FIX: Enable Netlify preview deployments for Dependabot PRs#804
Conversation
- Remove github.actor != 'dependabot[bot]' restriction from Netlify deploy step - Allow visual inspection of dependency updates (e.g., theme changes) before merging - Update skip message to clarify only fork PRs are blocked for security - Dependabot PRs are safe as they come from within the same repository
mmcky
changed the title
|
📖 Netlify Preview Ready! Preview URL: https://pr-804--sunny-cactus-210e3e.netlify.app (935df28) |
…eview-netlify@v0.6.0 - Removes ~260 lines of custom Netlify deployment code - Uses shared action that provides same functionality: - Automatic changed lecture file detection - Smart PR comments with direct links - Duplicate comment prevention - Built-in security handling (skips forks/Dependabot) - Improves maintainability across QuantEcon repos - Enables Dependabot to auto-update the action version
There was a problem hiding this comment.
Pull request overview
This PR migrates the repository’s Netlify preview deployment logic in CI from an inlined custom implementation to the shared quantecon/actions/preview-netlify@v0.6.0 action, with the stated goal of enabling preview deployments for Dependabot PRs and reducing workflow maintenance burden.
Changes:
- Replaced the custom Netlify deploy + changed-file detection + PR commenting logic with
quantecon/actions/preview-netlify@v0.6.0. - Removed explicit Netlify secrets from job-level
envand now passes them as action inputs.
- Add contents:read and pull-requests:write permissions - Required for preview-netlify action to post PR comments - Addresses Copilot code review feedback
Copilot Feedback AddressedThanks for the review! I've addressed both issues: ✅ Issue 1: Workflow PermissionsAdded explicit permissions to the workflow in commit d57db31: permissions:
contents: read
pull-requests: writeThis ensures the ✅ Issue 2: Dependabot SecretsThe Dependabot secrets concern is already resolved. We've configured organization-level Dependabot secrets:
These are available at: https://github.com/organizations/QuantEcon/settings/secrets/dependabot With this configuration, Dependabot PRs using the The PR is now ready with both Copilot recommendations implemented! 🎉 |
|
@jstac I am starting to see some joy in +7/-263 merges. Hooray for code reduction :-) |
- preview-netlify action requires npm to install netlify-cli - RunsOn custom AMI doesn't have Node.js pre-installed - Add actions/setup-node@v4 before preview deploy step
📖 Netlify Preview Ready!Preview URL: https://pr-804--sunny-cactus-210e3e.netlify.app Commit: Build Info
|
1 participant
Summary
This PR migrates Netlify preview deployment from custom implementation to the shared
quantecon/actions/preview-netlify@v0.6.0action maintained in the quantecon/actions repository.Motivation
Enable Dependabot previews: The original motivation was to enable Netlify preview deployments for Dependabot PRs (like ⬆️ Bump quantecon-book-theme from 0.15.1 to 0.16.0 #800) to inspect visual/theme changes before merging.
Reduce code duplication: The custom implementation duplicated ~260 lines of deployment logic that's now centralized across all QuantEcon lecture repositories.
Improve maintainability: The shared action is tested and maintained in one place, making updates and bug fixes easier.
Changes
Replaced ~260 lines of custom code with shared action:
Features Preserved
The shared action provides identical functionality:
Setup Required
Dependabot secrets are configured at the organization level to enable previews for Dependabot PRs:
Organization secrets configured at https://github.com/organizations/QuantEcon/settings/secrets/dependabot:
NETLIFY_AUTH_TOKEN(Dependabot-specific token)NETLIFY_SITE_ID(same as Actions secrets)With these configured, Dependabot PRs will automatically get Netlify preview deployments.
Security
The shared action handles security properly:
Benefits
v0.6.0tag that Dependabot can auto-update