Skip to content

Remote networks latest #1954

Remote networks latest

Remote networks latest #1954

Workflow file for this run

name: "Deploy Preview"
on:
pull_request_target:
branches: [ master ]
jobs:
precheck:
name: Precheck
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
outputs:
is-org-member-result: ${{ steps.is-org-member.outputs.is-org-member-result }}
steps:
- name: Check if actor is org member
id: is-org-member
run: |
if [[ "${{ github.actor }}" == "create-pr-on-fork-for-pan-dev[bot]" ]]; then
echo "is-org-member-result=null" >> "$GITHUB_OUTPUT"
else
echo "is-org-member-result=$(gh api -X GET orgs/PaloAltoNetworks/memberships/${{ github.actor }} | jq -r .message)" >> "$GITHUB_OUTPUT"
fi
env:
GH_TOKEN: ${{ secrets.READ_ORG_PAT }}
analyze:
if: github.repository_owner == 'PaloAltoNetworks' && needs.precheck.outputs.is-org-member-result == 'null'
name: Analyze
needs: precheck
runs-on: pan-dev-runner
permissions:
contents: read
security-events: write
strategy:
fail-fast: true
matrix:
language: [ 'javascript' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
analyze_unsafe:
if: github.repository_owner == 'PaloAltoNetworks' && needs.precheck.outputs.is-org-member-result != 'null'
name: Analyze Unsafe
needs: precheck
runs-on: pan-dev-runner
environment: default
permissions:
contents: read
security-events: write
strategy:
fail-fast: true
matrix:
language: [ 'javascript' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
build:
name: Build
needs: [analyze, analyze_unsafe]
if: |
!failure() && !cancelled() &&
(success('analyze') || success('analyze_unsafe'))
runs-on: pan-dev-runner-xl
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'yarn'
- name: Install dependencies
run: yarn --prefer-offline
- name: Include netsec
if: contains(github.event.pull_request.labels.*.name, 'netsec')
run: |
echo "Including 'netsec' in build..."
echo "PRODUCTS_INCLUDE=cdss,threat-vault,dns-security,iot,expedition,cloudngfw,cdl,panos,terraform,ansible" >> $GITHUB_ENV
- name: Include cloud
if: contains(github.event.pull_request.labels.*.name, 'cloud')
run: |
echo "Including 'cloud' in build..."
echo "PRODUCTS_INCLUDE=prisma-cloud,compute" >> $GITHUB_ENV
- name: Include sase
if: contains(github.event.pull_request.labels.*.name, 'sase')
run: |
echo "Including 'sase' in build..."
if [ $PRODUCTS_INCLUDE != '' ]
then
echo "PRODUCTS_INCLUDE=$PRODUCTS_INCLUDE,sase,access,sdwan" >> $GITHUB_ENV
else
echo "PRODUCTS_INCLUDE=sase,access,sdwan" >> $GITHUB_ENV
fi
- name: Include contributing
if: contains(github.event.pull_request.labels.*.name, 'contributing')
run: |
echo "Including 'contributing' in build..."
if [ $PRODUCTS_INCLUDE != '' ]
then
echo "PRODUCTS_INCLUDE=$PRODUCTS_INCLUDE,contributing" >> $GITHUB_ENV
else
echo "PRODUCTS_INCLUDE=contributing" >> $GITHUB_ENV
fi
- name: Build site
run: yarn build-github && zip -r build.zip build
- uses: actions/upload-artifact@v4
with:
name: build
path: build.zip
deploy:
name: Deploy
needs: build
if: ${{ !failure() && !cancelled() }}
runs-on: pan-dev-runner-lg
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'yarn'
- uses: actions/download-artifact@v4
with:
name: build
- name: Unzip build artifact
run: unzip build.zip
- name: Deploy to Firebase
id: deploy_preview
uses: FirebaseExtended/action-hosting-deploy@120e124148ab7016bec2374e5050f15051255ba2 # v0.7.1
with:
repoToken: '${{ secrets.GITHUB_TOKEN }}'
firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_PAN_DEV_F1B58 }}'
projectId: pan-dev-f1b58
expires: 30d
channelId: 'pr${{ github.event.number }}'
env:
FIREBASE_CLI_PREVIEWS: hostingchannels