ci: add workflow for deploying temporary PR environments

MickaelCa · MickaelCa · commit adf3f0e67c7f · 2025-07-16T23:14:09.000+02:00
diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
@@ -0,0 +1,74 @@
+name: Deploy PR Temp Environment
+
+on:
+  pull_request:
+    types: [labeled]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  deploy-pr-env:
+    if: ${{ github.event.label.name == 'deploy-pr-temp-env' }}
+    runs-on: ubuntu-latest
+    env:
+      APP_NAME: gitingest
+
+    steps:
+      - name: Create GitHub App token
+        uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ secrets.CR_APP_CI_APP_ID }}
+          private-key: ${{ secrets.CR_APP_CI_PRIVATE_KEY }}
+          repositories: ${{ secrets.CR_FLUX_REPO }}
+
+      - name: Checkout Flux repo
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ secrets.CR_FLUX_REPO }}
+          token: ${{ steps.app-token.outputs.token }}
+          path: flux-repo
+          persist-credentials: false
+
+      - name: Export PR ID
+        run: echo "PR_ID=${{ github.event.pull_request.number }}" >> $GITHUB_ENV
+
+      - name: Ensure template exists
+        run: |
+          T="flux-repo/pr-template/${APP_NAME}"
+          [[ -d "$T" ]] || { echo "Missing $T"; exit 1; }
+          [[ $(find "$T" -type f | wc -l) -gt 0 ]] || { echo "No files in $T"; exit 1; }
+        shell: bash
+
+      - name: Render & copy template
+        run: |
+          SRC="flux-repo/pr-template/${APP_NAME}"
+          DST="flux-repo/deployments/prs-gitingest/${PR_ID}"
+          mkdir -p "$DST"
+          cp -r "$SRC/." "$DST/"
+          # replace @PR-ID@ → actual PR_ID
+          find "$DST" -type f -print0 \
+            | xargs -0 -n1 sed -i "s|@PR-ID@|${PR_ID}|g"
+        shell: bash
+
+      - name: Sanity‑check rendered output
+        run: |
+          E=$(find "flux-repo/pr-template/${APP_NAME}" -type f | wc -l)
+          G=$(find "flux-repo/deployments/prs-gitingest/${PR_ID}" -type f | wc -l)
+          (( G == E )) || { echo "Expected $E files, got $G"; exit 1; }
+        shell: bash
+
+      - name: Commit & push to Flux repo
+        run: |
+          cd flux-repo
+          git config user.name "${{ steps.app-token.outputs.app-slug }}[bot]"
+          git config user.email "${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com"
+          git add .
+          git commit -m "chore(prs-gitingest): create temp env for PR #${{ env.PR_ID }} [skip ci]" || echo "Nothing to commit"
+          # embed token into remote URL for push:
+          git remote set-url origin \
+            https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/${{ secrets.CR_FLUX_REPO }}.git
+          git push origin HEAD:main
+        shell: bash
diff --git a/.github/workflows/docker_image.yml b/.github/workflows/docker_image.yml
@@ -1,4 +1,5 @@
 name: Build & Push Container
+
 on:
   push:
     branches:
@@ -16,8 +17,14 @@ concurrency:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
-  # Set to 'true' to allow pushing container from pull requests with the label 'push-container'
-  PUSH_FROM_PR: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'push-container') }}
+  # Now allow pushing from PRs when either 'push-container' OR 'deploy-pr-temp-env' is present:
+  PUSH_FROM_PR: >-
+    ${{ github.event_name == 'pull_request' &&
+       (
+         contains(github.event.pull_request.labels.*.name, 'push-container') ||
+         contains(github.event.pull_request.labels.*.name, 'deploy-pr-temp-env')
+       )
+    }}
 
 jobs:
   docker-build:
