# This action builds and deploys egui_demo_app on each pull request created
# Security notes:
# The preview deployment is split in two workflows, preview_build and preview_deploy.
# `preview_build` runs on pull_request, so it won't have any access to the repositories secrets, so it is safe to
# build / execute untrusted code.
# `preview_deploy` has access to the repositories secrets (so it can push to the pr preview repo) but won't run
# any untrusted code (it will just extract the build artifact and push it to the pages branch where it will
# automatically be deployed).

name: Preview Build

on:
  - pull_request

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: 1.88.0
          targets: wasm32-unknown-unknown
      - uses: Swatinem/rust-cache@v2
        with:
          prefix-key: "pr-preview-"

      - name: Install wasm-opt
        uses: sigoden/install-binary@v1
        with:
          repo: WebAssembly/binaryen
          tag: version_123
          name: wasm-opt

      - run: |
          scripts/build_demo_web.sh --release

      - name: Remove gitignore file
        # We need to remove the .gitignore, otherwise the deploy via git will not include the js and wasm files
        run: |
          rm -rf web_demo/.gitignore

      - uses: actions/upload-artifact@v4
        with:
          name: web_demo
          path: web_demo

      - name: Generate meta.json
        env:
          PR_NUMBER: ${{ github.event.number }}
          URL_SLUG: ${{ github.event.number }}-${{ github.head_ref }}
        run: |
          # Sanitize the URL_SLUG to only contain alphanumeric characters and dashes
          URL_SLUG=$(echo $URL_SLUG | tr -cd '[:alnum:]-')
          echo "{\"pr_number\": \"$PR_NUMBER\", \"url_slug\": \"$URL_SLUG\"}" > meta.json

      - uses: actions/upload-artifact@v4
        with:
          name: meta.json
          path: meta.json