add hcp vault secrets #508
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: antora-ci | |
| on: | |
| push: | |
| # If at least one path matches a pattern in the paths filter, the workflow runs. | |
| # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-including-paths | |
| # https://stackoverflow.com/questions/64621707/is-there-a-way-to-combine-push-criteria-in-github-actions-using-the-logical-and: | |
| paths: [ 'docs/**', 'antora-playbook.yml', '.github/workflows/docs.yml' ] | |
| branches: [ main ] | |
| jobs: | |
| build: | |
| # https://github.community/t/how-to-write-multi-line-condition-in-if/128477/6 | |
| if: " ! contains(github.event.head_commit.message, 'skip ci') " | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [16.x] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # https://github.com/actions/cache | |
| # This action allows caching dependencies and build outputs to improve workflow execution time. | |
| # for yarn https://github.com/actions/cache/blob/main/examples.md#node---yarn | |
| - name: Cache node modules | |
| uses: actions/[email protected] | |
| with: | |
| path: | | |
| ~/.npm | |
| ~/.config/yarn/global/node_modules | |
| **/node_modules | |
| key: ${{ runner.os }}-antora-modules@v2 | |
| #restore-keys: | | |
| # ${{ runner.os }}-node- | |
| - name: Node ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-central-1 | |
| - name: Run antora build with yarn | |
| # npm install -g yarn is obsolete since all node images contain installed versions of node, npm, and yarn. | |
| # note: we copy selected readme.adoc here to have them in popular places AND in our bundled docs | |
| # note: due to weird issues with antora-site-generator-lunr and recent versions, we add it explicitly in a single line | |
| # warning: pin to [email protected] or diagrams won't be rendered | |
| run: | | |
| yarn global add --ignore-optional --silent @antora/cli@latest @antora/site-generator-default@latest asciidoctor [email protected] | |
| yarn global add antora-site-generator-lunr | |
| antora --version | |
| cp ./tools/sonar/README.adoc ./docs/modules/ROOT/pages/cicd/sonar.adoc | |
| $(yarn global dir)/node_modules/.bin/antora --stacktrace --fetch --generator antora-site-generator-lunr antora-playbook.yml | |
| aws s3 sync --delete ./docs/build ${{ secrets.AWS_DEPLOY_TARGET }}/docs | |
| env: | |
| CI: true | |
| DOCSEARCH_ENABLED: true | |
| DOCSEARCH_ENGINE: lunr | |
| - name: Publish Action Event | |
| run: | | |
| aws sns publish --topic-arn $TOPIC_ARN --message "{\"action\":\"deploy-docs\",\"workflow\":\"$GITHUB_WORKFLOW\"}" \ | |
| --message-attributes "GITHUB_SHA={DataType=String,StringValue=\"$GITHUB_SHA\"}, GITHUB_RUN_ID={DataType=String,StringValue=\"$GITHUB_RUN_ID\"}" | |
| env: | |
| TOPIC_ARN: ${{ secrets.TOPIC_ARN }} | |
| # disabled b/c of #415 | |
| # https://github.com/marketplace/actions/workflow-webhook-action | |
| # - name: Publish Action Event via webhook | |
| # uses: distributhor/workflow-webhook@v3 | |
| # env: | |
| # # todo use provisioned tf managed secrets from SSM param store, this is only temporary for evaluation of the workflow | |
| # ## Required. The HTTP URI of the webhook endpoint to invoke. The endpoint must accept an HTTP POST request. | |
| # webhook_url: ${{ secrets.WEBHOOK_URL }} | |
| # ## Required. The secret with which to generate the signature hash. | |
| # webhook_secret: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| # data: '{ "drink" : "water" }' | |
| # silent: true |