Skip to content

Commit

Permalink
Update workflows to use actions that don't need organization secrets (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
jdbaldry authored Oct 10, 2024
1 parent 9202a1f commit f74f58d
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 105 deletions.
50 changes: 12 additions & 38 deletions .github/workflows/publish-technical-documentation-next.yml
Original file line number Diff line number Diff line change
@@ -1,47 +1,21 @@
name: "publish-technical-documentation-next"
name: publish-technical-documentation-next

on:
push:
branches:
- main
- main
paths:
- "docs/sources/**"
- "docs/sources/**"
workflow_dispatch:
jobs:
test:
runs-on: "ubuntu-latest"
steps:
- name: "Check out code"
uses: "actions/checkout@v3"
- name: "Build website"
run: |
docker run -v ${PWD}/docs/sources:/hugo/content/docs/pyroscope/latest -e HUGO_REFLINKSERRORLEVEL=ERROR --rm grafana/docs-base:latest /bin/bash -c 'make hugo'
sync:
runs-on: "ubuntu-latest"
needs: "test"
if: github.repository == 'grafana/pyroscope'
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: "Check out code"
uses: "actions/checkout@v3"

- name: "Clone website-sync Action"
# WEBSITE_SYNC_TOKEN is a fine-grained GitHub Personal Access Token that expires.
# It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
# GitHub administrator to update the organization secret.
# The IT helpdesk can update the organization secret.
run: "git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.WEBSITE_SYNC_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync"

- name: "Publish to website repository (next)"
uses: "./.github/actions/website-sync"
id: "publish-next"
with:
repository: "grafana/website"
branch: "master"
host: "github.com"
# PUBLISH_TO_WEBSITE_TOKEN is a fine-grained GitHub Personal Access Token that expires.
# It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
# GitHub administrator to update the organization secret.
# The IT helpdesk can update the organization secret.
github_pat: "grafanabot:${{ secrets.PUBLISH_TO_WEBSITE_TOKEN }}"
source_folder: "docs/sources"
target_folder: "content/docs/pyroscope/next"
- uses: actions/checkout@v4
- uses: grafana/writers-toolkit/publish-technical-documentation@publish-technical-documentation/v1
with:
website_directory: content/docs/pyroscope/next
82 changes: 15 additions & 67 deletions .github/workflows/publish-technical-documentation-release.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: "publish-technical-documentation-release"
name: publish-technical-documentation-release

on:
push:
Expand All @@ -10,71 +10,19 @@ on:
- "docs/sources/**"
workflow_dispatch:
jobs:
test:
runs-on: "ubuntu-latest"
steps:
- name: "Check out code"
uses: "actions/checkout@v3"
- name: "Build website"
run: |
docker run -v ${PWD}/docs/sources:/hugo/content/docs/pyroscope/latest -e HUGO_REFLINKSERRORLEVEL=ERROR --rm grafana/docs-base:latest /bin/bash -c 'make hugo'
sync:
runs-on: "ubuntu-latest"
needs: "test"
if: github.repository == 'grafana/pyroscope'
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:

- name: "Checkout Pyroscope repo"
uses: "actions/checkout@v3"
with:
fetch-depth: 0

- name: "Checkout Actions library"
uses: "actions/checkout@v3"
with:
repository: "grafana/grafana-github-actions"
path: "./actions"

- name: "Install Actions from library"
run: "npm install --production --prefix ./actions"

- name: "Determine if there is a matching release tag"
id: "has-matching-release-tag"
uses: "./actions/has-matching-release-tag"
with:
ref_name: "${{ github.ref_name }}"
release_tag_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
release_branch_regexp: "^release/v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
release_branch_with_patch_regexp: "^release/v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"

- name: "Determine technical documentation version"
if: "steps.has-matching-release-tag.outputs.bool == 'true'"
uses: "./actions/docs-target"
id: "target"
with:
ref_name: "${{ github.ref_name }}"

- name: "Clone website-sync Action"
if: "steps.has-matching-release-tag.outputs.bool == 'true'"
# WEBSITE_SYNC_TOKEN is a fine-grained GitHub Personal Access Token that expires.
# It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
# GitHub administrator to update the organization secret.
# The IT helpdesk can update the organization secret.
run: "git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.WEBSITE_SYNC_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync"

- name: "Publish to website repository (release)"
if: "steps.has-matching-release-tag.outputs.bool == 'true'"
uses: "./.github/actions/website-sync"
id: "publish-release"
with:
repository: "grafana/website"
branch: "master"
host: "github.com"
# PUBLISH_TO_WEBSITE_TOKEN is a fine-grained GitHub Personal Access Token that expires.
# It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
# GitHub administrator to update the organization secret.
# The IT helpdesk can update the organization secret.
github_pat: "grafanabot:${{ secrets.PUBLISH_TO_WEBSITE_TOKEN }}"
source_folder: "docs/sources"
# Append ".x" to target to produce a v<major>.<minor>.x directory.
target_folder: "content/docs/pyroscope/${{ steps.target.outputs.target }}.x"
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: grafana/writers-toolkit/publish-technical-documentation-release@publish-technical-documentation-release/v1
with:
release_tag_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
release_branch_regexp: "^release/v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
release_branch_with_patch_regexp: "^release/v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
website_directory: content/docs/pyroscope

0 comments on commit f74f58d

Please sign in to comment.