TLDR && FTR
Limeapp automatic preview builds.
Now when a PR is marked with the Labels "artifact", an additional GH
action will run to upload a built version of the limeapp on GH.
This artifact will store the PR number, to on posterior publish a GH
comment on the PR with the artifacts url.
Example:
https://github.com/libremesh/lime-app/pull/398#issuecomment-1939264412
The github action to publish the comment runs on the develop branch and
not on the pr to protect from external forks PR's the secrets and other
configurations (to comment on the PR the action needs write and read
permissions, which are dangerous to give to a fork from an external
repository).
Further reading
Keeping your GitHub Actions and workflows secure
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
https://glasnt.com/blog/pull_request_target_labels/
Workflow run docs
https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
https://docs.github.com/en/webhooks/webhook-events-and-payloads#workflow_run
If there are any questions feel free to ping me