From f7f2e179b51923025dd5a095bbd5d7785e23ef71 Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Sat, 30 Mar 2024 19:12:48 -0500 Subject: [PATCH] Use GitHub Actions instead of Netlify (#2462) --- .../{pages.yml => build-offline.yml} | 88 +++++----- .github/workflows/build.yml | 11 +- .github/workflows/deploy.yml | 98 +++++++++-- .github/workflows/download-repo.yml | 10 +- .github/workflows/mirror.yml | 9 - .../{preview-pr.yml => publish-pr.yml} | 6 +- .github/workflows/release.yml | 154 +++++++----------- 7 files changed, 200 insertions(+), 176 deletions(-) rename .github/workflows/{pages.yml => build-offline.yml} (50%) rename .github/workflows/{preview-pr.yml => publish-pr.yml} (94%) diff --git a/.github/workflows/pages.yml b/.github/workflows/build-offline.yml similarity index 50% rename from .github/workflows/pages.yml rename to .github/workflows/build-offline.yml index f45243dbd8..cb449813af 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/build-offline.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2024 Jonah Aragon +# Copyright (c) 2024 Jonah Aragon # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to @@ -18,36 +18,33 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. -name: 🛠️ Deploy to GitHub Pages +name: Build Offline Website on: - workflow_dispatch: - release: - types: [published] - -# Allow one concurrent deployment -concurrency: - group: "pages" - cancel-in-progress: true - -env: - PYTHON_VERSION: 3.8 + workflow_call: jobs: build: - name: Build - runs-on: ubuntu-latest + permissions: + contents: read + steps: - name: Checkout repository uses: actions/checkout@v4 with: - fetch-depth: '0' - ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} - submodules: 'true' + persist-credentials: 'false' + + - uses: actions/download-artifact@v4 + with: + pattern: repo-* + path: modules - - name: Pages setup - uses: actions/configure-pages@v4 + - run: | + rmdir modules/mkdocs-material + mv modules/repo-mkdocs-material-insiders modules/mkdocs-material + rmdir theme/assets/brand + mv modules/repo-brand theme/assets/brand - name: Python setup uses: actions/setup-python@v5 @@ -70,31 +67,40 @@ jobs: - name: Build website env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CARDS: true + CARDS: false + CONTEXT: deploy-preview + NETLIFY: true run: | - pipenv run mkdocs build --config-file config/mkdocs.en.yml + pipenv run mkdocs build --config-file config/mkdocs-offline.yml pipenv run mkdocs --version - - name: Package website - uses: actions/upload-pages-artifact@v3 - with: - path: site + - name: Package website + run: | + tar -czvf offline.tar.gz site + zip -r -q offline.zip site - deploy: - name: Deploy - needs: build + - name: Upload tar.gz file + uses: actions/upload-artifact@v4 + with: + name: offline.tar.gz + path: offline.tar.gz - # Grant GITHUB_TOKEN the permissions required to make a Pages deployment - permissions: - pages: write # to deploy to Pages - id-token: write # to verify the deployment originates from an appropriate source + - name: Upload zip file + uses: actions/upload-artifact@v4 + with: + name: offline.zip + path: offline.zip - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} + - name: Create ZIM File + uses: addnab/docker-run-action@v3 + with: + image: ghcr.io/openzim/zim-tools:3.1.3 + options: -v ${{ github.workspace }}:/data + run: | + zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site /data/privacy_guides.zim - runs-on: ubuntu-latest - steps: - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@main + - name: Upload ZIM file + uses: actions/upload-artifact@v4 + with: + name: offline-privacy_guides.zim + path: offline-privacy_guides.zim diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 02cc3a85c7..730cc609b8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,19 +53,20 @@ jobs: - uses: actions/download-artifact@v4 with: + pattern: repo-* path: modules - run: | rmdir modules/mkdocs-material - mv modules/mkdocs-material-insiders modules/mkdocs-material + mv modules/repo-mkdocs-material-insiders modules/mkdocs-material rmdir theme/assets/brand - mv modules/brand theme/assets/brand + mv modules/repo-brand theme/assets/brand - if: inputs.i18n run: | - cp -rl modules/i18n/i18n . - cp -rl modules/i18n/includes . - cp -rl modules/i18n/theme . + cp -rl modules/repo-i18n/i18n . + cp -rl modules/repo-i18n/includes . + cp -rl modules/repo-i18n/theme . - name: Python setup uses: actions/setup-python@v5 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 54f7502bc6..fa7adb82bf 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -18,31 +18,31 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. -name: Cleanup Artifacts +name: Deploy Website Build on: workflow_call: inputs: - netlify: + netlify_preview: type: boolean netlify_alias: type: string + netlify_production: + type: boolean + github_pages: + type: boolean outputs: - netlify_address: - value: ${{ jobs.netlify.outputs.address }} + netlify_preview_address: + value: ${{ jobs.netlify_preview.outputs.address }} secrets: NETLIFY_TOKEN: jobs: - netlify: - if: inputs.netlify + netlify_preview: + if: inputs.netlify_preview runs-on: ubuntu-latest outputs: - address: ${{ steps.deployment.outputs.address }} - - environment: - name: preview-netlify - url: ${{ steps.deployment.outputs.address }} + address: ${{ steps.address.outputs.address }} steps: - uses: actions/download-artifact@v4 @@ -60,13 +60,83 @@ jobs: - run: | npm install netlify-cli -g - - name: Limit length of Netlify alias to 12 + - if: inputs.netlify_preview + name: Limit length of Netlify alias to 12 run: echo "SHORT_ALIAS=`echo ${{ inputs.netlify_alias }} | cut -c1-12`" >> $GITHUB_ENV - - id: deployment + - if: inputs.netlify_preview + id: deployment env: NETLIFY_SITE_ID: ${{ vars.NETLIFY_SITE }} NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }} run: | netlify deploy --dir=site --alias=${{ env.SHORT_ALIAS }} - echo "address=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_OUTPUT" + echo "DEPLOYED_ADDRESS=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_ENV" + + - id: address + run: | + echo "address=$DEPLOYED_ADDRESS" >> "$GITHUB_OUTPUT" + + netlify: + if: inputs.netlify_production + runs-on: ubuntu-latest + + environment: + name: production + url: https://www.privacyguides.org + + steps: + - uses: actions/download-artifact@v4 + with: + pattern: site-build-* + merge-multiple: true + + - run: | + for file in *.tar.gz; do tar -zxf "$file"; done + wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml + ls -la site/ + + - uses: actions/setup-node@v4 + + - run: | + npm install netlify-cli -g + + - id: prod_deployment + env: + NETLIFY_SITE_ID: ${{ vars.PROD_NETLIFY_SITE }} + NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }} + run: | + netlify deploy --dir=site --prod-if-unlocked + + github_pages: + if: inputs.github_pages + runs-on: ubuntu-latest + + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + + # Grant GITHUB_TOKEN the permissions required to make a Pages deployment + permissions: + contents: read + pages: write # to deploy to Pages + id-token: write # to verify the deployment originates from an appropriate source + + steps: + - uses: actions/configure-pages@v5 + + - uses: actions/download-artifact@v4 + with: + pattern: site-build-* + merge-multiple: true + + - run: | + for file in *.tar.gz; do tar -zxf "$file"; done + ls -la site/ + + - uses: actions/upload-pages-artifact@v3 + with: + path: site + + - id: deployment + uses: actions/deploy-pages@main diff --git a/.github/workflows/download-repo.yml b/.github/workflows/download-repo.yml index 730d3f0ac9..cc80ef9df9 100644 --- a/.github/workflows/download-repo.yml +++ b/.github/workflows/download-repo.yml @@ -18,7 +18,7 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. -name: Download repository +name: Download Repository on: workflow_call: @@ -33,18 +33,16 @@ on: jobs: download: runs-on: ubuntu-latest - environment: - name: actions-ssh steps: - name: Checkout repository uses: actions/checkout@v4 with: repository: 'privacyguides/${{ inputs.repo }}' - path: ${{ inputs.repo }} + path: repo-${{ inputs.repo }} ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} - uses: actions/upload-artifact@v4 with: - name: ${{ inputs.repo }} - path: ${{ inputs.repo }} + name: repo-${{ inputs.repo }} + path: repo-${{ inputs.repo }} retention-days: 1 diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml index 0c71de907b..be05831ca7 100644 --- a/.github/workflows/mirror.yml +++ b/.github/workflows/mirror.yml @@ -29,9 +29,6 @@ concurrency: jobs: gitlab: runs-on: ubuntu-latest - environment: - name: actions-ssh - url: https://gitlab.com/privacyguides/privacyguides.org steps: - name: Mirror to GitLab uses: wearerequired/git-mirror-action@v1 @@ -43,9 +40,6 @@ jobs: codeberg: runs-on: ubuntu-latest - environment: - name: actions-ssh - url: https://codeberg.org/privacyguides/privacyguides.org steps: - name: Mirror to Codeberg uses: wearerequired/git-mirror-action@v1 @@ -57,9 +51,6 @@ jobs: sourcehut: runs-on: ubuntu-latest - environment: - name: actions-ssh - url: https://git.sr.ht/~jonaharagon/privacyguides.org steps: - name: Mirror to SourceHut uses: wearerequired/git-mirror-action@v1 diff --git a/.github/workflows/preview-pr.yml b/.github/workflows/publish-pr.yml similarity index 94% rename from .github/workflows/preview-pr.yml rename to .github/workflows/publish-pr.yml index a69bda3434..8829674977 100644 --- a/.github/workflows/preview-pr.yml +++ b/.github/workflows/publish-pr.yml @@ -18,7 +18,7 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. -name: Build Pull Request Preview +name: 📦 Publish Pull Request Preview on: pull_request_target: @@ -61,7 +61,7 @@ jobs: needs: build uses: ./.github/workflows/deploy.yml with: - netlify: true + netlify_preview: true netlify_alias: ${{ github.event.pull_request.head.sha }} secrets: NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} @@ -72,7 +72,7 @@ jobs: needs: deploy runs-on: ubuntu-latest env: - address: ${{ needs.deploy.outputs.netlify_address }} + address: ${{ needs.deploy.outputs.netlify_preview_address }} steps: - uses: thollander/actions-comment-pull-request@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ac67fd2307..3c8e52adb8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,101 +25,53 @@ on: tags: - '*' -jobs: - production: - name: Push release to production - runs-on: ubuntu-latest - environment: - name: actions-ssh - permissions: - contents: write +concurrency: + group: "pages" + cancel-in-progress: true - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: '0' - ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} - submodules: 'true' +permissions: + contents: write + pages: write + id-token: write - - name: Push to production branch - run: | - git push origin HEAD:production +jobs: + submodules: + strategy: + matrix: + repo: [mkdocs-material-insiders, brand, i18n] + uses: ./.github/workflows/download-repo.yml + with: + repo: ${{ matrix.repo }} + secrets: + ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }} build: - name: Create release packages - runs-on: ubuntu-latest - environment: - name: actions-ssh - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: '0' - ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} - submodules: 'true' - - - name: Python setup - uses: actions/setup-python@v5 - with: - python-version: '3.8' - cache: 'pipenv' - - - name: Cache files - uses: actions/cache@v4.0.2 - with: - key: ${{ github.ref }} - path: .cache - - - name: Install Python dependencies - run: | - pip install pipenv - pipenv install - sudo apt install pngquant - - - name: Build website - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CARDS: false - run: | - pipenv run mkdocs build --config-file config/mkdocs-offline.yml - pipenv run mkdocs --version - - - name: Package website - run: | - tar -czvf offline.tar.gz site - zip -r -q offline.zip site - - - name: Upload tar.gz file - uses: actions/upload-artifact@v4 - with: - name: offline.tar.gz - path: offline.tar.gz - - - name: Upload zip file - uses: actions/upload-artifact@v4 - with: - name: offline.zip - path: offline.zip - - - name: Create ZIM File - uses: addnab/docker-run-action@v3 - with: - image: ghcr.io/openzim/zim-tools:3.1.3 - options: -v ${{ github.workspace }}:/data - run: | - zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site /data/privacy_guides.zim - - - name: Upload ZIM file - uses: actions/upload-artifact@v4 - with: - name: privacy_guides.zim - path: privacy_guides.zim + needs: submodules + strategy: + matrix: + lang: [es, fr, he, it, nl, ru, zh-Hant] + i18n: [true] + include: + - lang: en + i18n: false + permissions: + contents: read + uses: ./.github/workflows/build.yml + with: + ref: ${{ github.repository }} + repo: ${{ github.ref }} + lang: ${{ matrix.lang }} + i18n: ${{ matrix.i18n }} + + buildoffline: + needs: submodules + permissions: + contents: read + uses: ./.github/workflows/build-offline.yml release: name: Create release notes - needs: build + needs: buildoffline runs-on: ubuntu-latest permissions: contents: write @@ -127,19 +79,25 @@ jobs: steps: - uses: actions/download-artifact@v4 with: - name: offline.tar.gz - - - uses: actions/download-artifact@v4 - with: - name: offline.zip - - - uses: actions/download-artifact@v4 - with: - name: privacy_guides.zim + pattern: offline* + merge-multiple: true - name: Create release notes uses: ncipollo/release-action@v1 with: generateReleaseNotes: true token: ${{ secrets.REPO_TOKEN }} - artifacts: "offline.zip,offline.tar.gz,privacy_guides.zim" + artifacts: "offline.zip,offline.tar.gz,offline-privacy_guides.zim" + + deploy: + needs: build + uses: ./.github/workflows/deploy.yml + with: + netlify_production: true + github_pages: true + secrets: + NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} + + cleanup: + needs: [build, buildoffline] + uses: ./.github/workflows/cleanup.yml