diff --git a/.github/workflows/build-blog.yml b/.github/workflows/build-blog.yml
index f7e50091..5d39e790 100644
--- a/.github/workflows/build-blog.yml
+++ b/.github/workflows/build-blog.yml
@@ -65,6 +65,10 @@ jobs:
with:
cache: "pipenv"
+ - name: Install Python (no pipenv)
+ if: ${{ !inputs.privileged }}
+ uses: actions/setup-python@v5
+
- name: Install Python Dependencies
if: inputs.privileged
run: |
@@ -72,10 +76,22 @@ jobs:
pipenv install
sudo apt install pngquant
- - name: Build Website
+ - name: Install Python Dependencies (Unprivileged)
+ if: ${{ !inputs.privileged }}
+ run: |
+ pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin
+ sudo apt install pngquant
+
+ - name: Build Website (Privileged)
+ if: inputs.privileged
run: |
pipenv run mkdocs build --config-file mkdocs.blog.yml
+ - name: Build Website (Unprivileged)
+ if: ${{ !inputs.privileged }}
+ run: |
+ BUILD_INSIDERS=false mkdocs build --config-file mkdocs.blog.yml
+
- name: Package Website
run: |
tar -czf site-build-blog.tar.gz site
diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
index 5f9b2987..c57aeb4d 100644
--- a/.github/workflows/build-pr.yml
+++ b/.github/workflows/build-pr.yml
@@ -19,12 +19,19 @@ jobs:
env:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
steps:
+ - name: Save PR metadata
+ run: |
+ mkdir -p ./metadata
+ echo ${{ github.event.number }} > ./metadata/NR
+ echo ${{ github.event.pull_request.head.sha }} > ./metadata/SHA
+
- name: Set submodules for fork
if: env.ACTIONS_SSH_KEY == ''
id: submodules-fork
run: |
echo 'submodules={"repo":["brand","i18n"]}' >> "$GITHUB_OUTPUT"
echo "privileged=false" >> "$GITHUB_OUTPUT"
+ echo "false" > ./metadata/PRIVILEGED
- name: Set submodules for main repo
if: env.ACTIONS_SSH_KEY != ''
@@ -32,12 +39,7 @@ jobs:
run: |
echo 'submodules={"repo":["brand","i18n","mkdocs-material-insiders"]}' >> "$GITHUB_OUTPUT"
echo "privileged=true" >> "$GITHUB_OUTPUT"
-
- - name: Save PR metadata
- run: |
- mkdir -p ./metadata
- echo ${{ github.event.number }} > ./metadata/NR
- echo ${{ github.event.pull_request.head.sha }} > ./metadata/SHA
+ echo "true" > ./metadata/PRIVILEGED
- name: Upload metadata as artifact
uses: actions/upload-artifact@v4
diff --git a/.github/workflows/publish-pr.yml b/.github/workflows/publish-pr.yml
index 0853eab4..ea72a727 100644
--- a/.github/workflows/publish-pr.yml
+++ b/.github/workflows/publish-pr.yml
@@ -22,6 +22,7 @@ jobs:
outputs:
pr_number: ${{ steps.metadata.outputs.pr_number }}
sha: ${{ steps.metadata.outputs.sha }}
+ privileged: ${{ steps.metadata.outputs.privileged }}
steps:
- name: Download Website Build Artifact
@@ -86,6 +87,7 @@ jobs:
unzip metadata.zip -d metadata
echo "pr_number=$(cat metadata/NR)" >> "$GITHUB_OUTPUT"
echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT"
+ echo "privileged=$(cat metadata/PRIVILEGED)" >> "$GITHUB_OUTPUT"
deploy_netlify:
needs: metadata
@@ -122,6 +124,7 @@ jobs:
address: ${{ needs.deploy_garage.outputs.address }}
steps:
- uses: thollander/actions-comment-pull-request@v2.5.0
+ if: ${{ needs.metadata.outputs.privileged == 'true' }}
with:
pr_number: ${{ needs.metadata.outputs.pr_number }}
message: |
@@ -132,3 +135,19 @@ jobs:
| 🔨 Latest commit | ${{ needs.metadata.outputs.sha }} |
| 😎 Preview | ${{ env.address }} |
comment_tag: deployment
+
+ - uses: thollander/actions-comment-pull-request@v2.5.0
+ if: ${{ needs.metadata.outputs.privileged == 'false' }}
+ with:
+ pr_number: ${{ needs.metadata.outputs.pr_number }}
+ message: |
+ ### ✅ Your preview is ready!
+
+ | Name | Link |
+ | :---: | ---- |
+ | 🔨 Latest commit | ${{ needs.metadata.outputs.sha }} |
+ | 😎 Preview | ${{ env.address }} |
+
+ Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features.
+ Maintainers should ensure this PR has been reviewed locally with a full build before merging.
+ comment_tag: deployment