@@ -39,14 +39,17 @@ jobs:
3939 env :
4040 GH_TOKEN : ${{ github.token }}
4141 PR_NUM : ${{ github.event.workflow_run.pull_requests[0].number || inputs.pr_number }}
42+ GH_EVENT_NAME : ${{ github.event_name }}
43+ GH_HEAD_SHA : ${{ github.event.workflow_run.head_sha }}
44+ GH_REPO : ${{ github.repository }}
4245 run : |
4346 # Get SHA from triggering workflow, or from manual input
44- if [ "${{ github.event_name } }" == "workflow_run" ]; then
45- SHA="${{ github.event.workflow_run.head_sha } }"
47+ if [ "${GH_EVENT_NAME }" == "workflow_run" ]; then
48+ SHA="${GH_HEAD_SHA }"
4649 else
4750 echo "Fetching latest SHA for PR #${PR_NUM}..."
4851 if [ -n "${PR_NUM}" ]; then
49- SHA=$(gh pr view "${PR_NUM}" --repo "${{ github.repository } }" --json headRefOid --template '{{.headRefOid}}')
52+ SHA=$(gh pr view "${PR_NUM}" --repo "${GH_REPO }" --json headRefOid --template '{{.headRefOid}}')
5053 fi
5154 fi
5255
6164 PR_NUM=$(gh pr list --search "sha:${SHA}" --state open --json number --jq '.[0].number')
6265 fi
6366
64- # Validate that we have a PR number and that it is less than 5 characters
65- if [ -z "${PR_NUM}" ] || [ ${# PR_NUM} -gt 5 ]; then
67+ # Validate that we have a valid PR number
68+ if [ -z "${PR_NUM}" ] || [[ "${ PR_NUM}" =~ ^[1-9][0-9]{0,4}$ ] ]; then
6669 echo "Failed to get PR number, exiting (PR_NUM=${PR_NUM})"
6770 exit 1
6871 fi
@@ -108,32 +111,42 @@ jobs:
108111
109112 - name : Commit and push files
110113 id : commit-and-push
114+ env :
115+ PR_NUM : ${{ steps.setup-metadata.outputs.PR_NUM }}
116+ SHORT_SHA : ${{ steps.setup-metadata.outputs.SHORT_SHA }}
111117 run : |
112- # 1. Move 'upload' directory into repo folder and cd into repo root
113- mkdir -p plotly.js-dev-builds/upload/
114- cp -r upload/ plotly.js-dev-builds/
118+ # Move 'upload/pr-NNNN/' directory into repo folder and cd into repo root
119+ TARGET_DIR="upload/pr-${PR_NUM}"
120+ mkdir -p plotly.js-dev-builds/${TARGET_DIR}
121+ cp -r ${TARGET_DIR} plotly.js-dev-builds/
115122 cd plotly.js-dev-builds
116123
117- # 2. Configure git
124+ # Configure git
118125 git config user.name "plotly.js-pr-upload"
119126 git config user.email "<>"
120127
121- # 3. add, commit, and push
122- git add upload/
128+ # Add files
129+ git add ${TARGET_DIR}/
130+
131+ # Ensure that only files in upload/pr-NNNN/ are staged
132+ if git diff --name-only --cached | grep -qv "^${TARGET_DIR}/"; then
133+ echo "Error: Changes detected outside ${TARGET_DIR}/"
134+ exit 1
135+ fi
123136
124137 # Only commit if there are changes
125138 if git diff --staged --quiet; then
126139 echo "No changes to commit"
127140 else
128- git commit -m "Deploy build for PR #${{ steps.setup-metadata.outputs. PR_NUM }} (commit ${{ steps.setup-metadata.outputs. SHORT_SHA } })"
141+ git commit -m "Deploy build for PR #${PR_NUM} (commit ${SHORT_SHA})"
129142 git push origin main
130143 fi
131144
132145name : Generate summary
133146 run : |
134- BASE="https://plotly.github.io/plotly.js-dev-builds/upload/pr-${{ steps.setup-metadata.outputs. PR_NUM } }"
147+ BASE="https://plotly.github.io/plotly.js-dev-builds/upload/pr-${PR_NUM}"
135148 echo "### PR Build Uploaded" >> $GITHUB_STEP_SUMMARY
136- echo "Builds for PR #${{ steps.setup-metadata.outputs. PR_NUM } } can be accessed at:" >> $GITHUB_STEP_SUMMARY
137- echo "- Latest build for this PR: [$BASE/latest/plotly.min.js]($BASE/latest/plotly.min.js)" >> $GITHUB_STEP_SUMMARY
138- echo "- Build for this commit: [$BASE/${{ steps.setup-metadata.outputs.SHA }} /plotly.min.js]($BASE/${{ steps.setup-metadata.outputs. SHORT_SHA } }/plotly.min.js)" >> $GITHUB_STEP_SUMMARY
149+ echo "Builds for PR #${PR_NUM} can be accessed at:" >> $GITHUB_STEP_SUMMARY
150+ echo "- Latest build for this PR: [${ BASE} /latest/plotly.min.js](${ BASE} /latest/plotly.min.js)" >> $GITHUB_STEP_SUMMARY
151+ echo "- Build for this commit: [${ BASE} /${SHORT_SHA} /plotly.min.js](${ BASE} /${SHORT_SHA}/plotly.min.js)" >> $GITHUB_STEP_SUMMARY
139152 echo "The above links should start working a minute or two after this job completes." >> $GITHUB_STEP_SUMMARY
0 commit comments