lint: CRLF => LF (`github.dev` new file mistake)
This commit is contained in:
Brennan Kinney
GitHub
parent
c63e31c92f
commit
d6540de00d
|
|
@ -1,89 +1,89 @@
|
||||||
name: 'Documentation (Preview)'
|
name: 'Documentation (Preview)'
|
||||||
|
|
||||||
# INFO:
|
# INFO:
|
||||||
# This workflow automates generating previews of our docs for PRs.
|
# This workflow automates generating previews of our docs for PRs.
|
||||||
# For security reasons, it is necessary to split the workflow into two separate jobs to manage trust safely.
|
# For security reasons, it is necessary to split the workflow into two separate jobs to manage trust safely.
|
||||||
|
|
||||||
# MAINTAINERS:
|
# MAINTAINERS:
|
||||||
# - This set of `pull_request_target` + `workflow_call` workflows replaces the prior `pull_request` (untrusted) + `workflow_run` (trusted) workflows approach
|
# - This set of `pull_request_target` + `workflow_call` workflows replaces the prior `pull_request` (untrusted) + `workflow_run` (trusted) workflows approach
|
||||||
# due to the need for acquiring PR metadata (Head SHA + PR number), which the `workflow_run` event context cannot provide when PRs are from forks.
|
# due to the need for acquiring PR metadata (Head SHA + PR number), which the `workflow_run` event context cannot provide when PRs are from forks.
|
||||||
# - Please be mindful of the risks when maintaining this workflow:
|
# - Please be mindful of the risks when maintaining this workflow:
|
||||||
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
|
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request_target:
|
pull_request_target:
|
||||||
paths:
|
paths:
|
||||||
- 'docs/**'
|
- 'docs/**'
|
||||||
- '.github/workflows/scripts/docs/build-docs.sh'
|
- '.github/workflows/scripts/docs/build-docs.sh'
|
||||||
|
|
||||||
# If this workflow is triggered while an earlier instance is already running for the PR,
|
# If this workflow is triggered while an earlier instance is already running for the PR,
|
||||||
# cancel that instance in favor of this newly triggered run:
|
# cancel that instance in favor of this newly triggered run:
|
||||||
concurrency:
|
concurrency:
|
||||||
group: deploypreview-pullrequest-${{ github.event.pull_request.number }}
|
group: deploypreview-pullrequest-${{ github.event.pull_request.number }}
|
||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
|
|
||||||
# Common inputs shared between the two workflow jobs (`preview` + `deploy`).
|
# Common inputs shared between the two workflow jobs (`preview` + `deploy`).
|
||||||
# Composed as JSON to pass as a single input which each called job will map into separate ENV for use.
|
# Composed as JSON to pass as a single input which each called job will map into separate ENV for use.
|
||||||
env:
|
env:
|
||||||
PREVIEW_CONTEXT: |
|
PREVIEW_CONTEXT: |
|
||||||
{
|
{
|
||||||
"build_dir": "docs/site/",
|
"build_dir": "docs/site/",
|
||||||
"netlify": {
|
"netlify": {
|
||||||
"site_name": "dms-doc-previews",
|
"site_name": "dms-doc-previews",
|
||||||
"deploy_prefix": "pullrequest-${{ github.event.pull_request.number }}"
|
"deploy_prefix": "pullrequest-${{ github.event.pull_request.number }}"
|
||||||
},
|
},
|
||||||
"pull_request": {
|
"pull_request": {
|
||||||
"head_repo": "${{ github.event.pull_request.head.repo.full_name }}",
|
"head_repo": "${{ github.event.pull_request.head.repo.full_name }}",
|
||||||
"head_sha": "${{ github.event.pull_request.head.sha }}",
|
"head_sha": "${{ github.event.pull_request.head.sha }}",
|
||||||
"number": "${{ github.event.pull_request.number }}"
|
"number": "${{ github.event.pull_request.number }}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Grant `secrets.GITHUB_TOKEN` only the minimum permissions needed by actions to function:
|
# Grant `secrets.GITHUB_TOKEN` only the minimum permissions needed by actions to function:
|
||||||
# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token
|
# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token
|
||||||
# NOTE: See the associated `preview` and `deploy` workflows called for when these permissions are needed.
|
# NOTE: See the associated `preview` and `deploy` workflows called for when these permissions are needed.
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
pull-requests: write
|
pull-requests: write
|
||||||
|
|
||||||
# NOTE: Reusable workflows (`workflow_call`) default to empty secrets.
|
# NOTE: Reusable workflows (`workflow_call`) default to empty secrets.
|
||||||
# Avoid using `secrets: inherit` in favor of passing only the required secrets to the job.
|
# Avoid using `secrets: inherit` in favor of passing only the required secrets to the job.
|
||||||
jobs:
|
jobs:
|
||||||
# WORKAROUND:
|
# WORKAROUND:
|
||||||
# The alternative is to copy/paste the JSON value to the `preview-context` input of each job.
|
# The alternative is to copy/paste the JSON value to the `preview-context` input of each job.
|
||||||
#
|
#
|
||||||
# PROBLEM:
|
# PROBLEM:
|
||||||
# - `<job-id>.with` restricts available contexts to only `github` and `needs`, it's not possible to use `env` context:
|
# - `<job-id>.with` restricts available contexts to only `github` and `needs`, it's not possible to use `env` context:
|
||||||
# https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idwithinput_id
|
# https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idwithinput_id
|
||||||
# - Likewise, workflows presently lack support for YAML anchors:
|
# - Likewise, workflows presently lack support for YAML anchors:
|
||||||
# https://github.com/actions/runner/issues/1182
|
# https://github.com/actions/runner/issues/1182
|
||||||
create-context:
|
create-context:
|
||||||
name: 'Create Context'
|
name: 'Create Context'
|
||||||
runs-on: ubuntu-24.04
|
runs-on: ubuntu-24.04
|
||||||
outputs:
|
outputs:
|
||||||
preview-context: ${{ steps.set-preview-context.outputs.preview-context }}
|
preview-context: ${{ steps.set-preview-context.outputs.preview-context }}
|
||||||
steps:
|
steps:
|
||||||
- id: set-preview-context
|
- id: set-preview-context
|
||||||
# The output value must be a single-line; use `jq` to convert the JSON to minified:
|
# The output value must be a single-line; use `jq` to convert the JSON to minified:
|
||||||
# NOTE: YAML `>-` does not help fold this multi-line content due to use of indentation:
|
# NOTE: YAML `>-` does not help fold this multi-line content due to use of indentation:
|
||||||
# https://github.com/orgs/community/discussions/26105#discussioncomment-3250413
|
# https://github.com/orgs/community/discussions/26105#discussioncomment-3250413
|
||||||
run: echo "preview-context=$(jq --compact-output <<< "${PREVIEW_CONTEXT}")" >> "${GITHUB_OUTPUT}"
|
run: echo "preview-context=$(jq --compact-output <<< "${PREVIEW_CONTEXT}")" >> "${GITHUB_OUTPUT}"
|
||||||
|
|
||||||
# The `prepare` job is for running steps in an untrusted context (necessary to build the docs):
|
# The `prepare` job is for running steps in an untrusted context (necessary to build the docs):
|
||||||
# CAUTION: This runs a build script which the PR could modify for malicious purposes.
|
# CAUTION: This runs a build script which the PR could modify for malicious purposes.
|
||||||
prepare:
|
prepare:
|
||||||
needs: [create-context]
|
needs: [create-context]
|
||||||
uses: docker-mailserver/docker-mailserver/.github/workflows/docs-preview-prepare.yml@main
|
uses: docker-mailserver/docker-mailserver/.github/workflows/docs-preview-prepare.yml@main
|
||||||
with:
|
with:
|
||||||
preview-context: ${{ needs.create-context.outputs.preview-context }}
|
preview-context: ${{ needs.create-context.outputs.preview-context }}
|
||||||
|
|
||||||
# The `deploy` job is for running the remaining steps in a trusted context after building the PR branch:
|
# The `deploy` job is for running the remaining steps in a trusted context after building the PR branch:
|
||||||
# CAUTION: Do not execute any content from untrusted sources (the PR branch or the retrieved artifact from the `prepare` job)
|
# CAUTION: Do not execute any content from untrusted sources (the PR branch or the retrieved artifact from the `prepare` job)
|
||||||
deploy:
|
deploy:
|
||||||
needs: [create-context, prepare]
|
needs: [create-context, prepare]
|
||||||
uses: docker-mailserver/docker-mailserver/.github/workflows/docs-preview-deploy.yml@main
|
uses: docker-mailserver/docker-mailserver/.github/workflows/docs-preview-deploy.yml@main
|
||||||
secrets:
|
secrets:
|
||||||
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
|
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
|
||||||
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
|
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
|
||||||
with:
|
with:
|
||||||
preview-context: ${{ needs.create-context.outputs.preview-context }}
|
preview-context: ${{ needs.create-context.outputs.preview-context }}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue