Use assume-role with OIDC authenticate docs push to S3 #3513
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Check for changes in docs output. | |
name: Docs Diff | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, labeled, unlabeled] | |
jobs: | |
check-label: | |
name: Check for "Docs" label | |
runs-on: ubuntu-latest | |
outputs: | |
hadLabel: ${{ steps.label.outcome == 'skipped' }} | |
steps: | |
- id: label | |
name: Check for "Docs" label | |
run: exit 1 # Fail the job! | |
if: "!contains(github.event.pull_request.labels.*.name, 'Docs')" | |
continue-on-error: true | |
build-head: | |
name: Build docs on HEAD. | |
runs-on: ubuntu-latest | |
needs: check-label | |
if: ${{ needs.check-label.outputs.hadLabel == 'false' }} | |
steps: | |
- uses: actions/cache@v2 | |
id: cache | |
with: | |
path: | | |
docs/public | |
key: docs-${{ github.sha }} | |
- uses: actions/checkout@v2 | |
if: steps.cache.outputs.cache-hit != 'true' | |
- uses: actions/cache@v2 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-check-${{ hashFiles('**/Cargo.lock') }} | |
if: steps.cache.outputs.cache-hit != 'true' | |
### Setup dependencies | |
- uses: actions/setup-python@v2 | |
name: Install Python | |
with: | |
python-version: "3.7" | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Install Ruby + gems | |
uses: ruby/setup-ruby@v1 | |
with: | |
bundler-cache: true | |
ruby-version: 2.4 | |
working-directory: "languages/ruby" | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Install yard | |
run: gem install yard | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Install Rust stable toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "18" | |
if: steps.cache.outputs.cache-hit != 'true' | |
### Build Rust WASM target | |
- name: Add WebAssembly target | |
run: rustup target add wasm32-unknown-unknown | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Install wasm-pack | |
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Build Rust WASM | |
run: make wasm-build | |
if: steps.cache.outputs.cache-hit != 'true' | |
### Build Python package | |
- name: Build Python | |
run: make python-build | |
if: steps.cache.outputs.cache-hit != 'true' | |
### Build docs | |
- name: Setup Hugo | |
uses: peaceiris/actions-hugo@v2 | |
with: | |
hugo-version: '0.79.1' | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Build Hugo docs | |
env: | |
HUGO_SEGMENT_API_KEY: "" | |
run: make build | |
if: steps.cache.outputs.cache-hit != 'true' | |
working-directory: docs | |
- run: tar --create --verbose --gzip --file new-docs.tar.gz docs/public | |
- name: Upload new build of docs. | |
uses: actions/upload-artifact@v2 | |
with: | |
name: new-docs.tar.gz | |
path: new-docs.tar.gz | |
if-no-files-found: error | |
build-base: | |
name: Build docs on base. | |
runs-on: ubuntu-latest | |
needs: check-label | |
if: ${{ needs.check-label.outputs.hadLabel == 'false' }} | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.base_ref }} | |
- name: Get sha of base_ref | |
id: sha | |
run: 'echo "::set-output name=gitsha::$(git rev-parse HEAD)"' | |
- uses: actions/cache@v2 | |
id: cache | |
with: | |
path: | | |
docs/public | |
key: docs-${{ steps.sha.outputs.gitsha }} | |
- uses: actions/cache@v2 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-check-${{ hashFiles('**/Cargo.lock') }} | |
if: steps.cache.outputs.cache-hit != 'true' | |
### Setup dependencies | |
- uses: actions/setup-python@v2 | |
name: Install Python | |
with: | |
python-version: "3.7" | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Install Ruby + gems | |
uses: ruby/setup-ruby@v1 | |
with: | |
bundler-cache: true | |
ruby-version: 2.4 | |
working-directory: "languages/ruby" | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Install yard | |
run: gem install yard | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Install Rust stable toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "18" | |
if: steps.cache.outputs.cache-hit != 'true' | |
### Build Rust WASM target | |
- name: Add WebAssembly target | |
run: rustup target add wasm32-unknown-unknown | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Install wasm-pack | |
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Build Rust WASM | |
run: make wasm-build | |
if: steps.cache.outputs.cache-hit != 'true' | |
### Build Python package | |
- name: Build Python | |
run: make python-build | |
if: steps.cache.outputs.cache-hit != 'true' | |
### Build docs | |
- name: Setup Hugo | |
uses: peaceiris/actions-hugo@v2 | |
with: | |
hugo-version: '0.79.1' | |
if: steps.cache.outputs.cache-hit != 'true' | |
- name: Build Hugo docs | |
env: | |
HUGO_SEGMENT_API_KEY: "" | |
run: make build | |
working-directory: docs | |
if: steps.cache.outputs.cache-hit != 'true' | |
- run: tar --create --verbose --gzip --file old-docs.tar.gz docs/public | |
- name: Upload old build of docs. | |
uses: actions/upload-artifact@v2 | |
with: | |
name: old-docs.tar.gz | |
path: old-docs.tar.gz | |
if-no-files-found: error | |
diff: | |
name: Diff | |
needs: [check-label, build-base, build-head] | |
outputs: | |
no_diff: ${{ steps.diff.outcome != 'failure' }} | |
if: ${{ needs.check-label.outputs.hadLabel == 'false' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Pull old build of docs. | |
uses: actions/download-artifact@v2 | |
with: | |
name: old-docs.tar.gz | |
- run: mkdir -p base && tar --extract --verbose --gzip --file old-docs.tar.gz --directory base | |
- name: Pull new build of docs. | |
uses: actions/download-artifact@v2 | |
with: | |
name: new-docs.tar.gz | |
- run: mkdir -p head && tar --extract --verbose --gzip --file new-docs.tar.gz --directory head | |
- name: Remove ignored files (generated api docs) | |
run: rm -rf base/docs/public/java/reference/api base/docs/public/ruby/reference/api base/docs/public/node/reference/api | |
- name: Remove ignored files (generated api docs) | |
run: rm -rf head/docs/public/java/reference/api head/docs/public/ruby/reference/api head/docs/public/node/reference/api | |
- name: Diff | |
id: diff | |
run: set -o pipefail && diff -q --recursive base head | tee diff.txt | |
continue-on-error: true | |
- name: Full diff | |
run: diff --recursive base head > diff-full.txt | |
if: ${{ steps.diff.outcome == 'failure' }} | |
continue-on-error: true | |
- name: Upload diff artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: full-diff | |
path: diff-full.txt | |
if-no-files-found: error | |
if: ${{ steps.diff.outcome == 'failure' }} | |
- name: Print docs changes | |
run: | | |
cat <<EOF | |
This PR contains docs changes. | |
Add the "Docs" label to the PR if you expected this. Otherwise, | |
you should review the changes and determine if they are correct. | |
Diff: | |
EOF | |
if: ${{ steps.diff.outcome == 'failure' }} | |
# Job that succeeds or fails depending upon the entire workflow. | |
# Used as a required check. | |
decide_if_pr_okay: | |
name: PR docs changes okay | |
if: always() | |
needs: [check-label, diff] | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "Okay because label added." | |
if: needs.diff.result == 'skipped' | |
- run: echo "Not okay because no label, and diff failed." && exit 1 | |
if: needs.diff.result != 'skipped' && needs.diff.outputs.no_diff == 'false' |