From 1f35f71d4155e85f7ed4492899c85eb481928cf3 Mon Sep 17 00:00:00 2001
From: Devansh <dkansagra04@gmail.com>
Date: Fri, 8 Nov 2024 00:55:59 +0530
Subject: [PATCH 1/4] Added a validation check for pr approval in the deploy-pr
 workflow

---
 .github/workflows/build-pr.yml  |  9 ++++++++
 .github/workflows/deploy-pr.yml | 38 +++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
index 66c97af32..4479d059e 100644
--- a/.github/workflows/build-pr.yml
+++ b/.github/workflows/build-pr.yml
@@ -46,6 +46,15 @@ jobs:
         run: yarn build
         working-directory: packages/docs/
 
+      - name: Save PR Number
+        run: echo "${{ github.event.pull_request.number }}" > pr_number.txt
+
+      - name: Upload PR Number Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: pr-number
+          path: pr_number.txt
+
       - name: Prepare Build Folder
         run: |
           mkdir -p build/pulls/pr-${{github.event.pull_request.number}}/
diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
index 4f687507d..f4180c30d 100644
--- a/.github/workflows/deploy-pr.yml
+++ b/.github/workflows/deploy-pr.yml
@@ -16,6 +16,44 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+
+      - name: Download PR Number Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: pr-number
+          path: .
+          github-token: ${{github.token}}
+          repository: ${{github.repository}}
+          run-id: ${{github.event.workflow_run.id}}
+
+      - name: Check PR Approval Status
+        id: approval_check
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          PR_NUMBER=$(cat pr_number.txt)
+
+          RESPONSE=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
+            "https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER/reviews")
+
+          if ! echo "$RESPONSE" | jq . > /dev/null 2>&1; then
+            echo "Error: Invalid JSON response from GitHub API."
+            exit 1
+          fi
+
+          LATEST_REVIEW=$(echo "$RESPONSE" | jq 'sort_by(.submitted_at) | last')
+
+          STATE=$(echo "$LATEST_REVIEW" | jq -r '.state')
+          AUTHOR_ASSOCIATION=$(echo "$LATEST_REVIEW" | jq -r '.author_association')
+
+          echo "Latest review state: $STATE"
+          echo "Author association: $AUTHOR_ASSOCIATION"
+
+          if [ "$STATE" != "APPROVED" ] || { [ "$AUTHOR_ASSOCIATION" != "COLLABORATOR" ] && [ "$AUTHOR_ASSOCIATION" != "OWNER" ]; }; then
+            echo "The latest review is not an approved review from a collaborator or owner. Exiting."
+            exit 1
+          fi
+
       - uses: actions/download-artifact@v4
         with:
           name: github-pages

From 1f5c2fb9fdb95cfdadce34d0e3e8c9ee4ae9c501 Mon Sep 17 00:00:00 2001
From: Devansh <dkansagra04@gmail.com>
Date: Fri, 8 Nov 2024 01:19:09 +0530
Subject: [PATCH 2/4] Added success() call in downloading artifact and deploy
 to github-pages steps

---
 .github/workflows/deploy-pr.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
index f4180c30d..35552ccdf 100644
--- a/.github/workflows/deploy-pr.yml
+++ b/.github/workflows/deploy-pr.yml
@@ -55,6 +55,7 @@ jobs:
           fi
 
       - uses: actions/download-artifact@v4
+        if: success()
         with:
           name: github-pages
           path: build/
@@ -63,6 +64,7 @@ jobs:
           run-id: ${{github.event.workflow_run.id}}
 
       - name: Deploy to GitHub Pages
+        if: success()
         uses: crazy-max/ghaction-github-pages@v2
         with:
           target_branch: gh-deploy

From dcaf29feeab2d3437788bd0467c66b5b4e5f1729 Mon Sep 17 00:00:00 2001
From: Devansh <dkansagra04@gmail.com>
Date: Fri, 15 Nov 2024 09:18:25 +0530
Subject: [PATCH 3/4] Used Github API to get the pull request number in
 deploy-pr workflow

---
 .github/workflows/build-pr.yml  |  9 ---------
 .github/workflows/deploy-pr.yml | 20 ++++++++++----------
 2 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
index 4479d059e..66c97af32 100644
--- a/.github/workflows/build-pr.yml
+++ b/.github/workflows/build-pr.yml
@@ -46,15 +46,6 @@ jobs:
         run: yarn build
         working-directory: packages/docs/
 
-      - name: Save PR Number
-        run: echo "${{ github.event.pull_request.number }}" > pr_number.txt
-
-      - name: Upload PR Number Artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: pr-number
-          path: pr_number.txt
-
       - name: Prepare Build Folder
         run: |
           mkdir -p build/pulls/pr-${{github.event.pull_request.number}}/
diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
index 35552ccdf..a0c5ad3e8 100644
--- a/.github/workflows/deploy-pr.yml
+++ b/.github/workflows/deploy-pr.yml
@@ -16,22 +16,22 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-
-      - name: Download PR Number Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: pr-number
-          path: .
-          github-token: ${{github.token}}
-          repository: ${{github.repository}}
-          run-id: ${{github.event.workflow_run.id}}
+      - name: Get Pull Request Number
+        id: get_pr_number
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          PR_NUMBER=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
+            "https://api.github.com/repos/${{ github.repository }}/pulls?head=${{ github.repository_owner }}:${{ github.head_ref }}" \
+            | jq -r '.[0].number')
+          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
 
       - name: Check PR Approval Status
         id: approval_check
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          PR_NUMBER=$(cat pr_number.txt)
+          PR_NUMBER=${{ env.PR_NUMBER }}
 
           RESPONSE=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
             "https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER/reviews")

From 21c2cf18683255c7d0c62d14548bab6333764741 Mon Sep 17 00:00:00 2001
From: Devansh <dkansagra04@gmail.com>
Date: Sat, 16 Nov 2024 20:03:50 +0530
Subject: [PATCH 4/4] fetching pr number using github user reference

---
 .github/workflows/build-pr.yml  | 11 ++++++++++-
 .github/workflows/deploy-pr.yml | 20 +++++++++++++++-----
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
index 66c97af32..940999222 100644
--- a/.github/workflows/build-pr.yml
+++ b/.github/workflows/build-pr.yml
@@ -12,7 +12,7 @@ env:
   LAYOUT_EDITOR_BASE_URL: "/EmbeddedChat/pulls/pr-${{github.event.pull_request.number}}/layout_editor"
   DOCS_BASE_URL: "/EmbeddedChat/pulls/pr-${{github.event.pull_request.number}}/docs"
   STORYBOOK_RC_HOST: "https://demo.qa.rocket.chat"
-  
+
 jobs:
   build:
     if: github.event.review.state == 'approved' && (github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'OWNER')
@@ -22,6 +22,15 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
 
+      - name: Get user
+        run: echo "${{ github.event.pull_request.head.repo.owner.login }}" > user.txt
+
+      - name: Upload Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: user
+          path: user.txt
+
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
index a0c5ad3e8..c999c5173 100644
--- a/.github/workflows/deploy-pr.yml
+++ b/.github/workflows/deploy-pr.yml
@@ -1,28 +1,38 @@
 name: Deploy PR-Preview
-
 on:
   workflow_run:
     workflows: ["Build PR-Preview"]
     types:
       - completed
-
 permissions:
   contents: write
   pages: write
-
 jobs:
   deploy:
     if: github.event.workflow_run.conclusion == 'success'
     runs-on: ubuntu-latest
-
     steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: user
+          path: .
+          github-token: ${{github.token}}
+          repository: ${{github.repository}}
+          run-id: ${{github.event.workflow_run.id}}
+
+      - name: Get user
+        id: get_user
+        run: |
+          USER=$(cat user.txt)
+          echo "USER=$USER" >> $GITHUB_ENV
+
       - name: Get Pull Request Number
         id: get_pr_number
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           PR_NUMBER=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
-            "https://api.github.com/repos/${{ github.repository }}/pulls?head=${{ github.repository_owner }}:${{ github.head_ref }}" \
+             "https://api.github.com/repos/${{ github.repository }}/pulls?head=${{env.USER}}:${{ github.event.workflow_run.head_branch }}" \
             | jq -r '.[0].number')
           echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV