From ec54e00f6a345be993aa88a277677dccd0da6543 Mon Sep 17 00:00:00 2001
From: Denis Ah-Kang <denis@w3.org>
Date: Thu, 17 Oct 2024 11:07:49 +0400
Subject: [PATCH 1/3] add action to deploy assets from PR and delete them when
 the PR is closed

---
 .github/workflows/deploy-pr.yml | 41 +++++++++++++++++++++++++++++++++
 .github/workflows/pr-merged.yml | 27 ++++++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 .github/workflows/deploy-pr.yml
 create mode 100644 .github/workflows/pr-merged.yml

diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
new file mode 100644
index 00000000..6303d32d
--- /dev/null
+++ b/.github/workflows/deploy-pr.yml
@@ -0,0 +1,41 @@
+on:
+  pull_request_target:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  build_css:
+    runs-on: ubuntu-latest
+    env:
+      source: public/dist/assets
+      destination: test/assets/website-2021/pr-${{ github.event.number }}/
+    steps:
+      - name: Checkout source Git branch
+        uses: actions/checkout@v2
+
+      - name: Use Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+
+      - name: Install npm modules
+        run: npm install
+
+      - name: compile assets
+        run: npm run build
+
+      - name: Upload to cdn.w3.org bucket
+        if: success()
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_REGION: 'us-east-1'
+        run:
+          aws s3 sync --no-progress ${{ env.source }} s3://cdn-dev.w3.org/${{ env.destination }}
+
+      - name: Purge cache for www.w3.org
+        uses: nathanvaughn/actions-cloudflare-purge@master
+        if: success()
+        with:
+          cf_zone: ${{ secrets.CLOUDFLARE_ZONE }}
+          cf_auth: ${{ secrets.CLOUDFLARE_CACHEPURGE_TOKEN }}
+          prefixes: www.w3.org/${{ env.destination }}
diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml
new file mode 100644
index 00000000..0ccd097c
--- /dev/null
+++ b/.github/workflows/pr-merged.yml
@@ -0,0 +1,27 @@
+on:
+  pull_request_target:
+    types:
+      - closed
+
+jobs:
+  delete_assets:
+    runs-on: ubuntu-latest
+    env:
+      destination: test/assets/website-2021/pr-${{ github.event.number }}/
+    steps:
+      - name: Delete PR assets from the cdn.w3.org bucket
+        if: success()
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_REGION: 'us-east-1'
+        run:
+          aws s3 rm --recursive  s3://cdn-dev.w3.org/${{ env.destination }}
+
+      - name: Purge cache for www.w3.org
+        uses: nathanvaughn/actions-cloudflare-purge@master
+        if: success()
+        with:
+          cf_zone: ${{ secrets.CLOUDFLARE_ZONE }}
+          cf_auth: ${{ secrets.CLOUDFLARE_CACHEPURGE_TOKEN }}
+          prefixes: www.w3.org/${{ env.destination }}

From ad3115c3588e747d8ebc2fbba9c8d6c765692ba9 Mon Sep 17 00:00:00 2001
From: Denis Ah-Kang <denis@w3.org>
Date: Thu, 17 Oct 2024 12:01:44 +0400
Subject: [PATCH 2/3] use cdn.w3.org

---
 .github/workflows/deploy-pr.yml | 7 +++++--
 .github/workflows/pr-merged.yml | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
index 6303d32d..4cd24d19 100644
--- a/.github/workflows/deploy-pr.yml
+++ b/.github/workflows/deploy-pr.yml
@@ -7,10 +7,13 @@ jobs:
     runs-on: ubuntu-latest
     env:
       source: public/dist/assets
-      destination: test/assets/website-2021/pr-${{ github.event.number }}/
+      destination: assets/website-2021/pr-${{ github.event.number }}/
     steps:
       - name: Checkout source Git branch
         uses: actions/checkout@v2
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          persist-credentials: false
 
       - name: Use Node.js
         uses: actions/setup-node@v2
@@ -30,7 +33,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_REGION: 'us-east-1'
         run:
-          aws s3 sync --no-progress ${{ env.source }} s3://cdn-dev.w3.org/${{ env.destination }}
+          aws s3 sync --no-progress ${{ env.source }} s3://cdn.w3.org/${{ env.destination }}
 
       - name: Purge cache for www.w3.org
         uses: nathanvaughn/actions-cloudflare-purge@master
diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml
index 0ccd097c..00124923 100644
--- a/.github/workflows/pr-merged.yml
+++ b/.github/workflows/pr-merged.yml
@@ -7,7 +7,7 @@ jobs:
   delete_assets:
     runs-on: ubuntu-latest
     env:
-      destination: test/assets/website-2021/pr-${{ github.event.number }}/
+      destination: assets/website-2021/pr-${{ github.event.number }}/
     steps:
       - name: Delete PR assets from the cdn.w3.org bucket
         if: success()
@@ -16,7 +16,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_REGION: 'us-east-1'
         run:
-          aws s3 rm --recursive  s3://cdn-dev.w3.org/${{ env.destination }}
+          aws s3 rm --recursive  s3://cdn.w3.org/${{ env.destination }}
 
       - name: Purge cache for www.w3.org
         uses: nathanvaughn/actions-cloudflare-purge@master

From dd3a5ddb4171d6de3948bb4485b8a8d50c214240 Mon Sep 17 00:00:00 2001
From: Denis Ah-Kang <denis@w3.org>
Date: Thu, 17 Oct 2024 12:08:07 +0400
Subject: [PATCH 3/3] better use cdn-dev.w3.org for security reasons

---
 .github/workflows/deploy-pr.yml | 12 ++----------
 .github/workflows/pr-merged.yml | 12 ++----------
 2 files changed, 4 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
index 4cd24d19..dc3cdd83 100644
--- a/.github/workflows/deploy-pr.yml
+++ b/.github/workflows/deploy-pr.yml
@@ -26,19 +26,11 @@ jobs:
       - name: compile assets
         run: npm run build
 
-      - name: Upload to cdn.w3.org bucket
+      - name: Upload to cdn-dev.w3.org bucket
         if: success()
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_REGION: 'us-east-1'
         run:
-          aws s3 sync --no-progress ${{ env.source }} s3://cdn.w3.org/${{ env.destination }}
-
-      - name: Purge cache for www.w3.org
-        uses: nathanvaughn/actions-cloudflare-purge@master
-        if: success()
-        with:
-          cf_zone: ${{ secrets.CLOUDFLARE_ZONE }}
-          cf_auth: ${{ secrets.CLOUDFLARE_CACHEPURGE_TOKEN }}
-          prefixes: www.w3.org/${{ env.destination }}
+          aws s3 sync --no-progress ${{ env.source }} s3://cdn-dev.w3.org/${{ env.destination }}
diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml
index 00124923..ef4f4742 100644
--- a/.github/workflows/pr-merged.yml
+++ b/.github/workflows/pr-merged.yml
@@ -9,19 +9,11 @@ jobs:
     env:
       destination: assets/website-2021/pr-${{ github.event.number }}/
     steps:
-      - name: Delete PR assets from the cdn.w3.org bucket
+      - name: Delete PR assets from the cdn-dev.w3.org bucket
         if: success()
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_REGION: 'us-east-1'
         run:
-          aws s3 rm --recursive  s3://cdn.w3.org/${{ env.destination }}
-
-      - name: Purge cache for www.w3.org
-        uses: nathanvaughn/actions-cloudflare-purge@master
-        if: success()
-        with:
-          cf_zone: ${{ secrets.CLOUDFLARE_ZONE }}
-          cf_auth: ${{ secrets.CLOUDFLARE_CACHEPURGE_TOKEN }}
-          prefixes: www.w3.org/${{ env.destination }}
+          aws s3 rm --recursive  s3://cdn-dev.w3.org/${{ env.destination }}