expressjs.com/.github/workflows/update-external-docs.yml at af3a5743e5357828be0f6c73846e5f9ae24b216a · expressjs/expressjs.com · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: Update External Docs

on:
  workflow_dispatch:
  schedule:
    - cron: '0 8 * * 1'

permissions:
  pull-requests: write
  contents: write

jobs:
  update-security:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'expressjs'
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

      - name: Check security.txt expiry
        id: expiry
        run: |
          set -eo pipefail
          expires=$(grep -i '^Expires:' public/.well-known/security.txt | sed 's/.*: //')
          if [ "$(date -d "$expires" +%s)" -le "$(date -d '+30 days' +%s)" ]; then
            echo "bump=true" >> "$GITHUB_OUTPUT"
          fi

      - name: Bump Expires
        if: steps.expiry.outputs.bump == 'true'
        run: |
          sed -i "s/^Expires:.*/Expires: $(date -u -d '+180 days' +%Y-%m-%dT00:00:00Z)/I" public/.well-known/security.txt

      - name: Create Pull Request
        if: steps.expiry.outputs.bump == 'true'
        uses: gr2m/create-or-update-pull-request-action@b65137ca591da0b9f43bad7b24df13050ea45d1b # v1.10.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          commit-message: 'docs: update security.txt expiry'
          title: 'docs: update security.txt expiry'
          body: |
            This PR extends the `Expires` date in `public/.well-known/security.txt`.

            Before merging, please explicitly confirm that:
            - The security contact listed is still correct and actively monitored
            - The linked security policy is still accurate
            - The project's preferred vulnerability disclosure path has not changed

            Only merge if the above information is still valid; otherwise, update it before extending the expiration.

            cc: @expressjs/security-wg @expressjs/docs-wg
          labels: docs
          branch: bot/security-expiry

  update-docs:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'expressjs'
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

      - name: Set up Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: lts/*

      - name: Install dependencies
        run: npm ci

      - name: Run scripts
        working-directory: .github/scripts
        run: |
          bash ./get-contributing.sh
          bash ./get-readmes.sh

      - name: Fix formatting
        run: npm run fix

      - name: Create Pull Request
        uses: gr2m/create-or-update-pull-request-action@b65137ca591da0b9f43bad7b24df13050ea45d1b # v1.10.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          commit-message: 'docs: update external docs'
          title: 'docs: update external docs'
          body: >
            This auto-generated PR updates external documentation to the expressjs.com repository.

            cc: @expressjs/docs-wg
          labels: docs
          branch: bot/update-external-docs

  synchronize-with-crowdin:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'expressjs'
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

      - name: Set up Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version: '24.13'

      - name: Install dependencies
        run: npm ci

        # see all the options at https://github.com/crowdin/github-action
      - name: Crowdin PR
        uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # https://github.com/crowdin/github-action/releases/tag/v2.16.2
        with:
          upload_sources: false
          upload_translations: false
          download_translations: true
          localization_branch_name: crowdin/translations
          create_pull_request: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

      - name: Format files
        run: npm run format

      - name: Create Pull Request
        uses: gr2m/create-or-update-pull-request-action@b65137ca591da0b9f43bad7b24df13050ea45d1b # v1.10.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          commit-message: 'i18n: new crowdin translations'
          title: 'i18n: new crowdin translations'
          body: >
            New Crowdin translations from the [express.js crowdin project](https://express.crowdin.com/u/projects/1). cc: @expressjs/docs-wg
          labels: docs
          branch: crowdin/translations