.github/workflows/build-pr.yml

name: 🛠️ Build PR Preview

on:
  pull_request:

concurrency:
  group: ${{github.event.pull_request.head.ref}}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  metadata:
    runs-on: ubuntu-latest
    outputs:
      submodules: ${{ steps.submodules-fork.outputs.submodules || steps.submodules-main.outputs.submodules }}
      privileged: ${{ steps.submodules-fork.outputs.privileged || steps.submodules-main.outputs.privileged }}
    env:
      ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
    steps:
      - name: Set submodules for fork
        if: env.ACTIONS_SSH_KEY == ''
        id: submodules-fork
        run: |
          echo 'submodules={"repo":["brand","i18n"]}' >> "$GITHUB_OUTPUT"
          echo "privileged=false" >> "$GITHUB_OUTPUT"

      - name: Set submodules for main repo
        if: env.ACTIONS_SSH_KEY != ''
        id: submodules-main
        run: |
          echo 'submodules={"repo":["brand","i18n","mkdocs-material-insiders"]}' >> "$GITHUB_OUTPUT"
          echo "privileged=true" >> "$GITHUB_OUTPUT"

      - name: Save PR metadata
        run: |
          mkdir -p ./metadata
          echo ${{ github.event.number }} > ./metadata/NR
          echo ${{ github.event.pull_request.head.sha }} > ./metadata/SHA

      - name: Upload metadata as artifact
        uses: actions/upload-artifact@v4
        with:
          name: metadata
          path: metadata

  submodule:
    needs: metadata
    strategy:
      matrix: ${{ fromJson(needs.metadata.outputs.submodules) }}
    uses: privacyguides/.github/.github/workflows/download-repo.yml@main
    with:
      repo: ${{ matrix.repo }}
      privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
    secrets:
      ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}

  build_english:
    needs: [submodule, metadata]
    strategy:
      matrix:
        lang: [en]
      fail-fast: true
    uses: ./.github/workflows/build.yml
    with:
      ref: ${{github.event.pull_request.head.ref}}
      repo: ${{github.event.pull_request.head.repo.full_name}}
      lang: en
      continue-on-error: false
      privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}

  build_i18n:
    if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build i18n') }}
    needs: [submodule, metadata]
    strategy:
      matrix:
        lang: [es, fr, he, it, nl, ru, zh-Hant]
      fail-fast: false
    uses: ./.github/workflows/build.yml
    with:
      ref: ${{github.event.pull_request.head.ref}}
      repo: ${{github.event.pull_request.head.repo.full_name}}
      lang: ${{ matrix.lang }}
      continue-on-error: true
      privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}

  combine_build:
    needs: [build_english, build_i18n]
    if: |
      (always() && !cancelled() && !failure()) &&
      needs.build_english.result == 'success' &&
      (needs.build_i18n.result == 'success' || needs.build_i18n.result == 'skipped')

    runs-on: ubuntu-latest
    steps:
      - uses: actions/download-artifact@v4
        with:
          pattern: site-build-*
          merge-multiple: true

      - run: |
          for file in *.tar.gz; do tar -zxf "$file"; done
          ls -la site/

      - name: Upload Site
        uses: actions/upload-artifact@v4
        with:
          name: site-build-combined
          path: site
          retention-days: 5

  cleanup:
    if: ${{ always() }}
    needs: [build_english, build_i18n]
    uses: privacyguides/.github/.github/workflows/cleanup.yml@main