Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: Add section for forked PR previews #10

Merged
merged 12 commits into from
Mar 5, 2024
Merged

docs: Add section for forked PR previews #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
90e1a9d
spacing
AdrianGonz97 Mar 5, 2024
f98094b
add docs for PR previews
AdrianGonz97 Mar 5, 2024
e92999d
word
AdrianGonz97 Mar 5, 2024
17cc1a2
again
AdrianGonz97 Mar 5, 2024
65a1821
word
AdrianGonz97 Mar 5, 2024
4ad3516
style
AdrianGonz97 Mar 5, 2024
8be9b83
.
AdrianGonz97 Mar 5, 2024
c0eaeea
word
AdrianGonz97 Mar 5, 2024
dc7c0d1
link
AdrianGonz97 Mar 5, 2024
c408c9f
linjk
AdrianGonz97 Mar 5, 2024
6e96556
cleanup
AdrianGonz97 Mar 5, 2024
40b28ea
wording
AdrianGonz97 Mar 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 93 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,99 @@ If you have already connected your repository to the [Cloudflare Pages GitHub in
1. Select **GitHub Apps**, and next to Cloudflare Pages, select **Configure**
1. Under **Repository access**, select **Only select repositories**, and remove your repository.

### Enabling PR Previews from Forks

Enabling PR previews from forks requires the use of the [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) event in the workflow, which has security concerns around exposing secrets that need to be considered before implementing it into your project.

If your site _does not_ use/have any secrets during **the build step** or in your **preview environment on Cloudflare**, then it should be fine to use as-is. We use this method in [Formsnap](https://github.com/svecosystem/formsnap) and its implementation can be found in this [workflow file](https://github.com/svecosystem/formsnap/blob/main/.github/workflows/docs-preview.yml).

<details><summary>Example: Preview Deployment with <b>NO SECRETS</b></summary>
<p>

```yaml
name: Preview Deployment
on:
pull_request_target:

jobs:
deploy-preview:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
deployments: write
name: Deploy Preview to Cloudflare Pages
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}

# Run your install/build steps here

- name: Deploy to Cloudflare Pages
uses: AdrianGonz97/refined-cf-pages-action@v1
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
projectName: YOUR_PROJECT_NAME
directory: YOUR_BUILD_OUTPUT_DIRECTORY
deploymentName: Preview
```

</p>
</details>

If your project _does use secrets_, then the deployment job can be fitted with an `environment` field that requires manual approval before each deployment (like it does in this [Melt UI workflow](https://github.com/melt-ui/melt-ui/blob/develop/.github/workflows/preview.yml)).

Manual approval using [environments](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment) needs to be setup at the repo level, as described in this [Melt UI PR](https://github.com/melt-ui/melt-ui/pull/899) under the _"Make the `Preview` environment protected"_ step.

<details><summary>Example: Preview Deployment <b>WITH SECRETS</b></summary>
<p>

```yaml
name: Preview Deployment
on:
pull_request_target:

jobs:
deploy-preview:
environment: Preview # The name of the environment that requires manual approval before each deployment
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
deployments: write
name: Deploy Preview to Cloudflare Pages
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}

# Run your install/build steps here

- name: Build site
run: pnpm build
env:
SOME_SECRET: 'foo' # Uses some secret during build!

- name: Deploy to Cloudflare Pages
uses: AdrianGonz97/refined-cf-pages-action@v1
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
projectName: YOUR_PROJECT_NAME
directory: YOUR_BUILD_OUTPUT_DIRECTORY
deploymentName: Preview
```

</p>
</details>

### Specifying a branch

The branch name is used by Cloudflare Pages to determine if the deployment is production or preview. Read more about
Expand Down
2 changes: 1 addition & 1 deletion src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ async function main() {
setOutput('id', deployment.id);
setOutput('url', deployment.url);
setOutput('environment', deployment.environment);

setOutput('alias', alias);

await createJobSummary({ deployment, aliasUrl: alias });
}

Expand Down