195 lines
6.2 KiB
YAML
195 lines
6.2 KiB
YAML
# This workflow file tests PRs made from forks. Disable this if it is considered too much of a security risk (although many efforts have been taken to reduce risk)
|
|
# If workflow enabled, make sure to set the environment used to need a specific team (admin-devs), and default GITHUB_TOKEN perms to read!
|
|
# See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ for more information!
|
|
|
|
name: "[NOT CALLABLE] Fork PR Build Pack"
|
|
|
|
on:
|
|
pull_request_target:
|
|
paths-ignore:
|
|
- "README.md"
|
|
|
|
# if a second commit is pushed quickly after the first, cancel the first one's build
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
makeNames:
|
|
# Only continue if we are in base Nomi-CEu Repo and pull request is from fork
|
|
if: "${{ github.repository_owner == 'Nomi-CEu' && github.event.pull_request.head.repo.owner.login != 'Nomi-CEu' }}"
|
|
name: Make Fork PR Artifact Names (${{ github.event.pull_request.head.sha }})
|
|
runs-on: ubuntu-latest
|
|
environment: fork-pr-build-pack
|
|
env:
|
|
GITHUB_HEAD_REF: ${{ github.head_ref }}
|
|
TRUE_SHA: ${{ github.event.pull_request.head.sha }}
|
|
outputs:
|
|
client: ${{ steps.artifactNames.outputs.client }}
|
|
server: ${{ steps.artifactNames.outputs.server }}
|
|
lang: ${{ steps.artifactNames.outputs.lang }}
|
|
mmc: ${{ steps.artifactNames.outputs.mmc }}
|
|
steps:
|
|
- name: Checkout Ref
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
# Don't use cache to prevent cache poisoning
|
|
|
|
- name: Setup NodeJS v16
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: "16"
|
|
check-latest: true
|
|
|
|
- name: Setup NPM Packages
|
|
working-directory: ./tools
|
|
run: npm ci
|
|
|
|
- name: Make Artifact Names
|
|
id: artifactNames
|
|
working-directory: ./tools
|
|
run: npx gulp makeArtifactNames
|
|
|
|
buildClient:
|
|
# Only continue if we are in base Nomi-CEu Repo and pull request is from fork
|
|
if: "${{ github.repository_owner == 'Nomi-CEu' && github.event.pull_request.head.repo.owner.login != 'Nomi-CEu' }}"
|
|
name: Build Fork PR Client (${{ github.event.pull_request.head.sha }})
|
|
runs-on: ubuntu-latest
|
|
environment: fork-pr-build-pack
|
|
needs: makeNames
|
|
env:
|
|
GITHUB_HEAD_REF: ${{ github.head_ref }}
|
|
TRUE_SHA: ${{ github.event.pull_request.head.sha }}
|
|
steps:
|
|
- name: Checkout Ref
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
# Don't use cache to prevent cache poisoning
|
|
|
|
- name: Setup NodeJS v16
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: "16"
|
|
check-latest: true
|
|
|
|
- name: Setup NPM Packages
|
|
working-directory: ./tools
|
|
run: npm ci
|
|
|
|
- name: Build Client
|
|
working-directory: ./tools
|
|
run: npx gulp buildClient
|
|
env:
|
|
CFCORE_API_TOKEN: ${{ secrets.CFCORE_API_TOKEN }}
|
|
|
|
- name: Upload Client Zip
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ needs.makeNames.outputs.client }}
|
|
path: ./build/client/**/*
|
|
if-no-files-found: error
|
|
|
|
buildServer:
|
|
# Only continue if we are in base Nomi-CEu Repo and pull request is from fork
|
|
if: "${{ github.repository_owner == 'Nomi-CEu' && github.event.pull_request.head.repo.owner.login != 'Nomi-CEu' }}"
|
|
name: Build Fork PR Server (${{ github.event.pull_request.head.sha }})
|
|
runs-on: ubuntu-latest
|
|
environment: fork-pr-build-pack
|
|
needs: makeNames
|
|
env:
|
|
GITHUB_HEAD_REF: ${{ github.head_ref }}
|
|
TRUE_SHA: ${{ github.event.pull_request.head.sha }}
|
|
steps:
|
|
- name: Checkout Ref
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
# Don't use cache to prevent cache poisoning
|
|
|
|
- name: Setup NodeJS v16
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: "16"
|
|
check-latest: true
|
|
|
|
- name: Setup NPM Packages
|
|
working-directory: ./tools
|
|
run: npm ci
|
|
|
|
- name: Build Server
|
|
working-directory: ./tools
|
|
run: npx gulp buildServer
|
|
env:
|
|
CFCORE_API_TOKEN: ${{ secrets.CFCORE_API_TOKEN }}
|
|
|
|
- name: Upload Server Zip
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ needs.makeNames.outputs.server }}
|
|
path: ./build/server/**/*
|
|
if-no-files-found: error
|
|
|
|
buildLang:
|
|
# Only continue if we are in base Nomi-CEu Repo and pull request is from fork
|
|
if: "${{ github.repository_owner == 'Nomi-CEu' && github.event.pull_request.head.repo.owner.login != 'Nomi-CEu' }}"
|
|
name: Build Fork PR Lang and Changelogs (${{ github.event.pull_request.head.sha }})
|
|
runs-on: ubuntu-latest
|
|
environment: fork-pr-build-pack
|
|
needs: makeNames
|
|
env:
|
|
GITHUB_HEAD_REF: ${{ github.head_ref }}
|
|
TRUE_SHA: ${{ github.event.pull_request.head.sha }}
|
|
steps:
|
|
- name: Checkout Ref
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
# Don't use cache to prevent cache poisoning
|
|
|
|
- name: Setup NodeJS v16
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: "16"
|
|
check-latest: true
|
|
|
|
- name: Setup NPM Packages
|
|
working-directory: ./tools
|
|
run: npm ci
|
|
|
|
- name: Build Lang and Changelogs
|
|
working-directory: ./tools
|
|
run: npx gulp buildLang
|
|
env:
|
|
CFCORE_API_TOKEN: ${{ secrets.CFCORE_API_TOKEN }}
|
|
|
|
- name: Upload Lang Zip
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ needs.makeNames.outputs.lang }}
|
|
path: ./build/lang/**/*
|
|
if-no-files-found: error
|
|
|
|
- name: Upload Changelogs
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: Changelogs
|
|
path: ./build/*.md
|
|
if-no-files-found: error
|