-
Notifications
You must be signed in to change notification settings - Fork 150
139 lines (134 loc) · 4.2 KB
/
update-index.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Update index
on:
push:
paths:
- 'appsec-configs/**.md'
- 'appsec-configs/**.yaml'
- 'appsec-configs/**.yml'
- 'appsec-rules/**.md'
- 'appsec-rules/**.yaml'
- 'appsec-rules/**.yml'
- 'collections/**.md'
- 'collections/**.yaml'
- 'collections/**.yml'
- 'contexts/**.md'
- 'contexts/**.yaml'
- 'contexts/**.yml'
- 'parsers/**.md'
- 'parsers/**.yaml'
- 'parsers/**.yml'
- 'postoverflows/**.md'
- 'postoverflows/**.yaml'
- 'postoverflows/**.yml'
- 'scenarios/**.md'
- 'scenarios/**.yaml'
- 'scenarios/**.yml'
- '.github/workflows/update-index.yml'
- "*.go"
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v1
with:
go-version: 1.19
- uses: actions/checkout@v4
- name: Create local changes
run: |
go build
./main -target configs
- uses: nelonoel/[email protected]
- name: Commit files
if: ${{ github.event_name == 'push'}}
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git commit -m "Update index" .index.json || exit 0
git pull --rebase origin ${BRANCH_NAME}
- name: Push changes
if: ${{ github.event_name == 'push'}}
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}
check-secret:
runs-on: ubuntu-latest
outputs:
secret-exists: ${{ steps.check.outputs.exists }}
steps:
- name: Check for Secret availability
id: check
shell: bash
run: |
if [ "${{ secrets.CF_DISTRIBUTION_ID }}" != '' ]; then
echo "exists=true" >> $GITHUB_OUTPUT;
else
echo "exists=false" >> $GITHUB_OUTPUT;
fi
run-linter:
runs-on: ubuntu-latest
needs: build
steps:
- name: set up python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: checkout repo
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.ref }}
- name: install pipenv
run: |
python -m pip install --upgrade pip
pip install pipenv
- name: install dependencies
run: |
pipenv install --deploy --python 3.12
- name: hub linter
run: |
pipenv run ./hublint defaults > .hublint.toml
pipenv run ./hublint check --color always --no-warning-details
invalidate-cache:
runs-on: ubuntu-latest
needs:
- build
- check-secret
- run-linter
if: needs.check-secret.outputs.secret-exists == 'true'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CF_AWS_ROLE }}
role-session-name: github-action
aws-region: eu-west-1
mask-aws-account-id: true
- name: Get branch name
run: echo "version=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
- name: Get changed files
run: |
changed_files=$(git diff-tree --no-commit-id --name-only -r $GITHUB_SHA | tr '\n' ',' | sed 's/,$/\n/')
echo "changed_files=${changed_files}" >> $GITHUB_ENV
- name: Invalidate cache
run: |
create_invalidation() {
#$1 is not quotted on purpose, so it can be expanded to multiple arguments
aws cloudfront create-invalidation --distribution-id ${{ secrets.CF_DISTRIBUTION_ID }} --paths $1
}
PATHS="/${{ env.version }}/.index.json"
IFS=',' read -ra FILE <<< "${{ env.changed_files }}"
for i in "${FILE[@]}"; do
PATHS="$PATHS /${{ env.version }}/$i"
done
echo "Invalidating paths: $PATHS"
for ((i=0; i < 3; i++)); do
create_invalidation "$PATHS" && break || echo "Invalidation failed, retrying in 5 seconds..."
sleep 5
done