1
0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-01-17 17:45:03 +02:00

68 lines
2.2 KiB
YAML

variables:
- &node_image 'node:16-alpine'
- &when_path
- "docs/**"
- ".woodpecker/docs.yml"
pipeline:
build:
image: *node_image
commands:
- cd docs/
- yarn install --frozen-lockfile
- yarn build
when:
event: [push, pull_request]
path: *when_path
securitycheck:
image: aquasec/trivy:latest
commands:
- trivy fs --exit-code 0 --skip-dirs node_modules/ --skip-dirs plugins/woodpecker-plugins/node_modules --severity UNKNOWN,LOW docs/
# TODO currently it is not fixable so just do not block currently
- trivy fs --exit-code 0 --skip-dirs node_modules/ --skip-dirs plugins/woodpecker-plugins/node_modules --severity MEDIUM,HIGH,CRITICAL docs/
when:
path: *when_path
deploy-preview:
image: woodpeckerci/plugin-surge-preview:next
settings:
path: "docs/build/"
surge_token:
from_secret: SURGE_TOKEN
forge_type: github
forge_url: "https://github.com"
forge_repo_token:
from_secret: GITHUB_TOKEN_SURGE
when:
event: pull_request
path: *when_path
# TODO: add step to remove preview again after PR is closed (waiting for #286)
deploy:
image: alpine:3.14.2
secrets:
- BOT_PRIVATE_KEY
commands:
- apk add openssh-client git rsync
- mkdir -p $HOME/.ssh
- ssh-keyscan -t rsa github.com >> $HOME/.ssh/known_hosts
- echo "$BOT_PRIVATE_KEY" > $HOME/.ssh/id_rsa
- chmod 0600 $HOME/.ssh/id_rsa
- git config --global user.email "woodpecker-bot@obermui.de"
- git config --global user.name "woodpecker-bot"
- git clone -b ${CI_REPO_DEFAULT_BRANCH} --single-branch git@github.com:woodpecker-ci/woodpecker-ci.github.io.git /repo
# copy all docs files and delete all old ones, but leave CNAME and index.yaml untouched
- rsync -r --exclude .git --exclude CNAME --exclude index.yaml --exclude README.md --delete docs/build/ /repo
- cd /repo
- git add .
# exit successfully if nothing changed
- test -n "$(git status --porcelain)" || exit 0
- git commit -m "Deploy website - based on ${CI_COMMIT_SHA}"
- git push
when:
event: push
branch: ${CI_REPO_DEFAULT_BRANCH}
path: *when_path