adding permissions to GITHUB_TOKEN
#25
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Docs - Build" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - release* | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| env: | |
| # HOME required by Setup Git and Setup Go Steps | |
| HOME: ${{ github.workspace }} | |
| jobs: | |
| build: | |
| name: "Build" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| # Don't fail other services if one is failing. | |
| fail-fast: false | |
| matrix: | |
| index: | |
| - build | |
| - check_links | |
| steps: | |
| # SSH Agent Setup required for git to pull modules from private repos | |
| # - name: SSH Agent Setup | |
| # uses: webfactory/[email protected] | |
| #with: | |
| # ssh-private-key: ${{ secrets.GLOBAL_FLEXERA_CI_PRIVATE_SSH_KEY }} | |
| - name: Checkout so we can get build tags | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| submodules: recursive | |
| - name: Setup Environment Variables | |
| env: | |
| GITHUB_REF: ${{ github.ref }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| GITHUB_PR: ${{ github.event_name }} | |
| PR_BRANCH: ${{ github.event.pull_request.head.ref }} | |
| run: | | |
| if [[ $GITHUB_REF =~ 'refs/tags' ]]; | |
| then | |
| ## Get just the git tag from GITHUB_REF | |
| echo GITHUB_TAG=${GITHUB_REF#refs/tags/*} >> $GITHUB_ENV | |
| ## Set TRAVIS_TAG and TAG which are used by flexera/go-makefiles submodule and originally based on TravisCI | |
| echo TRAVIS_TAG=${GITHUB_REF#refs/tags/*} >> $GITHUB_ENV | |
| # Also set the branch name for tags | |
| echo TRAVIS_BRANCH=${GITHUB_REF#refs/tags/*} >> $GITHUB_ENV | |
| echo TAG=${GITHUB_REF#refs/tags/*} >> $GITHUB_ENV | |
| elif [[ $GITHUB_REF =~ 'refs/heads' ]]; | |
| then | |
| ## Get the branch name and set TRAVIS_BRANCH | |
| echo TRAVIS_BRANCH=${GITHUB_REF#refs/heads/*} >> $GITHUB_ENV | |
| echo set TRAVIS_BRANCH to $TRAVIS_BRANCH | |
| elif [[ $GITHUB_PR == 'pull_request' ]]; | |
| then | |
| ## Get the branch name and set TRAVIS_BRANCH | |
| echo TRAVIS_BRANCH=${PR_BRANCH} >> $GITHUB_ENV | |
| echo set TRAVIS_BRANCH to $TRAVIS_BRANCH | |
| else | |
| echo unknown github ref $GITHUB_REF | |
| fi | |
| - name: Get Pull Request status | |
| run: | | |
| if [ -z "$GITHUB_PULL_REQUEST_STATUS" ] | |
| then | |
| echo TRAVIS_PULL_REQUEST=false >> $GITHUB_ENV | |
| echo set TRAVIS_PULL_REQUEST to $TRAVIS_PULL_REQUEST | |
| else | |
| echo TRAVIS_PULL_REQUEST=$GITHUB_PULL_REQUEST_STATUS >> $GITHUB_ENV | |
| echo set TRAVIS_PULL_REQUEST to $TRAVIS_PULL_REQUEST | |
| fi | |
| env: | |
| GITHUB_PULL_REQUEST_STATUS: ${{ github.event.number }} | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: "2.3.8" | |
| bundler-cache: true | |
| - name: Update git config | |
| run: | | |
| git config --global user.email "Github Actions" | |
| git config --global user.name "Automated Deployment" | |
| git config --global url."[email protected]:".insteadOf "https://github.com" | |
| - name: Script | |
| run: | | |
| # Update rubygems | |
| gem update --system 3.2.3 | |
| echo "Pull Request: $TRAVIS_PULL_REQUEST" | |
| # Ensure the site builds, otherwise fail the build on PRs | |
| if [[ $CI_NODE_INDEX = "build" && $TRAVIS_PULL_REQUEST != 'false' ]]; then bundle exec rake download_policy_list; bundle exec middleman build; fi | |
| # Ensure the links work, otherwise fail the build on PRs (only on PRs) | |
| if [[ $CI_NODE_INDEX = "check_links" && $TRAVIS_PULL_REQUEST != 'false' ]]; then echo "TODO Fix check_links to throttle itself properly"; fi | |
| # Only deploy the site live if the master branch is updated (not during pull-requests) | |
| # Currently, deploy first builds by default | |
| if [[ $CI_NODE_INDEX = "build" && $TRAVIS_PULL_REQUEST == 'false' ]]; then bundle exec rake download_policy_list; bundle exec middleman deploy; fi | |
| env: | |
| CI_NODE_INDEX: ${{ matrix.index }} |