ci: add workflow for deploying temporary PR environments (#423)

Author: MickaelCa

.github/workflows/deploy-pr.yml

@@ -0,0 +1,141 @@
+name: Manage PR Temp Envs
+'on':
+  pull_request:
+    types:
+      - labeled
+      - unlabeled
+      - closed
+
+permissions:
+  contents: read
+  pull-requests: write
+
+env:
+  APP_NAME: gitingest
+  FLUX_OWNER: '${{ github.repository_owner }}'
+  FLUX_REPO: '${{ secrets.CR_FLUX_REPO }}'
+
+jobs:
+  deploy-pr-env:
+    if: >-
+      ${{ github.event.action == 'labeled' && github.event.label.name ==
+      'deploy-pr-temp-env' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create GitHub App token
+        uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: '${{ secrets.CR_APP_CI_APP_ID }}'
+          private-key: '${{ secrets.CR_APP_CI_PRIVATE_KEY }}'
+          owner: '${{ env.FLUX_OWNER }}'
+          repositories: '${{ env.FLUX_REPO }}'
+      - name: Checkout Flux repo
+        uses: actions/checkout@v4
+        with:
+          repository: '${{ env.FLUX_OWNER }}/${{ env.FLUX_REPO }}'
+          token: '${{ steps.app-token.outputs.token }}'
+          path: flux-repo
+          persist-credentials: false
+      - name: Export PR ID
+        run: 'echo "PR_ID=${{ github.event.pull_request.number }}" >> $GITHUB_ENV'
+        shell: bash
+      - name: Ensure template exists
+        run: >
+          T="flux-repo/pr-template/${APP_NAME}"
+
+          [[ -d "$T" ]] || { echo "Missing $T"; exit 1; }
+
+          [[ $(find "$T" -type f | wc -l) -gt 0 ]] || { echo "No files in $T";
+          exit 1; }
+        shell: bash
+      - name: Render & copy template
+        run: |
+          SRC="flux-repo/pr-template/${APP_NAME}"
+          DST="flux-repo/deployments/prs-${APP_NAME}/${PR_ID}"
+          mkdir -p "$DST"
+          cp -r "$SRC/." "$DST/"
+          find "$DST" -type f -print0 \
+            | xargs -0 -n1 sed -i "s|@PR-ID@|${PR_ID}|g"
+        shell: bash
+      - name: Sanity‑check rendered output
+        run: >
+          E=$(find "flux-repo/pr-template/${APP_NAME}" -type f | wc -l)
+
+          G=$(find "flux-repo/deployments/prs-${APP_NAME}/${PR_ID}" -type f | wc
+          -l)
+
+          (( G == E )) || { echo "Expected $E files, got $G"; exit 1; }
+        shell: bash
+      - name: Commit & push creation
+        run: >
+          cd flux-repo
+
+          git config user.name  "${{ steps.app-token.outputs.app-slug }}[bot]"
+
+          git config user.email "${{ steps.app-token.outputs.app-slug
+          }}[bot]@users.noreply.github.com"
+
+          git add .
+
+          git commit -m "chore(prs-${APP_NAME}): create temp env for PR #${{
+          env.PR_ID }} [skip ci]" || echo "Nothing to commit"
+
+          git remote set-url origin \
+            https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/${{ env.FLUX_OWNER }}/${{ env.FLUX_REPO }}.git
+          git push origin HEAD:main
+        shell: bash
+
+  remove-pr-env:
+    if: >-
+      (github.event.action == 'unlabeled' && github.event.label.name ==
+      'deploy-pr-temp-env') || (github.event.action == 'closed' &&
+      github.event.pull_request.merged == true)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create GitHub App token
+        uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: '${{ secrets.CR_APP_CI_APP_ID }}'
+          private-key: '${{ secrets.CR_APP_CI_PRIVATE_KEY }}'
+          owner: '${{ env.FLUX_OWNER }}'
+          repositories: '${{ env.FLUX_REPO }}'
+      - name: Checkout Flux repo
+        uses: actions/checkout@v4
+        with:
+          repository: '${{ env.FLUX_OWNER }}/${{ env.FLUX_REPO }}'
+          token: '${{ steps.app-token.outputs.token }}'
+          path: flux-repo
+          persist-credentials: false
+      - name: Export PR ID
+        run: 'echo "PR_ID=${{ github.event.pull_request.number }}" >> $GITHUB_ENV'
+        shell: bash
+      - name: Remove deployed directory
+        run: |
+          DST="flux-repo/deployments/prs-${APP_NAME}/${PR_ID}"
+          if [[ -d "$DST" ]]; then
+            rm -rf "$DST"
+            echo "✅ Deleted $DST"
+          else
+            echo "⏭️ Nothing to delete at $DST"
+          fi
+        shell: bash
+      - name: Commit & push deletion
+        run: >
+          cd flux-repo
+
+          git config user.name  "${{ steps.app-token.outputs.app-slug }}[bot]"
+
+          git config user.email "${{ steps.app-token.outputs.app-slug
+          }}[bot]@users.noreply.github.com"
+
+          git add -A
+
+          git commit -m "chore(prs-${APP_NAME}): remove temp env for PR #${{
+          env.PR_ID }} [skip ci]" || echo "Nothing to commit"
+
+          git remote set-url origin \
+            https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/${{ env.FLUX_OWNER }}/${{ env.FLUX_REPO }}.git
+          git push origin HEAD:main
+        shell: bash

.github/workflows/docker_image.yml

@@ -1,4 +1,5 @@
 name: Build & Push Container
+
 on:
   push:
     branches:
@@ -16,8 +17,14 @@ concurrency:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
-  # Set to 'true' to allow pushing container from pull requests with the label 'push-container'
-  PUSH_FROM_PR: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'push-container') }}
+  # Now allow pushing from PRs when either 'push-container' OR 'deploy-pr-temp-env' is present:
+  PUSH_FROM_PR: >-
+    ${{ github.event_name == 'pull_request' &&
+       (
+         contains(github.event.pull_request.labels.*.name, 'push-container') ||
+         contains(github.event.pull_request.labels.*.name, 'deploy-pr-temp-env')
+       )
+    }}
 
 jobs:
   docker-build: