From 5aa80f8c96d27618b73a5fd2d8cce60140a9a61d Mon Sep 17 00:00:00 2001 From: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com> Date: Sun, 16 Mar 2025 11:06:50 -0600 Subject: [PATCH] chore: update GitHub Actions workflow permissions and artifact retention - Added permissions for reading contents, actions, and writing pull requests. - Set artifact retention period to 1 day for the preview build. --- .github/workflows/build-preview.yml | 7 ++++++- .github/workflows/deploy-preview.yml | 18 +++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-preview.yml b/.github/workflows/build-preview.yml index 89e21774..fdc312a3 100644 --- a/.github/workflows/build-preview.yml +++ b/.github/workflows/build-preview.yml @@ -8,6 +8,10 @@ jobs: build-preview: runs-on: ubuntu-latest name: Build Preview Site and Upload Build Artifact + permissions: + contents: read + actions: read + pull-requests: write steps: - name: Checkout uses: actions/checkout@v4 @@ -34,4 +38,5 @@ jobs: uses: actions/upload-artifact@v4 with: name: preview-build - path: app/dist \ No newline at end of file + path: app/dist + retention-days: 1 \ No newline at end of file diff --git a/.github/workflows/deploy-preview.yml b/.github/workflows/deploy-preview.yml index 436c572e..278a358c 100644 --- a/.github/workflows/deploy-preview.yml +++ b/.github/workflows/deploy-preview.yml @@ -5,6 +5,8 @@ on: workflows: ['Build Preview Deployment'] types: - completed + branches-ignore: + - main permissions: actions: read @@ -15,17 +17,19 @@ permissions: jobs: deploy-preview: runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' }} + if: | + github.event.workflow_run.conclusion == 'success' && + github.event.workflow_run.event == 'pull_request' name: Deploy Preview to Cloudflare Pages steps: - - name: Download build artifact - uses: actions/download-artifact@v4 - id: preview-build-artifact + - name: Download artifact + uses: dawidd6/action-download-artifact@v3 with: + workflow: build-preview.yml name: preview-build path: build - github-token: ${{ secrets.GITHUB_TOKEN }} - run-id: ${{ github.event.workflow_run.id }} + run_id: ${{ github.event.workflow_run.id }} + if_no_artifact_found: error - name: Deploy to Cloudflare Pages uses: AdrianGonz97/refined-cf-pages-action@v1 @@ -35,4 +39,4 @@ jobs: githubToken: ${{ secrets.GITHUB_TOKEN }} projectName: ${{ secrets.CLOUDFLARE_PROJECT_NAME }} deploymentName: Preview - directory: ${{ steps.preview-build-artifact.outputs.download-path }} \ No newline at end of file + directory: build \ No newline at end of file