feat(trustlab): add SEO support for organisations #50
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Build | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| paths: | |
| - "apps/techlabblog/**" | |
| - "apps/trustlab/**" | |
| - "docker/apps/techlabblog/**" | |
| - "docker/apps/trustlab/**" | |
| - "docker-bake.hcl" | |
| - "package.json" | |
| - "pnpm-lock.yaml" | |
| - "pnpm-workspace.yaml" | |
| - "turbo.json" | |
| - "packages/**" | |
| - "scripts/revalidate.mjs" | |
| - "scripts/pr-build-targets.mjs" | |
| - "scripts/pr-build-targets.test.mjs" | |
| - ".github/workflows/_bake-and-push.yml" | |
| - ".github/workflows/_build-techlabblog.yml" | |
| - ".github/workflows/_build-trustlab.yml" | |
| - ".github/workflows/pr-build.yml" | |
| - ".github/workflows/techlabblog.yml" | |
| - ".github/workflows/trustlab.yml" | |
| permissions: | |
| actions: read | |
| contents: read | |
| concurrency: | |
| group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label }}" | |
| cancel-in-progress: true | |
| jobs: | |
| affected: | |
| name: Detect affected apps | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| targets: ${{ steps.targets.outputs.targets }} | |
| steps: | |
| - name: Check PR trust boundary | |
| id: trust | |
| shell: bash | |
| run: | | |
| trusted=false | |
| if [[ "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]]; then | |
| case "${{ github.event.pull_request.author_association }}" in | |
| OWNER|MEMBER|COLLABORATOR) | |
| trusted=true | |
| ;; | |
| esac | |
| fi | |
| echo "trusted=${trusted}" >> "$GITHUB_OUTPUT" | |
| - uses: actions/checkout@v6 | |
| if: ${{ steps.trust.outputs.trusted == 'true' }} | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Install pnpm | |
| if: ${{ steps.trust.outputs.trusted == 'true' }} | |
| uses: pnpm/action-setup@v6 | |
| with: | |
| run_install: false | |
| - name: Install Node.js | |
| if: ${{ steps.trust.outputs.trusted == 'true' }} | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: "package.json" | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| if: ${{ steps.trust.outputs.trusted == 'true' }} | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| - name: Detect app build targets | |
| id: targets | |
| shell: bash | |
| run: | | |
| if [[ "${{ steps.trust.outputs.trusted }}" != "true" ]]; then | |
| echo "App PR builds are skipped for fork or untrusted PRs." | |
| echo "targets=[]" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| node scripts/pr-build-targets.mjs \ | |
| --github-output \ | |
| --base "${{ github.event.pull_request.base.sha }}" \ | |
| --head "${{ github.event.pull_request.head.sha }}" | |
| build-techlabblog: | |
| name: Build techlabblog image | |
| needs: affected | |
| if: ${{ contains(fromJSON(needs.affected.outputs.targets), 'techlabblog') }} | |
| permissions: | |
| actions: read | |
| contents: read | |
| uses: ./.github/workflows/_build-techlabblog.yml | |
| with: | |
| base_tag: ${{ vars.UI_BASE_TAG }} | |
| tag: pr-${{ github.event.pull_request.number }}-${{ github.sha }} | |
| push: false | |
| sentry_environment: ci | |
| secrets: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
| SENTRY_PROJECT: ${{ secrets.TECHLABBLOG_SENTRY_PROJECT }} | |
| build-trustlab: | |
| name: Build trustlab image | |
| needs: affected | |
| if: ${{ contains(fromJSON(needs.affected.outputs.targets), 'trustlab') }} | |
| permissions: | |
| actions: read | |
| contents: read | |
| uses: ./.github/workflows/_build-trustlab.yml | |
| with: | |
| base_tag: ${{ vars.UI_BASE_TAG }} | |
| tag: pr-${{ github.event.pull_request.number }}-${{ github.sha }} | |
| push: false | |
| secrets: | |
| DATABASE_URL: ${{ secrets.TRUSTLAB_MONGO_URL }} | |
| PAYLOAD_SECRET: ${{ secrets.TRUSTLAB_PAYLOAD_SECRET }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
| SENTRY_PROJECT: ${{ secrets.TRUSTLAB_SENTRY_PROJECT }} |