From 8016b340b00d7a1ca264b82db2adf43f64bfe843 Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Wed, 11 Aug 2021 21:20:28 +0100
Subject: [PATCH] Just upload the PR object itself

We don't know what secret info might end up in the context
---
 .github/workflows/layered-build.yaml |  8 ++++----
 .github/workflows/netflify.yaml      | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/layered-build.yaml b/.github/workflows/layered-build.yaml
index 1474338a16..c9d7e89a75 100644
--- a/.github/workflows/layered-build.yaml
+++ b/.github/workflows/layered-build.yaml
@@ -20,12 +20,12 @@ jobs:
               with:
                 script: |
                     var fs = require('fs');
-                    fs.writeFileSync('${{github.workspace}}/context.json', JSON.stringify(context));
-            - name: Upload Context
+                    fs.writeFileSync('${{github.workspace}}/pr.json', JSON.stringify(context.payload.pull_request));
+            - name: Upload PR Info
               uses: actions/upload-artifact@v2
               with:
-                  name: context.json
-                  path: context.json
+                  name: pr.json
+                  path: pr.json
                   # We'll only use this in a triggered job, then we're done with it
                   retention-days: 1
 
diff --git a/.github/workflows/netflify.yaml b/.github/workflows/netflify.yaml
index 444333fdfb..3cb4543820 100644
--- a/.github/workflows/netflify.yaml
+++ b/.github/workflows/netflify.yaml
@@ -34,27 +34,27 @@ jobs:
                   var fs = require('fs');
                   fs.writeFileSync('${{github.workspace}}/previewbuild.zip', Buffer.from(download.data));
 
-                  var contextArtifact = artifacts.data.artifacts.filter((artifact) => {
-                    return artifact.name == "context.json"
+                  var prInfoArtifact = artifacts.data.artifacts.filter((artifact) => {
+                    return artifact.name == "pr.json"
                   })[0];
                   var download = await github.actions.downloadArtifact({
                      owner: context.repo.owner,
                      repo: context.repo.repo,
-                     artifact_id: contextArtifact.id,
+                     artifact_id: prInfoArtifact.id,
                      archive_format: 'zip',
                   });
                   var fs = require('fs');
-                  fs.writeFileSync('${{github.workspace}}/context.json.zip', Buffer.from(download.data));
+                  fs.writeFileSync('${{github.workspace}}/pr.json.zip', Buffer.from(download.data));
             - name: Extract Artifacts
-              run: unzip -d webapp previewbuild.zip && rm previewbuild.zip && unzip context.json && rm context.json.zip
-            - name: 'Read Context'
+              run: unzip -d webapp previewbuild.zip && rm previewbuild.zip && unzip pr.json.zip && rm pr.json.zip
+            - name: 'Read PR Info'
               id: readctx
               uses: actions/github-script@v3.1.0
               with:
                 script: |
                     var fs = require('fs');
-                    var ctx = JSON.parse(fs.readFileSync('${{github.workspace}}/context.json'));
-                    console.log(`::set-output name=prnumber::${ctx.payload.pull_request.number}`);
+                    var pr = JSON.parse(fs.readFileSync('${{github.workspace}}/pr.json'));
+                    console.log(`::set-output name=prnumber::${pr.number}`);
             - name: Deploy to Netlify
               id: netlify
               uses: nwtgck/actions-netlify@v1.2