ci: listen to pull request events

ludovicm67 · ludovicm67 · commit 607dbe8eea0e · 2025-09-12T21:00:43.000+02:00
diff --git a/.github/workflows/docker-ods-ui.yaml b/.github/workflows/docker-ods-ui.yaml
@@ -6,6 +6,11 @@ on:
       - "opendata.swiss/ui/**" # Only trigger if files in the ui directory change
       - ".github/workflows/docker-ods-ui.yaml" # Trigger also if this workflow file is changed
 
+  pull_request:
+    paths:
+      - "opendata.swiss/ui/**" # Only trigger if files in the ui directory change
+      - ".github/workflows/docker-ods-ui.yaml" # Trigger also if this workflow file is changed
+
 jobs:
   docker:
     runs-on: ubuntu-latest
@@ -19,7 +24,18 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v5
 
+      - name: Set up kubectl
+        if: github.event_name == 'pull_request'
+        uses: azure/setup-kubectl@v4
+        with:
+          version: v1.33.0
+
+      - name: Set up Kustomize
+        if: github.event_name == 'pull_request'
+        uses: imranismail/setup-kustomize@v2
+
       - name: Install Cosign
+        if: github.event_name != 'pull_request'
         uses: sigstore/cosign-installer@v3.9.2
 
       - name: Set up QEMU
@@ -35,6 +51,12 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Configure some variables
+        id: vars
+        run: |
+          echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+          echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}" >> $GITHUB_OUTPUT
+
       - name: Docker meta
         id: docker_meta
         uses: docker/metadata-action@v5
@@ -60,6 +82,7 @@ jobs:
             linux/amd64
 
       - name: Sign the images with GitHub OIDC Token
+        if: github.event_name != 'pull_request'
         env:
           DIGEST: ${{ steps.docker_build.outputs.digest }}
           TAGS: ${{ steps.docker_meta.outputs.tags }}
@@ -69,3 +92,32 @@ jobs:
             images+="${tag}@${DIGEST} "
           done
           cosign sign --yes ${images}
+
+      - name: Configure cluster context
+        if: github.event_name == 'pull_request'
+        run: |
+          kubectl config set-cluster default "--server=${K8S_API_URL}" --insecure-skip-tls-verify=true
+          kubectl config set-credentials default "--token=${K8S_TOKEN}"
+          kubectl config set-context default --cluster=default --namespace=piveau-previews --user=default
+          kubectl config use-context default
+
+      - name: Generate manifests
+        if: github.event_name == 'pull_request'
+        working-directory: ./opendata.swiss/ui/k8s
+        run: |
+          kustomize edit set nameprefix "${{ steps.vars.outputs.branch }}-"
+          kustomize edit add patch --patch "$(cat <<EOF
+          apiVersion: networking.k8s.io/v1
+          kind: Ingress
+          metadata:
+            name: piveau-ui
+          spec:
+            tls:
+              - secretName: ${{ steps.vars.outputs.branch }}-prev-tls
+                hosts:
+                  - ${{ steps.vars.outputs.branch }}.piveau-ln-preview.zazukoians.org
+          EOF
+          )"
+          kustomize edit set image "ghcr.io/opendata-swiss/ods-ui=ghcr.io/opendata-swiss/ods-ui:sha-${{ steps.vars.outputs.short_sha }}"
+          kustomize edit set label "app.kubernetes.io/instance:${{ steps.vars.outputs.branch }}"
+          kustomize build | tee manifest.yaml
diff --git a/opendata.swiss/ui/k8s/deployment.yaml b/opendata.swiss/ui/k8s/deployment.yaml
@@ -5,11 +5,9 @@ metadata:
 spec:
   template:
     spec:
-      imagePullSecrets:
-        - name: piveau-ui-pull-secret
       containers:
         - name: piveau-ui
-          image: registry.zazuko.com/docker/lindas-next-piveau-js
+          image: ghcr.io/opendata-swiss/ods-ui
           imagePullPolicy: IfNotPresent
           ports:
             - name: http
