feat: starting to write the nixos hetzner snapshot #1040
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
concurrency: | |
cancel-in-progress: ${{ ! startsWith(github.ref, 'refs/tags/v') }} | |
group: ci-${{ github.ref_name }}-${{ github.event_name }} | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
delete: | |
schedule: | |
- cron: "0 3 * * *" # Everyday, 10 WIB: building the site | |
permissions: | |
contents: write | |
env: | |
NETLIFY_SITE_ID: developer-friendly | |
NETLIFY_DEPLOY_TO_PROD: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
PYTHON_VERSION: 3.x | |
ADSENSE_PROPERTY: ${{ vars.ADSENSE_PROPERTY }} | |
GA_PROPERTY: ${{ vars.GA_PROPERTY }} | |
LOGROCKET_PROPERTY: ${{ vars.LOGROCKET_PROPERTY }} | |
jobs: | |
preview: | |
if: github.event_name == 'pull_request' && github.repository == 'developer-friendly/blog' | |
permissions: | |
pull-requests: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- env: | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
name: Install dependencies | |
run: | | |
pip install -U pip -r requirements.txt | |
sudo apt-get install -y libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev pngquant | |
- env: | |
DRAFT: ${{ github.event_name == 'pull_request' }} | |
GA_REPORTS_DSN: ${{ secrets.GA_REPORTS_DSN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # git-committers plugin | |
name: Build the site | |
run: mkdocs build | |
- name: Upload Pages artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
name: build-pr${{ github.event.pull_request.number }} | |
path: site | |
- id: netlify | |
name: Deploy to Netlify | |
uses: jsmrcaga/[email protected] | |
with: | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
NETLIFY_DEPLOY_TO_PROD: ${{ env.NETLIFY_DEPLOY_TO_PROD }} | |
NETLIFY_SITE_ID: ${{ env.NETLIFY_SITE_ID }} | |
build_command: echo Skipping building the web files | |
build_directory: site | |
install_command: echo Skipping installing the dependencies | |
- name: Comment PR | |
uses: meysam81/comment-pr@main | |
with: | |
title: "# Live preview" | |
content: | | |
The live preview of the changes are available at the following URL: | |
<${{ env.NETLIFY_PREVIEW_URL }}> | |
token: ${{ secrets.GITHUB_TOKEN }} | |
deploy: | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
if: | | |
github.repository == 'developer-friendly/blog' && | |
( | |
( | |
github.event_name == 'push' && | |
github.ref == 'refs/heads/main' | |
) || ( | |
github.event_name == 'schedule' && | |
github.event.schedule == '0 3 * * *' | |
) | |
) | |
permissions: | |
attestations: write | |
contents: read | |
id-token: write | |
pages: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Calculate cache id | |
run: echo "cache_id=$(date --utc '+%j')" >> $GITHUB_ENV | |
- name: Cache mkdocs-material | |
uses: actions/cache@v4 | |
with: | |
key: mkdocs-material-${{ env.cache_id }} | |
path: .cache | |
restore-keys: | | |
mkdocs-material- | |
- env: | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
name: Install dependencies | |
run: | | |
pip install -U pip -r requirements.txt | |
sudo apt-get install -y libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev pngquant | |
- name: Set up google service account | |
run: | | |
cat << 'EOF' > /tmp/credentials.json | |
${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_FILE }} | |
EOF | |
echo GOOGLE_APPLICATION_CREDENTIALS=/tmp/credentials.json >> $GITHUB_ENV | |
- env: | |
GA_REPORTS_DSN: ${{ secrets.GA_REPORTS_DSN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
name: Build the site | |
run: mkdocs build | |
- name: Upload Pages artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
name: build-${{ github.ref_name }}-${{ github.run_id }} | |
path: site | |
- id: deployment | |
name: Deploy to GitHub Pages | |
uses: actions/deploy-pages@v4 | |
with: | |
artifact_name: build-${{ github.ref_name }}-${{ github.run_id }} | |
- if: ${{ github.repository == 'developer-friendly/blog' }} | |
id: netlify | |
name: Deploy to Netlify | |
uses: jsmrcaga/[email protected] | |
with: | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
NETLIFY_DEPLOY_TO_PROD: ${{ env.NETLIFY_DEPLOY_TO_PROD }} | |
NETLIFY_SITE_ID: ${{ env.NETLIFY_SITE_ID }} | |
build_command: echo Skipping building the web files | |
build_directory: site | |
install_command: echo Skipping installing the dependencies | |
lychee: | |
if: | | |
github.repository == 'developer-friendly/blog' && | |
contains(fromJson('["schedule", "pull_request", "push"]'), github.event_name) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Calculate cache id | |
run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV | |
- name: Cache lychee | |
uses: actions/cache@v4 | |
with: | |
key: lychee-${{ env.cache_id }} | |
path: .lycheecache | |
restore-keys: | | |
lychee- | |
- id: lychee | |
name: Link Checker | |
uses: lycheeverse/lychee-action@v2 | |
with: | |
fail: ${{ github.ref == 'refs/heads/main' }} | |
trivy: | |
if: | | |
github.repository == 'developer-friendly/blog' && | |
contains(fromJson('["schedule", "pull_request", "push"]'), github.event_name) | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
scan-type: | |
- fs | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Trivy ${{ matrix.scan-type }} | |
uses: aquasecurity/trivy-action@master | |
with: | |
exit-code: "1" | |
scan-ref: . | |
scan-type: ${{ matrix.scan-type }} | |
trivy-config: trivy.yaml | |
token-setup-trivy: ${{ secrets.GH_TOKEN }} | |
sponsors: | |
runs-on: ubuntu-latest | |
if: | | |
github.repository == 'developer-friendly/blog' && | |
github.ref == 'refs/heads/main' && | |
contains(fromJson('["schedule", "pull_request", "push"]'), github.event_name) | |
permissions: | |
contents: write | |
pull-requests: write | |
env: | |
FALLBACK_MESSAGE: | | |
No sponsors yet. Become the first sponsor! 💝 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Generate Sponsors - readme | |
uses: JamesIves/github-sponsors-readme-action@v1 | |
with: | |
token: ${{ secrets.PAT_SPONSORS }} | |
file: README.md | |
fallback: ${{ env.FALLBACK_MESSAGE }} | |
# - name: Generate Sponsors - sponsors | |
# uses: JamesIves/github-sponsors-readme-action@v1 | |
# with: | |
# token: ${{ secrets.PAT_SPONSORS }} | |
# file: docs/sponsors.md | |
# fallback: ${{ env.FALLBACK_MESSAGE }} | |
- name: Verify changed | |
id: changed | |
run: | | |
changed=$(git status --porcelain) | |
if [ -n "$changed" ]; then | |
echo "changed=true" >> $GITHUB_OUTPUT | |
fi | |
- name: Configure git | |
if: steps.changed.outputs.changed == 'true' | |
run: | | |
git config --global user.email "${{ github.actor }}@users.noreply.github.com" | |
git config --global user.name "${{ github.actor }}" | |
- name: Commit changes | |
if: steps.changed.outputs.changed == 'true' | |
run: | | |
git add . | |
git checkout -b ${{ github.actor }}/chore/update-sponsors/${{ github.run_id }} | |
git commit -m "chore: update sponsors" | |
git push origin $(git branch --show-current) | |
- name: Create PR | |
if: steps.changed.outputs.changed == 'true' | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh pr create --fill -H $(git branch --show-current) | |
ga-reports: | |
runs-on: ubuntu-latest | |
if: | | |
( | |
github.event_name == 'schedule' && | |
github.repository == 'developer-friendly/blog' | |
) | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Install requirements | |
run: pip install -U pip -r ./internal/ga/requirements.txt | |
- name: Set the GA report starting date to last month | |
run: | | |
GA4_START_DATE=$(date -d "$(date +%Y-%m-01) -1 month" +%Y-%m-01) | |
echo GA4_START_DATE=$GA4_START_DATE >> $GITHUB_ENV | |
- name: Set up google service account | |
run: | | |
cat << 'EOF' > /tmp/credentials.json | |
${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_FILE }} | |
EOF | |
echo GOOGLE_APPLICATION_CREDENTIALS=/tmp/credentials.json >> $GITHUB_ENV | |
- env: | |
GA_REPORTS_DSN: ${{ secrets.GA_REPORTS_DSN }} | |
GA4_PROPERTY: ${{ vars.GA4_PROPERTY }} | |
LOG_LEVEL: DEBUG | |
name: Fetch GA reports into PostgreSQL | |
run: ./internal/ga/main.py update | |
stale: | |
if: | | |
( | |
github.event_name == 'schedule' && | |
github.repository == 'developer-friendly/blog' | |
) | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write # only for delete-branch option | |
issues: write | |
pull-requests: write | |
steps: | |
- uses: actions/stale@v9 | |
mirror: | |
if: | | |
github.repository == 'developer-friendly/blog' && | |
contains(fromJson('["delete", "push"]'), github.event_name) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Mirror GitLab | |
uses: pixta-dev/repository-mirroring-action@v1 | |
with: | |
target_repo_url: [email protected]:developer-friendly/blog.git | |
ssh_private_key: ${{ secrets.GITLAB_DEPLOY_KEY }} | |
- if: always() | |
name: Mirror Insiders | |
uses: pixta-dev/repository-mirroring-action@v1 | |
with: | |
target_repo_url: [email protected]:developer-friendly/blog-insiders.git | |
ssh_private_key: ${{ secrets.INSIDERS_DEPLOY_KEY }} |