feat: add stage/pubtype restrictions to pub read api #2407
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Based on https://docs.github.com/en/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service | |
| name: PR Updated triggers | |
| on: | |
| pull_request: | |
| types: [labeled, unlabeled, synchronize, closed, reopened] | |
| env: | |
| AWS_REGION: us-east-1 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| ci: | |
| uses: ./.github/workflows/ci.yml | |
| build-all: | |
| uses: ./.github/workflows/ecrbuild-all.yml | |
| secrets: | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| e2e: | |
| needs: | |
| - build-all | |
| # could theoretically be skipped, but in practice is always faster | |
| # than waiting for the build-all job to finish anyway | |
| - ci | |
| uses: ./.github/workflows/e2e.yml | |
| secrets: | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| deploy-preview: | |
| permissions: write-all | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| needs: | |
| - build-all | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Copy .env file | |
| run: cp ./self-host/.env.example ./self-host/.env | |
| - name: Configure pullpreview | |
| env: | |
| PLATFORM_IMAGE: ${{ needs.build-all.outputs.core-image }} | |
| JOBS_IMAGE: ${{ needs.build-all.outputs.jobs-image }} | |
| MIGRATIONS_IMAGE: ${{ needs.build-all.outputs.base-image }} | |
| run: | | |
| sed -i "s|image: PLATFORM_IMAGE|image: $PLATFORM_IMAGE|" docker-compose.preview.yml | |
| sed -i "s|image: JOBS_IMAGE|image: $JOBS_IMAGE|" docker-compose.preview.yml | |
| sed -i "s|image: MIGRATIONS_IMAGE|image: $MIGRATIONS_IMAGE|" docker-compose.preview.yml | |
| sed -i "s|email [email protected]|email [email protected]|" self-host/caddy/Caddyfile | |
| sed -i "s|example.com|{\$PUBLIC_URL}|" self-host/caddy/Caddyfile | |
| - name: Get ECR token | |
| id: ecrtoken | |
| run: echo "value=$(aws ecr get-login-password --region us-east-1)" >> $GITHUB_OUTPUT | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: "us-east-1" | |
| - uses: pullpreview/action@v5 | |
| with: | |
| label: preview | |
| admins: 3mcd | |
| compose_files: ./self-host/docker-compose.yml,docker-compose.preview.yml | |
| default_port: 443 | |
| instance_type: small | |
| ports: 80,443,9001 | |
| registries: docker://AWS:${{steps.ecrtoken.outputs.value}}@246372085946.dkr.ecr.us-east-1.amazonaws.com | |
| github_token: ${{ secrets.GH_PAT_PR_PREVIEW_CLEANUP }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| PULLPREVIEW_LOGGER_LEVEL: DEBUG |