feat: Hot reloading of TLS key stores #3009
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
env: | |
GO_VERSION: "1.22.1" | |
GOLANGCI_LINT_VERSION: "v1.56.1" | |
HELM_VERSION: "3.14.1" | |
KUBECONFORM_VERSION: "0.6.4" | |
KUBERNETES_API_VERSION: "1.27.0" | |
NODE_VERSION: "18.16" | |
COSIGN_VERSION: "v2.2.3" | |
CYCLONEDX_GOMOD_VERSION: "v1.4.1" | |
DOCUMENTATION_URL: "https://dadrus.github.io/heimdall/" | |
jobs: | |
check-changes: | |
runs-on: ubuntu-22.04 | |
outputs: | |
code_changed: ${{steps.code-changes.outputs.count > 0}} | |
test_data_changed: ${{steps.test-data-changes.outputs.count > 0}} | |
image_config_changed: ${{steps.image-config-changes.outputs.count > 0}} | |
helm_chart_changed: ${{steps.helm-chart-changes.outputs.count > 0}} | |
docs_changed: ${{steps.docs-changes.outputs.count > 0}} | |
ci_config_changed: ${{steps.ci-changes.outputs.count > 0}} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- name: Check code changes | |
id: code-changes | |
uses: technote-space/get-diff-action@v6 | |
with: | |
PATTERNS: | | |
*.go | |
**/*.go | |
schema/*.json | |
FILES: | | |
go.mod | |
go.sum | |
- name: Check test data changes | |
id: test-data-changes | |
uses: technote-space/get-diff-action@v6 | |
with: | |
PATTERNS: | | |
cmd/**/*.yaml | |
internal/**/*.yaml | |
- name: Check container image config changes | |
id: image-config-changes | |
uses: technote-space/get-diff-action@v6 | |
with: | |
FILES: | | |
docker/Dockerfile | |
- name: Check helm chart changes | |
id: helm-chart-changes | |
uses: technote-space/get-diff-action@v6 | |
with: | |
PATTERNS: | | |
charts/** | |
- name: Check documentation changes | |
id: docs-changes | |
uses: technote-space/get-diff-action@v6 | |
with: | |
PATTERNS: | | |
docs/** | |
- name: Check CI settings changes | |
id: ci-changes | |
uses: technote-space/get-diff-action@v6 | |
with: | |
PATTERNS: | | |
.github/workflows/*.yaml | |
check-licenses: | |
runs-on: ubuntu-22.04 | |
needs: | |
- check-changes | |
if: > | |
needs.check-changes.outputs.code_changed == 'true' || | |
needs.check-changes.outputs.ci_config_changed == 'true' | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "${{ env.GO_VERSION }}" | |
- name: Get google/go-licenses package | |
run: go install github.com/google/go-licenses@latest | |
- name: Check the licenses | |
run: go-licenses check --disallowed_types=forbidden,restricted,reciprocal,permissive,unknown . | |
lint-code: | |
runs-on: ubuntu-22.04 | |
needs: | |
- check-changes | |
if: > | |
needs.check-changes.outputs.code_changed == 'true' || | |
needs.check-changes.outputs.ci_config_changed == 'true' | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
fetch-depth: 0 | |
- name: Review code | |
uses: reviewdog/action-golangci-lint@v2 | |
with: | |
go_version: "${{ env.GO_VERSION }}" | |
golangci_lint_version: "${{ env.GOLANGCI_LINT_VERSION }}" | |
reporter: github-pr-review | |
fail_on_error: true | |
lint-api: | |
runs-on: ubuntu-22.04 | |
needs: | |
- check-changes | |
if: > | |
needs.check-changes.outputs.docs_changed == 'true' || | |
needs.check-changes.outputs.ci_config_changed == 'true' | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Install Redocly CLI | |
run: npm i -g @redocly/cli@1.0.0-beta.108 | |
- name: Run Redocly Lint | |
run: redocly lint | |
lint-dockerfiles: | |
runs-on: ubuntu-22.04 | |
needs: | |
- check-changes | |
if: > | |
needs.check-changes.outputs.image_config_changed == 'true' || | |
needs.check-changes.outputs.ci_config_changed == 'true' | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- name: Run hadolint | |
uses: reviewdog/action-hadolint@v1 | |
with: | |
reporter: github-pr-review | |
fail_on_error: true | |
lint-helm-chart: | |
runs-on: ubuntu-22.04 | |
needs: | |
- check-changes | |
if: > | |
needs.check-changes.outputs.helm_chart_changed == 'true' || | |
needs.check-changes.outputs.ci_config_changed == 'true' | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- name: Setup k8s tools | |
uses: yokawasa/action-setup-kube-tools@v0.11.0 | |
with: | |
setup-tools: | | |
helm | |
kubeconform | |
helm: '${{ env.HELM_VERSION }}' | |
kubeconform: '${{ env.KUBECONFORM_VERSION }}' | |
- name: Helm Lint | |
run: helm lint ./charts/heimdall | |
- name: Kubeconform decision mode deployment | |
run: | | |
helm template --set demo.enabled=true ./charts/heimdall > decision-demo.yaml | |
kubeconform --skip RuleSet -kubernetes-version ${{ env.KUBERNETES_API_VERSION }} decision-demo.yaml | |
- name: Kubeconform proxy mode deployment | |
run: | | |
helm template --set operationMode=proxy --set demo.enabled=true ./charts/heimdall > proxy-demo.yaml | |
kubeconform --skip RuleSet -kubernetes-version ${{ env.KUBERNETES_API_VERSION }} decision-demo.yaml | |
test: | |
runs-on: ubuntu-22.04 | |
needs: | |
- check-changes | |
if: > | |
needs.check-changes.outputs.code_changed == 'true' || | |
needs.check-changes.outputs.test_data_changed == 'true' || | |
needs.check-changes.outputs.ci_config_changed == 'true' | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "${{ env.GO_VERSION }}" | |
- name: Test | |
run: go test -v -coverprofile=coverage.cov -coverpkg=./... ./... | |
- name: Code Coverage | |
uses: codecov/codecov-action@v4 | |
with: | |
files: coverage.cov | |
verbose: true | |
token: ${{ secrets.CODECOV_TOKEN }} | |
prepare-release: | |
runs-on: ubuntu-22.04 | |
if: github.ref == 'refs/heads/main' | |
outputs: | |
release_created: ${{ steps.release_prepare.outputs.release_created }} | |
tag_name: ${{ steps.release_prepare.outputs.tag_name }} | |
steps: | |
- name: Prepare Release | |
id: release_prepare | |
uses: google-github-actions/release-please-action@v4 | |
build-binaries: | |
runs-on: ubuntu-22.04 | |
needs: | |
- test | |
- prepare-release | |
if: always() && needs.prepare-release.outputs.release_created == false && needs.test.result == 'success' | |
strategy: | |
matrix: | |
# build and publish in parallel: linux/amd64, linux/arm64, windows/amd64, darwin/amd64, darwin/arm64 | |
goos: [ linux, windows, darwin ] | |
goarch: [ amd64, arm64, arm ] | |
exclude: | |
- goarch: arm | |
goos: darwin | |
- goarch: arm | |
goos: windows | |
- goarch: arm64 | |
goos: windows | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "${{ env.GO_VERSION }}" | |
- name: Build | |
run: CGO_ENABLED=0 GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build -trimpath -ldflags="-buildid= -w -s -X github.com/dadrus/heimdall/version.Version=${{ github.sha }}" -o ./build/ | |
- uses: actions/upload-artifact@v4 | |
if: github.ref == 'refs/heads/main' | |
with: | |
name: build-result-${{ matrix.goos }}-${{ matrix.goarch }} | |
path: ./build/* | |
retention-days: 30 | |
release-binaries: | |
runs-on: ubuntu-22.04 | |
needs: | |
- prepare-release | |
if: needs.prepare-release.outputs.release_created | |
permissions: | |
contents: write | |
id-token: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "${{ env.GO_VERSION }}" | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@v3.4.0 | |
with: | |
cosign-release: "${{ env.COSIGN_VERSION }}" | |
- name: Install CycloneDX gomod | |
run: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.4.1 | |
- name: Generate SBOM | |
uses: CycloneDX/gh-gomod-generate-sbom@v2 | |
with: | |
version: "${{ env.CYCLONEDX_GOMOD_VERSION }}" | |
args: app -licenses -assert-licenses -json -std -output CycloneDX-SBOM.json -main . | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v5 | |
with: | |
args: release --clean | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# this job builds container images for PRs, as well as publishes these on merges to main | |
build-dev-container-images: | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
needs: | |
- test | |
- check-changes | |
- prepare-release | |
if: > | |
always() && | |
needs.prepare-release.outputs.release_created == false && | |
(needs.test.result == 'success' || (needs.test.result == 'skipped' && needs.check-changes.outputs.image_config_changed == 'true')) | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- name: Install Cosign | |
if: github.ref == 'refs/heads/main' | |
uses: sigstore/cosign-installer@v3.4.0 | |
with: | |
cosign-release: "${{ env.COSIGN_VERSION }}" | |
- name: Set up Go # required as the sbom generator is compiled using go < 1.21 | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "${{ env.GO_VERSION }}" | |
- name: Generate SBOM | |
if: github.ref == 'refs/heads/main' | |
uses: CycloneDX/gh-gomod-generate-sbom@v2 | |
with: | |
version: "${{ env.CYCLONEDX_GOMOD_VERSION }}" | |
args: app -licenses -assert-licenses -json -std -output CycloneDX-SBOM.json -main . | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Collect container meta-info | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ github.repository }} | |
labels: | | |
org.opencontainers.image.version=${{ github.sha }} | |
org.opencontainers.image.documentation=${{ env.DOCUMENTATION_URL }} | |
- name: Build images | |
if: github.ref != 'refs/heads/main' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./docker/Dockerfile | |
platforms: linux/amd64,linux/arm64,linux/arm | |
push: false | |
build-args: VERSION=${{ github.sha }} | |
tags: ${{ github.repository }}:local | |
- name: Login to DockerHub | |
if: github.ref == 'refs/heads/main' | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GitHub | |
if: github.ref == 'refs/heads/main' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push dev images to container registry | |
if: github.ref == 'refs/heads/main' | |
id: publish-image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./docker/Dockerfile | |
platforms: linux/amd64,linux/arm64,linux/arm | |
push: true | |
build-args: VERSION=${{ github.sha }} | |
labels: ${{ steps.meta.outputs.labels }} | |
tags: | | |
${{ github.repository }}:dev | |
${{ github.repository }}:dev-${{ github.sha }} | |
ghcr.io/${{ github.repository }}:dev | |
ghcr.io/${{ github.repository }}:dev-${{ github.sha }} | |
# DockerHub | |
- name: Sign the image published in DockerHub | |
if: steps.publish-image.conclusion == 'success' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COSIGN_REPOSITORY: ${{ github.repository }}-signatures | |
run: cosign sign --yes ${{ github.repository }}@${{ steps.publish-image.outputs.digest }} | |
- name: Attest and attach SBOM to the image published in DockerHub | |
if: steps.publish-image.conclusion == 'success' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COSIGN_REPOSITORY: ${{ github.repository }}-sbom | |
run: cosign attest --yes --predicate CycloneDX-SBOM.json --type cyclonedx ${{ github.repository }}@${{ steps.publish-image.outputs.digest }} | |
# GHCR | |
- name: Sign the image published in GitHub | |
if: steps.publish-image.conclusion == 'success' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COSIGN_REPOSITORY: ghcr.io/${{ github.repository }}-signatures | |
run: cosign sign --yes ghcr.io/${{ github.repository }}@${{ steps.publish-image.outputs.digest }} | |
- name: Attest and attach SBOM to the image published in GitHub | |
if: steps.publish-image.conclusion == 'success' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COSIGN_REPOSITORY: ghcr.io/${{ github.repository }}-sbom | |
run: cosign attest --yes --predicate CycloneDX-SBOM.json --type cyclonedx ghcr.io/${{ github.repository }}@${{ steps.publish-image.outputs.digest }} | |
# this job releases container images | |
release-container-images: | |
if: needs.prepare-release.outputs.release_created | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
needs: | |
- prepare-release | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- name: Prepare image version | |
id: image-version | |
run: | | |
export version=$(echo ${{ needs.prepare-release.outputs.tag_name }} | sed 's/v//g') | |
echo "result=$version" >> $GITHUB_OUTPUT | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@v3.4.0 | |
with: | |
cosign-release: "${{ env.COSIGN_VERSION }}" | |
- name: Set up Go # required as the sbom generator is compiled using go < 1.21 | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "${{ env.GO_VERSION }}" | |
- name: Generate SBOM | |
uses: CycloneDX/gh-gomod-generate-sbom@v2 | |
with: | |
version: "${{ env.CYCLONEDX_GOMOD_VERSION }}" | |
args: app -licenses -assert-licenses -json -std -output CycloneDX-SBOM.json -main . | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GitHub | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Collect Docker meta-info | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ github.repository }} | |
labels: | | |
org.opencontainers.image.version=${{ steps.image-version.outputs.result }} | |
org.opencontainers.image.documentation=${{ env.DOCUMENTATION_URL }} | |
- name: Build and push images to container registry | |
id: publish-image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./docker/Dockerfile | |
platforms: linux/amd64,linux/arm64,linux/arm | |
push: true | |
build-args: VERSION=${{ needs.prepare-release.outputs.tag_name }} | |
labels: ${{ steps.meta.outputs.labels }} | |
tags: | | |
${{ github.repository }}:latest | |
${{ github.repository }}:${{ steps.image-version.outputs.result }} | |
ghcr.io/${{ github.repository }}:latest | |
ghcr.io/${{ github.repository }}:${{ steps.image-version.outputs.result }} | |
# DockerHub | |
- name: Sign the image published in DockerHub | |
if: steps.publish-image.conclusion == 'success' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COSIGN_REPOSITORY: ${{ github.repository }}-signatures | |
run: cosign sign --yes ${{ github.repository }}@${{ steps.publish-image.outputs.digest }} | |
- name: Attest and attach SBOM to the image published in DockerHub | |
if: steps.publish-image.conclusion == 'success' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COSIGN_REPOSITORY: ${{ github.repository }}-sbom | |
run: cosign attest --yes --predicate CycloneDX-SBOM.json --type cyclonedx ${{ github.repository }}@${{ steps.publish-image.outputs.digest }} | |
- name: Update DockerHub repository description & readme | |
uses: peter-evans/dockerhub-description@v4 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
repository: ${{ github.repository }} | |
short-description: ${{ github.event.repository.description }} | |
readme-filepath: ./DockerHub-README.md | |
# GHCR | |
- name: Sign the image published in GitHub | |
if: steps.publish-image.conclusion == 'success' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COSIGN_REPOSITORY: ghcr.io/${{ github.repository }}-signatures | |
run: cosign sign --yes ghcr.io/${{ github.repository }}@${{ steps.publish-image.outputs.digest }} | |
- name: Attest and attach SBOM to the image published in GitHub | |
if: steps.publish-image.conclusion == 'success' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COSIGN_REPOSITORY: ghcr.io/${{ github.repository }}-sbom | |
run: cosign attest --yes --predicate CycloneDX-SBOM.json --type cyclonedx ghcr.io/${{ github.repository }}@${{ steps.publish-image.outputs.digest }} | |
release-helm-chart: | |
runs-on: ubuntu-22.04 | |
needs: | |
- prepare-release | |
- release-container-images | |
if: needs.prepare-release.outputs.release_created | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
- name: Prepare image version | |
id: image-version | |
run: | | |
export version=$(echo ${{ needs.prepare-release.outputs.tag_name }} | sed 's/v//g') | |
echo "result=$version" >> $GITHUB_OUTPUT | |
- name: Publish Helm Chart | |
uses: stefanprodan/helm-gh-pages@v1.7.0 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
target_dir: charts | |
linting: off | |
app_version: ${{ steps.image-version.outputs.result }} | |
build-dev-documentation: | |
runs-on: ubuntu-22.04 | |
needs: | |
- prepare-release | |
- check-changes | |
if: > | |
needs.prepare-release.outputs.release_created == false && | |
(needs.check-changes.outputs.docs_changed == 'true' || needs.check-changes.outputs.ci_config_changed == 'true') | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
submodules: true # Fetch Hugo themes (true OR recursive) | |
fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod | |
- name: Setup Hugo | |
uses: peaceiris/actions-hugo@v2 | |
with: | |
hugo-version: 0.100.1 | |
extended: true | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 17.7 | |
- name: Setup ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: 3.1.3 | |
- name: Install asciidoctor | |
run: gem install asciidoctor asciidoctor-diagram asciidoctor-html5s rouge | |
- name: Install dependencies | |
working-directory: ./docs | |
run: npm install | |
- name: Update version string to dev version | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "x-current-version" | |
replace: "dev" | |
regex: false | |
include: docs/** | |
- name: Build documentation | |
working-directory: ./docs | |
run: npm run build | |
- name: Deploy documentation | |
if: github.ref == 'refs/heads/main' | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./docs/public | |
destination_dir: dev | |
release-documentation: | |
runs-on: ubuntu-22.04 | |
needs: | |
- prepare-release | |
if: needs.prepare-release.outputs.release_created | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
submodules: true # Fetch Hugo themes (true OR recursive) | |
fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod | |
- name: Setup Hugo | |
uses: peaceiris/actions-hugo@v2 | |
with: | |
hugo-version: 0.100.1 | |
extended: true | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 17.7 | |
- name: Install mermaid | |
run: npm install -g @mermaid-js/mermaid-cli | |
- name: Setup ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: 2.7 | |
- name: Install asciidoctor | |
run: gem install asciidoctor asciidoctor-diagram asciidoctor-html5s rouge | |
- name: Install dependencies | |
working-directory: ./docs | |
run: npm install | |
- name: Update version string to new released version | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "x-current-version" | |
replace: "${{ needs.prepare-release.outputs.tag_name }}" | |
regex: false | |
include: docs/** | |
- name: Build documentation | |
working-directory: ./docs | |
run: hugo --minify -d ./public | |
- name: Update uri for redirecting to new version | |
uses: jacobtomlinson/gha-find-replace@v3 | |
with: | |
find: "x-released-version" | |
replace: "${{ needs.prepare-release.outputs.tag_name }}" | |
regex: false | |
include: docs/** | |
- name: Update versions JSON document | |
id: update-version-json | |
run: | | |
cat ./docs/versions/data.json | jq '. + [{ "version": "${{ needs.prepare-release.outputs.tag_name }}", "path": "/heimdall/${{ needs.prepare-release.outputs.tag_name }}" }]' | tee ./docs/versions/data.json | |
- name: Deploy documentation | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./docs/public | |
destination_dir: ${{ needs.prepare-release.outputs.tag_name }} | |
- name: Deploy redirect to new released version | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./docs/redirect | |
keep_files: true | |
- name: Deploy versions JSON document | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./docs/versions | |
keep_files: true | |
- name: Commit updated versions JSON document | |
if: steps.update-version-json.outcome == 'success' | |
run: | | |
git config --local user.email "${{ github.sha }}+github-actions[bot]@users.noreply.github.com" | |
git config --local user.name "github-actions[bot]" | |
git add ./docs/versions/data.json | |
git commit -m "chore(${{ github.ref_name }}): Preparing for next iteration" | |
- name: Push changes | |
uses: ad-m/github-push-action@master |