chore(workflow): add validation logic for deploy-demo and deploy-documentation workflows

.github/workflows/deploy-demo.yaml

@@ -27,32 +27,59 @@ jobs:
       - name: Checkout
         uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
         with:
-          ref: ${{ github.event.workflow_run.head_branch }}
-
+          ref: main
       - name: Setup
         uses: ./.github/actions/setup-pnpm
-
       - name: Download build artifacts
         uses: ./.github/actions/artifact-download
         id: build
         with:
           name: design-system-demo
           folder: build-output
+      - name: Validate issue number
+        id: validate
+        uses: actions/github-script@v6
+        with:
+          env:
+            RAW_ID: ${{ steps.build.outputs.id }}
+          script: |
+            const rawId = process.env.RAW_ID;
+            if (!/^\d{1,10}$/.test(rawId)) {
+              core.setFailed('Invalid issue number format - must be 1-10 digits');
+              return;
+            }
+            core.setOutput('safe_id', rawId);
 
       - name: Deploy demo app to netlify
+        if: steps.validate.outcome == 'success'
         uses: swisspost/design-system/.github/actions/deploy-to-netlify@release/v8
         id: deploy
         with:
-          id: ${{ steps.build.outputs.id }}
+          id: ${{ steps.validate.outputs.safe_id }}
           netlify_auth_token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
           netlify_site_id: ${{ secrets.NETLIFY_SITE_ID }}
           netlify_site_url: swisspost-web-frontend.netlify.app
           folder: ${{ steps.build.outputs.folder }}
           package_name: '@swisspost/design-system-demo'
-
       - name: Update preview message
-        uses: ./.github/actions/preview/message/update
+        if: steps.validate.outcome == 'success' && steps.deploy.outcome == 'success'
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
         with:
-          access-token: ${{ secrets.SWISSPOSTDEVS_ACCESS_TOKEN }}
-          issue-number: ${{ steps.build.outputs.id }}
-          preview-url: ${{ steps.deploy.outputs.preview-url }}
+          github-token: ${{ secrets.SWISSPOSTDEVS_ACCESS_TOKEN }}
+          env:
+            SAFE_ID: ${{ steps.validate.outputs.safe_id }}
+            PREVIEW_URL: ${{ steps.deploy.outputs.preview-url }}
+          script: |
+            const issueNumber = Number(process.env.SAFE_ID);
+            const previewUrl = process.env.PREVIEW_URL;
+
+            if (!Number.isInteger(issueNumber) || issueNumber <= 0) {
+              core.setFailed('Invalid issue number');
+              return;
+            }
+
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: issueNumber,
+              body: `✅ Preview deployment is ready!\n\n[Preview URL](${previewUrl})`

.github/workflows/deploy-documentation.yaml

@@ -39,25 +39,63 @@ jobs:
 
       - name: Get netlify config
         id: netlify-config
-        uses: actions/github-script@e7aeb8c663f696059ebb5f9ab1425ed2ef511bdb
-        with:
-          script: |
-            const fs = require('fs')
-            return JSON.parse(fs.readFileSync('./${{ steps.build.outputs.folder }}/netlify.config.json', 'utf8'))
+        run: |
+          if [[ ! -f "${{ steps.build.outputs.folder }}/netlify.config.json" ]]; then
+            echo "Error: Netlify config file missing"
+            exit 1
+          fi
+
+          CONFIG=$(cat "${{ steps.build.outputs.folder }}/netlify.config.json")
+          echo "result=$CONFIG" >> $GITHUB_OUTPUT
+
+      - name: Validate netlify config
+        run: |
+          CONFIG=$(cat "${{ steps.build.outputs.folder }}/netlify.config.json")
+
+          SITE_ID=$(echo "$CONFIG" | grep -o '"siteId"[[:space:]]*:[[:space:]]*"[^"]*"' | sed 's/"siteId"[[:space:]]*:[[:space:]]*"\([^"]*\)"/\1/')
+          SITE_URL=$(echo "$CONFIG" | grep -o '"siteUrl"[[:space:]]*:[[:space:]]*"[^"]*"' | sed 's/"siteUrl"[[:space:]]*:[[:space:]]*"\([^"]*\)"/\1/')
+
+          if [[ -z "$SITE_ID" || -z "$SITE_URL" ]]; then
+            echo "Error: Invalid netlify config"
+            exit 1
+          fi
+
+          if ! [[ "$SITE_ID" =~ ^[a-zA-Z0-9-]+$ ]]; then
+            echo "Error: Invalid site ID format"
+            exit 1
+          fi
+
+          if ! [[ "$SITE_URL" =~ ^[a-zA-Z0-9.-]+$ ]]; then
+            echo "Error: Invalid site URL format" 
+            exit 1
+          fi
+
+          echo "SITE_ID=$SITE_ID" >> $GITHUB_ENV
+          echo "SITE_URL=$SITE_URL" >> $GITHUB_ENV
 
       - name: Remove netlify.config.json from artifact folder
         run: rm ${{ steps.build.outputs.folder }}/netlify.config.json
 
+      - name: Create URL alias
+        env:
+          BUILD_ID: ${{ steps.build.outputs.id }}
+        run: |
+          url_alias=$(echo "preview-$BUILD_ID" | iconv -t ascii//TRANSLIT | sed -E 's/[~\^]+//g' | sed -E 's/[^a-zA-Z0-9]+/-/g' | sed -E 's/^-+\|-+$//g' | sed -E 's/^-+//g' | sed -E 's/-+$//g' | tr A-Z a-z)
+          echo "URL_ALIAS=$url_alias" >> $GITHUB_ENV
+
+          preview_url="https://${url_alias}--${SITE_URL}"
+          echo "PREVIEW_URL=$preview_url" >> $GITHUB_ENV
+
       - name: Deploy Documentation Preview
         id: deploy
         env:
           NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
-          NETLIFY_SITE_ID: ${{ fromJSON(steps.netlify-config.outputs.result).siteId }}
-        # run command taken from https://gist.github.com/oneohthree/f528c7ae1e701ad990e6, shortened to 28 chars, prepended with build-number
+          NETLIFY_SITE_ID: ${{ env.SITE_ID }}
+          URL_ALIAS: ${{ env.URL_ALIAS }}
+          FOLDER: ${{ steps.build.outputs.folder }}
         run: |
-          url_alias=`echo "preview-${{ steps.build.outputs.id }}" | iconv -t ascii//TRANSLIT | sed -E 's/[~\^]+//g' | sed -E 's/[^a-zA-Z0-9]+/-/g' | sed -E 's/^-+\|-+$//g' | sed -E 's/^-+//g' | sed -E 's/-+$//g' | tr A-Z a-z`
-          echo "site-url=https://$url_alias--${{ fromJSON(steps.netlify-config.outputs.result).siteUrl }}" >> $GITHUB_OUTPUT
-          netlify deploy --filter @swisspost/design-system-documentation --dir ${{ steps.build.outputs.folder }} --alias $url_alias
+          netlify deploy --filter @swisspost/design-system-documentation --dir "$FOLDER" --alias "$URL_ALIAS"
+          echo "site-url=$PREVIEW_URL" >> $GITHUB_OUTPUT
 
       - name: Update preview message
         uses: ./.github/actions/preview/message/update
@@ -67,14 +105,10 @@ jobs:
           preview-url: ${{ steps.deploy.outputs.site-url }}
 
       - name: Create Summary
-        id: summary
-        uses: actions/github-script@e7aeb8c663f696059ebb5f9ab1425ed2ef511bdb
-        with:
-          script: |
-            return `# Deployed Documentation Preview
-            - SiteId: <code>${{ fromJSON(steps.netlify-config.outputs.result).siteId }}</code>
-            - SiteUrl: ${{ steps.deploy.outputs.site-url }}
-            `
-
-      - name: Output Summary
-        run: echo -e ${{ steps.summary.outputs.result }} >> $GITHUB_STEP_SUMMARY
+        env:
+          SITE_ID: ${{ env.SITE_ID }}
+          SITE_URL: ${{ steps.deploy.outputs.site-url }}
+        run: |
+          echo "# Deployed Documentation Preview" >> $GITHUB_STEP_SUMMARY
+          echo "- SiteId: <code>${SITE_ID}</code>" >> $GITHUB_STEP_SUMMARY
+          echo "- SiteUrl: ${SITE_URL}" >> $GITHUB_STEP_SUMMARY