#issuecomment-1030012299).
#
# The previews are helping reviewer and other users to quickly view the
# changes in a compiled version.
#
# A link to a preview expires after 3 days.
#
# Required steps to set this up:
# 1. Run "firebase init hosting:github"
# 2. Enable "Firebase Hosting API" in Google Cloud project
# 3. Write GitHub action job
# 4. Adjust website restrictions for Firebase Key "Sharezone Web Key".
web-preview:
needs: changes
# We only want to build the website only for PRs.
#
# Otherwise this will be triggered inside a merge-queue.
if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}}
runs-on: ubuntu-22.04
permissions:
pull-requests: write # for FirebaseExtended/action-hosting-deploy to comment on PRs
checks: write # for FirebaseExtended/action-hosting-deploy to comment on PRs (without write permissions for checks the action doesn't post a comment to the PR, we don't know why)
steps:
- name: Ensure PR has "safe to test" label, if PR is from a fork
uses: SharezoneApp/verify-safe-to-test-label@c1059d43fc918756660a700ca6d08e445ff314a2
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
with:
# Because we are using the "pull_request_target" event, we need to
# checkout the PR head commit instead of the merge commit.
ref: ${{ github.event.pull_request.head.sha }}
- name: Set Flutter version from FVM config file to environment variables
id: fvm-config-action
uses: kuhnroyal/flutter-fvm-config-action@4155f8ca4c30a4f2f50df69caa0e4259f6cd1142
- uses: subosito/flutter-action@44ac965b96f18d999802d4b807e3256d5a3f9fa1
with:
flutter-version: ${{ steps.fvm-config-action.outputs.FLUTTER_VERSION }}
channel: ${{ steps.fvm-config-action.outputs.FLUTTER_CHANNEL }}
- name: Install Sharezone CLI
run: |
flutter pub global activate --source path "$CI_CD_DART_SCRIPTS_PACKAGE_PATH"
echo $(pwd)/bin >> $GITHUB_PATH
- name: Build
run: sz build website --flavor dev
- name: Deploy to Firebase Hosting (sharezone-debug)
uses: FirebaseExtended/action-hosting-deploy@120e124148ab7016bec2374e5050f15051255ba2
with:
repoToken: ${{ secrets.GITHUB_TOKEN }}
firebaseServiceAccount: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_SHAREZONE_DEBUG }}
projectId: sharezone-debug
entryPoint: "./website"
# The expiration date shouldn't be too high, because if we open a lot
# of pull requests, we will run out of quota (we get 429 errors).
expires: "3d"
target: "sharezone-website"