mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-01-17 17:45:03 +02:00
68 lines
2.2 KiB
YAML
68 lines
2.2 KiB
YAML
variables:
|
|
- &node_image 'node:16-alpine'
|
|
- &when_path
|
|
- "docs/**"
|
|
- ".woodpecker/docs.yml"
|
|
|
|
pipeline:
|
|
build:
|
|
image: *node_image
|
|
commands:
|
|
- cd docs/
|
|
- yarn install --frozen-lockfile
|
|
- yarn build
|
|
when:
|
|
event: [push, pull_request]
|
|
path: *when_path
|
|
|
|
securitycheck:
|
|
image: aquasec/trivy:latest
|
|
commands:
|
|
- trivy fs --exit-code 0 --skip-dirs node_modules/ --skip-dirs plugins/woodpecker-plugins/node_modules --severity UNKNOWN,LOW docs/
|
|
# TODO currently it is not fixable so just do not block currently
|
|
- trivy fs --exit-code 0 --skip-dirs node_modules/ --skip-dirs plugins/woodpecker-plugins/node_modules --severity MEDIUM,HIGH,CRITICAL docs/
|
|
when:
|
|
path: *when_path
|
|
|
|
deploy-preview:
|
|
image: woodpeckerci/plugin-surge-preview:next
|
|
settings:
|
|
path: "docs/build/"
|
|
surge_token:
|
|
from_secret: SURGE_TOKEN
|
|
forge_type: github
|
|
forge_url: "https://github.com"
|
|
forge_repo_token:
|
|
from_secret: GITHUB_TOKEN_SURGE
|
|
when:
|
|
event: pull_request
|
|
path: *when_path
|
|
|
|
# TODO: add step to remove preview again after PR is closed (waiting for #286)
|
|
|
|
deploy:
|
|
image: alpine:3.14.2
|
|
secrets:
|
|
- BOT_PRIVATE_KEY
|
|
commands:
|
|
- apk add openssh-client git rsync
|
|
- mkdir -p $HOME/.ssh
|
|
- ssh-keyscan -t rsa github.com >> $HOME/.ssh/known_hosts
|
|
- echo "$BOT_PRIVATE_KEY" > $HOME/.ssh/id_rsa
|
|
- chmod 0600 $HOME/.ssh/id_rsa
|
|
- git config --global user.email "woodpecker-bot@obermui.de"
|
|
- git config --global user.name "woodpecker-bot"
|
|
- git clone -b ${CI_REPO_DEFAULT_BRANCH} --single-branch git@github.com:woodpecker-ci/woodpecker-ci.github.io.git /repo
|
|
# copy all docs files and delete all old ones, but leave CNAME and index.yaml untouched
|
|
- rsync -r --exclude .git --exclude CNAME --exclude index.yaml --exclude README.md --delete docs/build/ /repo
|
|
- cd /repo
|
|
- git add .
|
|
# exit successfully if nothing changed
|
|
- test -n "$(git status --porcelain)" || exit 0
|
|
- git commit -m "Deploy website - based on ${CI_COMMIT_SHA}"
|
|
- git push
|
|
when:
|
|
event: push
|
|
branch: ${CI_REPO_DEFAULT_BRANCH}
|
|
path: *when_path
|