Skip to content

Only run preview-build for elastic org members #1473

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 12 commits into
base: main
Choose a base branch
from
+72 −25
Draft

Only run preview-build for elastic org members #1473

Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
65a58f6
Only run preview-build for elastic org members
reakaleek Jun 30, 2025
680d441
Fix syntax
reakaleek Jun 30, 2025
19445ea
fix
reakaleek Jun 30, 2025
8b8e03d
Update .github/workflows/preview-build.yml
reakaleek Jun 30, 2025
587cd34
Invert condition for testing purposes
reakaleek Jun 30, 2025
f465ef6
Revert "Invert condition for testing purposes"
reakaleek Jun 30, 2025
4b5aa39
Add name to the step
reakaleek Jun 30, 2025
9802b71
Move check-files logic into check job
reakaleek Jun 30, 2025
d8383c1
Add more granular permissions
reakaleek Jun 30, 2025
138b3b9
Only check auth_association if any docs file was modified
reakaleek Jun 30, 2025
2d89878
Cleanup
reakaleek Jun 30, 2025
33ef9f6
Cleanup
reakaleek Jun 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 72 additions & 25 deletions .github/workflows/preview-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,68 @@ permissions:
contents: read
pull-requests: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.head.ref || github.ref }}
cancel-in-progress: ${{ startsWith(github.event_name, 'pull_request') }}

jobs:
check:
if: github.event.repository.fork == false # Skip running the job on the fork itself (It still runs on PRs on the upstream from forks)
runs-on: ubuntu-latest
outputs:
any_modified: ${{ steps.check-files.outputs.any_modified }}
env:
AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
permissions:
id-token: none
deployments: none
contents: read
pull-requests: read
steps:
- name: Checkout
if: contains(fromJSON('["push", "merge_group", "workflow_dispatch"]'), github.event_name)
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Get changed files
if: contains(fromJSON('["merge_group", "pull_request", "pull_request_target"]'), github.event_name)
id: check-files
uses: tj-actions/changed-files@2f7c5bfce28377bc069a65ba478de0a74aa0ca32 # v46.0.1
with:
files: ${{ inputs.path-pattern != '' && inputs.path-pattern || '**' }}
- name: Check PR author association
if: steps.check-files.outputs.any_modified == 'true'
env:
ANY_MODIFIED: $ {{ steps.check-files.outputs.any_modified }}
# language=bash
run: |
case "${GITHUB_EVENT_NAME}" in
"pull_request" | "pull_request_target")
if [[ "${AUTHOR_ASSOCIATION}" == "MEMBER" ]]; then
exit 0;
else
echo "::error::You must be a member of the elastic organization to trigger a preview build. Please ask a member of the elastic organization to review your PR and re-trigger the build.";
exit 1;
fi
;;
"push" | "workflow_dispatch" | "merge_group")
exit 0;
;;
*)
echo "Unsupported event: '${GITHUB_EVENT_NAME}'";
exit 1;
;;
esac

match:
if: github.event.repository.fork == false # Skip running the job on the fork itself (It still runs on PRs on the upstream from forks)
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.head.ref || github.ref }}
cancel-in-progress: ${{ startsWith(github.event_name, 'pull_request') }}
needs: check
runs-on: ubuntu-latest
permissions:
id-token: none
deployments: none
contents: read
pull-requests: read
outputs:
content-source-match: ${{ steps.event-check.outputs.content-source-match != '' && steps.event-check.outputs.content-source-match || steps.match.outputs.content-source-match }}
content-source-next: ${{ steps.event-check.outputs.content-source-next != '' && steps.event-check.outputs.content-source-next || steps.match.outputs.content-source-next }}
Expand Down Expand Up @@ -91,31 +146,22 @@ jobs:

build:
if: github.event.repository.fork == false # Skip running the job on the fork itself (It still runs on PRs on the upstream from forks)
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.head.ref || github.ref }}
cancel-in-progress: ${{ startsWith(github.event_name, 'pull_request') }}
runs-on: ubuntu-latest
permissions:
id-token: write
deployments: write
contents: read
pull-requests: read
env:
GITHUB_PR_REF_NAME: ${{ github.event.pull_request.head.ref }}
MATCH: ${{ needs.match.outputs.content-source-match }}
needs: [ match ]
needs:
- check
- match
steps:

- name: Checkout
if: env.MATCH == 'true' && (contains(fromJSON('["push", "merge_group", "workflow_dispatch"]'), github.event_name))
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}

- name: Get changed files
if: env.MATCH == 'true' && (contains(fromJSON('["merge_group", "pull_request", "pull_request_target"]'), github.event_name))
id: check-files
uses: tj-actions/changed-files@2f7c5bfce28377bc069a65ba478de0a74aa0ca32 # v46.0.1
with:
files: ${{ inputs.path-pattern != '' && inputs.path-pattern || '**' }}

- name: Checkout
if: env.MATCH == 'true' && (startsWith(github.event_name, 'pull_request') && steps.check-files.outputs.any_modified == 'true')
if: env.MATCH == 'true' && (startsWith(github.event_name, 'pull_request') && needs.check.outputs.any_modified == 'true')
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
Expand All @@ -125,7 +171,7 @@ jobs:
if: |
env.MATCH == 'true' &&
(contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name)
|| (steps.check-files.outputs.any_modified == 'true' && startsWith(github.event_name, 'pull_request'))
|| (needs.check.outputs.any_modified == 'true' && startsWith(github.event_name, 'pull_request'))
)
uses: actions/github-script@v7
id: deployment
Expand All @@ -134,6 +180,7 @@ jobs:
REF: ${{ startsWith(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.ref_name }}
with:
result-encoding: string
# language=javascript
script: |
const { owner, repo } = context.repo;
const prNumber = process.env.PR_NUMBER;
Expand Down Expand Up @@ -192,7 +239,7 @@ jobs:
if: |
env.MATCH == 'true' &&
(github.repository != 'elastic/docs-builder' &&
(steps.deployment.outputs.result || (steps.check-files.outputs.any_modified == 'true' && github.event_name == 'merge_group'))
(steps.deployment.outputs.result || (needs.check.outputs.any_modified == 'true' && github.event_name == 'merge_group'))
)
uses: elastic/docs-builder@main
id: docs-build
Expand All @@ -206,15 +253,15 @@ jobs:
if: |
env.MATCH == 'true' &&
(!cancelled() && steps.docs-build.outputs.skip != 'true'
&& (steps.deployment.outputs.result || (steps.check-files.outputs.any_modified == 'true' && github.event_name == 'merge_group'))
&& (steps.deployment.outputs.result || (needs.check.outputs.any_modified == 'true' && github.event_name == 'merge_group'))
)
uses: elastic/docs-builder/actions/validate-inbound-local@main

- name: 'Validate local path prefixes against those claimed by global navigation.yml'
if: |
env.MATCH == 'true' &&
(!cancelled() && steps.docs-build.outputs.skip != 'true' &&
(steps.deployment.outputs.result || (steps.check-files.outputs.any_modified == 'true' && github.event_name == 'merge_group'))
(steps.deployment.outputs.result || (needs.check.outputs.any_modified == 'true' && github.event_name == 'merge_group'))
)
uses: elastic/docs-builder/actions/validate-path-prefixes-local@main

Expand Down
Loading