8388e12cc6
[EXPAND] messageTitle = "Fix Lang Zips & Cleanup `pack.mcmeta`" messageBody = "[INTERNAL]" [EXPAND]
184 lines
5.6 KiB
YAML
184 lines
5.6 KiB
YAML
# This workflow file tests PRs made from forks. Disable this if it is considered too much of a security risk (although many efforts have been taken to reduce risk)
|
|
# If workflow enabled, make sure to set the environment used to need a specific team (admin-devs), and default GITHUB_TOKEN perms to read!
|
|
# See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ for more information!
|
|
|
|
# Actions taken to reduce risk:
|
|
# This workflow is only started if a PR has the 'fork-build' label, and when the deployment to `forkprbuildpack` is approved (by admin-devs)
|
|
# Only the CFCORE_API_TOKEN secret is accessed, meaning it is the only one revealed, meaning that the other secrets cannot be used by nodejs tools
|
|
# GITHUB_TOKEN permissions are set to read
|
|
|
|
name: "[NOT CALLABLE] Fork PR Build Pack"
|
|
|
|
on:
|
|
pull_request_target:
|
|
types:
|
|
- synchronize
|
|
- labeled
|
|
paths-ignore:
|
|
- "README.md"
|
|
|
|
# if a second commit is pushed quickly after the first, cancel the first one's build
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
env:
|
|
HEAD_REF: ${{ github.head_ref }}
|
|
HEAD_REPO: ${{ github.event.pull_request.head.repo.owner.login }}
|
|
TRUE_SHA: ${{ github.event.pull_request.head.sha }}
|
|
SKIP_CHANGELOG: true
|
|
|
|
jobs:
|
|
setup:
|
|
# Only continue if we are in base Nomi-CEu Repo, pull request is from fork and pr has fork-build label
|
|
if: "${{ github.repository_owner == 'Nomi-CEu' && github.event.pull_request.head.repo.owner.login != 'Nomi-CEu' && contains(github.event.pull_request.labels.*.name, 'fork-build') }}"
|
|
name: Setup (${{ github.event.pull_request.head.sha }})
|
|
runs-on: ubuntu-latest
|
|
environment: fork-pr-build-pack
|
|
outputs:
|
|
client: ${{ steps.artifactNames.outputs.client }}
|
|
server: ${{ steps.artifactNames.outputs.server }}
|
|
lang: ${{ steps.artifactNames.outputs.lang }}
|
|
mmc: ${{ steps.artifactNames.outputs.mmc }}
|
|
steps:
|
|
- name: Checkout Ref
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
# Don't use cache to prevent cache poisoning
|
|
|
|
- name: Setup NodeJS v20
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
check-latest: true
|
|
|
|
- name: Setup NPM Packages
|
|
working-directory: ./tools
|
|
run: npm ci
|
|
|
|
- name: Make Artifact Names
|
|
id: artifactNames
|
|
working-directory: ./tools
|
|
run: npm run gulp makeArtifactNames
|
|
|
|
buildClient:
|
|
name: Build Fork PR Client (${{ github.event.pull_request.head.sha }})
|
|
runs-on: ubuntu-latest
|
|
needs: setup
|
|
steps:
|
|
- name: Checkout Ref
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
# Don't use cache to prevent cache poisoning
|
|
|
|
- name: Setup NodeJS v20
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
check-latest: true
|
|
|
|
- name: Setup NPM Packages
|
|
working-directory: ./tools
|
|
run: npm ci
|
|
|
|
- name: Build Client
|
|
working-directory: ./tools
|
|
run: npm run gulp buildClient
|
|
env:
|
|
CFCORE_API_TOKEN: ${{ secrets.CFCORE_API_TOKEN }}
|
|
|
|
- name: Upload Client Zip
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ needs.setup.outputs.client }}
|
|
path: ./build/client/**/*
|
|
if-no-files-found: error
|
|
compression-level: 9
|
|
|
|
buildServer:
|
|
name: Build Fork PR Server (${{ github.event.pull_request.head.sha }})
|
|
runs-on: ubuntu-latest
|
|
needs: setup
|
|
steps:
|
|
- name: Checkout Ref
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
# Don't use cache to prevent cache poisoning
|
|
|
|
- name: Setup NodeJS v20
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
check-latest: true
|
|
|
|
- name: Setup NPM Packages
|
|
working-directory: ./tools
|
|
run: npm ci
|
|
|
|
- name: Build Server
|
|
working-directory: ./tools
|
|
run: npm run gulp buildServer
|
|
env:
|
|
CFCORE_API_TOKEN: ${{ secrets.CFCORE_API_TOKEN }}
|
|
|
|
- name: Upload Server Zip
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ needs.setup.outputs.server }}
|
|
path: ./build/server/**/*
|
|
if-no-files-found: error
|
|
compression-level: 9
|
|
|
|
buildLang:
|
|
name: Build Fork PR Lang (${{ github.event.pull_request.head.sha }})
|
|
runs-on: ubuntu-latest
|
|
needs: setup
|
|
steps:
|
|
- name: Checkout Ref
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
# Don't use cache to prevent cache poisoning
|
|
|
|
- name: Setup NodeJS v20
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
check-latest: true
|
|
|
|
- name: Setup NPM Packages
|
|
working-directory: ./tools
|
|
run: npm ci
|
|
|
|
- name: Build Lang
|
|
working-directory: ./tools
|
|
run: npm run gulp buildLang
|
|
env:
|
|
CFCORE_API_TOKEN: ${{ secrets.CFCORE_API_TOKEN }}
|
|
|
|
- name: Upload Lang Zip
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ needs.setup.outputs.lang }}
|
|
path: ./build/lang/**/*
|
|
if-no-files-found: error
|
|
compression-level: 9
|