Build Platform Docs #1503
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Platform Docs | |
| on: | |
| schedule: | |
| - cron: "0 0 * * *" | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - platform-docs | |
| env: | |
| PLATFORM_CHANGELOG: "autodocs/platform-changelog.md" | |
| jobs: | |
| check-new-docs: | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'chainguard-dev/edu' | |
| permissions: | |
| contents: read # reads from the repo | |
| id-token: write # federates to talk to storage | |
| outputs: | |
| status: ${{ steps.compare-releases.outputs.status }} | |
| latest: ${{ steps.compare-releases.outputs.latest }} | |
| steps: | |
| - name: 'Github Actions Runner' | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - name: 'Checkout default branch to $GITHUB_WORKSPACE dir' | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5 | |
| with: | |
| service_account: "github-chainguard-academy@chainguard-academy.iam.gserviceaccount.com" | |
| workload_identity_provider: "projects/456977358484/locations/global/workloadIdentityPools/chainguard-academy/providers/chainguard-edu" | |
| - id: compare-releases | |
| name: 'Compare published docs to upstream releases' | |
| run: | | |
| latest=$(gcloud storage cat \ | |
| "gs://chainguard-academy/enforce-changelog/changelog.md" | \ | |
| awk '/###/ {print $NF}' | \ | |
| head -n 1) | |
| current=$(awk '/###/ {print $NF}' \ | |
| ${{ env.PLATFORM_CHANGELOG }} | \ | |
| head -n 1) | |
| if [ "$current" != "$latest" ]; then | |
| echo "status=outdated" >> $GITHUB_OUTPUT | |
| echo "latest=$latest" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Post failure notice to Slack | |
| uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # v2.3.0 | |
| if: ${{ failure() }} | |
| env: | |
| SLACK_ICON: http://github.com/chainguard-dev.png?size=48 | |
| SLACK_USERNAME: guardian | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_CHANNEL: 'alerts-edu' | |
| SLACK_COLOR: '#8E1600' | |
| MSG_MINIMAL: 'true' | |
| SLACK_TITLE: 'AutoDocs Platform failed - ${{ github.repository }}' | |
| SLACK_MESSAGE: | | |
| For detailed logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| integrate-platform-docs: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read # reads from the repo | |
| id-token: write # federates with GCP and Sigstore | |
| needs: check-new-docs | |
| if: needs.check-new-docs.outputs.status == 'outdated' | |
| steps: | |
| - name: 'Github Actions Runner' | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - name: 'Checkout default branch to $GITHUB_WORKSPACE dir' | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: 'Setup gitsign' | |
| uses: chainguard-dev/actions/setup-gitsign@main | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5 | |
| with: | |
| service_account: "github-chainguard-academy@chainguard-academy.iam.gserviceaccount.com" | |
| workload_identity_provider: "projects/456977358484/locations/global/workloadIdentityPools/chainguard-academy/providers/chainguard-edu" | |
| - uses: ./.github/workflows/integrate-platform-docs | |
| with: | |
| project_id: "${{ secrets.PROJECT_ID }}" | |
| storage_bucket: "${{ secrets.STORAGE_BUCKET }}" | |
| platform_changelog: "${{ env.PLATFORM_CHANGELOG }}" | |
| - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 | |
| with: | |
| node-version: 16 | |
| - name: Update themes | |
| run: git submodule update --init --recursive | |
| - name: npm install | |
| run: npm install | |
| - name: npm run build | |
| run: npm run build | |
| - name: Set up Octo-STS | |
| uses: chainguard-dev/octo-sts-action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0 | |
| id: octo-sts | |
| with: | |
| scope: chainguard-dev/edu | |
| identity: edu | |
| - name: Create a PR | |
| uses: peter-evans/create-pull-request@8867c4aba1b742c39f8d0ba35429c2dfa4b6cb20 # v7.0.1 | |
| id: cpr | |
| with: | |
| token: ${{ steps.octo-sts.outputs.token }} | |
| commit-message: Update Images Reference | |
| title: "[AutoDocs] Update Platform Docs" | |
| body: "Platform docs ${{needs.check-new-docs.outputs.latest}} autocommit" | |
| signoff: true | |
| labels: | | |
| documentation | |
| platform | |
| automated | |
| assignees: erikaheidi | |
| - name: Post failure notice to Slack | |
| uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # v2.3.0 | |
| if: ${{ failure() }} | |
| env: | |
| SLACK_ICON: http://github.com/chainguard-dev.png?size=48 | |
| SLACK_USERNAME: guardian | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_CHANNEL: 'alerts-edu' | |
| SLACK_COLOR: '#8E1600' | |
| MSG_MINIMAL: 'true' | |
| SLACK_TITLE: 'AutoDocs Platform failed - ${{ github.repository }}' | |
| SLACK_MESSAGE: | | |
| For detailed logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} |