ci: add vercel preview GitHub worflowk #3938
Draft
+99
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
How to use the Graphite Merge QueueAdd either label to this PR to merge it via the merge queue:
You must have a Graphite account in order to use the merge queue. Sign up using this link. An organization admin has required the Graphite Merge Queue in this repository. Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue. This stack of pull requests is managed by Graphite. Learn more about stacking. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
.github/workflows/vercel-preview.yml
Outdated
Comment on lines
9
to
95
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 18 | ||
|
|
||
| - name: Install Vercel CLI | ||
| run: npm install -g vercel@latest | ||
|
|
||
| - name: Handle PR Events | ||
| env: | ||
| VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }} | ||
| VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }} | ||
| VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }} | ||
| run: | | ||
| PR_NUMBER=${{ github.event.pull_request.number }} | ||
| BRANCH_NAME=${{ github.event.pull_request.head.ref }} | ||
| LABELS=$(echo "${{ toJson(github.event.pull_request.labels) }}" | jq -r '.[].name') | ||
|
|
||
| # Check for 'preview' label | ||
| HAS_PREVIEW_LABEL=false | ||
| for label in $LABELS; do | ||
| if [ "$label" == "preview" ]; then | ||
| HAS_PREVIEW_LABEL=true | ||
| break | ||
| fi | ||
| done | ||
|
|
||
| if [ "${{ github.event.action }}" == "closed" ]; then | ||
| echo "PR closed. Attempting to remove deployment..." | ||
| # List deployments and remove those matching the branch | ||
| DEPLOYMENTS=$(vercel ls --token=$VERCEL_TOKEN --meta gitBranch=$BRANCH_NAME --json | jq -r '.[].url' 2>/dev/null || echo "") | ||
| if [ -n "$DEPLOYMENTS" ]; then | ||
| echo "$DEPLOYMENTS" | while read -r deployment; do | ||
| if [ -n "$deployment" ]; then | ||
| echo "Removing deployment: $deployment" | ||
| vercel remove $deployment --yes --token=$VERCEL_TOKEN || echo "Failed to remove $deployment" | ||
| fi | ||
| done | ||
| else | ||
| echo "No deployments found for branch: $BRANCH_NAME" | ||
| fi | ||
| elif [ "$HAS_PREVIEW_LABEL" == "true" ]; then | ||
| echo "Preview label found. Deploying preview..." | ||
|
|
||
| # Pull Vercel configuration | ||
| vercel pull --yes --environment=preview --token=$VERCEL_TOKEN | ||
|
|
||
| # Build the project | ||
| echo "Building project..." | ||
| vercel build --token=$VERCEL_TOKEN | ||
|
|
||
| # Deploy the built project | ||
| echo "Deploying to Vercel..." | ||
| DEPLOYMENT_URL=$(vercel deploy --prebuilt --token=$VERCEL_TOKEN) | ||
|
|
||
| if [ $? -eq 0 ] && [ -n "$DEPLOYMENT_URL" ]; then | ||
| echo "✅ Deployment successful!" | ||
| echo "🔗 Preview URL: $DEPLOYMENT_URL" | ||
|
|
||
| # Add deployment URL as a comment to PR | ||
| echo "DEPLOYMENT_URL=$DEPLOYMENT_URL" >> $GITHUB_ENV | ||
| else | ||
| echo "❌ Deployment failed" | ||
| exit 1 | ||
| fi | ||
| else | ||
| echo "No 'preview' label. Skipping deployment." | ||
| fi | ||
|
|
||
| - name: Comment PR with deployment URL | ||
| if: env.DEPLOYMENT_URL | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| github.rest.issues.createComment({ | ||
| issue_number: context.issue.number, | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| body: `🚀 **Preview deployment ready!**\n\n📎 **Preview URL:** ${process.env.DEPLOYMENT_URL}\n\n*This preview will be automatically updated when you push new commits to this PR.*` | ||
| }) |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 days ago
To fix the issue, we will add a permissions block at the root of the workflow file. This block will define the minimal permissions required for the workflow to function correctly. Based on the workflow's operations, it needs contents: read to access repository contents and pull-requests: write to comment on pull requests. These permissions will be explicitly set to ensure the workflow adheres to the principle of least privilege.
Suggested changeset
1
.github/workflows/vercel-preview.yml
| @@ -2,2 +2,6 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
|
|
||
| on: |
Copilot is powered by AI and may make mistakes. Always verify output.
yomybaby
force-pushed
the
ci/vercel-preview
branch
from
25054da to
f4e4091
Compare
yomybaby
force-pushed
the
ci/vercel-preview
branch
from
f4e4091 to
caa062c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
resolves #NNN (FR-MMM)
Checklist: (if applicable)