fix: update token script (role_based_scopes_update_token) should reje… #5203
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish docs via GitHub Pages | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- 'docs/**' | |
- 'charts/**' | |
- 'mkdocs.yml' | |
- 'docker-jans-**/README.md' | |
pull_request: | |
branches: | |
- main | |
paths: | |
- 'docs/**' | |
- 'charts/**' | |
- 'mkdocs.yml' | |
- 'docker-jans-**/README.md' | |
release: | |
types: | |
- published | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Version tag (e.g."v1.1.6")' | |
default: "nightly" | |
required: false | |
concurrency: | |
group: run-once | |
cancel-in-progress: false | |
permissions: | |
contents: read | |
jobs: | |
build: | |
permissions: | |
contents: write # for Git to git push | |
if: github.repository == 'JanssenProject/jans' | |
name: Deploy docs | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
- name: Set up Python 3.10 | |
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | |
with: | |
python-version: "3.10" | |
cache: pip | |
cache-dependency-path: docs/requirements.txt | |
- name: Install dependencies | |
run: | | |
pip install --require-hashes -r docs/requirements.txt | |
cp mkdocs.yml ../ | |
- name: Checkout jans ${{ github.event.inputs.version }} | |
if: >- | |
github.event_name == 'workflow_dispatch' | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: '${{ github.event.inputs.version }}' | |
fetch-depth: 0 | |
token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
- name: Copy files from main to ${{ github.event.inputs.version }} | |
if: >- | |
github.event_name == 'workflow_dispatch' | |
run: | | |
mv ../mkdocs.yml mkdocs.yml | |
- name: Copy generated chart from main | |
run: | | |
helm package charts/janssen/ | |
helm package charts/janssen-all-in-one/ | |
cp janssen-*.tgz ../ | |
- name: Import GPG key | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
with: | |
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: Configure Git | |
run: | | |
git config --global user.name "mo-auto" | |
git config --global user.email "[email protected]" | |
git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}" | |
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token | |
- name: Generate docs | |
continue-on-error: true | |
if: >- | |
github.event_name == 'release' && | |
github.event.action == 'published' && | |
(!github.event.release.draft) && | |
(startsWith(github.event.release.name, 'v') || github.event.release.name == 'nightly') | |
env: | |
VERSION: ${{ github.event.release.tag_name }} | |
run: | | |
mkdir temp && cd temp | |
git clone https://mo-auto:${{ secrets.MOAUTO_WORKFLOW_TOKEN }}@github.com/JanssenProject/jans.git | |
cd jans | |
git checkout -b cn-jans-update-auto-generated-docs | |
git pull origin cn-jans-update-auto-generated-docs || echo "Nothing to pull" | |
echo "Custom work on generating docs can go here." | |
# Run cn docs | |
sudo bash ./automation/docs/generated-cn-docs.sh . || echo "something went wrong with generating the cn docs" | |
echo "Generating auto-generated docs and push to main" | |
sudo bash ./automation/docs/generate-autogenerated-docs.sh . || echo "something went wrong with generating the property docs" | |
cd docs | |
git add . || echo "Nothing to add" | |
git commit -a -S -m "docs: auto-generated property docs" || echo "Nothing to commit" | |
cd .. | |
echo "Add jans-config-api Swagger SPECs that are auto-generated via API annotations" | |
sudo bash ./automation/docs/generate-swagger-specs.sh . || echo "something went wrong with generating the swagger docs" | |
cd jans-config-api/docs | |
git add . || echo "Nothing to add" | |
git commit -a -S -m "docs: auto-generated Swagger SPEC docs" || echo "Nothing to commit" | |
cd ../.. | |
git push --set-upstream origin cn-jans-update-auto-generated-docs | |
MESSAGE="fix(docs): autogenerate docs" | |
PR=$(gh pr create --body "Auto generated docs" --title "${MESSAGE}") | |
cd ../../ | |
sudo rm -rf temp | |
- name: mike deploy ${{ github.event.inputs.version }} | |
if: >- | |
github.event_name == 'workflow_dispatch' | |
run: | | |
mike deploy --push --force ${{ github.event.inputs.version }} | |
# This deploys the current docs into gh-pages/head on merges to main | |
# The old "main" gets deleted if it exists, head is more descriptive | |
- name: mike deploy head | |
if: contains(github.ref, 'refs/heads/main') && github.event_name != 'workflow_dispatch' | |
run: | | |
mike deploy --push head | |
# If a release has been published, deploy it as a new version | |
- name: mike deploy new version | |
if: >- | |
github.event_name == 'release' && | |
github.event.action == 'published' && | |
(!github.event.release.draft) && | |
(startsWith(github.event.release.name, 'v') || github.event.release.name == 'nightly') | |
env: | |
VERSION: ${{ github.event.release.tag_name }} | |
run: | | |
mike deploy --push "$VERSION" | |
- name: Update mike version aliases | |
#if: >- | |
# github.event_name != 'workflow_dispatch' | |
id: set_versions | |
run: | | |
GITHUB_EVENT_RELEASE_TAG_NAME="${{ github.event.release.tag_name }}" | |
TAGS=$(gh release list -L 1000 -R ${{ github.repository }} | grep -o '^\v.*'| grep -v Draft | cut -f 1 | sed '/-/!{s/$/_/}' | sort -V | sed 's/_$//') | |
LATEST=$(echo "${TAGS}" | tail -1) | |
STABLE=$(echo "${TAGS}" | grep -v -- "nightly" | tail -1) | |
if [[ "$GITHUB_EVENT_RELEASE_TAG_NAME" == 'nightly' ]]; then | |
LATEST='nightly' | |
fi | |
echo "Latest is $LATEST and Stable is $STABLE" | |
# remove below two lines after first release | |
#LATEST="head" | |
#STABLE="head" | |
mike alias -u head main | |
mike alias -u "${STABLE}" stable | |
mike set-default --push stable | |
echo "LATEST=${LATEST}" >> $GITHUB_OUTPUT | |
echo "STABLE=${STABLE}" >> $GITHUB_OUTPUT | |
# Ensures the current branch is gh-pages, | |
# Creates / updates the "stable" and "latest" plain text files with the corresponding versions | |
# Commits if the files were changed | |
# Finally pushes if there are unpushed commits | |
- name: Create version files | |
#if: >- | |
# github.event_name != 'workflow_dispatch' | |
run: | | |
LATEST=${{ steps.set_versions.outputs.LATEST }} | |
STABLE=${{ steps.set_versions.outputs.STABLE }} | |
git checkout gh-pages | |
git pull origin gh-pages | |
# move generated chart from a previous step | |
mv ../janssen-*.tgz ./charts/ | |
cd ./charts | |
git add janssen-*.tgz && git update-index --refresh | |
helm repo index . | |
git add index.yaml && git update-index --refresh | |
cd .. | |
# END move generated chart from a previous step | |
echo "Replacing release number markers with actual release number" | |
cd ${LATEST} | |
if [[ "${LATEST}" == "nightly" ]]; then | |
egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-janssen-version/0.0.0-nightly/g" | |
egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/v0.0.0-nightly/nightly/g" | |
else | |
egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-janssen-version/${LATEST:1}/g" | |
fi | |
git add . && git update-index --refresh | |
cd .. | |
for folder in */; do | |
if [[ $folder != "${STABLE}/" ]]; then | |
git rm -r $folder/admin/reference/javadocs || echo "Nothing to remove" | |
fi | |
done | |
# Replace scarf url | |
sed -i -e "s/placeholder-scarf-pixel-url/https:\/\/static.scarf.sh\/a.png?x-pxid=2c347abc-a9b4-4c4b-bdc9-2682edbcc0c9/g" ${STABLE}/overrides/main.html | |
git add ${STABLE}/overrides/main.html && git update-index --refresh | |
git diff-index --quiet HEAD -- || git commit -S -m "docs: update scarf pixel url" | |
echo "${STABLE}" > stable.txt | |
git add stable.txt && git update-index --refresh | |
git diff-index --quiet HEAD -- || git commit -S -m "Set stable to ${STABLE}" | |
echo "${LATEST}" > latest.txt | |
git add latest.txt && git update-index --refresh | |
git diff-index --quiet HEAD -- || git commit -S -m "Set latest to ${LATEST}" | |
git push origin gh-pages |