Update workflows to use actions that don't need organization secrets (#…

…1571)

.github/workflows/publish-documentation-next.yml

@@ -1,58 +1,21 @@
-name: "publish-technical-documentation-next"
+name: publish-technical-documentation-next
 
 on:
   push:
     branches:
       - main
     paths:
-      - 'docs/sources/**'
+      - "docs/sources/**"
   workflow_dispatch:
-
 jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: "Check out code"
-        uses: actions/checkout@v4
-      - name: "Build technical documentation"
-        run: >
-          docker run
-          --volume "${PWD}/docs/sources:/hugo/content/docs/alloy/latest"
-          --env HUGO_REFLINKSERRORLEVEL=ERROR
-          --rm grafana/docs-base:latest
-          /bin/bash -c 'echo -e "---\\nredirectURL: /docs/alloy/latest/\\ntype: redirect\\nversioned: true\\n---\\n" > /hugo/content/docs/alloy/_index.md && make hugo'
-
   sync:
+    if: github.repository == 'grafana/alloy'
+    permissions:
+      contents: read
+      id-token: write
     runs-on: ubuntu-latest
-    needs: test
     steps:
-
-    - name: "Checkout Alloy repo"
-      uses: actions/checkout@v4
-
-    - name: "Clone website-sync Action"
-      # WEBSITE_SYNC_TOKEN is a fine-grained GitHub Personal Access Token that expires.
-      # It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
-      # GitHub administrator to update the organization secret.
-      # The IT helpdesk can update the organization secret.
-      run: "git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.WEBSITE_SYNC_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync"
-
-    - name: "Publish to website repository (next)"
-      uses: ./.github/actions/website-sync
-      id: "publish_next"
-      with:
-        repository: grafana/website
-        branch: master
-        host: github.com
-        # PUBLISH_TO_WEBSITE_TOKEN is a fine-grained GitHub Personal Access Token that expires.
-        # It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
-        # GitHub administrator to update the organization secret.
-        # The IT helpdesk can update the organization secret.
-        github_pat: "grafanabot:${{ secrets.PUBLISH_TO_WEBSITE_TOKEN }}"
-        source_folder: docs/sources
-        target_folder: 'content/docs/alloy/next'
-        allow_no_changes: true
-    - shell: bash
-      run: |
-        test -n "${{ steps.publish_next.outputs.commit_hash }}"
-        test -n "${{ steps.publish_next.outputs.working_directory }}"
+      - uses: actions/checkout@v4
+      - uses: grafana/writers-toolkit/publish-technical-documentation@publish-technical-documentation/v1
+        with:
+          website_directory: content/docs/alloy/next

.github/workflows/publish-technical-documentation-release.yml

@@ -0,0 +1,29 @@
+name: publish-technical-documentation-release
+
+on:
+  push:
+    branches:
+      - 'release/*'
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+    paths:
+      - 'docs/sources/**'
+  workflow_dispatch:
+jobs:
+  sync:
+    if: github.repository == 'grafana/alloy'
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: grafana/writers-toolkit/publish-technical-documentation-release@publish-technical-documentation-release/v1
+        with:
+          release_tag_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
+          release_branch_regexp: "^release/v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
+          release_branch_with_patch_regexp: "^release/v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
+          website_directory: content/docs/alloy
+          version_suffix: ""