From 3e3039da52051071677ef9a026be1aa0ec35ee0f Mon Sep 17 00:00:00 2001
From: Thomas Bouffard <27200110+tbouffard@users.noreply.github.com>
Date: Thu, 18 Apr 2024 11:53:31 +0200
Subject: [PATCH] ci: make workflows better work for PR created from forked
 repo

"contribution checks"
The workflow now runs on `pull_request_target` events.
There is no security issue here. The checks are done only on the updated file of the PR without
doing tool installation, cache update or branch checkout. Only the GitHub API is used.
Using this event lets create a PR comment when the PR is created from a forked repository.

"build preview" and "references validation" workflows.
The content of the branch of the fork is now correctly used. Previously, the branch of the fork
wasn't found by Antora, so the content of the generated site was empty.
---
 .github/workflows/build-pr-preview.yml    | 12 +-----------
 .github/workflows/contribution-checks.yml |  4 ++--
 2 files changed, 3 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/build-pr-preview.yml b/.github/workflows/build-pr-preview.yml
index b72b392e..d32a2acb 100644
--- a/.github/workflows/build-pr-preview.yml
+++ b/.github/workflows/build-pr-preview.yml
@@ -6,22 +6,12 @@ on:
       - 'modules/**'
       - 'antora.yml'
       - '.github/workflows/build-pr-preview.yml'
-
 jobs:
   validate_xref:
     runs-on: ubuntu-22.04
-    env:
-      COMPONENT_NAME: bcd
-      COMPONENT_BRANCH_NAME: ${{ github.head_ref }}
-      COMPONENT_VERSION: ${{ github.base_ref }} # The base_ref or target branch of the pull request in a workflow run.
     steps:
       - name: Validate xref
         uses: bonitasoft/bonita-documentation-site/.github/actions/build-pr-site/@master
         with:
-          # '>' Replace newlines with spaces (folded)
-          # '-' No newline at end (strip)
-          build-preview-command: >-
-            ./build-preview.bash
-            --component "${{ env.COMPONENT_NAME }}"
-            --branch "${{ env.COMPONENT_BRANCH_NAME }}"
+          component-name: bcd
           fail-on-warning: true
diff --git a/.github/workflows/contribution-checks.yml b/.github/workflows/contribution-checks.yml
index 2a0d3f9e..72c17ca0 100644
--- a/.github/workflows/contribution-checks.yml
+++ b/.github/workflows/contribution-checks.yml
@@ -1,10 +1,10 @@
 name: Contribution checks
 
 on:
-  pull_request:
+  pull_request_target:
 
 jobs:
   check_antora_content_guidelines:
     permissions:
       pull-requests: write # "pr-antora-content-guidelines-checker" write PR comments when the PR doesn't match the "Guidelines"
-    uses: bonitasoft/bonita-documentation-site/.github/workflows/_reusable_pr-antora-content-guidelines-checker.yml@master
\ No newline at end of file
+    uses: bonitasoft/bonita-documentation-site/.github/workflows/_reusable_pr-antora-content-guidelines-checker.yml@master