# This workflow runs whenever the AIO build workflow has completed. Deployment happens # as part of a dedicated second workflow to avoid security issues where the building would # otherwise occur in an authorized context where secrets could be leaked. # # More details can be found here: # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. name: Deploying AIO preview to Firebase on: workflow_run: workflows: ['Build AIO app for preview deployment'] types: [completed] permissions: # Needed in order to be able to comment on the pull request. pull-requests: write env: # TODO(pgschwendtner): use a different project for framework previews here. PREVIEW_PROJECT: ng-comp-dev jobs: aio-deploy: runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3 - name: Configure Firebase deploy target working-directory: aio/ run: | # We can use `npx` as the Firebase deploy actions uses it too. # The default site is used as we don't use multi-sites in the project. npx -y firebase-tools@latest target:clear --project ${{env.PREVIEW_PROJECT}} hosting aio npx -y firebase-tools@latest target:apply --project ${{env.PREVIEW_PROJECT}} hosting aio ${{env.PREVIEW_PROJECT}} - uses: angular/dev-infra/github-actions/deploy-previews/upload-artifacts-to-firebase@96fdaaa056f1cfa7ffbc4c69b7e9007279f76c94 with: github-token: '${{secrets.GITHUB_TOKEN}}' workflow-artifact-name: 'aio' firebase-config-dir: './aio/' firebase-public-dir: './aio/dist' firebase-project-id: '${{env.PREVIEW_PROJECT}}' firebase-service-key: '${{secrets.FIREBASE_PREVIEW_SERVICE_TOKEN}}'