Closed briantist closed 3 years ago
Thank you for contribution!✨
The docs for this PR have been published here: https://community-hashi-vault-pr120.surge.sh
The docsite is available for download as an artifact on this run: https://github.com/ansible-collections/community.hashi_vault/actions/runs/1091914449
SUMMARY
So, this change enabled the docs build workflow to:
On
push
(only tomain
) the surge site for main will be updated. On a PR, the site name is dynamically generated with the PR number.A
pull_request
event that comes from a fork (most of them, including the ones from me), doesn't have access to GitHub secrets (for the surge token), and doesn't have write access (can't post comments).So the idea is to use
pull_request_target
which runs in the context of the base branch, and has all the permissions. One issue with this is that the default checkout won't have the changes from the PR. This is intentional, to avoid running untrusted code that will have access to secrets and a gitub token with write access. We do an intentional checkout of the PR's head, and copy only the docsite into the main checkout.The second issue is that when I try to use
pull_request_target
, it's not running at all. I suspect this is because it doesn't yet exist in main. So I'm going to merge this, then open a new docs PR to see if it triggers....ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION