Merge pull request #1272 from gocd/dependabot/github_actions/github-a… #630
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a middleman project with bundle | |
| name: Build and Publish | |
| on: | |
| push: | |
| branches: | |
| - master | |
| # Push events to branches matching refs/heads/release-* | |
| - 'release-*' | |
| permissions: | |
| id-token: write | |
| contents: write | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: true | |
| env: | |
| RUN_EXTERNAL_CHECKS: true | |
| jobs: | |
| complete_build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@0481980f17b760ef6bca5e8c55809102a0af1e5a # v1.263.0 | |
| with: | |
| bundler-cache: true # would run bundle install | |
| - name: Run the build | |
| run: bundle exec middleman build | |
| push_to_gh_pages: | |
| needs: complete_build | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_PASSWORD: "${{ secrets.GITHUB_TOKEN }}" | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@0481980f17b760ef6bca5e8c55809102a0af1e5a # v1.263.0 | |
| with: | |
| bundler-cache: true # would run bundle install | |
| - name: Set up user in git config | |
| run: | | |
| git config --global user.name "github-actions" | |
| git config --global user.email "[email protected]" | |
| - name: Set up upstream and publish to gh pages | |
| run: | | |
| git remote add upstream 'https://github-actions:${GITHUB_PASSWORD}@github.com/gocd/plugin-api.go.cd' | |
| bundle exec rake publish --trace | |
| env: | |
| REMOTE_NAME: "upstream" | |
| ALLOW_DIRTY: true | |
| sync_to_s3: | |
| needs: push_to_gh_pages | |
| runs-on: ubuntu-latest | |
| env: | |
| S3_BUCKET: "${{ secrets.S3_BUCKET }}" | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@0481980f17b760ef6bca5e8c55809102a0af1e5a # v1.263.0 | |
| with: | |
| bundler-cache: true # would run bundle install | |
| - name: Configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 | |
| with: | |
| role-to-assume: "${{ secrets.AWS_ROLE_TO_ASSUME }}" | |
| aws-region: "${{ secrets.AWS_REGION }}" | |
| - name: Upload to S3 | |
| run: bundle exec rake upload_to_s3 |