Merge pull request #1519 from gocd/dependabot/github_actions/github-a… #671
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a middleman project with bundle | |
| name: Build and Publish | |
| on: | |
| push: | |
| branches: | |
| - master | |
| # Push events to branches matching refs/heads/release-* | |
| - 'release-*' | |
| permissions: | |
| id-token: write | |
| contents: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| RUN_EXTERNAL_CHECKS: true | |
| jobs: | |
| complete_build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0 | |
| with: | |
| bundler-cache: true # would run bundle install | |
| - name: Run the build | |
| run: bundle exec rake static_checks:all | |
| push_to_gh_pages: | |
| needs: complete_build | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_PASSWORD: "${{ secrets.GITHUB_TOKEN }}" | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0 | |
| with: | |
| bundler-cache: true # would run bundle install | |
| - name: Set up user in git config | |
| run: | | |
| git config --global user.name "github-actions" | |
| git config --global user.email "github-actions@github.com" | |
| - name: Set up upstream and publish to gh pages | |
| run: | | |
| git remote add upstream 'https://github-actions:${GITHUB_PASSWORD}@github.com/gocd/api.go.cd' | |
| bundle exec rake publish --trace | |
| env: | |
| REMOTE_NAME: "upstream" | |
| ALLOW_DIRTY: true | |
| sync_to_s3: | |
| needs: push_to_gh_pages | |
| runs-on: ubuntu-latest | |
| env: | |
| S3_BUCKET: "${{ secrets.S3_BUCKET }}" | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 | |
| with: | |
| role-to-assume: "${{ secrets.AWS_ROLE_TO_ASSUME }}" | |
| aws-region: "${{ secrets.AWS_REGION }}" | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0 | |
| with: | |
| bundler-cache: true # would run bundle install | |
| - name: Upload to S3 | |
| run: bundle exec rake upload_to_s3 |