Skip to content

feat(trustlab): add SEO support for organisations #50

feat(trustlab): add SEO support for organisations

feat(trustlab): add SEO support for organisations #50

Workflow file for this run

name: PR Build
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths:
- "apps/techlabblog/**"
- "apps/trustlab/**"
- "docker/apps/techlabblog/**"
- "docker/apps/trustlab/**"
- "docker-bake.hcl"
- "package.json"
- "pnpm-lock.yaml"
- "pnpm-workspace.yaml"
- "turbo.json"
- "packages/**"
- "scripts/revalidate.mjs"
- "scripts/pr-build-targets.mjs"
- "scripts/pr-build-targets.test.mjs"
- ".github/workflows/_bake-and-push.yml"
- ".github/workflows/_build-techlabblog.yml"
- ".github/workflows/_build-trustlab.yml"
- ".github/workflows/pr-build.yml"
- ".github/workflows/techlabblog.yml"
- ".github/workflows/trustlab.yml"
permissions:
actions: read
contents: read
concurrency:
group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label }}"
cancel-in-progress: true
jobs:
affected:
name: Detect affected apps
runs-on: ubuntu-24.04
outputs:
targets: ${{ steps.targets.outputs.targets }}
steps:
- name: Check PR trust boundary
id: trust
shell: bash
run: |
trusted=false
if [[ "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]]; then
case "${{ github.event.pull_request.author_association }}" in
OWNER|MEMBER|COLLABORATOR)
trusted=true
;;
esac
fi
echo "trusted=${trusted}" >> "$GITHUB_OUTPUT"
- uses: actions/checkout@v6
if: ${{ steps.trust.outputs.trusted == 'true' }}
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Install pnpm
if: ${{ steps.trust.outputs.trusted == 'true' }}
uses: pnpm/action-setup@v6
with:
run_install: false
- name: Install Node.js
if: ${{ steps.trust.outputs.trusted == 'true' }}
uses: actions/setup-node@v6
with:
node-version-file: "package.json"
cache: "pnpm"
- name: Install dependencies
if: ${{ steps.trust.outputs.trusted == 'true' }}
run: pnpm install --frozen-lockfile --ignore-scripts
- name: Detect app build targets
id: targets
shell: bash
run: |
if [[ "${{ steps.trust.outputs.trusted }}" != "true" ]]; then
echo "App PR builds are skipped for fork or untrusted PRs."
echo "targets=[]" >> "$GITHUB_OUTPUT"
exit 0
fi
node scripts/pr-build-targets.mjs \
--github-output \
--base "${{ github.event.pull_request.base.sha }}" \
--head "${{ github.event.pull_request.head.sha }}"
build-techlabblog:
name: Build techlabblog image
needs: affected
if: ${{ contains(fromJSON(needs.affected.outputs.targets), 'techlabblog') }}
permissions:
actions: read
contents: read
uses: ./.github/workflows/_build-techlabblog.yml
with:
base_tag: ${{ vars.UI_BASE_TAG }}
tag: pr-${{ github.event.pull_request.number }}-${{ github.sha }}
push: false
sentry_environment: ci
secrets:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.TECHLABBLOG_SENTRY_PROJECT }}
build-trustlab:
name: Build trustlab image
needs: affected
if: ${{ contains(fromJSON(needs.affected.outputs.targets), 'trustlab') }}
permissions:
actions: read
contents: read
uses: ./.github/workflows/_build-trustlab.yml
with:
base_tag: ${{ vars.UI_BASE_TAG }}
tag: pr-${{ github.event.pull_request.number }}-${{ github.sha }}
push: false
secrets:
DATABASE_URL: ${{ secrets.TRUSTLAB_MONGO_URL }}
PAYLOAD_SECRET: ${{ secrets.TRUSTLAB_PAYLOAD_SECRET }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.TRUSTLAB_SENTRY_PROJECT }}