fix(telemetry): scope consent cache by auth token #2555
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Preview Packages | |
| on: | |
| pull_request: | |
| types: [labeled, synchronize, opened, reopened] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| publish-preview: | |
| # Only run if PR has 'trigger: preview' label | |
| if: "contains(github.event.pull_request.labels.*.name, 'trigger: preview')" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} | |
| TURBO_TEAM: ${{ vars.TURBO_TEAM }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Environment | |
| uses: ./.github/actions/setup | |
| with: | |
| node-version: 20 | |
| - name: Build CLI packages | |
| run: pnpm build:cli | |
| - name: Publish preview packages | |
| run: | | |
| pnpm dlx pkg-pr-new publish \ | |
| './packages/@sanity/cli' \ | |
| './packages/@sanity/cli-core' \ | |
| './packages/@sanity/cli-test' \ | |
| './packages/@sanity/eslint-config-cli' \ | |
| --pnpm \ | |
| --json pkg-pr-new-output.json \ | |
| --comment=off \ | |
| --compact | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Create or update comment with commit SHA | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| const fs = require('node:fs'); | |
| const output = JSON.parse(fs.readFileSync('pkg-pr-new-output.json', 'utf8')); | |
| const sha = context.payload.pull_request?.head?.sha; | |
| const BOT_COMMENT_IDENTIFIER = '<!-- pkg.pr.new -->' | |
| const BACKTICKS = '```'; | |
| function renderPackages(pkgs) { | |
| return pkgs | |
| .map( | |
| (pkg) => | |
| `##### :package: \`${pkg.name}\` | |
| ${BACKTICKS}bash | |
| pnpm install ${pkg.url} | |
| ${BACKTICKS} | |
| `, | |
| ) | |
| .join('\n'); | |
| } | |
| const cliPackage = output.packages.find((p) => p.name === '@sanity/cli'); | |
| const shortSha = sha?.substring(0, 7) || 'unknown'; | |
| // Construct the full pkg.pr.new URL with repo path | |
| const cliUrl = `https://pkg.pr.new/${context.repo.owner}/${context.repo.repo}/@sanity/cli@${shortSha}`; | |
| const body = `## Preview this PR with [pkg.pr.new](https://pkg.pr.new) | |
| ### Run the Sanity CLI | |
| ${BACKTICKS}bash | |
| npx ${cliUrl} <command> | |
| ${BACKTICKS} | |
| ### ...Or upgrade project dependencies | |
| ${renderPackages(output.packages)} | |
| [View Commit](${`https://github.com/${context.repo.owner}/${context.repo.repo}/commit/${sha}`}) (${sha}) | |
| ${BOT_COMMENT_IDENTIFIER} | |
| `; | |
| async function findBotComment(issueNumber) { | |
| if (!issueNumber) return null; | |
| const comments = await github.rest.issues.listComments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: issueNumber, | |
| }); | |
| return comments.data.find((comment) => comment.body?.includes(BOT_COMMENT_IDENTIFIER)); | |
| } | |
| async function createOrUpdateComment(issueNumber) { | |
| if (!issueNumber) { | |
| console.log('No issue number provided. Cannot post or update comment.'); | |
| return; | |
| } | |
| const existingComment = await findBotComment(issueNumber); | |
| if (existingComment) { | |
| await github.rest.issues.updateComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: existingComment.id, | |
| body: body, | |
| }); | |
| } else { | |
| await github.rest.issues.createComment({ | |
| issue_number: issueNumber, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: body, | |
| }); | |
| } | |
| } | |
| if (context.eventName === 'pull_request') { | |
| await createOrUpdateComment(context.issue.number); | |
| } else { | |
| throw new Error('This job can only run for pull requests'); | |
| } |