Skip to content

KSYNC

KSYNC #476

Workflow file for this run

name: chain-docs
on:
push:
branches: [master]
issue_comment:
types: [created]
jobs:
member:
name: Check whether it is triggered by team members or pushed
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event.comment.body == '/staging'
outputs:
valid: ${{ steps.setValid.outputs.valid }}
steps:
- uses: tspascoal/[email protected]
id: checkUserMember
if: github.event_name == 'issue_comment'
with:
username: ${{ github.actor }}
team: 'docs-maintainers'
GITHUB_TOKEN: ${{ secrets.ORG_READ_BOT_PAT }}
- name: set valid if it is push event or it is triggered by team members
id: setValid
run: |
if [[ "${{ steps.checkUserMember.outputs.isTeamMember }}" == "true" ]]; then
echo "::set-output name=valid::true"
elif [[ "${{ github.event_name }}" == "push" ]]; then
echo "::set-output name=valid::true"
else
echo "::set-output name=valid::false"
fi
scan:
name: Scan
runs-on: ubuntu-22.04
needs: [member]
if: ${{ needs.member.outputs.valid == 'true' }}
steps:
- name: Github API Request
id: request
uses: octokit/[email protected]
if: github.event_name == 'issue_comment'
with:
route: ${{ github.event.issue.pull_request.url }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get PR informations
id: pr_data
if: github.event_name == 'issue_comment'
run: |
echo "::set-output name=branch::${{ fromJson(steps.request.outputs.data).head.ref }}"
echo "::set-output name=repo_name::${{ fromJson(steps.request.outputs.data).head.repo.full_name }}"
- name: Checkout PR Branch
uses: actions/checkout@v2
if: github.event_name == 'issue_comment'
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ steps.pr_data.outputs.repo_name }}
ref: ${{ steps.pr_data.outputs.branch }}
- name: Check MASTER code
uses: actions/checkout@v2
if: github.event_name == 'push'
- name: Perform ShiftLeft Scan
uses: ShiftLeftSecurity/scan-action@master
env:
WORKSPACE: ""
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SCAN_AUTO_BUILD: true
with:
output: reports
# Scan auto-detects the languages in your project. To override uncomment the below variable and set the type
# type: credscan,java
# type: python
# - name: Upload report
# uses: github/codeql-action/upload-sarif@v1
# with:
# sarif_file: reports
build:
name: Build
runs-on: ubuntu-22.04
needs: [member, scan]
if: ${{ needs.member.outputs.valid == 'true' }}
steps:
- name: Github API Request
id: request
uses: octokit/[email protected]
if: github.event_name == 'issue_comment'
with:
route: ${{ github.event.issue.pull_request.url }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get PR informations
id: pr_data
if: github.event_name == 'issue_comment'
run: |
echo "::set-output name=branch::${{ fromJson(steps.request.outputs.data).head.ref }}"
echo "::set-output name=repo_name::${{ fromJson(steps.request.outputs.data).head.repo.full_name }}"
- name: Checkout PR Branch
uses: actions/checkout@v2
if: github.event_name == 'issue_comment'
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ steps.pr_data.outputs.repo_name }}
ref: ${{ steps.pr_data.outputs.branch }}
- name: Check MASTER code
uses: actions/checkout@v2
if: github.event_name == 'push'
- uses: actions/setup-node@v1
with:
node-version: "12"
- name: ci
env:
MASTER_AWS_ACCESS_KEY_ID: ${{ secrets.MASTER_AWS_ACCESS_KEY_ID }}
MASTER_AWS_SECRET_ACCESS_KEY: ${{ secrets.MASTER_AWS_SECRET_ACCESS_KEY }}
MASTER_BUCKET_NAME: ${{ secrets.MASTER_BUCKET_NAME }}
MASTER_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.MASTER_CLOUDFRONT_DISTRIBUTION_ID }}
MASTER_REGION: ${{ secrets.MASTER_REGION }}
EVENT: ${{ github.event_name }}
STAGING_AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }}
STAGING_AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}
STAGING_BUCKET_NAME: ${{ secrets.STAGING_BUCKET_NAME }}
STAGING_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.STAGING_CLOUDFRONT_DISTRIBUTION_ID }}
STAGING_REGION: ${{ secrets.STAGING_REGION }}
run: |
. ci/scripts/prepare
ci/scripts/build
ci/scripts/deploy