PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-10-01 06:52:46 -04:00
Code

Safer Workflow

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-07-19 07:47:08 -04:00 committed by tommytran732
parent a698a0ac54
commit 422c26c6ce
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
2 changed files with 64 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
.github/workflows/firebase-hosting-pull-request.yml vendored
View File

@ -1,32 +1,44 @@
# This file was auto-generated by the Firebase CLI
# https://github.com/firebase/firebase-tools
name: Deploy to Firebase Hosting on PR name: Deploy to Firebase Hosting on PR
'on': pull_request_target on:
workflow_run:
workflows: ["Build Hugo site on PR"]
types:
- completed
jobs: jobs:
Build_and_Preview: Preview:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: >
${{ github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success' }}
steps: steps:
- name: Checkout - name: Download artifact
uses: actions/checkout@v2 uses: actions/github-script@v3.1.0
with: with:
submodules: true # Fetch Hugo themes (true OR recursive) script: |
fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod var artifacts = await github.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "public"
})[0];
var download = await github.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/public.zip', Buffer.from(download.data));
#- name: Fecth External Blog - name: Unzip artifact
# run: ./external-blogs.sh run: unzip public.zip
- name: Hugo setup - name: Deploy to Firebase
uses: peaceiris/actions-hugo@v2
with:
hugo-version: 'latest'
- name: Build
run: hugo --minify
- name: Deploy
uses: FirebaseExtended/action-hosting-deploy@v0 uses: FirebaseExtended/action-hosting-deploy@v0
with: with:
repoToken: '${{ secrets.GITHUB_TOKEN }}' repoToken: '${{ secrets.GITHUB_TOKEN }}'
firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_PRIVSEC_356523 }}' firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_PRIVSEC_356523 }}'
projectId: privsec-356523 projectId: privsec-356523

31
.github/workflows/pull-request-reciever.yml vendored Normal file
View File

@ -0,0 +1,31 @@
# This file was auto-generated by the Firebase CLI
# https://github.com/firebase/firebase-tools
name: Build Hugo site on PR
'on': pull_request
jobs:
Build_Hugo_Site:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
submodules: true # Fetch Hugo themes (true OR recursive)
fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod
#- name: Fecth External Blog
# run: ./external-blogs.sh
- name: Hugo setup
uses: peaceiris/actions-hugo@v2
with:
hugo-version: 'latest'
- name: Build Hugo site
run: hugo --minify
- name: Upload artifact
uses: actions/upload-artifact@v2
with:
name: public
path: public/