Rework PR workflows to allow gh-action comments triggered by forks

.github/workflows/comment-pr.yaml

@@ -0,0 +1,106 @@
+name: Comment on the pull request
+
+# read-write repo token
+# access to secrets
+on:
+  workflow_run:
+    workflows: ["Receive PR"]
+    types:
+      - completed
+
+permissions:
+  pull-requests: write
+  actions: read
+
+jobs:
+  preview:
+    runs-on: ubuntu-latest
+    if: github.event.workflow_run.event == 'pull_request'
+    steps:
+      - name: Download artifact
+        id: download-artifact
+        uses: dawidd6/action-download-artifact@v6
+        with:
+          workflow: receive-pr.yaml
+          run_id: ${{ github.event.workflow_run.id }}
+          name: package
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          path: ./
+
+      - name: Extract artifact
+        run: tar -zxf package.tar.gz
+
+      - name: 'Get PR number'
+        id: get-pr-number
+        uses: actions/github-script@v6
+        with:
+          script: |
+            var fs = require('fs');
+            return Number(fs.readFileSync('./pr/NR'));
+
+      - name: Post comment with summary 
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const fs = require('fs');
+            const summary = fs.readFileSync("summary.txt", 'utf8');
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: ${{ steps.get-pr-number.outputs.result }},
+              body: summary 
+            });
+
+      - name: 'Extract the exit code of the check_keys script'
+        id: check-keys-exit-code 
+        uses: actions/github-script@v6
+        with:
+          script: |
+            var fs = require('fs');
+            return Number(fs.readFileSync('check_keys_exit_code.txt')); 
+
+      # Early exit if the check_keys script found problems
+      - name: 'Early exit on check_keys problems'
+        run: |
+          if [ "${{ steps.check-keys-exit-code.outputs.result }}" -ne 0 ]; then
+            exit 1
+          fi
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '20'
+
+      - name: Install surge
+        run: npm --global install surge
+
+      - name: Deploy PR preview
+        run: |
+          surge ./website ${{ github.repository_owner}}-oss-collection-preview-${{ steps.get-pr-number.outputs.result }}.surge.sh --token ${{ secrets.SURGE_TOKEN }}
+
+      - name: Post preview URL and artifact URL as a comment on PR
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const fs = require('fs');
+            const summary = fs.readFileSync("summary.txt", 'utf8');
+            const body = `# 🚀 PR preview \n Site URL: <https://${{ github.repository_owner}}-oss-collection-preview-${{ steps.get-pr-number.outputs.result }}.surge.sh>`
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: ${{ steps.get-pr-number.outputs.result }},
+              body: body 
+            });
+
+      - name: Post README.md as comment for preview
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const fs = require('fs');
+            const readme = fs.readFileSync("README.md", 'utf8');
+            const summary = `# 📄 Preview of generated README.md \n <details><summary>Preview</summary> \n \n ${readme} </details>`
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: ${{ steps.get-pr-number.outputs.result }},
+              body: summary 
+            });

.github/workflows/receive-pr.yaml

@@ -0,0 +1,59 @@
+name: Receive PR
+
+# read-only repo token
+# no access to secrets
+on:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Check keys of the projects.yaml file
+        run: |
+          python3 -m venv .venv
+          source .venv/bin/activate
+          pip3 install PyYAML
+          python3 check_keys.py > summary.txt
+
+      - name: Check status of key check (failed)
+        if: failure()
+        run: |
+          echo 1 > check_keys_exit_code.txt
+
+      - name: Check status of key check (success)
+        if: success()
+        run: |
+          echo 0 > check_keys_exit_code.txt
+
+      - name: Generate HTML site and README.md
+        run: |
+          python3 -m venv .venv
+          source .venv/bin/activate
+          pip3 install lxml
+          python3 init_site.py
+          rm website/base.html
+          python3 init_readme.py
+
+      - name: Save PR number
+        if: always()
+        run: |
+          mkdir -p ./pr
+          echo ${{ github.event.number }} > ./pr/NR
+
+      - name: Package artifacts
+        if: always()
+        run: tar -czf package.tar.gz ./pr/NR ./check_keys_exit_code.txt ./summary.txt ./website ./README.md
+
+      - name: Upload package as artifact 
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: package
+          path: package.tar.gz
+          retention-days: 14
+          overwrite: true