Skip to content

Use assume-role with OIDC authenticate docs push to S3 #3513

Use assume-role with OIDC authenticate docs push to S3

Use assume-role with OIDC authenticate docs push to S3 #3513

Workflow file for this run

# Check for changes in docs output.
name: Docs Diff
on:
pull_request:
types: [opened, synchronize, reopened, labeled, unlabeled]
jobs:
check-label:
name: Check for "Docs" label
runs-on: ubuntu-latest
outputs:
hadLabel: ${{ steps.label.outcome == 'skipped' }}
steps:
- id: label
name: Check for "Docs" label
run: exit 1 # Fail the job!
if: "!contains(github.event.pull_request.labels.*.name, 'Docs')"
continue-on-error: true
build-head:
name: Build docs on HEAD.
runs-on: ubuntu-latest
needs: check-label
if: ${{ needs.check-label.outputs.hadLabel == 'false' }}
steps:
- uses: actions/cache@v2
id: cache
with:
path: |
docs/public
key: docs-${{ github.sha }}
- uses: actions/checkout@v2
if: steps.cache.outputs.cache-hit != 'true'
- uses: actions/cache@v2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-check-${{ hashFiles('**/Cargo.lock') }}
if: steps.cache.outputs.cache-hit != 'true'
### Setup dependencies
- uses: actions/setup-python@v2
name: Install Python
with:
python-version: "3.7"
if: steps.cache.outputs.cache-hit != 'true'
- name: Install Ruby + gems
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
ruby-version: 2.4
working-directory: "languages/ruby"
if: steps.cache.outputs.cache-hit != 'true'
- name: Install yard
run: gem install yard
if: steps.cache.outputs.cache-hit != 'true'
- name: Install Rust stable toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
if: steps.cache.outputs.cache-hit != 'true'
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: "18"
if: steps.cache.outputs.cache-hit != 'true'
### Build Rust WASM target
- name: Add WebAssembly target
run: rustup target add wasm32-unknown-unknown
if: steps.cache.outputs.cache-hit != 'true'
- name: Install wasm-pack
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
if: steps.cache.outputs.cache-hit != 'true'
- name: Build Rust WASM
run: make wasm-build
if: steps.cache.outputs.cache-hit != 'true'
### Build Python package
- name: Build Python
run: make python-build
if: steps.cache.outputs.cache-hit != 'true'
### Build docs
- name: Setup Hugo
uses: peaceiris/actions-hugo@v2
with:
hugo-version: '0.79.1'
if: steps.cache.outputs.cache-hit != 'true'
- name: Build Hugo docs
env:
HUGO_SEGMENT_API_KEY: ""
run: make build
if: steps.cache.outputs.cache-hit != 'true'
working-directory: docs
- run: tar --create --verbose --gzip --file new-docs.tar.gz docs/public
- name: Upload new build of docs.
uses: actions/upload-artifact@v2
with:
name: new-docs.tar.gz
path: new-docs.tar.gz
if-no-files-found: error
build-base:
name: Build docs on base.
runs-on: ubuntu-latest
needs: check-label
if: ${{ needs.check-label.outputs.hadLabel == 'false' }}
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.base_ref }}
- name: Get sha of base_ref
id: sha
run: 'echo "::set-output name=gitsha::$(git rev-parse HEAD)"'
- uses: actions/cache@v2
id: cache
with:
path: |
docs/public
key: docs-${{ steps.sha.outputs.gitsha }}
- uses: actions/cache@v2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-check-${{ hashFiles('**/Cargo.lock') }}
if: steps.cache.outputs.cache-hit != 'true'
### Setup dependencies
- uses: actions/setup-python@v2
name: Install Python
with:
python-version: "3.7"
if: steps.cache.outputs.cache-hit != 'true'
- name: Install Ruby + gems
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
ruby-version: 2.4
working-directory: "languages/ruby"
if: steps.cache.outputs.cache-hit != 'true'
- name: Install yard
run: gem install yard
if: steps.cache.outputs.cache-hit != 'true'
- name: Install Rust stable toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
if: steps.cache.outputs.cache-hit != 'true'
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: "18"
if: steps.cache.outputs.cache-hit != 'true'
### Build Rust WASM target
- name: Add WebAssembly target
run: rustup target add wasm32-unknown-unknown
if: steps.cache.outputs.cache-hit != 'true'
- name: Install wasm-pack
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
if: steps.cache.outputs.cache-hit != 'true'
- name: Build Rust WASM
run: make wasm-build
if: steps.cache.outputs.cache-hit != 'true'
### Build Python package
- name: Build Python
run: make python-build
if: steps.cache.outputs.cache-hit != 'true'
### Build docs
- name: Setup Hugo
uses: peaceiris/actions-hugo@v2
with:
hugo-version: '0.79.1'
if: steps.cache.outputs.cache-hit != 'true'
- name: Build Hugo docs
env:
HUGO_SEGMENT_API_KEY: ""
run: make build
working-directory: docs
if: steps.cache.outputs.cache-hit != 'true'
- run: tar --create --verbose --gzip --file old-docs.tar.gz docs/public
- name: Upload old build of docs.
uses: actions/upload-artifact@v2
with:
name: old-docs.tar.gz
path: old-docs.tar.gz
if-no-files-found: error
diff:
name: Diff
needs: [check-label, build-base, build-head]
outputs:
no_diff: ${{ steps.diff.outcome != 'failure' }}
if: ${{ needs.check-label.outputs.hadLabel == 'false' }}
runs-on: ubuntu-latest
steps:
- name: Pull old build of docs.
uses: actions/download-artifact@v2
with:
name: old-docs.tar.gz
- run: mkdir -p base && tar --extract --verbose --gzip --file old-docs.tar.gz --directory base
- name: Pull new build of docs.
uses: actions/download-artifact@v2
with:
name: new-docs.tar.gz
- run: mkdir -p head && tar --extract --verbose --gzip --file new-docs.tar.gz --directory head
- name: Remove ignored files (generated api docs)
run: rm -rf base/docs/public/java/reference/api base/docs/public/ruby/reference/api base/docs/public/node/reference/api
- name: Remove ignored files (generated api docs)
run: rm -rf head/docs/public/java/reference/api head/docs/public/ruby/reference/api head/docs/public/node/reference/api
- name: Diff
id: diff
run: set -o pipefail && diff -q --recursive base head | tee diff.txt
continue-on-error: true
- name: Full diff
run: diff --recursive base head > diff-full.txt
if: ${{ steps.diff.outcome == 'failure' }}
continue-on-error: true
- name: Upload diff artifact
uses: actions/upload-artifact@v2
with:
name: full-diff
path: diff-full.txt
if-no-files-found: error
if: ${{ steps.diff.outcome == 'failure' }}
- name: Print docs changes
run: |
cat <<EOF
This PR contains docs changes.
Add the "Docs" label to the PR if you expected this. Otherwise,
you should review the changes and determine if they are correct.
Diff:
EOF
if: ${{ steps.diff.outcome == 'failure' }}
# Job that succeeds or fails depending upon the entire workflow.
# Used as a required check.
decide_if_pr_okay:
name: PR docs changes okay
if: always()
needs: [check-label, diff]
runs-on: ubuntu-latest
steps:
- run: echo "Okay because label added."
if: needs.diff.result == 'skipped'
- run: echo "Not okay because no label, and diff failed." && exit 1
if: needs.diff.result != 'skipped' && needs.diff.outputs.no_diff == 'false'