expressjs.com/.github/workflows/update-external-docs.yml at 95c922157dadba48e1e0e363cd513dd91c3887f4 · expressjs/expressjs.com · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: Update External Docs

on:
  workflow_dispatch:
  schedule:
    - cron: '0 8 * * 1'

permissions:
  pull-requests: write
  contents: write

jobs:
  update-security:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'expressjs'
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

      - name: Check security.txt expiry
        id: expiry
        run: |
          set -eo pipefail
          expires=$(grep -i '^Expires:' public/.well-known/security.txt | sed 's/.*: //')
          if [ "$(date -d "$expires" +%s)" -le "$(date -d '+30 days' +%s)" ]; then
            echo "bump=true" >> "$GITHUB_OUTPUT"
          fi

      - name: Bump Expires
        if: steps.expiry.outputs.bump == 'true'
        run: |
          sed -i "s/^Expires:.*/Expires: $(date -u -d '+180 days' +%Y-%m-%dT00:00:00Z)/I" public/.well-known/security.txt

      - name: Create Pull Request
        if: steps.expiry.outputs.bump == 'true'
        uses: gr2m/create-or-update-pull-request-action@b65137ca591da0b9f43bad7b24df13050ea45d1b # v1.10.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          commit-message: 'docs: update security.txt expiry'
          title: 'docs: update security.txt expiry'
          body: |
            This PR extends the `Expires` date in `public/.well-known/security.txt`.

            Before merging, please explicitly confirm that:
            - The security contact listed is still correct and actively monitored
            - The linked security policy is still accurate
            - The project's preferred vulnerability disclosure path has not changed

            Only merge if the above information is still valid; otherwise, update it before extending the expiration.

            cc: @expressjs/security-wg @expressjs/docs-wg
          labels: docs
          branch: bot/security-expiry

  update-docs:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'expressjs'
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

      - name: Set up Node.js
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version: lts/*

      - name: Install dependencies
        run: npm ci

      - name: Run scripts
        working-directory: .github/scripts
        run: |
          bash ./get-contributing.sh
          bash ./get-readmes.sh

      - name: Fix formatting
        run: npm run fix

      - name: Create Pull Request
        uses: gr2m/create-or-update-pull-request-action@b65137ca591da0b9f43bad7b24df13050ea45d1b # v1.10.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          commit-message: 'docs: update external docs'
          title: 'docs: update external docs'
          body: >
            This auto-generated PR updates external documentation to the expressjs.com repository.

            cc: @expressjs/docs-wg
          labels: docs
          branch: bot/update-external-docs

  synchronize-with-crowdin:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'expressjs'
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

        # see all the options at https://github.com/crowdin/github-action
      - name: Crowdin PR
        uses: crowdin/github-action@60debf382ee245b21794321190ad0501db89d8c1 # https://github.com/crowdin/github-action/releases/tag/v2.13.0
        with:
          upload_sources: false
          upload_translations: false
          download_translations: true
          localization_branch_name: crowdin/translations
          create_pull_request: true
          pull_request_title: 'i18n: new crowdin translations'
          pull_request_body: >
            New Crowdin translations from the [express.js crowdin project](https://express.crowdin.com/u/projects/1). cc: @expressjs/docs-wg
          pull_request_base_branch_name: 'redesign' # TODO: update to "main" when we merge redesign into main
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}