-
Notifications
You must be signed in to change notification settings - Fork 6.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: setup preview builds for dev-app #23825
build: setup preview builds for dev-app #23825
Conversation
d308a6d
to
b539fbe
Compare
292095d
to
4784df7
Compare
@crisbeto updated to have the workflow artifact fetching script as external script. The downside is that we now need to install node modules in the deploy workflow as well, but I was able to share the yarn install logic to avoid duplication; so we are good. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Sets up preview builds for the dev-app. Whenever the `dev-app preview` label is applied to pull requests, a Github action will build the dev-app using RBE and deploy it to a preview channel within a Firebase project. The deployment and building is split up into two individual workflows to guarantee a secure exeuction of these steps. This follows the concept as outlined in https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. In the future, we can try extracting some of this logic into a common tool in the dev-infra repository.. allowing preview builds to be used for other things, or in other repositories as well (or switching AIO away from the rather-complicated docker preview build setup).
Address feedback
Update old links
aabdb16
to
2f6ee6d
Compare
* build: setup preview builds for dev-app Sets up preview builds for the dev-app. Whenever the `dev-app preview` label is applied to pull requests, a Github action will build the dev-app using RBE and deploy it to a preview channel within a Firebase project. The deployment and building is split up into two individual workflows to guarantee a secure exeuction of these steps. This follows the concept as outlined in https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. In the future, we can try extracting some of this logic into a common tool in the dev-infra repository.. allowing preview builds to be used for other things, or in other repositories as well (or switching AIO away from the rather-complicated docker preview build setup). * fixup! build: setup preview builds for dev-app Address feedback * fixup! build: setup preview builds for dev-app Update old links (cherry picked from commit 7ec0139)
* build: setup preview builds for dev-app Sets up preview builds for the dev-app. Whenever the `dev-app preview` label is applied to pull requests, a Github action will build the dev-app using RBE and deploy it to a preview channel within a Firebase project. The deployment and building is split up into two individual workflows to guarantee a secure exeuction of these steps. This follows the concept as outlined in https://securitylab.github.com/research/github-actions-preventing-pwn-requests/. In the future, we can try extracting some of this logic into a common tool in the dev-infra repository.. allowing preview builds to be used for other things, or in other repositories as well (or switching AIO away from the rather-complicated docker preview build setup). * fixup! build: setup preview builds for dev-app Address feedback * fixup! build: setup preview builds for dev-app Update old links (cherry picked from commit 7ec0139)
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
Sets up preview builds for the dev-app. Whenever the
dev-app preview
label is applied to pull requests, a Github action will build the
dev-app using RBE and deploy it to a preview channel within a Firebase
project. This can help with reviews of pull requests as an example.
The deployment and building is split up into two individual workflows
to guarantee a secure exeuction of these steps. This follows the
concept as outlined in
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/.
In the future, we can try extracting some of this logic into a common
tool in the dev-infra repository.. allowing preview builds to be used
for other things, or in other repositories as well (or switching AIO
away from the rather-complicated docker preview build setup).
Example PR on my fork: devversion#57.
Note: We can also run this regardless of a label, so that previews are always available. We probably would also need a team-owned Firebase instance. Right now this is just using my testing one.