chore: update GitHub Actions workflow permissions and artifact retention

- Added permissions for reading contents, actions, and writing pull requests. - Set artifact retention period to 1 day for the preview build.
2025-06-26 18:16:07 +00:00 · 2025-03-16 11:06:50 -06:00
parent 4f25e703d0
commit 5aa80f8c96
2 changed files with 17 additions and 8 deletions
--- a/.github/workflows/build-preview.yml
+++ b/.github/workflows/build-preview.yml
@@ -8,6 +8,10 @@ jobs:
  build-preview:
    runs-on: ubuntu-latest
    name: Build Preview Site and Upload Build Artifact
+    permissions:
+      contents: read
+      actions: read
+      pull-requests: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -34,4 +38,5 @@ jobs:
        uses: actions/upload-artifact@v4
        with:
          name: preview-build
-          path: app/dist 
+          path: app/dist
+          retention-days: 1 
--- a/.github/workflows/deploy-preview.yml
+++ b/.github/workflows/deploy-preview.yml
@@ -5,6 +5,8 @@ on:
    workflows: ['Build Preview Deployment']
    types:
      - completed
+    branches-ignore:
+      - main

 permissions:
  actions: read
@@ -15,17 +17,19 @@ permissions:
 jobs:
  deploy-preview:
    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    if: |
+      github.event.workflow_run.conclusion == 'success' &&
+      github.event.workflow_run.event == 'pull_request'
    name: Deploy Preview to Cloudflare Pages
    steps:
-      - name: Download build artifact
-        uses: actions/download-artifact@v4
-        id: preview-build-artifact
+      - name: Download artifact
+        uses: dawidd6/action-download-artifact@v3
        with:
+          workflow: build-preview.yml
          name: preview-build
          path: build
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          run-id: ${{ github.event.workflow_run.id }}
+          run_id: ${{ github.event.workflow_run.id }}
+          if_no_artifact_found: error

      - name: Deploy to Cloudflare Pages
        uses: AdrianGonz97/refined-cf-pages-action@v1
@@ -35,4 +39,4 @@ jobs:
          githubToken: ${{ secrets.GITHUB_TOKEN }}
          projectName: ${{ secrets.CLOUDFLARE_PROJECT_NAME }}
          deploymentName: Preview
-          directory: ${{ steps.preview-build-artifact.outputs.download-path }} 
+          directory: build