Skip to content

ci

ci #1043

Workflow file for this run

name: ci
concurrency:
cancel-in-progress: ${{ ! startsWith(github.ref, 'refs/tags/v') }}
group: ci-${{ github.ref_name }}-${{ github.event_name }}
on:
pull_request:
branches:
- main
push:
branches:
- main
delete:
schedule:
- cron: "0 3 * * *" # Everyday, 10 WIB: building the site
permissions:
contents: write
env:
NETLIFY_SITE_ID: developer-friendly
NETLIFY_DEPLOY_TO_PROD: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
PYTHON_VERSION: 3.x
ADSENSE_PROPERTY: ${{ vars.ADSENSE_PROPERTY }}
GA_PROPERTY: ${{ vars.GA_PROPERTY }}
LOGROCKET_PROPERTY: ${{ vars.LOGROCKET_PROPERTY }}
jobs:
preview:
if: github.event_name == 'pull_request' && github.repository == 'developer-friendly/blog'
permissions:
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
name: Install dependencies
run: |
pip install -U pip -r requirements.txt
sudo apt-get install -y libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev pngquant
- env:
DRAFT: ${{ github.event_name == 'pull_request' }}
GA_REPORTS_DSN: ${{ secrets.GA_REPORTS_DSN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # git-committers plugin
name: Build the site
run: mkdocs build
- name: Upload Pages artifact
uses: actions/upload-pages-artifact@v3
with:
name: build-pr${{ github.event.pull_request.number }}
path: site
- id: netlify
name: Deploy to Netlify
uses: jsmrcaga/[email protected]
with:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_DEPLOY_TO_PROD: ${{ env.NETLIFY_DEPLOY_TO_PROD }}
NETLIFY_SITE_ID: ${{ env.NETLIFY_SITE_ID }}
build_command: echo Skipping building the web files
build_directory: site
install_command: echo Skipping installing the dependencies
- name: Comment PR
uses: meysam81/comment-pr@main
with:
title: "# Live preview"
content: |
The live preview of the changes are available at the following URL:
<${{ env.NETLIFY_PREVIEW_URL }}>
token: ${{ secrets.GITHUB_TOKEN }}
deploy:
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
if: |
github.repository == 'developer-friendly/blog' &&
(
(
github.event_name == 'push' &&
github.ref == 'refs/heads/main'
) || (
github.event_name == 'schedule' &&
github.event.schedule == '0 3 * * *'
)
)
permissions:
attestations: write
contents: read
id-token: write
pages: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Calculate cache id
run: echo "cache_id=$(date --utc '+%j')" >> $GITHUB_ENV
- name: Cache mkdocs-material
uses: actions/cache@v4
with:
key: mkdocs-material-${{ env.cache_id }}
path: .cache
restore-keys: |
mkdocs-material-
- env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
name: Install dependencies
run: |
pip install -U pip -r requirements.txt
sudo apt-get install -y libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev pngquant
- name: Set up google service account
run: |
cat << 'EOF' > /tmp/credentials.json
${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_FILE }}
EOF
echo GOOGLE_APPLICATION_CREDENTIALS=/tmp/credentials.json >> $GITHUB_ENV
- env:
GA_REPORTS_DSN: ${{ secrets.GA_REPORTS_DSN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
name: Build the site
run: mkdocs build
- name: Upload Pages artifact
uses: actions/upload-pages-artifact@v3
with:
name: build-${{ github.ref_name }}-${{ github.run_id }}
path: site
- id: deployment
name: Deploy to GitHub Pages
uses: actions/deploy-pages@v4
with:
artifact_name: build-${{ github.ref_name }}-${{ github.run_id }}
- if: ${{ github.repository == 'developer-friendly/blog' }}
id: netlify
name: Deploy to Netlify
uses: jsmrcaga/[email protected]
with:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_DEPLOY_TO_PROD: ${{ env.NETLIFY_DEPLOY_TO_PROD }}
NETLIFY_SITE_ID: ${{ env.NETLIFY_SITE_ID }}
build_command: echo Skipping building the web files
build_directory: site
install_command: echo Skipping installing the dependencies
lychee:
if: |
github.repository == 'developer-friendly/blog' &&
contains(fromJson('["schedule", "pull_request", "push"]'), github.event_name)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Calculate cache id
run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
- name: Cache lychee
uses: actions/cache@v4
with:
key: lychee-${{ env.cache_id }}
path: .lycheecache
restore-keys: |
lychee-
- id: lychee
name: Link Checker
uses: lycheeverse/lychee-action@v2
with:
fail: ${{ github.ref == 'refs/heads/main' }}
trivy:
if: |
github.repository == 'developer-friendly/blog' &&
contains(fromJson('["schedule", "pull_request", "push"]'), github.event_name)
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
scan-type:
- fs
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Trivy ${{ matrix.scan-type }}
uses: aquasecurity/trivy-action@master
with:
exit-code: "1"
scan-ref: .
scan-type: ${{ matrix.scan-type }}
trivy-config: trivy.yaml
token-setup-trivy: ${{ secrets.GH_TOKEN }}
sponsors:
runs-on: ubuntu-latest
if: |
github.repository == 'developer-friendly/blog' &&
github.ref == 'refs/heads/main' &&
contains(fromJson('["schedule", "pull_request", "push"]'), github.event_name)
permissions:
contents: write
pull-requests: write
env:
FALLBACK_MESSAGE: |
No sponsors yet. Become the first sponsor! 💝
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Generate Sponsors - readme
uses: JamesIves/github-sponsors-readme-action@v1
with:
token: ${{ secrets.PAT_SPONSORS }}
file: README.md
fallback: ${{ env.FALLBACK_MESSAGE }}
# - name: Generate Sponsors - sponsors
# uses: JamesIves/github-sponsors-readme-action@v1
# with:
# token: ${{ secrets.PAT_SPONSORS }}
# file: docs/sponsors.md
# fallback: ${{ env.FALLBACK_MESSAGE }}
- name: Verify changed
id: changed
run: |
changed=$(git status --porcelain)
if [ -n "$changed" ]; then
echo "changed=true" >> $GITHUB_OUTPUT
fi
- name: Configure git
if: steps.changed.outputs.changed == 'true'
run: |
git config --global user.email "${{ github.actor }}@users.noreply.github.com"
git config --global user.name "${{ github.actor }}"
- name: Commit changes
if: steps.changed.outputs.changed == 'true'
run: |
git add .
git checkout -b ${{ github.actor }}/chore/update-sponsors/${{ github.run_id }}
git commit -m "chore: update sponsors"
git push origin $(git branch --show-current)
- name: Create PR
if: steps.changed.outputs.changed == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh pr create --fill -H $(git branch --show-current)
ga-reports:
runs-on: ubuntu-latest
if: |
(
github.event_name == 'schedule' &&
github.repository == 'developer-friendly/blog'
)
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install requirements
run: pip install -U pip -r ./internal/ga/requirements.txt
- name: Set the GA report starting date to last month
run: |
GA4_START_DATE=$(date -d "$(date +%Y-%m-01) -1 month" +%Y-%m-01)
echo GA4_START_DATE=$GA4_START_DATE >> $GITHUB_ENV
- name: Set up google service account
run: |
cat << 'EOF' > /tmp/credentials.json
${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_FILE }}
EOF
echo GOOGLE_APPLICATION_CREDENTIALS=/tmp/credentials.json >> $GITHUB_ENV
- env:
GA_REPORTS_DSN: ${{ secrets.GA_REPORTS_DSN }}
GA4_PROPERTY: ${{ vars.GA4_PROPERTY }}
LOG_LEVEL: DEBUG
name: Fetch GA reports into PostgreSQL
run: ./internal/ga/main.py update
stale:
if: |
(
github.event_name == 'schedule' &&
github.repository == 'developer-friendly/blog'
)
runs-on: ubuntu-latest
permissions:
contents: write # only for delete-branch option
issues: write
pull-requests: write
steps:
- uses: actions/stale@v9
mirror:
if: |
github.repository == 'developer-friendly/blog' &&
contains(fromJson('["delete", "push"]'), github.event_name)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Mirror GitLab
uses: pixta-dev/repository-mirroring-action@v1
with:
target_repo_url: [email protected]:developer-friendly/blog.git
ssh_private_key: ${{ secrets.GITLAB_DEPLOY_KEY }}
- if: always()
name: Mirror Insiders
uses: pixta-dev/repository-mirroring-action@v1
with:
target_repo_url: [email protected]:developer-friendly/blog-insiders.git
ssh_private_key: ${{ secrets.INSIDERS_DEPLOY_KEY }}