-
Notifications
You must be signed in to change notification settings - Fork 1
103 lines (88 loc) · 3.33 KB
/
Copy pathdocs-deploy.yml
File metadata and controls
103 lines (88 loc) · 3.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: Docs - Deploy
on:
workflow_dispatch: {}
push:
branches: [ main ]
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: github-pages
cancel-in-progress: false
jobs:
build:
name: Build
runs-on: ubuntu-24.04
timeout-minutes: 5
permissions:
contents: read
steps:
# Firewall rules:
# -> "*.github.com": Standard interactions with GitHub
# -> "*.pypi.org" & "files.pythonhosted.org": Downloading Python packages
# -> "*.docker.io", "*.docker.com" & "docker-images-prod.*.r2.cloudflarestorage.com": Standard interactions with Docker
# -> "*.alpinelinux.org": Standard interactions with Alpine Linux package repositories
# -> "cdn.fwupd.org": Firmware updates (Alpine)
- name: Harden runner
uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
*.github.com:443
pypi.org:443
files.pythonhosted.org:443
*.docker.io:443
*.docker.com:443
docker-images-prod.*.r2.cloudflarestorage.com
dl-cdn.alpinelinux.org:443
cdn.fwupd.org:443
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
fetch-depth: 0 # Required by MkDocs' Git-related features
- name: Login to Docker Hub
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
if: github.event.pull_request.head.repo.fork == false
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Copy License
run: cp LICENSE.md docs/user-guide/src/license.md
- name: Build Site
working-directory: docs/user-guide/
env:
GITHUB_TOKEN: ${{ github.token }} # Avoid exceeding the GitHub API rate limits
run: ./build.sh
- name: Upload artifact
uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
with:
path: docs/user-guide/site/
deploy:
name: Deploy
runs-on: ubuntu-24.04
timeout-minutes: 15
needs: build
permissions:
contents: read
pages: write # Required to deploy to GitHub Pages
id-token: write # To verify the deployment originates from an appropriate source
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
# Firewall rules:
# -> "*.github.com": Standard interactions with GitHub
# -> "api.github.com": Required for GitHub Pages deployment
- name: Harden runner
uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
api.github.com:443
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e #v4.0.5