Skip to content

[StepSecurity] Apply security best practices (#876) #46

[StepSecurity] Apply security best practices (#876)

[StepSecurity] Apply security best practices (#876) #46

Workflow file for this run

name: Docs/Wiki Sync
on:
push:
branches:
- main
paths:
- "docs/wiki/**"
env:
wiki_source_repo: "Azure/ALZ-Bicep"
wiki_source_repo_dir: "Azure/ALZ-Bicep/docs/wiki"
wiki_target_repo: "Azure/ALZ-Bicep.wiki"
github_user_name: "github-actions"
github_email: "41898282+github-actions[bot]@users.noreply.github.com"
github_commit_message: "Wiki Sync from docs/wiki"
permissions:
contents: read
jobs:
sync-wiki:
name: Sync docs/wiki to Wiki
if: github.repository == 'Azure/ALZ-Bicep'
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout Source Repo
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
repository: ${{ env.wiki_source_repo }}
path: ${{ env.wiki_source_repo }}
- name: Checkout Wiki Repo
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
repository: ${{ env.wiki_target_repo }}
path: ${{ env.wiki_target_repo }}
- name: Configure Local Git
run: |
git config --global user.name $github_user_name
git config --global user.email $github_email
working-directory: ${{ env.GITHUB_WORKSPACE }}
- name: Sync docs/wiki Into Wiki Repo
run: |
rsync -avzr --delete --exclude='.git/' "$wiki_source_repo_dir/" "$wiki_target_repo"
working-directory: ${{ env.GITHUB_WORKSPACE }}
- name: Stage & Push Files Into Wiki Repo
run: |
git add .
git commit -m "$github_commit_message [$GITHUB_ACTOR/${GITHUB_SHA::8}]"
git push --set-upstream https://$GITHUB_TOKEN@github.com/$wiki_target_repo.git master
working-directory: ${{ env.wiki_target_repo }}