chore: github action for manual deploy preview build on comment #21041
Conversation
|
Hi @gmanandhar-nr 👋 Thanks for your pull request! Your PR is in a queue, and a writer will take a look soon. We generally publish small edits within one business day, and larger edits within three days. We will automatically generate a preview of your request, and will comment with a link when the preview is ready (usually 10 to 20 minutes). |
⏳ Netlify Preview Deployment InformationThis comment will auto update when your preview build is ready |
✅ Deploy Preview for docs-website-netlify canceled.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| if: github.event.issue.pull_request && contains(github.event.comment.body, 'netlify build') | ||
| steps: | ||
| - name: Check for member permission | ||
| id: check_permission | ||
| uses: actions/github-script@v6 | ||
| with: | ||
| script: | | ||
| const commenter = context.payload.comment.user.login; | ||
| const org = context.repo.owner; | ||
| const team_slug = 'DOCS-ENG'; // ** CHANGE THIS TO YOUR TEAM'S SLUG ** | ||
| try { | ||
| const { data: teams } = await github.rest.teams.listForAuthenticatedUser({ | ||
| org: org, | ||
| }); | ||
| const isMember = teams.some(team => team.slug === team_slug); | ||
| if (!isMember) { | ||
| core.setFailed('User is not a member of the required team.'); | ||
| return; | ||
| } | ||
| const { data: userTeams } = await github.rest.teams.listMembersInOrg({ | ||
| org, | ||
| team_slug, | ||
| }); | ||
| const isTeamMember = userTeams.some(member => member.login === commenter); | ||
| if (!isTeamMember) { | ||
| core.setFailed('User is not a member of the required team.'); | ||
| } | ||
| } catch (error) { | ||
| core.setFailed(`Could not verify team membership: ${error.message}`); | ||
| } | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Trigger Netlify Deploy | ||
| if: steps.check_permission.outcome == 'success' | ||
| run: | | ||
| curl -X POST -d '{}' "${{ secrets.NEW_NETLIFY_BUILD_HOOK }}"?trigger_branch=${{ github.event.issue.pull_request.head.ref }}&trigger_title=Deploy+preview+for+PR+%23${{ github.event.issue.number }}+by+${{ github.actor }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 days ago
To fix the issue, we need to add a permissions block to the workflow. This block should specify the least privileges required for the workflow to function correctly. Based on the workflow's functionality:
contents: readis required to read repository contents.issues: readis required to access issue comments.pull-requests: readis required to access pull request details.
The permissions block can be added at the root level of the workflow to apply to all jobs, or specifically to the deploy job. In this case, adding it at the root level is more concise and ensures consistent permissions across all jobs.
| @@ -6,2 +6,7 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
| issues: read | ||
| pull-requests: read | ||
|
|
||
| jobs: |
|
netlify build |
|
netlify build |
2 similar comments
|
netlify build |
|
netlify build |
|
netlify build |
1 similar comment
|
netlify build |
This reverts commit 451f90a.
|
netlify build |
WriteMayur
added
the
eng
Please follow conventional commit standards
in your commit messages and pull request title.
Give us some context
links to related docs, screenshots, etc.