ci: split preview-docs workflow to support fork contributor PRs

[Rajdeepc]

Description

The original preview-docs.yml used a pull_request trigger which causes Azure credentials (secrets) to be empty for fork PRs, breaking the azcopy login for all external contributors.

Split into two workflows:

• preview-docs-build.yml: runs on pull_request with no secrets; builds all assets and uploads them as a GitHub artifact including pr_number.txt (needed because workflow_run does not populate pull_requests[] for forks)
• preview-docs-deploy.yml: triggered by workflow_run (base repo context, secrets available); downloads the artifact and uploads to Azure. Cleanup on PR close uses pull_request_target (also base repo context).
  The PR number is written to a file inside the artifact by the build job. This is necessary because workflow_run does not populate pull_requests[] for fork PRs, so the deploy job reads it back from that file to post the preview comment on the correct PR.

Motivation and context

Fork contributor PRs have been failing at the azcopy login step because AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID all resolve to empty strings when a workflow is triggered by a fork pull_request event. GitHub intentionally sandboxes secrets from fork-triggered workflows as a security measure. This was reported in #6420 .

Related issue(s)

• fixes fix(menu): Use package import for sp-menu-divider registration #6420

Screenshots (if appropriate)

---

Author's checklist

• I have read the CONTRIBUTING and PULL_REQUESTS documents.
• I have reviewed at the Accessibility Practices for this feature, see: Aria Practices
• I have added automated tests to cover my changes.
• I have included a well-written changeset if my change needs to be published.
• I have included updated documentation if my change required it.

---

Reviewer's checklist

• Includes a Github Issue with appropriate flag or Jira ticket number without a link
• Includes thoughtfully written changeset if changes suggested include patch, minor, or major features
• Automated tests cover all use cases and follow best practices for writing
• Validated on all supported browsers
• All VRTs are approved before the author can update Golden Hash

Manual review test cases

• Descriptive Test Statement

  • Open a PR from rajdeepc/fix-fork-preview-ci → main
  • Go to the Actions tab and confirm Preview Documentation — Build runs and completes
  • Confirm the preview-docs artifact appears in that run
  • Confirm Preview Documentation — Deploy does not trigger yet (it lives on the feature branch, not main)
  • Fork PR (full end-to-end test — requires merge to main first)
  • [ ]
  • Merge this PR to main
  • Go to PR fix(menu): Use package import for sp-menu-divider registration #6420 and close then immediately reopen it (or ask the contributor to push any commit)
  • Go to the Actions tab and confirm Preview Documentation — Build runs in the fork context (no secrets) and completes successfully
  • Confirm Preview Documentation — Deploy triggers automatically after the build completes
  • Confirm the Azure deploy steps succeed (no secret can't be empty string error)
  • Confirm the preview comment is posted on PR fix(menu): Use package import for sp-menu-divider registration #6420 with the correct URLs

Device review

• Did it pass in Desktop?
• Did it pass in (emulated) Mobile?
• Did it pass in (emulated) iPad?

Accessibility testing checklist

N/A — CI workflow change only, no UI or component changes.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 105d031

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coveralls]

Coverage Report for CI Build 27932302661

Coverage remained the same at 96.246%

Details

• Coverage remained the same as the base build.
• Patch coverage: No coverable lines changed in this PR.
• No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	39172
Covered Lines:	37901
Line Coverage:	96.76%
Relevant Branches:	6458
Covered Branches:	6016
Branch Coverage:	93.16%
Branches in Coverage %:	Yes
Coverage Strength:	458.48 hits per line

---

💛 - Coveralls