Does this make it work with forks and community contributors? We are using a few repo secrets in the deployment workflow, and I am not sure if this workflow allows forks to use the secret values.

Does this make it work with forks and community contributors? We are using a few repo secrets in the deployment workflow, and I am not sure if this workflow allows forks to use the secret values.

I don't think so (at least that was not my intent), it just modified so that PRs created using forks would work.
I'm adding a clause to the action that only members of thecoder org can trigger this action.

I've opened#13405 to validate.

Thank you. This is a good improvement. I plan to make this flow better sometimes#11331

I tried deploying this PR but its detecting the wrong branch and PR number

gh pr checkout 13404remote: Enumerating objects: 12, done.remote: Counting objects: 100% (12/12), done.remote: Compressing objects: 100% (2/2), done.remote: Total 12 (delta 10), reused 12 (delta 10), pack-reused 0Unpacking objects: 100% (12/12), 1.71 KiB | 877.00 KiB/s, done.From https://github.com/coder/coder * [new ref]             refs/pull/13404/head -> dk/fix-previewSwitched to branch 'dk/fix-preview'git statusOn branch dk/fix-previewnothing to commit, working tree clean./scripts/deploy-pr.shAre you sure you want to deploy? (y/n) ybranchName: node-20prNumber: 12921experiments:build: falsedeploy: false✓ Created workflow_dispatch event for pr-deploy.yaml at node-20To see runs for this workflow, try: gh run list --workflow=pr-deploy.yaml

I tried deploying this PR but its detecting the wrong branch and PR number

gh pr checkout 13404remote: Enumerating objects: 12, done.remote: Counting objects: 100% (12/12), done.remote: Compressing objects: 100% (2/2), done.remote: Total 12 (delta 10), reused 12 (delta 10), pack-reused 0Unpacking objects: 100% (12/12), 1.71 KiB | 877.00 KiB/s, done.From https://github.com/coder/coder * [new ref]             refs/pull/13404/head -> dk/fix-previewSwitched to branch 'dk/fix-preview'git statusOn branch dk/fix-previewnothing to commit, working tree clean./scripts/deploy-pr.shAre you sure you want to deploy? (y/n) ybranchName: node-20prNumber: 12921experiments:build: falsedeploy: false✓ Created workflow_dispatch event for pr-deploy.yaml at node-20To see runs for this workflow, try: gh run list --workflow=pr-deploy.yaml

Weird, it works for me:

$ gh pr status --repo=coder/coder --json headRefName,number --jq'.createdBy[0]'| cat{"headRefName":"dk/fix-preview","number":13404}

Strangely for me

gh pr view --json headRefName | jq -r .headRefNamedk/fix-previewgh pr view --json number | jq -r .number13404

but

gh pr status --repo=coder/coder --json headRefName,number --jq '.createdBy[0]' | cat{"headRefName":"node-20","number":12921}

Looking into it,pr list seems like a better option.

Can you try this@matifali?

$ gh pr list --repo=coder/coder -H$(git rev-parse --abbrev-ref HEAD) --json number --jq'.[].number'| cat13404

Alternatively we should skip the convenience and just accept a PR number as an argument.

gh pr list --repo=coder/coder -H $(git rev-parse --abbrev-ref HEAD) --json number --jq '.[].number' | cat
13404
Also
gh pr status --json headRefName,number --jq '.currentBranch' | cat
{"headRefName":"dk/fix-preview","number":13404}

I don't trustpr status anymore, I'm seeing different results:

$ gh pr status --repo=coder/coder --json headRefName,number{"createdBy":[{"headRefName":"dk/fix-preview","number":13404},{"headRefName":"dk/verify-agent","number":13280}],"needsReview":[]}

I think the script should just accept a PR as input. WDYT?

@dannykopping I think as the branch is actually not on thecoder/coder repo, that's why we are not able to get it. Skipping--repo=coder/coder seems to work fine along with.currentBranch

@dannykopping I think as the branch is actually not on thecoder/coder repo, that's why we are not able to get it. Skipping--repo=coder/coder seems to work fine along with.currentBranch

Not so for me:

$ gh pr status --json headRefName,number --jq'.currentBranch'| cat

pr list is reliable, and works irrespective of forks.

$ ./scripts/deploy-pr.sh -d -n -y                                                                          dry runbranchName: dk/verify-agentprNumber: 13280experiments: build:falsedeploy:true$ git co dk/fix-preview Switched to branch'dk/fix-preview'$ ./scripts/deploy-pr.sh -d -n -ydry runbranchName: dk/fix-previewprNumber: 13404experiments: build:falsedeploy:true

@dannykopping OK lets usepr list push your changes, and I can try to run it from coder/coder

@dannykopping OK lets usepr list push your changes, and I can try to run it from coder/coder

$ ./scripts/deploy-pr.sh -d                                                                              Are you sure you want to deploy? (y/n) ybranchName: dk/fix-previewprNumber: 13404experiments: build:falsedeploy:truecould not create workflow dispatch event: HTTP 422: No ref found for: dk/fix-preview (https://api.github.com/repos/coder/coder/actions/workflows/60960476/dispatches)

Same issue as before (not that I expected this to be fixed with this change, but worth noting).

It works fine now in dry run. Can you try deploying from the fork for real? So that we can test if all secrets are accessible, too.

@dannykopping OK lets usepr list push your changes, and I can try to run it from coder/coder

$ ./scripts/deploy-pr.sh -d                                                                              Are you sure you want to deploy? (y/n) ybranchName: dk/fix-previewprNumber: 13404experiments: build:falsedeploy:truecould not create workflow dispatch event: HTTP 422: No ref found for: dk/fix-preview (https://api.github.com/repos/coder/coder/actions/workflows/60960476/dispatches)

Same issue as before (not that I expected this to be fixed with this change, but worth noting).

Same issue for me. Can not deploy.

I think we need to allow running this workflow on forks in repo settings.

@dannykopping OK lets usepr list push your changes, and I can try to run it from coder/coder

$ ./scripts/deploy-pr.sh -d                                                                              Are you sure you want to deploy? (y/n) ybranchName: dk/fix-previewprNumber: 13404experiments: build:falsedeploy:truecould not create workflow dispatch event: HTTP 422: No ref found for: dk/fix-preview (https://api.github.com/repos/coder/coder/actions/workflows/60960476/dispatches)

Same issue as before (not that I expected this to be fixed with this change, but worth noting).

Same issue for me. Can not deploy.

I think this is actually a good thing.

gh workflow run in the deploy script is trying to reference the workflow script in a branch which is outside the main repo. I don't think we should enable this.

I think we'll have to close this PR.

If the my branch from#13280 was not present incoder/coder (like I was expecting), then I would've gotten the422 as above. So this whole PR was fruit of the poisonous tree.

gh workflow run in the deploy script is trying to reference the workflow script in a branch which is outside the main repo. I don't think we should enable this.

Yes we do have the protection to check for membership but that check is part of the same workflow so not safe at all.