Deployment #27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Code generated by kickr; DO NOT EDIT. | |
| name: Deployment | |
| run-name: Deployment | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| netlify: | |
| description: Website deployment mode. | |
| type: choice | |
| options: | |
| - full | |
| - none | |
| default: full | |
| release: | |
| description: Release job run mode. | |
| type: choice | |
| options: | |
| - dry-run | |
| - none | |
| - release | |
| default: release | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| run-workflow: | |
| name: Run | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| steps: | |
| # https://docs.stepsecurity.io/harden-runner/workflow-runs | |
| # https://github.com/marketplace/actions/harden-runner | |
| - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| disable-sudo-and-containers: true | |
| egress-policy: audit | |
| - id: conclusion | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| result-encoding: string | |
| script: |- | |
| const { data } = await github.rest.actions.listWorkflowRuns({ | |
| branch: process.env.GITHUB_REF_NAME, | |
| owner: context.repo.owner, | |
| page: 1, | |
| per_page: 1, | |
| repo: context.repo.repo, | |
| workflow_id: process.env.WORKFLOW_ID, | |
| }) | |
| const latest = data.workflow_runs.at(0) | |
| if (!latest) { | |
| throw new Error(`No '${process.env.WORKFLOW_ID}' workflow runs found on ref name '${process.env.GITHUB_REF_NAME}'`) | |
| } | |
| console.log(latest) | |
| return latest.conclusion | |
| env: | |
| WORKFLOW_ID: integration.yml | |
| - if: ${{ steps.conclusion.outputs.result != 'success' }} | |
| run: |- | |
| echo "Latest '$WORKFLOW_ID' workflow on '$GITHUB_REF_NAME' isn't in success conclusion: '$WORKFLOW_CONCLUSION'" && exit 1 | |
| env: | |
| WORKFLOW_CONCLUSION: ${{ steps.conclusion.outputs.result }} | |
| WORKFLOW_ID: integration.yml | |
| version: | |
| name: Version | |
| runs-on: ubuntu-latest | |
| needs: run-workflow | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| id-token: none | |
| steps: | |
| # https://docs.stepsecurity.io/harden-runner/workflow-runs | |
| # https://github.com/marketplace/actions/harden-runner | |
| - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| disable-sudo-and-containers: true | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| # https://github.com/marketplace/actions/action-for-semantic-release | |
| - id: semrel_version | |
| uses: cycjimmy/semantic-release-action@9cc899c47e6841430bbaedb43de1560a568dfd16 # v5.0.0 | |
| with: | |
| dry_run: true | |
| # renovate: datasource=github-tags packageName=semantic-release/semantic-release depName=semantic-release | |
| semantic_version: v24.2.8 | |
| extra_plugins: |- | |
| @semantic-release/changelog | |
| @semantic-release/commit-analyzer | |
| @semantic-release/exec | |
| @semantic-release/git | |
| @semantic-release/github | |
| @semantic-release/release-notes-generator | |
| conventional-changelog-conventionalcommits | |
| semantic-release-license | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - id: version | |
| run: |- | |
| if [ -n "$SEMREL_INFO_NEXT_VERSION" ]; then | |
| echo "version=v${SEMREL_INFO_NEXT_VERSION#v}" >> $GITHUB_OUTPUT | |
| else | |
| DESCRIBE=$(git describe --tags || echo "v0.0.0") | |
| echo "version=v${DESCRIBE#v}" >> $GITHUB_OUTPUT | |
| fi | |
| env: | |
| SEMREL_INFO_NEXT_VERSION: ${{ steps.semrel_version.outputs.new_release_version }} | |
| - run: echo ${VERSION} | |
| env: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| hugo-build: | |
| name: Hugo Build ${{ matrix.name }} | |
| runs-on: ubuntu-latest | |
| needs: version | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - artifact: build | |
| directory: . | |
| - artifact: build-exampleSite | |
| directory: exampleSite | |
| name: (exampleSite) | |
| defaults: | |
| run: | |
| working-directory: ${{ matrix.directory }} | |
| steps: | |
| # https://docs.stepsecurity.io/harden-runner/workflow-runs | |
| # https://github.com/marketplace/actions/harden-runner | |
| - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| disable-sudo-and-containers: true | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 # fetch all history for .GitInfo and .Lastmod | |
| submodules: true # fetch Hugo themes | |
| - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| path: ${{ github.workspace }}/.hugo_cache | |
| key: hugomod | |
| restore-keys: | | |
| hugomod | |
| # https://github.com/marketplace/actions/hugo-setup | |
| - uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 | |
| with: | |
| hugo-version: latest | |
| extended: true | |
| - run: hugo --gc --enableGitInfo --minify --destination dist --logLevel "$LOG_LEVEL" | |
| env: | |
| LOG_LEVEL: ${{ vars.HUGO_LOG_LEVEL || 'info' }} | |
| VERSION: ${{ needs.version.outputs.version }} | |
| - if: ${{ endsWith(matrix.artifact, '-pages') }} | |
| uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 | |
| with: | |
| name: ${{ matrix.artifact }} | |
| path: ${{ matrix.directory }}/dist | |
| retention-days: 1 | |
| - if: ${{ !endsWith(matrix.artifact, '-pages') }} | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: ${{ matrix.artifact }} | |
| path: ${{ matrix.directory }}/dist | |
| retention-days: 1 | |
| netlify: | |
| name: Netlify | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.netlify != 'none' }} | |
| needs: | |
| - hugo-build | |
| environment: | |
| name: netlify | |
| url: ${{ steps.netlify.outputs.deploy-url }} | |
| permissions: | |
| deployments: write | |
| pull-requests: write | |
| steps: | |
| # https://docs.stepsecurity.io/harden-runner/workflow-runs | |
| # https://github.com/marketplace/actions/harden-runner | |
| - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| disable-sudo-and-containers: true | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: build-exampleSite | |
| path: dist | |
| - id: branch_sha | |
| run: echo "branch_sha=$(echo "$GITHUB_REF_NAME" | sha256sum | cut -c -8)" >> $GITHUB_OUTPUT | |
| - id: config | |
| run: |- | |
| [ ! -f netlify.toml ] || echo "path=netlify.toml" >> $GITHUB_OUTPUT | |
| # https://github.com/marketplace/actions/netlify-actions | |
| - id: netlify | |
| uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 # v3.0.0 | |
| with: | |
| alias: ${{ steps.branch_sha.outputs.branch_sha }} | |
| deploy-message: ${{ github.ref_name }} | |
| enable-commit-comment: false | |
| enable-commit-status: false | |
| github-deployment-environment: netlify | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| netlify-config-path: ${{ steps.config.outputs.path }} | |
| production-branch: ${{ github.event.repository.default_branch }} | |
| publish-dir: dist | |
| env: | |
| NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
| NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.release != 'none' && github.ref_protected }} | |
| needs: | |
| - hugo-build | |
| - netlify | |
| environment: | |
| name: release | |
| url: ${{ steps.environment_url.outputs.environment_url }} | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| id-token: none | |
| steps: | |
| # https://docs.stepsecurity.io/harden-runner/workflow-runs | |
| # https://github.com/marketplace/actions/harden-runner | |
| - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| disable-sudo-and-containers: true | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| # https://github.com/marketplace/actions/action-for-semantic-release | |
| - id: semrel_version | |
| uses: cycjimmy/semantic-release-action@9cc899c47e6841430bbaedb43de1560a568dfd16 # v5.0.0 | |
| with: | |
| dry_run: ${{ inputs.release != 'release' }} | |
| # renovate: datasource=github-tags packageName=semantic-release/semantic-release depName=semantic-release | |
| semantic_version: v24.2.8 | |
| extra_plugins: |- | |
| @semantic-release/changelog | |
| @semantic-release/commit-analyzer | |
| @semantic-release/exec | |
| @semantic-release/git | |
| @semantic-release/github | |
| @semantic-release/release-notes-generator | |
| conventional-changelog-conventionalcommits | |
| semantic-release-license | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - id: environment_url | |
| if: ${{ inputs.release == 'release' && steps.semrel_version.outputs.new_release_published == 'true' }} | |
| run: |- | |
| [ -z "$VERSION" ] || echo "environment_url=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/tag/v${VERSION#v}" >> $GITHUB_OUTPUT | |
| env: | |
| VERSION: ${{ steps.semrel_version.outputs.new_release_version }} |