Skip to content

Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows #1

Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows

Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows #1

name: "Deploy Preview"
on:
pull_request_target:
branches: [main, v3.0.0]
jobs:
precheck:
name: Precheck
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
outputs:
is-org-member-result: ${{ steps.is-org-member.outputs.is-org-member-result }}
steps:
- name: Check if actor is org member
id: is-org-member
run: echo "is-org-member-result=$(gh api -X GET orgs/PaloAltoNetworks/memberships/${{ github.actor }} | jq -r .message)" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: ${{ secrets.PAT }}
analyze:
if: github.repository_owner == 'PaloAltoNetworks' && needs.precheck.outputs.is-org-member-result == 'null'
name: Analyze
needs: precheck
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
strategy:
fail-fast: true
matrix:
language: ["javascript"]
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
analyze_unsafe:
if: github.repository_owner == 'PaloAltoNetworks' && needs.precheck.outputs.is-org-member-result != 'null'
name: Analyze Unsafe
needs: precheck
runs-on: ubuntu-latest
environment: default
permissions:
contents: read
security-events: write
strategy:
fail-fast: true
matrix:
language: ["javascript"]
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
build:
name: Build
needs: [analyze, analyze_unsafe]
if: |
!failure() && !cancelled() &&
(success('analyze') || success('analyze_unsafe'))
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: "18"
cache: "yarn"
- name: Install dependencies
run: yarn --prefer-offline
- name: Build packages
run: yarn build-packages
- name: Build site
run: yarn build-demo && zip -r build.zip demo/build
- uses: actions/upload-artifact@v3
with:
name: build
path: build.zip
deploy:
name: Deploy
needs: build
if: ${{ !failure() && !cancelled() }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: "18"
cache: "yarn"
- uses: actions/[email protected]
with:
name: build
- name: Unzip build artifact
run: unzip build.zip
- name: Deploy to Firebase
id: deploy_preview
uses: FirebaseExtended/action-hosting-deploy@276388dd6c2cde23455b30293105cc866c22282d # v0.6-alpha
with:
repoToken: "${{ secrets.GITHUB_TOKEN }}"
firebaseServiceAccount: "${{ secrets.FIREBASE_SERVICE_ACCOUNT_PANDEV }}"
projectId: pandev
expires: 30d
channelId: "pr${{ github.event.number }}"
env:
FIREBASE_CLI_PREVIEWS: hostingchannels