From 6784f5553e85625e6dd298a8019bdcd8ed56fcd4 Mon Sep 17 00:00:00 2001
From: Thomas Bouffard <27200110+tbouffard@users.noreply.github.com>
Date: Thu, 18 Apr 2024 13:18:41 +0200
Subject: [PATCH] ci: make workflows better work for PR created from forked
 repo (#225)

"contribution checks"
The workflow now runs on `pull_request_target` events.
There are no security issues here. Checks are made only on the updated
PR file without doing any tool installation, cache update or branch
check. Only the GitHub API is used.
Using this event allows you to create a PR comment when the PR is
created from a forked repository.

"build preview" and "references validation" workflows.
The content of the branch of the fork is now correctly used. Previously,
the branch of the fork wasn't found by Antora, so the content of the
generated site was empty.

### Notes

Covers
https://github.com/bonitasoft/bonita-documentation-site/issues/402
Covers
https://github.com/bonitasoft/bonita-documentation-site/issues/685
---
 .github/workflows/build-pr-preview.yml    | 12 +-----------
 .github/workflows/contribution-checks.yml |  4 ++--
 2 files changed, 3 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/build-pr-preview.yml b/.github/workflows/build-pr-preview.yml
index b72b392e..d32a2acb 100644
--- a/.github/workflows/build-pr-preview.yml
+++ b/.github/workflows/build-pr-preview.yml
@@ -6,22 +6,12 @@ on:
       - 'modules/**'
       - 'antora.yml'
       - '.github/workflows/build-pr-preview.yml'
-
 jobs:
   validate_xref:
     runs-on: ubuntu-22.04
-    env:
-      COMPONENT_NAME: bcd
-      COMPONENT_BRANCH_NAME: ${{ github.head_ref }}
-      COMPONENT_VERSION: ${{ github.base_ref }} # The base_ref or target branch of the pull request in a workflow run.
     steps:
       - name: Validate xref
         uses: bonitasoft/bonita-documentation-site/.github/actions/build-pr-site/@master
         with:
-          # '>' Replace newlines with spaces (folded)
-          # '-' No newline at end (strip)
-          build-preview-command: >-
-            ./build-preview.bash
-            --component "${{ env.COMPONENT_NAME }}"
-            --branch "${{ env.COMPONENT_BRANCH_NAME }}"
+          component-name: bcd
           fail-on-warning: true
diff --git a/.github/workflows/contribution-checks.yml b/.github/workflows/contribution-checks.yml
index 2a0d3f9e..72c17ca0 100644
--- a/.github/workflows/contribution-checks.yml
+++ b/.github/workflows/contribution-checks.yml
@@ -1,10 +1,10 @@
 name: Contribution checks
 
 on:
-  pull_request:
+  pull_request_target:
 
 jobs:
   check_antora_content_guidelines:
     permissions:
       pull-requests: write # "pr-antora-content-guidelines-checker" write PR comments when the PR doesn't match the "Guidelines"
-    uses: bonitasoft/bonita-documentation-site/.github/workflows/_reusable_pr-antora-content-guidelines-checker.yml@master
\ No newline at end of file
+    uses: bonitasoft/bonita-documentation-site/.github/workflows/_reusable_pr-antora-content-guidelines-checker.yml@master