--- name: "docs: check and build" on: pull_request_target: paths: - '.github/workflows/wf_check.yaml' - '.github/workflows/dashboard_checks.yaml' # common build - 'flake.nix' - 'flake.lock' - 'nixops/**' - 'build/**' # common javascript - ".npmrc" - ".prettierignore" - ".prettierrc.js" - "audit-ci.jsonc" - "package.json" - "pnpm-workspace.yaml" - "pnpm-lock.yaml" - "turbo.json" # docs - docs/** # nhost-js - packages/nhost-js/** # apis - 'services/auth/docs/openapi.yaml' - 'services/storage/controller/openapi.yaml' # cli - cli/** push: branches: - main concurrency: group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || format('push-{0}', github.sha) }} cancel-in-progress: ${{ github.event_name == 'pull_request' }} jobs: check-permissions: runs-on: ubuntu-latest steps: - run: | echo "github.event_name: ${{ github.event_name }}" echo "github.event.pull_request.author_association: ${{ github.event.pull_request.author_association }}" - name: "This task will run and fail if user has no permissions and label safe_to_test isn't present" if: "github.event_name == 'pull_request_target' && ! ( contains(github.event.pull_request.labels.*.name, 'safe_to_test') || contains(fromJson('[\"OWNER\", \"MEMBER\", \"COLLABORATOR\"]'), github.event.pull_request.author_association) )" run: | exit 1 tests: uses: ./.github/workflows/wf_check.yaml needs: - check-permissions with: NAME: docs PATH: docs GIT_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }} secrets: AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }} NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }} NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }} remove_label: runs-on: ubuntu-latest needs: - check-permissions steps: - uses: actions-ecosystem/action-remove-labels@v1 with: labels: | safe_to_test if: contains(github.event.pull_request.labels.*.name, 'safe_to_test')