.github/workflows/prw-deploy-preview.yml

name: Deploy preview for PR

on:
  workflow_run:
    workflows:
      - "Build preview for PR"
    types:
      - completed

permissions:
  contents: read
  id-token: write
  pull-requests: write

concurrency:
  group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch }}
  cancel-in-progress: false

env:
  HUGO_BASEURL: "https://preview-developer.espressif.com/"

jobs:
  deploy-preview:
    runs-on: ubuntu-latest
    if: >
      github.event.workflow_run.event == 'pull_request' &&
      github.event.workflow_run.conclusion == 'success'

    steps:
      - name: Download artifacts (PR number file)
        uses: actions/download-artifact@v4
        with:
          name: pr-num
          path: ./
          run-id: ${{ github.event.workflow_run.id }}
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Read PR number from file
        id: read-pr-num
        run: |
          echo "PR_NUMBER=$(cat pr-num.txt)" >> $GITHUB_ENV
          echo ${{ env.PR_NUMBER }}

      - name: Check if checksums-s3.txt is in S3 bucket
        id: download-checksums-s3
        run: |
          if aws s3 ls s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr${{ env.PR_NUMBER }}/checksums-s3.txt; then
            checksums_exists=true
          else
            checksums_exists=false
          fi
          echo "checksums-exists=$checksums_exists" >> $GITHUB_ENV
          echo "checksums-exists=$checksums_exists"  # Print for debugging
        env:
          AWS_S3_BUCKET: ${{ secrets.PREVIEW_AWS_BUCKET_NAME }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Download checksums-ci.txt from artifacts
        uses: actions/download-artifact@v4
        with:
          name: checksums-ci
          path: ./
          run-id: ${{ github.event.workflow_run.id }}
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Print checksums-ci.txt for inspection
        run: |
          echo "Contents of checksums-ci.txt:"
          cat checksums-ci.txt

      - name: Download checksums-s3.txt from S3 bucket
        if: env.checksums-exists == 'true'
        run: |
          aws s3 cp s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr${{ env.PR_NUMBER }}/checksums-s3.txt ./checksums-s3.txt || touch ./checksums-s3.txt
        env:
          AWS_S3_BUCKET: ${{ secrets.PREVIEW_AWS_BUCKET_NAME }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Print checksums-s3.txt for inspection
        if: env.checksums-exists == 'true'
        run: |
          echo "Contents of checksums-s3.txt:"
          cat checksums-s3.txt

# Files were uploaded to pr7/public
# If ./checksums-s3.txt doesn't exist, use jakejarvis/s3-sync-action to deploy files and also generate and deploy checksums-s3.txt

      - name: Download artifacts (Public folder)
        uses: actions/download-artifact@v4
        with:
          name: public-folder
          path: ./public
          run-id: ${{ github.event.workflow_run.id }}
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Compare checksums and update local folder
        if: env.checksums-exists == 'true'
        run: |
          mkdir -p ./local-sync

          # Find outdated files and remove them (unique checksums in checksums-s3.txt)
          comm -23 checksums-s3.txt checksums-ci.txt | awk '{print $1}' > outdated-files.txt
          if [ -s outdated-files.txt ]; then
            echo "Removing outdated files from S3:"
            cat outdated-files.txt
            for file in $(cat outdated-files.txt); do
              aws s3 rm s3://${{ secrets.PREVIEW_AWS_BUCKET_NAME }}/pr${{ env.PR_NUMBER }}/$file
            done
          fi

          # Copy updated files to the local folder (unique checksums in checksums-ci.txt)
          comm -13 checksums-s3.txt checksums-ci.txt | awk '{print $1}' > updated-files.txt
          if [ -s updated-files.txt ]; then
            echo "Copying updated files to local sync folder:"
            cat updated-files.txt
            for file in $(cat updated-files.txt); do
              mkdir -p ./local-sync/$(dirname "$file")
              cp ./public/$file ./local-sync/$file
            done
          fi
        env:
          AWS_S3_BUCKET: ${{ secrets.PREVIEW_AWS_BUCKET_NAME }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Copy checksums to local-sync and public folders
        run: |
          # Ensure checksums-ci.txt is in the local sync folder
          mkdir -p ./local-sync
          cp checksums-ci.txt ./local-sync/checksums-s3.txt
          cp checksums-ci.txt ./public/checksums-s3.txt
        env:
          AWS_S3_BUCKET: ${{ secrets.PREVIEW_AWS_BUCKET_NAME }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Sync local folder with S3 bucket (local-sync)
        if: env.checksums-exists == 'true'
        uses: jakejarvis/s3-sync-action@master
        with:
          args: --follow-symlinks --cache-control no-cache
        env:
          AWS_S3_BUCKET: ${{ secrets.PREVIEW_AWS_BUCKET_NAME }}
          SOURCE_DIR: './local-sync'
          DEST_DIR: "pr${{ env.PR_NUMBER }}"
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Sync public folder with S3 bucket (public)
        if: env.checksums-exists == 'false'
        uses: jakejarvis/s3-sync-action@master
        with:
          args: --follow-symlinks --delete --cache-control no-cache
        env:
          AWS_S3_BUCKET: ${{ secrets.PREVIEW_AWS_BUCKET_NAME }}
          SOURCE_DIR: './public'
          DEST_DIR: "pr${{ env.PR_NUMBER }}"
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Post Preview Link to PR
        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            try {
              const { data: comments } = await github.rest.issues.listComments({
                issue_number: ${{ env.PR_NUMBER }},
                owner: context.repo.owner,
                repo: context.repo.repo
              });

              // Define the comment body
              const commentBody = `🎉 A preview for this PR is available at: ${{ env.HUGO_BASEURL }}pr${{ env.PR_NUMBER }}/`;

              // Look for an existing comment containing the specific text
              const existingComment = comments.find(comment =>
                comment.body.includes("🎉 A preview for this PR is available at:")
              );

              if (existingComment) {
                // Delete the existing comment
                await github.rest.issues.deleteComment({
                  comment_id: existingComment.id,
                  owner: context.repo.owner,
                  repo: context.repo.repo
                });
              }

              // Create a new comment
              await github.rest.issues.createComment({
                issue_number: ${{ env.PR_NUMBER }},
                owner: context.repo.owner,
                repo: context.repo.repo,
                body: commentBody
              });
            } catch (error) {
              core.setFailed(`Failed to manage PR comment: ${error.message}`);
            }

      - name: Invalidate CloudFront cache for PR
        uses: chetan/invalidate-cloudfront-action@v2
        env:
          PATHS: "/pr${{ env.PR_NUMBER }}/*"
          DISTRIBUTION: ${{ secrets.PREVIEW_CLOUDFRONT_DISTRIBUTION }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}