From e24e4201424237c074abe148cd85a8d074005c92 Mon Sep 17 00:00:00 2001
From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Date: Mon, 14 Apr 2025 10:33:09 +0100
Subject: [PATCH] Change PR deploy to use security (Enable '/deploypr security'
 command) (#3345)

# Description of Changes

Please provide a summary of the changes, including:

- What was changed
- Why the change was made
- Any challenges encountered

Closes #(issue_number)

---

## Checklist

### General

- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing)
for more details.

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../workflows/PR-Demo-Comment-with-react.yml  | 49 ++++++++++++++++---
 1 file changed, 42 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/PR-Demo-Comment-with-react.yml b/.github/workflows/PR-Demo-Comment-with-react.yml
index 07c82a158..fb196ca3a 100644
--- a/.github/workflows/PR-Demo-Comment-with-react.yml
+++ b/.github/workflows/PR-Demo-Comment-with-react.yml
@@ -37,6 +37,7 @@ jobs:
       pr_repository: ${{ steps.get-pr-info.outputs.repository }}
       pr_ref: ${{ steps.get-pr-info.outputs.ref }}
       comment_id: ${{ github.event.comment.id }}
+      enable_security: ${{ steps.check-security-flag.outputs.enable_security }}
 
     steps:
       - name: Harden Runner
@@ -83,6 +84,19 @@ jobs:
 
             core.setOutput('repository', repository);
             core.setOutput('ref', pr.head.ref);
+      
+      - name: Check for security/login flag
+        id: check-security-flag
+        env:
+          COMMENT_BODY: ${{ github.event.comment.body }}
+        run: |
+          if [[ "$COMMENT_BODY" == *"security"* ]] || [[ "$COMMENT_BODY" == *"login"* ]]; then
+            echo "Security flags detected in comment"
+            echo "enable_security=true" >> $GITHUB_OUTPUT
+          else
+            echo "No security flags detected in comment"
+            echo "enable_security=false" >> $GITHUB_OUTPUT
+          fi
 
       - name: Add 'in_progress' reaction to comment
         id: add-eyes-reaction
@@ -140,9 +154,14 @@ jobs:
           distribution: "temurin"
 
       - name: Run Gradle Command
-        run: ./gradlew clean build
+        run: |
+          if [ "${{ needs.check-comment.outputs.enable_security }}" == "true" ]; then
+            export DOCKER_ENABLE_SECURITY=true
+          else
+            export DOCKER_ENABLE_SECURITY=false
+          fi
+          ./gradlew clean build
         env:
-          DOCKER_ENABLE_SECURITY: false
           STIRLING_PDF_DESKTOP_UI: false
 
       - name: Set up Docker Buildx
@@ -179,8 +198,19 @@ jobs:
       - name: Deploy to VPS
         id: deploy
         run: |
+          # Set security settings based on flags
+          if [ "${{ needs.check-comment.outputs.enable_security }}" == "true" ]; then
+            DOCKER_SECURITY="true"
+            LOGIN_SECURITY="true"
+            SECURITY_STATUS="🔒 Security Enabled"
+          else
+            DOCKER_SECURITY="false"
+            LOGIN_SECURITY="false"
+            SECURITY_STATUS="Security Disabled"
+          fi
+
           # First create the docker-compose content locally
-          cat > docker-compose.yml << 'EOF'
+          cat > docker-compose.yml << EOF
           version: '3.3'
           services:
             stirling-pdf:
@@ -193,8 +223,8 @@ jobs:
                 - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/config:/configs:rw
                 - /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/logs:/logs:rw
               environment:
-                DOCKER_ENABLE_SECURITY: "false"
-                SECURITY_ENABLELOGIN: "false"
+                DOCKER_ENABLE_SECURITY: "${DOCKER_SECURITY}"
+                SECURITY_ENABLELOGIN: "${LOGIN_SECURITY}"
                 SYSTEM_DEFAULTLOCALE: en-GB
                 UI_APPNAME: "Stirling-PDF PR#${{ needs.check-comment.outputs.pr_number }}"
                 UI_HOMEDESCRIPTION: "PR#${{ needs.check-comment.outputs.pr_number }} for Stirling-PDF Latest"
@@ -208,7 +238,7 @@ jobs:
           # Then copy the file and execute commands
           scp -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null docker-compose.yml ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }}:/tmp/docker-compose.yml
 
-          ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH'
+          ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << ENDSSH
             # Create PR-specific directories
             mkdir -p /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/{data,config,logs}
 
@@ -220,6 +250,9 @@ jobs:
             docker-compose pull
             docker-compose up -d
           ENDSSH
+          
+          # Set output for use in PR comment
+          echo "security_status=${SECURITY_STATUS}" >> $GITHUB_ENV
 
       - name: Add success reaction to comment
         if: success()
@@ -270,11 +303,13 @@ jobs:
             const { GITHUB_REPOSITORY } = process.env;
             const [repoOwner, repoName] = GITHUB_REPOSITORY.split('/');
             const prNumber = ${{ needs.check-comment.outputs.pr_number }};
+            const securityStatus = process.env.security_status || "Security Disabled";
 
             const deploymentUrl = `http://${{ secrets.VPS_HOST }}:${prNumber}`;
             const commentBody = `## 🚀 PR Test Deployment\n\n` +
                               `Your PR has been deployed for testing!\n\n` +
-                              `🔗 **Test URL:** [${deploymentUrl}](${deploymentUrl})\n\n` +
+                              `🔗 **Test URL:** [${deploymentUrl}](${deploymentUrl})\n` +
+                              `${securityStatus}\n\n` +
                               `This deployment will be automatically cleaned up when the PR is closed.\n\n`;
 
             await github.rest.issues.createComment({