update workflow dependencies #529
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: docs | |
on: | |
push: | |
# If at least one path matches a pattern in the paths filter, the workflow runs. | |
# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-including-paths | |
# https://stackoverflow.com/questions/64621707/is-there-a-way-to-combine-push-criteria-in-github-actions-using-the-logical-and: | |
paths: [ 'docs/**', 'antora-playbook.yml', '.github/workflows/docs.yml' ] | |
branches: [ main, 'antora3' ] | |
jobs: | |
build: | |
# https://github.community/t/how-to-write-multi-line-condition-in-if/128477/6 | |
if: " ! contains(github.event.head_commit.message, 'skip ci') " | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node-version: [18.x] | |
steps: | |
- uses: actions/checkout@v4 | |
# https://github.com/actions/cache | |
# This action allows caching dependencies and build outputs to improve workflow execution time. | |
# for yarn https://github.com/actions/cache/blob/main/examples.md#node---yarn | |
- name: Cache node modules | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.npm | |
~/.config/yarn/global/node_modules | |
**/node_modules | |
key: ${{ runner.os }}-antora-modules@v2 | |
#restore-keys: | | |
# ${{ runner.os }}-node- | |
- name: Node ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) # run only on main | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-central-1 | |
- name: Run antora3 build with npm | |
run: | | |
npm i -g @antora/[email protected] @antora/[email protected] @antora/lunr-extension asciidoctor asciidoctor-kroki | |
antora --version | |
cp ./tools/sonar/README.adoc ./docs/modules/ROOT/pages/cicd/sonar.adoc | |
antora generate antora-playbook.yml | |
env: | |
CI: true | |
- name: Publish Docs to S3 | |
if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) # run only on main | |
run: | | |
aws s3 sync --delete ./docs/build ${{ secrets.AWS_DEPLOY_TARGET }}/docs | |
- name: Publish Action Event | |
if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) # run only on main | |
run: | | |
aws sns publish --topic-arn $TOPIC_ARN --message "{\"action\":\"deploy-docs\",\"workflow\":\"$GITHUB_WORKFLOW\"}" \ | |
--message-attributes "GITHUB_SHA={DataType=String,StringValue=\"$GITHUB_SHA\"}, GITHUB_RUN_ID={DataType=String,StringValue=\"$GITHUB_RUN_ID\"}" | |
env: | |
TOPIC_ARN: ${{ secrets.TOPIC_ARN }} | |
- name: Send Kafka Publish Event with Docker | |
id: send-kafka-pub-event-playground # becomes $GITHUB_ACTION | |
if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) # run only on main | |
run: | | |
docker run -e KAFKA_PRODUCER_TOPIC_URL="${{secrets.KAFKA_PRODUCER_TOPIC_URL}}" -e KAFKA_PRODUCER_API_SECRET="${{secrets.KAFKA_PRODUCER_API_SECRET}}" ghcr.io/tillkuhn/rubin:latest \ | |
-ce -key "$GITHUB_REPOSITORY/$GITHUB_WORKFLOW/$GITHUB_JOB" -header "producer=rubin/cli latest" \ | |
-source "urn:ci:$GITHUB_REPOSITORY/$GITHUB_WORKFLOW/$GITHUB_JOB" \ | |
-type "net.timafe.event.ci.published.v1" -subject "${GITHUB_REPOSITORY}-docs" \ | |
-record "{\"action\":\"$GITHUB_ACTION\",\"actor\":\"$GITHUB_ACTOR\",\"commit\":\"$GITHUB_SHA\",\"run_url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID\",\"version\":\"${GITHUB_REF#refs/*/}\"}" | |
# disabled b/c of #415 | |
# https://github.com/marketplace/actions/workflow-webhook-action | |
# - name: Publish Action Event via webhook | |
# uses: distributhor/workflow-webhook@v3 | |
# env: | |
# # todo use provisioned tf managed secrets from SSM param store, this is only temporary for evaluation of the workflow | |
# ## Required. The HTTP URI of the webhook endpoint to invoke. The endpoint must accept an HTTP POST request. | |
# webhook_url: ${{ secrets.WEBHOOK_URL }} | |
# ## Required. The secret with which to generate the signature hash. | |
# webhook_secret: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# data: '{ "drink" : "water" }' | |
# silent: true |