docs PR comments

[briantist]

SUMMARY

So, this change enabled the docs build workflow to:

• publish the docsite to a surge.sh site !!!!
• post (and subsequently edit) a comment on the PR that links to the job run (where the artifact can be downloaded), as well a link to the surge site

On push (only to main) the surge site for main will be updated. On a PR, the site name is dynamically generated with the PR number.

A pull_request event that comes from a fork (most of them, including the ones from me), doesn't have access to GitHub secrets (for the surge token), and doesn't have write access (can't post comments).

So the idea is to use pull_request_target which runs in the context of the base branch, and has all the permissions. One issue with this is that the default checkout won't have the changes from the PR. This is intentional, to avoid running untrusted code that will have access to secrets and a gitub token with write access. We do an intentional checkout of the PR's head, and copy only the docsite into the main checkout.

The second issue is that when I try to use pull_request_target, it's not running at all. I suspect this is because it doesn't yet exist in main. So I'm going to merge this, then open a new docs PR to see if it triggers....

ISSUE TYPE

• Docs Pull Request

COMPONENT NAME

ADDITIONAL INFORMATION

[github-actions[bot]]

Docs Build 📝

Thank you for contribution!✨

The docs for this PR have been published here: https://community-hashi-vault-pr120.surge.sh

The docsite is available for download as an artifact on this run: https://github.com/ansible-collections/community.hashi_vault/actions/runs/1091914449