diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 16ebaaec..1a190001 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -11,14 +11,37 @@ on: - dev paths: - 'apps/www/**' + # Triggers the workflow on pull request event, but only for pull request opened or pull request labeled with "🚀request-deploy" (from forked repo) + # pull_request is not allowed to use secrets, so we use pull_request_target instead (in forked repos) + pull_request_target: + types: + # When a created pull request from forked repo, it will be comment 'Should deploy to add label' + - opened + # When a labeled '🚀request-deploy' pull request from forked repo, it will be deploy to Cloudflare Pages + - labeled + +permissions: + # default contents: read & write (in forked repos, only read) + contents: write + # default deployments: read & write (in forked repos, only read) + deployments: write + # default pull-requests: read & write (in forked repos, only read) + pull-requests: write jobs: publish: runs-on: ubuntu-latest - permissions: - contents: read - deployments: write name: Publish to Cloudflare Pages + if: ${{ + github.event_name == 'push' || + github.event_name == 'workflow_dispatch' || + github.event_name == 'pull_request' || + (github.event_name == 'pull_request_target' && + github.event.action == 'labeled' && + github.event.pull_request.head.repo.fork == true && + contains(github.event.label.name, '🚀request-deploy')) + }} + steps: - name: Checkout uses: actions/checkout@v3 @@ -70,3 +93,16 @@ jobs: # Optional: Change the working directory workingDirectory: apps/www wranglerVersion: '3' + + - name: Remove label + if: ${{ github.event_name == 'pull_request_target' && contains(github.event.label.name, '🚀request-deploy') }} + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + github.rest.issues.removeLabel({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + name: ['🚀request-deploy'] + })