-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Previewing PR using Surge.sh #1487
Conversation
Thanks a lot for the work here! @raysonkoh Could I double check the resolution in the issue was per @damithc's comment here? i.e. we're not actually going to switch to surge for this repo, just provide instructions / pointers (documentation) for ways of doing pr previews, which sounds good. if this pr is meant as a poc toward those documentation changes / some other purpose however please ignore this 😅 |
Thanks for the comment @ang-zeyu Yes, I was thinking along this line. Would this be the right approach or do you think updating the userGuide with the instructions is enough? |
The example here looks really robust, and can serve as a good accompanying example somewhere. I was thinking of adding a separate supporting top level section / page first (something like Something along this structure:
On those lines since we only have instructions for deploying to github pages, netlify, a prior pr for a deploying to surge guide (in non-pr preview context) based on the first workflow here could be done as well to reduce the content repitition. What do you think? @raysonkoh |
Thanks for the suggestion! Just to clarify, you are suggesting to have another PR for adding instructions for deploying a Markbind site to Surge? Actually the steps are roughly the same, with an additional step of adding a Based on what you said, I think a good page structure for
What do you think @ang-zeyu ? |
I suppose so. I'm not too familiar with Surge however, I'll leave you to judge whether its worth it here 😅
With the above addition*, if it makes sense |
Actually, I feel that we can put this (including a section for Deploying a Markbind site to Surge for production) aside for now, because there isn't really anything that Surge provides that Github Pages doesn't provide and setting up Surge is more troublesome than setting up Github Pages. Cost-wise, both services are free also. |
I will make a separate PR to reorganize the page structure of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work on this :) The instructions are clear and straightforward. Managed to set up my surge preview very quickly following the steps 👍. Just two minor nits and the rest looks good.
docs/userGuide/deployingTheSite.md
Outdated
|
||
<include src="screenshot.md" boilerplate var-alt="Create Surge account" var-file="surgeCreateAccount.png" inline /> | ||
|
||
1. Proceed to create a Surge account. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually this part is not needed - the user can just CTRL-C
out of this process (after logging in / creating an account). I have added a clarification in the userGuide on this. Could you help to check to see if it is clearer?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually this part is not needed - the user can just CTRL-C out of this process (after logging in / creating an account).
Ahh I see. Yup it's much clearer now 👍 Thanks for updating :)
- Fix gh-action workflow directory path - Make the steps in setting up Surge clearer
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work with the docs! @raysonkoh
The main reason for having 2 separate workflows is due to security reasons. Github-Actions does not expose repo secrets for workflows that are triggered by PRs from a forked repo, link to docs. Based on my research so far, there are four possible ways to get around this.
Agree with the approach here, thanks for the research.
Just a few suggestions on the workflow examples:
docs/userGuide/deployingTheSite.md
Outdated
run_id: ${{ github.event.workflow_run.id }} | ||
name: markbind-deployment | ||
path: . | ||
- name: Display structure of downloaded files |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we remove this step? since devs can include it as needed if preferred
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup make sense, will remove it
docs/userGuide/deployingTheSite.md
Outdated
uses: rlespinasse/github-slug-action@v3.x | ||
- name: Build PR preview url | ||
id: pr-url | ||
run: echo '::set-output name=ACTIONS_PREVIEW_URL::'https://pr-${{ steps.pr-number.outputs.ACTIONS_PR_NUMBER }}-${{ env.GITHUB_REPOSITORY_SLUG_URL }}.surge.sh/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we remove rlespinasse/github-slug-action@v3.x
and simplify the surge url?
also a small comment / note to change this as appropriate, since the url is project-dependent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm I think that if we remove rlespinasse/github-slug-action@v3.x
, it will add some more complexity since there needs to be some regex script to extract the repoSlug. I am not sure if there is a way to simplify the surge url while ensuring that it is still as general as possible.
I can add a note to say that the user can make modifications to the surge URL as needed to a simpler one, together with a short code snippet showing the relevant changes. What do you think @ang-zeyu ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not too familiar with surge's specifics - is ${{ env.GITHUB_REPOSITORY_SLUG_URL }}
necessary / convention for pr previewing in surge?
my view is that this could be easily configured to something unique if the user wants to (not limited to owner + repo
format).
i.e. just https://pr-${{ steps.pr-number.outputs.ACTIONS_PR_NUMBER }}-xxxx-anything-xxxx.surge.sh
.
Would that work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One way is that the user can have a SURGE_URL
secret, so the PR URL would be something like https://pr-${{ steps.pr-number.outputs.ACTIONS_PR_NUMBER }}-${{ secrets.SURGE_URL }}.surge.sh
.
This would eliminate the need for rlespinasse/github-slug-action@v3.x
in the code. However, this would be slightly more inconvenient for the user.
What do you think about this approach?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm was thinking of just highlighting that the specific line in the .yml
should be edited per the project as needed before committing. (comment / warning box / highlight)
Since folks who are using pull requests, github actions, github likely have the know how =P
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay I have added in the userGuide a new variable PR_URL
which the user can modify. I have also added a note to highlight to the user that they have to edit the PR_URL
according to their needs.
docs/userGuide/deployingTheSite.md
Outdated
Additionally, **when contributors make a pull request to your GitHub repo, you can _preview_ the updated site** at the bottom of the pull request by clicking on `details` link in the PR: | ||
## Previewing Pull Requests for MarkBind sites | ||
|
||
There may be more than one user making changes to your MarkBind site. In such cases, it might be prudent to have a workflow that is centered around pull requests (PRs) such as a [feature branch workflow](https://www.atlassian.com/git/tutorials/comparing-workflows/feature-branch-workflow) or a [forking workflow](https://www.atlassian.com/git/tutorials/comparing-workflows/forking-workflow). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's preface a little bit more who this section is for (users having MarkBind projects on github)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay I have added an info box below ## Previewing Pull Requests for MarkBind sites
Co-authored-by: Ang Ze Yu <angzeyu@gmail.com>
Co-authored-by: Ang Ze Yu <angzeyu@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks! one last nit:
docs/userGuide/deployingTheSite.md
Outdated
|
||
<box type="info"> | ||
|
||
This section is meant for users who are $$hosting their Markbind project on **Github**$$. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's keep this to 2nd person for consistency
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, I have updated this to 2nd person
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lgtm 👍
What is the purpose of this pull request?
Related to #1466
Currently, we have provided instructions for deploying PR previews using Netlify. However, as Netlify have a limited amount of free build minutes, there may be other users who are thinking of using other PR preview services. This PR aims to add instructions for previewing PR using Surge which has unlimited build minutes as of now.
Overview of changes:
Add 2 new workflows for previewing PR on Surge.
The first workflow is "Receive Markbind PR" which builds the markbind site and uploads it as an Artifact.
The next workflow is "Deploy PR Preview", which is only triggered upon successful completion of the first workflow and it deploys the Markbind site to
Surge.sh
using with the link as such:https://pr-[PR_NUMBER]-[REPO_SLUG].surge.sh
. At the end of this workflow, a github-actions bot will auto-comment the link of the PR preview for easier accessibility for the PR reviewer.Anything you'd like to highlight / discuss:
Some relevant context: reposense/RepoSense#1105, reposense/RepoSense#1099 , reposense/RepoSense#1411, reposense/RepoSense#1434
The main reason for having 2 separate workflows is due to security reasons. Github-Actions does not expose repo secrets for workflows that are triggered by PRs from a forked repo, link to docs. Based on my research so far, there are four possible ways to get around this.
pull_request_target
event, the workflow that are triggered by PRs are able to get access to repo secrets. More info in the github release doc. However, by design, it does not run the code in the PR as it may be malicious. One workaround that people have found would be to usepull_request_target
and then checking out the HEAD of the PR. However, this poses a serious security risk as the secrets would be leaked.workflow_run
event, together with a separate initial workflow which is then used to trigger the main workflow. This is the approach that Reposense is currently using and the approach that I adopted for this PR. I feel that this is much more secure than the first option as we can control which section of the PR code to extract to the main workflow (that is deploys the Markbind site to Surge).SURGE_TOKEN
Option 2 is also recommended by Github here: https://securitylab.github.com/research/github-actions-preventing-pwn-requests. Option 3 and 4 may be too tedious and inconvenient.
Testing instructions:
npm install --global surge
and typingsurge
on the terminalsurge token
to generate your surge token.SURGE_TOKEN
and set the value as the generated surge token../github/workflows/
.receivePR.yml
previewPR.yml
Showcase:
Proposed commit message: (wrap lines at 72 characters)
Checklist: ☑️