Version Packages (#3235) #64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Merge | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - main | |
| # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| analysis: | |
| name: Analyze | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: Import Secrets | |
| id: secrets | |
| uses: hashicorp/vault-action@v2 | |
| with: | |
| url: ${{ vars.VAULT_URL }} | |
| role: sonarqube | |
| method: jwt | |
| namespace: admin | |
| secrets: | | |
| secret/data/cicd/sonarqube/global SONAR_TOKEN |SONAR_TOKEN ; | |
| secret/data/cicd/sonarqube/global SONAR_HOST_URL | SONAR_HOST_URL; | |
| - uses: sonarsource/sonarqube-scan-action@master | |
| env: | |
| SONAR_TOKEN: ${{ steps.secrets.outputs.SONAR_TOKEN }} | |
| SONAR_HOST_URL: ${{ steps.secrets.outputs.SONAR_HOST_URL }} | |
| techdocs: | |
| name: Techdocs | |
| runs-on: ubuntu-latest | |
| env: | |
| ENTITY_NAMESPACE: 'default' | |
| ENTITY_KIND: 'component' | |
| ENTITY_NAME: 'figma-plugin' | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v3 | |
| - name: Build docs | |
| run: docker-compose run techdocs | |
| - name: Import Secrets | |
| id: secrets | |
| uses: hashicorp/vault-action@v2 | |
| with: | |
| url: ${{ vars.VAULT_URL }} | |
| role: techdocs | |
| method: jwt | |
| namespace: admin | |
| secrets: | | |
| ${{ vars.TECHDOCS_VAULT_PATH }} access_key | AWS_ACCESS_KEY_ID ; | |
| ${{ vars.TECHDOCS_VAULT_PATH }} secret_key | AWS_SECRET_ACCESS_KEY ; | |
| ${{ vars.TECHDOCS_VAULT_PATH }} security_token | AWS_SESSION_TOKEN ; | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }} | |
| aws-session-token: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }} | |
| aws-region: eu-central-1 | |
| - name: Copy files to the production website with the AWS CLI | |
| run: | | |
| aws s3 sync ./techdocs ${{ vars.TECHDOCS_S3_PATH }}/${ENTITY_NAMESPACE}/${ENTITY_KIND}/${ENTITY_NAME}/ --delete | |