From c7575cb02bfa5e1a0dc01f2f1fcd420cbb49cc5d Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:39:16 +0100 Subject: [PATCH 01/19] Add CI pipeline for docs --- .github/workflows/docs_ci.yml | 144 ++++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 .github/workflows/docs_ci.yml diff --git a/.github/workflows/docs_ci.yml b/.github/workflows/docs_ci.yml new file mode 100644 index 000000000..50eae91b0 --- /dev/null +++ b/.github/workflows/docs_ci.yml @@ -0,0 +1,144 @@ +# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt) +# Licensed under the EUPL-1.2-or-later. +# +# You may obtain a copy of the Licence at: +# https://joinup.ec.europa.eu/software/page/eupl +# +# SPDX-License-Identifier: EUPL-1.2 + +# This workflow handles the CI for the docs. +# +# Therefore, it's only triggered on pull requests that make changes to the +# docs. It only contains jobs that require secrets. The jobs that don't +# require secrets are handled in the "safe_docs_ci.yml" workflow. + +name: unsafe-docs-ci + +concurrency: + group: unsafe-docs-ci-${{ github.head_ref }} + # In order to conserve the use of GitHub Actions, we cancel the running action + # of the previous commit. This means that if you first commit "A" and then + # commit "B" to the pull request a few minutes later, the workflow for commit + # "A" will be cancelled. + cancel-in-progress: true + +on: + # Triggers the workflow on pull request events + pull_request_target: + types: + - opened + - synchronize + - reopened + # It's important to trigger this workflow again when the pull is changing + # from a draft pull request to a ready for review pull request. + # + # Some jobs are skipped when the pull request is a draft. Therefore, we + # need to trigger these jobs again when the pull request is changing to + # ready for review. + - ready_for_review + # Retrigger the workflow when label has been add to run the CI when the + # "safe to test" label is added. + - labeled + merge_group: + types: + - checks_requested + +# Set permissions to none. +# +# Using the broad default permissions is considered a bad security practice +# and would cause alerts from our scanning tools. +permissions: {} + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # It's important that we run this job first, because we need to remove the + # "safe to test" label when the PR comes from a fork in order to ensure that + # every change is reviewed for security implications. + remove-safe-to-build-label: + runs-on: ubuntu-22.04 + permissions: + # Required by the remove-safe-to-test-label action + contents: read + pull-requests: write + steps: + - name: Remove "safe to test" label, if PR is from a fork + uses: SharezoneApp/remove-safe-to-test-label@91b378205db41bb08dde8e4c4f2685847eb3d168 + + # We can't use the official "paths" filter because it has no support for merge + # groups and we would need some kind of fallback CI when a check is required + # but ignored because of the path filter. + # + # See: + # * https://github.com/community/community/discussions/45899 (merge groups) + # * https://github.com/github/docs/commit/4364076e0fb56c2579ae90cd048939eaa2c18954 + # (workaround for required checks with path filters) + changes: + needs: remove-safe-to-build-label + runs-on: ubuntu-22.04 + outputs: + changesFound: ${{ steps.filter.outputs.changesFound }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + # Because we are using the "pull_request_target" event, we need to + # checkout the PR head commit instead of the merge commit. + ref: ${{ github.event.pull_request.head.sha }} + - uses: AurorNZ/paths-filter@3b1f3abc3371cca888d8eb03dfa70bc8a9867629 + id: filter + with: + filters: | + changesFound: + # We only build and deploy a new version, when a user relevant files + # changed. + - "docs/**" + # We trigger also this workflow, if this workflow is changed, so that new + # changes will be applied. + - ".github/workflows/unsafe_website_ci.yml" + + # We are building for every PR a web preview, which will be deployed to + # Firebase Hosting. The link to the website will posted as comment (like: + # https://github.com/SharezoneApp/sharezone-app/pull/119#issuecomment-1030012299). + # + # The previews are helping reviewer and other users to quickly view the + # changes in a compiled version. + # + # A link to a preview expires after 3 days. + # + # Required steps to set this up: + # 1. Run "firebase init hosting:github" + # 2. Enable "Firebase Hosting API" in Google Cloud project + # 3. Write GitHub action job + # 4. Adjust website restrictions for Firebase Key "Sharezone Web Key". + web-preview: + needs: changes + # We only want to build the website only for PRs. + # + # Otherwise this will be triggered inside a merge-queue. + if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} + runs-on: ubuntu-22.04 + permissions: + pull-requests: write # for FirebaseExtended/action-hosting-deploy to comment on PRs + checks: write # for FirebaseExtended/action-hosting-deploy to comment on PRs (without write permissions for checks the action doesn't post a comment to the PR, we don't know why) + steps: + - name: Ensure PR has "safe to test" label, if PR is from a fork + uses: SharezoneApp/verify-safe-to-test-label@c1059d43fc918756660a700ca6d08e445ff314a2 + + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + # Because we are using the "pull_request_target" event, we need to + # checkout the PR head commit instead of the merge commit. + ref: ${{ github.event.pull_request.head.sha }} + + - name: Deploy to Firebase Hosting (sharezone-debug) + uses: FirebaseExtended/action-hosting-deploy@120e124148ab7016bec2374e5050f15051255ba2 + with: + repoToken: ${{ secrets.GITHUB_TOKEN }} + firebaseServiceAccount: ${{ secrets.FIREBASE_HOSTING_PROD_KEY }} + projectId: sharezone-c2bd8 + entryPoint: "./docs" + # The expiration date shouldn't be too high, because if we open a lot + # of pull requests, we will run out of quota (we get 429 errors). + expires: "3d" + env: + # Required to deploy Next.js applications to Firebase Hosting + FIREBASE_CLI_EXPERIMENTS: webframeworks From 845fdf641a67c8ed6f09148b74cae5edc13755a3 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:41:06 +0100 Subject: [PATCH 02/19] Remove wrong name --- .github/workflows/docs_ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docs_ci.yml b/.github/workflows/docs_ci.yml index 50eae91b0..b636ffc43 100644 --- a/.github/workflows/docs_ci.yml +++ b/.github/workflows/docs_ci.yml @@ -129,7 +129,7 @@ jobs: # checkout the PR head commit instead of the merge commit. ref: ${{ github.event.pull_request.head.sha }} - - name: Deploy to Firebase Hosting (sharezone-debug) + - name: Deploy to Firebase Hosting uses: FirebaseExtended/action-hosting-deploy@120e124148ab7016bec2374e5050f15051255ba2 with: repoToken: ${{ secrets.GITHUB_TOKEN }} From 7798eb0b236457f5cb542cd2c1b3aec70ce18cb8 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:46:20 +0100 Subject: [PATCH 03/19] Add `check_format_markdown_files.sh` --- bin/check_format_markdown_files.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100755 bin/check_format_markdown_files.sh diff --git a/bin/check_format_markdown_files.sh b/bin/check_format_markdown_files.sh new file mode 100755 index 000000000..d67387f6a --- /dev/null +++ b/bin/check_format_markdown_files.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# Copyright (c) 2023 Sharezone UG (haftungsbeschränkt) +# Licensed under the EUPL-1.2-or-later. +# +# You may obtain a copy of the Licence at: +# https://joinup.ec.europa.eu/software/page/eupl +# +# SPDX-License-Identifier: EUPL-1.2 + +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +get_cmd="$script_dir/source_of_truth/get_sot_cmd.sh" + +check_format_markdown_files=$($get_cmd check_format_markdown_files) +eval $"($check_format_markdown_files)" From 18d999727a5be7926344cd3bd6b200a27353ff52 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:46:56 +0100 Subject: [PATCH 04/19] Add format check --- .github/workflows/docs_ci.yml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docs_ci.yml b/.github/workflows/docs_ci.yml index b636ffc43..1092ba25d 100644 --- a/.github/workflows/docs_ci.yml +++ b/.github/workflows/docs_ci.yml @@ -93,7 +93,19 @@ jobs: - "docs/**" # We trigger also this workflow, if this workflow is changed, so that new # changes will be applied. - - ".github/workflows/unsafe_website_ci.yml" + - ".github/workflows/unsafe_docs_ci.yml" + + format: + needs: changes + if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version: "^1.13.1" + - run: go install github.com/google/addlicense@v1.1.1 + - run: ./bin/check_format_markdown_files.sh # We are building for every PR a web preview, which will be deployed to # Firebase Hosting. The link to the website will posted as comment (like: @@ -111,9 +123,6 @@ jobs: # 4. Adjust website restrictions for Firebase Key "Sharezone Web Key". web-preview: needs: changes - # We only want to build the website only for PRs. - # - # Otherwise this will be triggered inside a merge-queue. if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} runs-on: ubuntu-22.04 permissions: From f432e69dbdcf8622027fe19f126c2b5daa132359 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:47:44 +0100 Subject: [PATCH 05/19] Rename file --- .github/workflows/docs_cd.yml | 44 ++++++++++ .github/workflows/docs_ci.yml | 153 ---------------------------------- 2 files changed, 44 insertions(+), 153 deletions(-) create mode 100644 .github/workflows/docs_cd.yml delete mode 100644 .github/workflows/docs_ci.yml diff --git a/.github/workflows/docs_cd.yml b/.github/workflows/docs_cd.yml new file mode 100644 index 000000000..93bbc39bf --- /dev/null +++ b/.github/workflows/docs_cd.yml @@ -0,0 +1,44 @@ +# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt) +# Licensed under the EUPL-1.2-or-later. +# +# You may obtain a copy of the Licence at: +# https://joinup.ec.europa.eu/software/page/eupl +# +# SPDX-License-Identifier: EUPL-1.2 + +name: website-cd + +concurrency: + # Avoids running multiple deployments at the same time which would cause + # conflicts. + group: website-release + +on: + push: + branches: + - main + +# Set permissions to none. +# +# Using the broad default permissions is considered a bad security practice +# and would cause alerts from our scanning tools. +permissions: {} + +jobs: + deploy: + runs-on: ubuntu-22.04 + name: docs-deploy-prod + permissions: + checks: write # for FirebaseExtended/action-hosting-deploy + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + + - uses: FirebaseExtended/action-hosting-deploy@v0 + with: + repoToken: "${{ secrets.GITHUB_TOKEN }}" + firebaseServiceAccount: ${{ secrets.FIREBASE_HOSTING_PROD_KEY }} + channelId: live + entryPoint: "./docs" + projectId: "sharezone-c2bd8" + env: + FIREBASE_CLI_EXPERIMENTS: webframeworks diff --git a/.github/workflows/docs_ci.yml b/.github/workflows/docs_ci.yml deleted file mode 100644 index 1092ba25d..000000000 --- a/.github/workflows/docs_ci.yml +++ /dev/null @@ -1,153 +0,0 @@ -# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt) -# Licensed under the EUPL-1.2-or-later. -# -# You may obtain a copy of the Licence at: -# https://joinup.ec.europa.eu/software/page/eupl -# -# SPDX-License-Identifier: EUPL-1.2 - -# This workflow handles the CI for the docs. -# -# Therefore, it's only triggered on pull requests that make changes to the -# docs. It only contains jobs that require secrets. The jobs that don't -# require secrets are handled in the "safe_docs_ci.yml" workflow. - -name: unsafe-docs-ci - -concurrency: - group: unsafe-docs-ci-${{ github.head_ref }} - # In order to conserve the use of GitHub Actions, we cancel the running action - # of the previous commit. This means that if you first commit "A" and then - # commit "B" to the pull request a few minutes later, the workflow for commit - # "A" will be cancelled. - cancel-in-progress: true - -on: - # Triggers the workflow on pull request events - pull_request_target: - types: - - opened - - synchronize - - reopened - # It's important to trigger this workflow again when the pull is changing - # from a draft pull request to a ready for review pull request. - # - # Some jobs are skipped when the pull request is a draft. Therefore, we - # need to trigger these jobs again when the pull request is changing to - # ready for review. - - ready_for_review - # Retrigger the workflow when label has been add to run the CI when the - # "safe to test" label is added. - - labeled - merge_group: - types: - - checks_requested - -# Set permissions to none. -# -# Using the broad default permissions is considered a bad security practice -# and would cause alerts from our scanning tools. -permissions: {} - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # It's important that we run this job first, because we need to remove the - # "safe to test" label when the PR comes from a fork in order to ensure that - # every change is reviewed for security implications. - remove-safe-to-build-label: - runs-on: ubuntu-22.04 - permissions: - # Required by the remove-safe-to-test-label action - contents: read - pull-requests: write - steps: - - name: Remove "safe to test" label, if PR is from a fork - uses: SharezoneApp/remove-safe-to-test-label@91b378205db41bb08dde8e4c4f2685847eb3d168 - - # We can't use the official "paths" filter because it has no support for merge - # groups and we would need some kind of fallback CI when a check is required - # but ignored because of the path filter. - # - # See: - # * https://github.com/community/community/discussions/45899 (merge groups) - # * https://github.com/github/docs/commit/4364076e0fb56c2579ae90cd048939eaa2c18954 - # (workaround for required checks with path filters) - changes: - needs: remove-safe-to-build-label - runs-on: ubuntu-22.04 - outputs: - changesFound: ${{ steps.filter.outputs.changesFound }} - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - with: - # Because we are using the "pull_request_target" event, we need to - # checkout the PR head commit instead of the merge commit. - ref: ${{ github.event.pull_request.head.sha }} - - uses: AurorNZ/paths-filter@3b1f3abc3371cca888d8eb03dfa70bc8a9867629 - id: filter - with: - filters: | - changesFound: - # We only build and deploy a new version, when a user relevant files - # changed. - - "docs/**" - # We trigger also this workflow, if this workflow is changed, so that new - # changes will be applied. - - ".github/workflows/unsafe_docs_ci.yml" - - format: - needs: changes - if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 - with: - go-version: "^1.13.1" - - run: go install github.com/google/addlicense@v1.1.1 - - run: ./bin/check_format_markdown_files.sh - - # We are building for every PR a web preview, which will be deployed to - # Firebase Hosting. The link to the website will posted as comment (like: - # https://github.com/SharezoneApp/sharezone-app/pull/119#issuecomment-1030012299). - # - # The previews are helping reviewer and other users to quickly view the - # changes in a compiled version. - # - # A link to a preview expires after 3 days. - # - # Required steps to set this up: - # 1. Run "firebase init hosting:github" - # 2. Enable "Firebase Hosting API" in Google Cloud project - # 3. Write GitHub action job - # 4. Adjust website restrictions for Firebase Key "Sharezone Web Key". - web-preview: - needs: changes - if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} - runs-on: ubuntu-22.04 - permissions: - pull-requests: write # for FirebaseExtended/action-hosting-deploy to comment on PRs - checks: write # for FirebaseExtended/action-hosting-deploy to comment on PRs (without write permissions for checks the action doesn't post a comment to the PR, we don't know why) - steps: - - name: Ensure PR has "safe to test" label, if PR is from a fork - uses: SharezoneApp/verify-safe-to-test-label@c1059d43fc918756660a700ca6d08e445ff314a2 - - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - with: - # Because we are using the "pull_request_target" event, we need to - # checkout the PR head commit instead of the merge commit. - ref: ${{ github.event.pull_request.head.sha }} - - - name: Deploy to Firebase Hosting - uses: FirebaseExtended/action-hosting-deploy@120e124148ab7016bec2374e5050f15051255ba2 - with: - repoToken: ${{ secrets.GITHUB_TOKEN }} - firebaseServiceAccount: ${{ secrets.FIREBASE_HOSTING_PROD_KEY }} - projectId: sharezone-c2bd8 - entryPoint: "./docs" - # The expiration date shouldn't be too high, because if we open a lot - # of pull requests, we will run out of quota (we get 429 errors). - expires: "3d" - env: - # Required to deploy Next.js applications to Firebase Hosting - FIREBASE_CLI_EXPERIMENTS: webframeworks From 3c78f53037906b34c4c29d3aa20442873c8f9867 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:47:58 +0100 Subject: [PATCH 06/19] Revert "Rename file" This reverts commit f432e69dbdcf8622027fe19f126c2b5daa132359. --- .github/workflows/docs_cd.yml | 44 ---------- .github/workflows/docs_ci.yml | 153 ++++++++++++++++++++++++++++++++++ 2 files changed, 153 insertions(+), 44 deletions(-) delete mode 100644 .github/workflows/docs_cd.yml create mode 100644 .github/workflows/docs_ci.yml diff --git a/.github/workflows/docs_cd.yml b/.github/workflows/docs_cd.yml deleted file mode 100644 index 93bbc39bf..000000000 --- a/.github/workflows/docs_cd.yml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt) -# Licensed under the EUPL-1.2-or-later. -# -# You may obtain a copy of the Licence at: -# https://joinup.ec.europa.eu/software/page/eupl -# -# SPDX-License-Identifier: EUPL-1.2 - -name: website-cd - -concurrency: - # Avoids running multiple deployments at the same time which would cause - # conflicts. - group: website-release - -on: - push: - branches: - - main - -# Set permissions to none. -# -# Using the broad default permissions is considered a bad security practice -# and would cause alerts from our scanning tools. -permissions: {} - -jobs: - deploy: - runs-on: ubuntu-22.04 - name: docs-deploy-prod - permissions: - checks: write # for FirebaseExtended/action-hosting-deploy - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - - uses: FirebaseExtended/action-hosting-deploy@v0 - with: - repoToken: "${{ secrets.GITHUB_TOKEN }}" - firebaseServiceAccount: ${{ secrets.FIREBASE_HOSTING_PROD_KEY }} - channelId: live - entryPoint: "./docs" - projectId: "sharezone-c2bd8" - env: - FIREBASE_CLI_EXPERIMENTS: webframeworks diff --git a/.github/workflows/docs_ci.yml b/.github/workflows/docs_ci.yml new file mode 100644 index 000000000..1092ba25d --- /dev/null +++ b/.github/workflows/docs_ci.yml @@ -0,0 +1,153 @@ +# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt) +# Licensed under the EUPL-1.2-or-later. +# +# You may obtain a copy of the Licence at: +# https://joinup.ec.europa.eu/software/page/eupl +# +# SPDX-License-Identifier: EUPL-1.2 + +# This workflow handles the CI for the docs. +# +# Therefore, it's only triggered on pull requests that make changes to the +# docs. It only contains jobs that require secrets. The jobs that don't +# require secrets are handled in the "safe_docs_ci.yml" workflow. + +name: unsafe-docs-ci + +concurrency: + group: unsafe-docs-ci-${{ github.head_ref }} + # In order to conserve the use of GitHub Actions, we cancel the running action + # of the previous commit. This means that if you first commit "A" and then + # commit "B" to the pull request a few minutes later, the workflow for commit + # "A" will be cancelled. + cancel-in-progress: true + +on: + # Triggers the workflow on pull request events + pull_request_target: + types: + - opened + - synchronize + - reopened + # It's important to trigger this workflow again when the pull is changing + # from a draft pull request to a ready for review pull request. + # + # Some jobs are skipped when the pull request is a draft. Therefore, we + # need to trigger these jobs again when the pull request is changing to + # ready for review. + - ready_for_review + # Retrigger the workflow when label has been add to run the CI when the + # "safe to test" label is added. + - labeled + merge_group: + types: + - checks_requested + +# Set permissions to none. +# +# Using the broad default permissions is considered a bad security practice +# and would cause alerts from our scanning tools. +permissions: {} + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # It's important that we run this job first, because we need to remove the + # "safe to test" label when the PR comes from a fork in order to ensure that + # every change is reviewed for security implications. + remove-safe-to-build-label: + runs-on: ubuntu-22.04 + permissions: + # Required by the remove-safe-to-test-label action + contents: read + pull-requests: write + steps: + - name: Remove "safe to test" label, if PR is from a fork + uses: SharezoneApp/remove-safe-to-test-label@91b378205db41bb08dde8e4c4f2685847eb3d168 + + # We can't use the official "paths" filter because it has no support for merge + # groups and we would need some kind of fallback CI when a check is required + # but ignored because of the path filter. + # + # See: + # * https://github.com/community/community/discussions/45899 (merge groups) + # * https://github.com/github/docs/commit/4364076e0fb56c2579ae90cd048939eaa2c18954 + # (workaround for required checks with path filters) + changes: + needs: remove-safe-to-build-label + runs-on: ubuntu-22.04 + outputs: + changesFound: ${{ steps.filter.outputs.changesFound }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + # Because we are using the "pull_request_target" event, we need to + # checkout the PR head commit instead of the merge commit. + ref: ${{ github.event.pull_request.head.sha }} + - uses: AurorNZ/paths-filter@3b1f3abc3371cca888d8eb03dfa70bc8a9867629 + id: filter + with: + filters: | + changesFound: + # We only build and deploy a new version, when a user relevant files + # changed. + - "docs/**" + # We trigger also this workflow, if this workflow is changed, so that new + # changes will be applied. + - ".github/workflows/unsafe_docs_ci.yml" + + format: + needs: changes + if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version: "^1.13.1" + - run: go install github.com/google/addlicense@v1.1.1 + - run: ./bin/check_format_markdown_files.sh + + # We are building for every PR a web preview, which will be deployed to + # Firebase Hosting. The link to the website will posted as comment (like: + # https://github.com/SharezoneApp/sharezone-app/pull/119#issuecomment-1030012299). + # + # The previews are helping reviewer and other users to quickly view the + # changes in a compiled version. + # + # A link to a preview expires after 3 days. + # + # Required steps to set this up: + # 1. Run "firebase init hosting:github" + # 2. Enable "Firebase Hosting API" in Google Cloud project + # 3. Write GitHub action job + # 4. Adjust website restrictions for Firebase Key "Sharezone Web Key". + web-preview: + needs: changes + if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} + runs-on: ubuntu-22.04 + permissions: + pull-requests: write # for FirebaseExtended/action-hosting-deploy to comment on PRs + checks: write # for FirebaseExtended/action-hosting-deploy to comment on PRs (without write permissions for checks the action doesn't post a comment to the PR, we don't know why) + steps: + - name: Ensure PR has "safe to test" label, if PR is from a fork + uses: SharezoneApp/verify-safe-to-test-label@c1059d43fc918756660a700ca6d08e445ff314a2 + + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + # Because we are using the "pull_request_target" event, we need to + # checkout the PR head commit instead of the merge commit. + ref: ${{ github.event.pull_request.head.sha }} + + - name: Deploy to Firebase Hosting + uses: FirebaseExtended/action-hosting-deploy@120e124148ab7016bec2374e5050f15051255ba2 + with: + repoToken: ${{ secrets.GITHUB_TOKEN }} + firebaseServiceAccount: ${{ secrets.FIREBASE_HOSTING_PROD_KEY }} + projectId: sharezone-c2bd8 + entryPoint: "./docs" + # The expiration date shouldn't be too high, because if we open a lot + # of pull requests, we will run out of quota (we get 429 errors). + expires: "3d" + env: + # Required to deploy Next.js applications to Firebase Hosting + FIREBASE_CLI_EXPERIMENTS: webframeworks From 340c8bb98aaabb34a4ace3cc949ed8868a56f3b7 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:48:15 +0100 Subject: [PATCH 07/19] Rename file --- .github/workflows/unsafe_docs_ci.yml | 153 +++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 .github/workflows/unsafe_docs_ci.yml diff --git a/.github/workflows/unsafe_docs_ci.yml b/.github/workflows/unsafe_docs_ci.yml new file mode 100644 index 000000000..1092ba25d --- /dev/null +++ b/.github/workflows/unsafe_docs_ci.yml @@ -0,0 +1,153 @@ +# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt) +# Licensed under the EUPL-1.2-or-later. +# +# You may obtain a copy of the Licence at: +# https://joinup.ec.europa.eu/software/page/eupl +# +# SPDX-License-Identifier: EUPL-1.2 + +# This workflow handles the CI for the docs. +# +# Therefore, it's only triggered on pull requests that make changes to the +# docs. It only contains jobs that require secrets. The jobs that don't +# require secrets are handled in the "safe_docs_ci.yml" workflow. + +name: unsafe-docs-ci + +concurrency: + group: unsafe-docs-ci-${{ github.head_ref }} + # In order to conserve the use of GitHub Actions, we cancel the running action + # of the previous commit. This means that if you first commit "A" and then + # commit "B" to the pull request a few minutes later, the workflow for commit + # "A" will be cancelled. + cancel-in-progress: true + +on: + # Triggers the workflow on pull request events + pull_request_target: + types: + - opened + - synchronize + - reopened + # It's important to trigger this workflow again when the pull is changing + # from a draft pull request to a ready for review pull request. + # + # Some jobs are skipped when the pull request is a draft. Therefore, we + # need to trigger these jobs again when the pull request is changing to + # ready for review. + - ready_for_review + # Retrigger the workflow when label has been add to run the CI when the + # "safe to test" label is added. + - labeled + merge_group: + types: + - checks_requested + +# Set permissions to none. +# +# Using the broad default permissions is considered a bad security practice +# and would cause alerts from our scanning tools. +permissions: {} + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # It's important that we run this job first, because we need to remove the + # "safe to test" label when the PR comes from a fork in order to ensure that + # every change is reviewed for security implications. + remove-safe-to-build-label: + runs-on: ubuntu-22.04 + permissions: + # Required by the remove-safe-to-test-label action + contents: read + pull-requests: write + steps: + - name: Remove "safe to test" label, if PR is from a fork + uses: SharezoneApp/remove-safe-to-test-label@91b378205db41bb08dde8e4c4f2685847eb3d168 + + # We can't use the official "paths" filter because it has no support for merge + # groups and we would need some kind of fallback CI when a check is required + # but ignored because of the path filter. + # + # See: + # * https://github.com/community/community/discussions/45899 (merge groups) + # * https://github.com/github/docs/commit/4364076e0fb56c2579ae90cd048939eaa2c18954 + # (workaround for required checks with path filters) + changes: + needs: remove-safe-to-build-label + runs-on: ubuntu-22.04 + outputs: + changesFound: ${{ steps.filter.outputs.changesFound }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + # Because we are using the "pull_request_target" event, we need to + # checkout the PR head commit instead of the merge commit. + ref: ${{ github.event.pull_request.head.sha }} + - uses: AurorNZ/paths-filter@3b1f3abc3371cca888d8eb03dfa70bc8a9867629 + id: filter + with: + filters: | + changesFound: + # We only build and deploy a new version, when a user relevant files + # changed. + - "docs/**" + # We trigger also this workflow, if this workflow is changed, so that new + # changes will be applied. + - ".github/workflows/unsafe_docs_ci.yml" + + format: + needs: changes + if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version: "^1.13.1" + - run: go install github.com/google/addlicense@v1.1.1 + - run: ./bin/check_format_markdown_files.sh + + # We are building for every PR a web preview, which will be deployed to + # Firebase Hosting. The link to the website will posted as comment (like: + # https://github.com/SharezoneApp/sharezone-app/pull/119#issuecomment-1030012299). + # + # The previews are helping reviewer and other users to quickly view the + # changes in a compiled version. + # + # A link to a preview expires after 3 days. + # + # Required steps to set this up: + # 1. Run "firebase init hosting:github" + # 2. Enable "Firebase Hosting API" in Google Cloud project + # 3. Write GitHub action job + # 4. Adjust website restrictions for Firebase Key "Sharezone Web Key". + web-preview: + needs: changes + if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} + runs-on: ubuntu-22.04 + permissions: + pull-requests: write # for FirebaseExtended/action-hosting-deploy to comment on PRs + checks: write # for FirebaseExtended/action-hosting-deploy to comment on PRs (without write permissions for checks the action doesn't post a comment to the PR, we don't know why) + steps: + - name: Ensure PR has "safe to test" label, if PR is from a fork + uses: SharezoneApp/verify-safe-to-test-label@c1059d43fc918756660a700ca6d08e445ff314a2 + + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + # Because we are using the "pull_request_target" event, we need to + # checkout the PR head commit instead of the merge commit. + ref: ${{ github.event.pull_request.head.sha }} + + - name: Deploy to Firebase Hosting + uses: FirebaseExtended/action-hosting-deploy@120e124148ab7016bec2374e5050f15051255ba2 + with: + repoToken: ${{ secrets.GITHUB_TOKEN }} + firebaseServiceAccount: ${{ secrets.FIREBASE_HOSTING_PROD_KEY }} + projectId: sharezone-c2bd8 + entryPoint: "./docs" + # The expiration date shouldn't be too high, because if we open a lot + # of pull requests, we will run out of quota (we get 429 errors). + expires: "3d" + env: + # Required to deploy Next.js applications to Firebase Hosting + FIREBASE_CLI_EXPERIMENTS: webframeworks From 423de6098cdb011582819ebd45e27df4b8532ec9 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:48:55 +0100 Subject: [PATCH 08/19] Delete docs ci file --- .github/workflows/docs_ci.yml | 153 ---------------------------------- 1 file changed, 153 deletions(-) delete mode 100644 .github/workflows/docs_ci.yml diff --git a/.github/workflows/docs_ci.yml b/.github/workflows/docs_ci.yml deleted file mode 100644 index 1092ba25d..000000000 --- a/.github/workflows/docs_ci.yml +++ /dev/null @@ -1,153 +0,0 @@ -# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt) -# Licensed under the EUPL-1.2-or-later. -# -# You may obtain a copy of the Licence at: -# https://joinup.ec.europa.eu/software/page/eupl -# -# SPDX-License-Identifier: EUPL-1.2 - -# This workflow handles the CI for the docs. -# -# Therefore, it's only triggered on pull requests that make changes to the -# docs. It only contains jobs that require secrets. The jobs that don't -# require secrets are handled in the "safe_docs_ci.yml" workflow. - -name: unsafe-docs-ci - -concurrency: - group: unsafe-docs-ci-${{ github.head_ref }} - # In order to conserve the use of GitHub Actions, we cancel the running action - # of the previous commit. This means that if you first commit "A" and then - # commit "B" to the pull request a few minutes later, the workflow for commit - # "A" will be cancelled. - cancel-in-progress: true - -on: - # Triggers the workflow on pull request events - pull_request_target: - types: - - opened - - synchronize - - reopened - # It's important to trigger this workflow again when the pull is changing - # from a draft pull request to a ready for review pull request. - # - # Some jobs are skipped when the pull request is a draft. Therefore, we - # need to trigger these jobs again when the pull request is changing to - # ready for review. - - ready_for_review - # Retrigger the workflow when label has been add to run the CI when the - # "safe to test" label is added. - - labeled - merge_group: - types: - - checks_requested - -# Set permissions to none. -# -# Using the broad default permissions is considered a bad security practice -# and would cause alerts from our scanning tools. -permissions: {} - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # It's important that we run this job first, because we need to remove the - # "safe to test" label when the PR comes from a fork in order to ensure that - # every change is reviewed for security implications. - remove-safe-to-build-label: - runs-on: ubuntu-22.04 - permissions: - # Required by the remove-safe-to-test-label action - contents: read - pull-requests: write - steps: - - name: Remove "safe to test" label, if PR is from a fork - uses: SharezoneApp/remove-safe-to-test-label@91b378205db41bb08dde8e4c4f2685847eb3d168 - - # We can't use the official "paths" filter because it has no support for merge - # groups and we would need some kind of fallback CI when a check is required - # but ignored because of the path filter. - # - # See: - # * https://github.com/community/community/discussions/45899 (merge groups) - # * https://github.com/github/docs/commit/4364076e0fb56c2579ae90cd048939eaa2c18954 - # (workaround for required checks with path filters) - changes: - needs: remove-safe-to-build-label - runs-on: ubuntu-22.04 - outputs: - changesFound: ${{ steps.filter.outputs.changesFound }} - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - with: - # Because we are using the "pull_request_target" event, we need to - # checkout the PR head commit instead of the merge commit. - ref: ${{ github.event.pull_request.head.sha }} - - uses: AurorNZ/paths-filter@3b1f3abc3371cca888d8eb03dfa70bc8a9867629 - id: filter - with: - filters: | - changesFound: - # We only build and deploy a new version, when a user relevant files - # changed. - - "docs/**" - # We trigger also this workflow, if this workflow is changed, so that new - # changes will be applied. - - ".github/workflows/unsafe_docs_ci.yml" - - format: - needs: changes - if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 - with: - go-version: "^1.13.1" - - run: go install github.com/google/addlicense@v1.1.1 - - run: ./bin/check_format_markdown_files.sh - - # We are building for every PR a web preview, which will be deployed to - # Firebase Hosting. The link to the website will posted as comment (like: - # https://github.com/SharezoneApp/sharezone-app/pull/119#issuecomment-1030012299). - # - # The previews are helping reviewer and other users to quickly view the - # changes in a compiled version. - # - # A link to a preview expires after 3 days. - # - # Required steps to set this up: - # 1. Run "firebase init hosting:github" - # 2. Enable "Firebase Hosting API" in Google Cloud project - # 3. Write GitHub action job - # 4. Adjust website restrictions for Firebase Key "Sharezone Web Key". - web-preview: - needs: changes - if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} - runs-on: ubuntu-22.04 - permissions: - pull-requests: write # for FirebaseExtended/action-hosting-deploy to comment on PRs - checks: write # for FirebaseExtended/action-hosting-deploy to comment on PRs (without write permissions for checks the action doesn't post a comment to the PR, we don't know why) - steps: - - name: Ensure PR has "safe to test" label, if PR is from a fork - uses: SharezoneApp/verify-safe-to-test-label@c1059d43fc918756660a700ca6d08e445ff314a2 - - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - with: - # Because we are using the "pull_request_target" event, we need to - # checkout the PR head commit instead of the merge commit. - ref: ${{ github.event.pull_request.head.sha }} - - - name: Deploy to Firebase Hosting - uses: FirebaseExtended/action-hosting-deploy@120e124148ab7016bec2374e5050f15051255ba2 - with: - repoToken: ${{ secrets.GITHUB_TOKEN }} - firebaseServiceAccount: ${{ secrets.FIREBASE_HOSTING_PROD_KEY }} - projectId: sharezone-c2bd8 - entryPoint: "./docs" - # The expiration date shouldn't be too high, because if we open a lot - # of pull requests, we will run out of quota (we get 429 errors). - expires: "3d" - env: - # Required to deploy Next.js applications to Firebase Hosting - FIREBASE_CLI_EXPERIMENTS: webframeworks From 4cc1c97cb9e1f29a75f532a2239c66ad7dd5e649 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:50:09 +0100 Subject: [PATCH 09/19] Use correct trigger --- .github/workflows/unsafe_docs_ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/unsafe_docs_ci.yml b/.github/workflows/unsafe_docs_ci.yml index 1092ba25d..d7d5c72f7 100644 --- a/.github/workflows/unsafe_docs_ci.yml +++ b/.github/workflows/unsafe_docs_ci.yml @@ -24,7 +24,8 @@ concurrency: on: # Triggers the workflow on pull request events - pull_request_target: + # pull_request_target: + pull_request: types: - opened - synchronize From 031a470aa25ce84b9d6fd9815972f7d70945eab7 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:52:09 +0100 Subject: [PATCH 10/19] Use correct if --- .github/workflows/unsafe_docs_ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unsafe_docs_ci.yml b/.github/workflows/unsafe_docs_ci.yml index d7d5c72f7..72fff7b0e 100644 --- a/.github/workflows/unsafe_docs_ci.yml +++ b/.github/workflows/unsafe_docs_ci.yml @@ -98,7 +98,7 @@ jobs: format: needs: changes - if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} + if: ${{ github.event_name == 'pull_request' && needs.changes.outputs.changesFound == 'true'}} runs-on: ubuntu-22.04 steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 @@ -124,7 +124,7 @@ jobs: # 4. Adjust website restrictions for Firebase Key "Sharezone Web Key". web-preview: needs: changes - if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} + if: ${{ github.event_name == 'pull_request' && needs.changes.outputs.changesFound == 'true'}} runs-on: ubuntu-22.04 permissions: pull-requests: write # for FirebaseExtended/action-hosting-deploy to comment on PRs From 61af235cf2a26da7d4da5ad4edfebad76311d0f1 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:56:44 +0100 Subject: [PATCH 11/19] Install dependencies --- .github/workflows/unsafe_docs_ci.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/unsafe_docs_ci.yml b/.github/workflows/unsafe_docs_ci.yml index 72fff7b0e..5ea60fec8 100644 --- a/.github/workflows/unsafe_docs_ci.yml +++ b/.github/workflows/unsafe_docs_ci.yml @@ -102,10 +102,10 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 - with: - go-version: "^1.13.1" - - run: go install github.com/google/addlicense@v1.1.1 + + - name: Install Prettier + run: npm install --global prettier@3.0.1 + - run: ./bin/check_format_markdown_files.sh # We are building for every PR a web preview, which will be deployed to @@ -139,6 +139,9 @@ jobs: # checkout the PR head commit instead of the merge commit. ref: ${{ github.event.pull_request.head.sha }} + - name: Install dependencies + run: npm install -C docs/ + - name: Deploy to Firebase Hosting uses: FirebaseExtended/action-hosting-deploy@120e124148ab7016bec2374e5050f15051255ba2 with: From 561f1dfae1d3d271a94fd857ec6963d1ca87eb7b Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 10:57:55 +0100 Subject: [PATCH 12/19] Format --- .github/workflows/unsafe_docs_ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unsafe_docs_ci.yml b/.github/workflows/unsafe_docs_ci.yml index 5ea60fec8..b77963a40 100644 --- a/.github/workflows/unsafe_docs_ci.yml +++ b/.github/workflows/unsafe_docs_ci.yml @@ -105,7 +105,7 @@ jobs: - name: Install Prettier run: npm install --global prettier@3.0.1 - + - run: ./bin/check_format_markdown_files.sh # We are building for every PR a web preview, which will be deployed to From d65d8a3f805097aee9158281013d45b8be517bce Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 12:44:45 +0100 Subject: [PATCH 13/19] Change to sharezone debug --- .github/workflows/unsafe_docs_ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unsafe_docs_ci.yml b/.github/workflows/unsafe_docs_ci.yml index b77963a40..e2312e7f6 100644 --- a/.github/workflows/unsafe_docs_ci.yml +++ b/.github/workflows/unsafe_docs_ci.yml @@ -146,8 +146,8 @@ jobs: uses: FirebaseExtended/action-hosting-deploy@120e124148ab7016bec2374e5050f15051255ba2 with: repoToken: ${{ secrets.GITHUB_TOKEN }} - firebaseServiceAccount: ${{ secrets.FIREBASE_HOSTING_PROD_KEY }} - projectId: sharezone-c2bd8 + firebaseServiceAccount: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_SHAREZONE_DEBUG }} + projectId: sharezone-debug entryPoint: "./docs" # The expiration date shouldn't be too high, because if we open a lot # of pull requests, we will run out of quota (we get 429 errors). From 7c1d9377e5c267a4dd9a114e6f8af8282e1d6814 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 16:44:37 +0100 Subject: [PATCH 14/19] Add target --- .github/workflows/unsafe_docs_ci.yml | 1 + docs/.firebaserc | 21 +++++++++++++++++++-- docs/firebase.json | 2 +- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/.github/workflows/unsafe_docs_ci.yml b/.github/workflows/unsafe_docs_ci.yml index e2312e7f6..2283954f8 100644 --- a/.github/workflows/unsafe_docs_ci.yml +++ b/.github/workflows/unsafe_docs_ci.yml @@ -152,6 +152,7 @@ jobs: # The expiration date shouldn't be too high, because if we open a lot # of pull requests, we will run out of quota (we get 429 errors). expires: "3d" + target: "docs" env: # Required to deploy Next.js applications to Firebase Hosting FIREBASE_CLI_EXPERIMENTS: webframeworks diff --git a/docs/.firebaserc b/docs/.firebaserc index 04b2584a5..ece729f30 100644 --- a/docs/.firebaserc +++ b/docs/.firebaserc @@ -1,5 +1,22 @@ { "projects": { - "default": "sharezone-c2bd8" + "prod": "sharezone-c2bd8", + "dev": "sharezone-debug" + }, + "targets": { + "sharezone-debug": { + "hosting": { + "docs": [ + "sharezone-docs-dev" + ] + } + }, + "sharezone-c2bd8": { + "hosting": { + "docs": [ + "sharezone-docs-prod" + ] + } + } } -} +} \ No newline at end of file diff --git a/docs/firebase.json b/docs/firebase.json index bef29c1ad..61aa7dfda 100644 --- a/docs/firebase.json +++ b/docs/firebase.json @@ -1,6 +1,6 @@ { "hosting": { - "site": "sharezone-docs-prod", + "target": "docs", "source": ".", "ignore": [ "firebase.json", From 527b2257a70ab69358a2cce0988e34d63a9ac80e Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 18:49:50 +0100 Subject: [PATCH 15/19] Hide docs with robots.txt --- docs/public/robots.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 docs/public/robots.txt diff --git a/docs/public/robots.txt b/docs/public/robots.txt new file mode 100644 index 000000000..5213c9e38 --- /dev/null +++ b/docs/public/robots.txt @@ -0,0 +1,6 @@ +# Disallow all robots from indexing non production docs. Otherwise, our users +would find the dev docs in search results. +# +# When deploying to production, remove this file before building the site. +User-agent: * +Disallow: / \ No newline at end of file From bd6b0555dffb7e198450f6cb3d1eec31409cb459 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 19:14:48 +0100 Subject: [PATCH 16/19] Fix robots.txt --- docs/public/robots.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/public/robots.txt b/docs/public/robots.txt index 5213c9e38..33862fa0e 100644 --- a/docs/public/robots.txt +++ b/docs/public/robots.txt @@ -1,5 +1,5 @@ # Disallow all robots from indexing non production docs. Otherwise, our users -would find the dev docs in search results. +# would find the dev docs in search results. # # When deploying to production, remove this file before building the site. User-agent: * From a18ef5213d29ee1e8512ca31b79e445727b8380e Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 19:16:25 +0100 Subject: [PATCH 17/19] Add cd pipeline --- .github/workflows/docs_cd.yml | 60 +++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/docs_cd.yml diff --git a/.github/workflows/docs_cd.yml b/.github/workflows/docs_cd.yml new file mode 100644 index 000000000..f89d1bb27 --- /dev/null +++ b/.github/workflows/docs_cd.yml @@ -0,0 +1,60 @@ +# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt) +# Licensed under the EUPL-1.2-or-later. +# +# You may obtain a copy of the Licence at: +# https://joinup.ec.europa.eu/software/page/eupl +# +# SPDX-License-Identifier: EUPL-1.2 + +name: docs-cd + +concurrency: + # Avoids running multiple deployments at the same time which would cause + # conflicts. + group: docs-release + +on: + push: + branches: + - main + +# Set permissions to none. +# +# Using the broad default permissions is considered a bad security practice +# and would cause alerts from our scanning tools. +permissions: {} + +jobs: + deploy: + runs-on: ubuntu-22.04 + name: docs-deploy-${{ matrix.environment.flavor }} + permissions: + checks: write # for FirebaseExtended/action-hosting-deploy + strategy: + matrix: + environment: + - flavor: dev + projectId: sharezone-debug + serviceAccountSecret: FIREBASE_SERVICE_ACCOUNT_SHAREZONE_DEBUG + - flavor: prod + projectId: sharezone-c2bd8 + serviceAccountSecret: FIREBASE_HOSTING_PROD_KEY + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + + - name: Install dependencies + run: npm install -C docs + + # Our production docs should be indexed by search engines. + - name: Remove robots.txt + if: ${{ matrix.environment.flavor == 'prod' }} + run: rm -f docs/public/robots.txt + + - uses: FirebaseExtended/action-hosting-deploy@v0 + with: + repoToken: "${{ secrets.GITHUB_TOKEN }}" + firebaseServiceAccount: "${{ secrets[matrix.environment.serviceAccountSecret] }}" + channelId: live + entryPoint: "./docs" + target: docs + projectId: ${{ matrix.environment.projectId }} From 3a692e6272edff131962bae9f6691a396022c5c7 Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 19:54:53 +0100 Subject: [PATCH 18/19] Change to pull request target --- .github/workflows/unsafe_docs_ci.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/unsafe_docs_ci.yml b/.github/workflows/unsafe_docs_ci.yml index 2283954f8..c5325aca3 100644 --- a/.github/workflows/unsafe_docs_ci.yml +++ b/.github/workflows/unsafe_docs_ci.yml @@ -24,8 +24,7 @@ concurrency: on: # Triggers the workflow on pull request events - # pull_request_target: - pull_request: + pull_request_target: types: - opened - synchronize @@ -83,7 +82,7 @@ jobs: with: # Because we are using the "pull_request_target" event, we need to # checkout the PR head commit instead of the merge commit. - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ github.event.pull_request_target.head.sha }} - uses: AurorNZ/paths-filter@3b1f3abc3371cca888d8eb03dfa70bc8a9867629 id: filter with: @@ -98,7 +97,7 @@ jobs: format: needs: changes - if: ${{ github.event_name == 'pull_request' && needs.changes.outputs.changesFound == 'true'}} + if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} runs-on: ubuntu-22.04 steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 @@ -124,7 +123,7 @@ jobs: # 4. Adjust website restrictions for Firebase Key "Sharezone Web Key". web-preview: needs: changes - if: ${{ github.event_name == 'pull_request' && needs.changes.outputs.changesFound == 'true'}} + if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} runs-on: ubuntu-22.04 permissions: pull-requests: write # for FirebaseExtended/action-hosting-deploy to comment on PRs From 10d9dbd05890958646e38e3c046b55f040eef8fc Mon Sep 17 00:00:00 2001 From: nilsreichardt Date: Fri, 1 Mar 2024 20:53:58 +0100 Subject: [PATCH 19/19] Add safe docs ci --- .github/workflows/safe_docs_ci.yml | 89 ++++++++++++++++++++++++++++ .github/workflows/unsafe_docs_ci.yml | 15 +---- 2 files changed, 90 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/safe_docs_ci.yml diff --git a/.github/workflows/safe_docs_ci.yml b/.github/workflows/safe_docs_ci.yml new file mode 100644 index 000000000..6b6453c8f --- /dev/null +++ b/.github/workflows/safe_docs_ci.yml @@ -0,0 +1,89 @@ +# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt) +# Licensed under the EUPL-1.2-or-later. +# +# You may obtain a copy of the Licence at: +# https://joinup.ec.europa.eu/software/page/eupl +# +# SPDX-License-Identifier: EUPL-1.2 + +# This workflow handles the CI for the docs. +# +# Therefore, it's only triggered on pull requests that make changes to the It +# only contains jobs that don't require any secrets. The jobs that require +# secrets are handled in the "unsafe_docs_ci.yml" workflow. + +name: safe-docs-ci + +concurrency: + group: safe-docs-ci-${{ github.head_ref }} + # In order to conserve the use of GitHub Actions, we cancel the running action + # of the previous commit. This means that if you first commit "A" and then + # commit "B" to the pull request a few minutes later, the workflow for commit + # "A" will be cancelled. + cancel-in-progress: true + +on: + # Triggers the workflow on pull request events + pull_request: + types: + - opened + - synchronize + - reopened + # It's important to trigger this workflow again when the pull is changing + # from a draft pull request to a ready for review pull request. + # + # Some jobs are skipped when the pull request is a draft. Therefore, we + # need to trigger these jobs again when the pull request is changing to + # ready for review. + - ready_for_review + # Retrigger the workflow when label has been add to run the CI when the + # "safe to test" label is added. + - labeled + merge_group: + types: + - checks_requested + +# Set permissions to none. +# +# Using the broad default permissions is considered a bad security practice +# and would cause alerts from our scanning tools. +permissions: {} + +jobs: + # We can't use the official "paths" filter because it has no support for merge + # groups and we would need some kind of fallback CI when a check is required + # but ignored because of the path filter. + # + # See: + # * https://github.com/community/community/discussions/45899 (merge groups) + # * https://github.com/github/docs/commit/4364076e0fb56c2579ae90cd048939eaa2c18954 + # (workaround for required checks with path filters) + changes: + runs-on: ubuntu-22.04 + outputs: + changesFound: ${{ steps.filter.outputs.changesFound }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: AurorNZ/paths-filter@3b1f3abc3371cca888d8eb03dfa70bc8a9867629 + id: filter + with: + filters: | + changesFound: + # We only build and deploy a new version, when a user relevant files + # changed. + - "docs/**" + # We trigger also this workflow, if this workflow is changed, so that new + # changes will be applied. + - ".github/workflows/safe_docs_ci.yml" + + format: + needs: changes + if: ${{ needs.changes.outputs.changesFound == 'true'}} + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + + - name: Install Prettier + run: npm install --global prettier@3.0.1 + + - run: ./bin/check_format_markdown_files.sh diff --git a/.github/workflows/unsafe_docs_ci.yml b/.github/workflows/unsafe_docs_ci.yml index c5325aca3..899ec1a14 100644 --- a/.github/workflows/unsafe_docs_ci.yml +++ b/.github/workflows/unsafe_docs_ci.yml @@ -49,7 +49,6 @@ on: # and would cause alerts from our scanning tools. permissions: {} -# A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # It's important that we run this job first, because we need to remove the # "safe to test" label when the PR comes from a fork in order to ensure that @@ -82,7 +81,7 @@ jobs: with: # Because we are using the "pull_request_target" event, we need to # checkout the PR head commit instead of the merge commit. - ref: ${{ github.event.pull_request_target.head.sha }} + ref: ${{ github.event.pull_request.head.sha }} - uses: AurorNZ/paths-filter@3b1f3abc3371cca888d8eb03dfa70bc8a9867629 id: filter with: @@ -95,18 +94,6 @@ jobs: # changes will be applied. - ".github/workflows/unsafe_docs_ci.yml" - format: - needs: changes - if: ${{ github.event_name == 'pull_request_target' && needs.changes.outputs.changesFound == 'true'}} - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - - name: Install Prettier - run: npm install --global prettier@3.0.1 - - - run: ./bin/check_format_markdown_files.sh - # We are building for every PR a web preview, which will be deployed to # Firebase Hosting. The link to the website will posted as comment (like: # https://github.com/SharezoneApp/sharezone-app/pull/119#issuecomment-1030012299).