Build AIO app for preview deployment #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow builds the AIO previews for pull requests when a certain label is applied. | |
# The actual deployment happens as part of a dedicated second workflow to avoid security | |
# issues where the building would otherwise occur in an authorized context where secrets | |
# could be leaked. More details can be found here: | |
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. | |
name: Build AIO app for preview deployment | |
on: | |
pull_request: | |
types: [synchronize, labeled] | |
permissions: read-all | |
jobs: | |
aio-build: | |
runs-on: ubuntu-latest | |
# We only want to build and deploy the AIO app if the `aio: preview` label has been | |
# added, or if the label is already applied and new changes have been made in the PR. | |
if: | | |
(github.event.action == 'labeled' && github.event.label.name == 'aio: preview') || | |
(github.event.action == 'synchronize' && contains(github.event.pull_request.labels.*.name, 'aio: preview')) | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- uses: ./.github/actions/yarn-install | |
- uses: angular/dev-infra/github-actions/setup-bazel-remote-exec@5f06c4774df908ed69e1441f4ec63b898acf0c68 | |
with: | |
bazelrc: ./.bazelrc.user | |
# Build the web package. Note: We run Bazel from a low-resource Github action container, | |
# so we manually need to instruct Bazel to run more actions concurrently as by default | |
# the number of concurrent actions is determined based on the host resources. | |
- run: bazel build //aio:build --jobs=32 --announce_rc --verbose_failures | |
- uses: angular/dev-infra/github-actions/deploy-previews/pack-and-upload-artifact@5f06c4774df908ed69e1441f4ec63b898acf0c68 | |
with: | |
workflow-artifact-name: 'aio' | |
pull-number: '${{github.event.pull_request.number}}' | |
artifact-build-revision: '${{github.event.pull_request.head.sha}}' | |
deploy-directory: './dist/bin/aio/build' |