1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-12-22 04:41:33 -05:00

Safer Workflow

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-07-19 07:47:08 -04:00 committed by tommytran732
parent a698a0ac54
commit 422c26c6ce
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
2 changed files with 64 additions and 21 deletions

View File

@ -1,32 +1,44 @@
# This file was auto-generated by the Firebase CLI
# https://github.com/firebase/firebase-tools
name: Deploy to Firebase Hosting on PR
'on': pull_request_target
on:
workflow_run:
workflows: ["Build Hugo site on PR"]
types:
- completed
jobs:
Build_and_Preview:
Preview:
runs-on: ubuntu-latest
if: >
${{ github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Download artifact
uses: actions/github-script@v3.1.0
with:
submodules: true # Fetch Hugo themes (true OR recursive)
fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod
script: |
var artifacts = await github.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "public"
})[0];
var download = await github.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/public.zip', Buffer.from(download.data));
#- name: Fecth External Blog
# run: ./external-blogs.sh
- name: Unzip artifact
run: unzip public.zip
- name: Hugo setup
uses: peaceiris/actions-hugo@v2
with:
hugo-version: 'latest'
- name: Build
run: hugo --minify
- name: Deploy
- name: Deploy to Firebase
uses: FirebaseExtended/action-hosting-deploy@v0
with:
repoToken: '${{ secrets.GITHUB_TOKEN }}'
firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_PRIVSEC_356523 }}'
projectId: privsec-356523
projectId: privsec-356523

View File

@ -0,0 +1,31 @@
# This file was auto-generated by the Firebase CLI
# https://github.com/firebase/firebase-tools
name: Build Hugo site on PR
'on': pull_request
jobs:
Build_Hugo_Site:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
submodules: true # Fetch Hugo themes (true OR recursive)
fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod
#- name: Fecth External Blog
# run: ./external-blogs.sh
- name: Hugo setup
uses: peaceiris/actions-hugo@v2
with:
hugo-version: 'latest'
- name: Build Hugo site
run: hugo --minify
- name: Upload artifact
uses: actions/upload-artifact@v2
with:
name: public
path: public/