KSYNC #476
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: chain-docs | |
on: | |
push: | |
branches: [master] | |
issue_comment: | |
types: [created] | |
jobs: | |
member: | |
name: Check whether it is triggered by team members or pushed | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' || github.event.comment.body == '/staging' | |
outputs: | |
valid: ${{ steps.setValid.outputs.valid }} | |
steps: | |
- uses: tspascoal/[email protected] | |
id: checkUserMember | |
if: github.event_name == 'issue_comment' | |
with: | |
username: ${{ github.actor }} | |
team: 'docs-maintainers' | |
GITHUB_TOKEN: ${{ secrets.ORG_READ_BOT_PAT }} | |
- name: set valid if it is push event or it is triggered by team members | |
id: setValid | |
run: | | |
if [[ "${{ steps.checkUserMember.outputs.isTeamMember }}" == "true" ]]; then | |
echo "::set-output name=valid::true" | |
elif [[ "${{ github.event_name }}" == "push" ]]; then | |
echo "::set-output name=valid::true" | |
else | |
echo "::set-output name=valid::false" | |
fi | |
scan: | |
name: Scan | |
runs-on: ubuntu-22.04 | |
needs: [member] | |
if: ${{ needs.member.outputs.valid == 'true' }} | |
steps: | |
- name: Github API Request | |
id: request | |
uses: octokit/[email protected] | |
if: github.event_name == 'issue_comment' | |
with: | |
route: ${{ github.event.issue.pull_request.url }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get PR informations | |
id: pr_data | |
if: github.event_name == 'issue_comment' | |
run: | | |
echo "::set-output name=branch::${{ fromJson(steps.request.outputs.data).head.ref }}" | |
echo "::set-output name=repo_name::${{ fromJson(steps.request.outputs.data).head.repo.full_name }}" | |
- name: Checkout PR Branch | |
uses: actions/checkout@v2 | |
if: github.event_name == 'issue_comment' | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
repository: ${{ steps.pr_data.outputs.repo_name }} | |
ref: ${{ steps.pr_data.outputs.branch }} | |
- name: Check MASTER code | |
uses: actions/checkout@v2 | |
if: github.event_name == 'push' | |
- name: Perform ShiftLeft Scan | |
uses: ShiftLeftSecurity/scan-action@master | |
env: | |
WORKSPACE: "" | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SCAN_AUTO_BUILD: true | |
with: | |
output: reports | |
# Scan auto-detects the languages in your project. To override uncomment the below variable and set the type | |
# type: credscan,java | |
# type: python | |
# - name: Upload report | |
# uses: github/codeql-action/upload-sarif@v1 | |
# with: | |
# sarif_file: reports | |
build: | |
name: Build | |
runs-on: ubuntu-22.04 | |
needs: [member, scan] | |
if: ${{ needs.member.outputs.valid == 'true' }} | |
steps: | |
- name: Github API Request | |
id: request | |
uses: octokit/[email protected] | |
if: github.event_name == 'issue_comment' | |
with: | |
route: ${{ github.event.issue.pull_request.url }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get PR informations | |
id: pr_data | |
if: github.event_name == 'issue_comment' | |
run: | | |
echo "::set-output name=branch::${{ fromJson(steps.request.outputs.data).head.ref }}" | |
echo "::set-output name=repo_name::${{ fromJson(steps.request.outputs.data).head.repo.full_name }}" | |
- name: Checkout PR Branch | |
uses: actions/checkout@v2 | |
if: github.event_name == 'issue_comment' | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
repository: ${{ steps.pr_data.outputs.repo_name }} | |
ref: ${{ steps.pr_data.outputs.branch }} | |
- name: Check MASTER code | |
uses: actions/checkout@v2 | |
if: github.event_name == 'push' | |
- uses: actions/setup-node@v1 | |
with: | |
node-version: "12" | |
- name: ci | |
env: | |
MASTER_AWS_ACCESS_KEY_ID: ${{ secrets.MASTER_AWS_ACCESS_KEY_ID }} | |
MASTER_AWS_SECRET_ACCESS_KEY: ${{ secrets.MASTER_AWS_SECRET_ACCESS_KEY }} | |
MASTER_BUCKET_NAME: ${{ secrets.MASTER_BUCKET_NAME }} | |
MASTER_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.MASTER_CLOUDFRONT_DISTRIBUTION_ID }} | |
MASTER_REGION: ${{ secrets.MASTER_REGION }} | |
EVENT: ${{ github.event_name }} | |
STAGING_AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }} | |
STAGING_AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }} | |
STAGING_BUCKET_NAME: ${{ secrets.STAGING_BUCKET_NAME }} | |
STAGING_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.STAGING_CLOUDFRONT_DISTRIBUTION_ID }} | |
STAGING_REGION: ${{ secrets.STAGING_REGION }} | |
run: | | |
. ci/scripts/prepare | |
ci/scripts/build | |
ci/scripts/deploy |