generated from usnistgov/opensource-repo
-
Notifications
You must be signed in to change notification settings - Fork 9
178 lines (176 loc) · 7.96 KB
/
pages.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
name: Pages
on:
push:
branches:
- main
- test-ci
pull_request: {}
workflow_dispatch:
inputs:
ignore_linkcheck:
description: Ignore link checker results when deploying
required: false
default: false
type: boolean
revisions:
description: Override the computed list of tags and branches with a space-separated list of tags and branches, in order from first to last. Refer to Makefile REVISIONS declaration.
required: false
prefix:
description: Provide a prefix for experimental branches that need to be published alongside tags. It is ignored if revisions is overridden. Refer to the PROTOTYPE_BRANCHES_PREFIX declaration.
required: false
type: string
schedule:
- cron: "0 0 * * MON"
- cron: "0 0 * * THU"
permissions:
pull-requests: write
env:
LYCHEE_VERSION: "0.13.0"
HUGO_VERSION: "0.118.2"
JAVA_VERSION: "17"
JAVA_DISTRIBUTION: "temurin"
PREFIX: ${{ format('{0}', github.event.inputs.prefix) || 'prototype' }}
jobs:
deploy:
runs-on: ubuntu-22.04
steps:
#
# Environment setup
#
- uses: actions/checkout@v3
with:
submodules: true
fetch-depth: 0
- uses: actions/setup-java@v3
with:
distribution: "${{ env.JAVA_DISTRIBUTION }}"
java-version: "${{ env.JAVA_VERSION }}"
- name: Setup Hugo
uses: peaceiris/actions-hugo@v2
with:
hugo-version: "${{ env.HUGO_VERSION }}"
extended: true
# lifted from https://github.com/lycheeverse/lychee-action/blob/master/action.yml
- name: Setup Lychee
run: |
# Cleanup artifacts from previous run in case it crashed
rm -rf "lychee-v${{ env.LYCHEE_VERSION }}-x86_64-unknown-linux-gnu.tar.gz" lychee
curl -sLO "https://github.com/lycheeverse/lychee/releases/download/v${{ env.LYCHEE_VERSION }}/lychee-v${{ env.LYCHEE_VERSION }}-x86_64-unknown-linux-gnu.tar.gz"
tar -xvzf "lychee-v${{ env.LYCHEE_VERSION }}-x86_64-unknown-linux-gnu.tar.gz"
rm "lychee-v${{ env.LYCHEE_VERSION }}-x86_64-unknown-linux-gnu.tar.gz"
install -t "$HOME/.local/bin" -D lychee
rm lychee
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
- name: Setup swap space
# The Hugo build can require a significant amount of memory
uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c
with:
swap-size-gb: "10"
#
# Set up cache
#
- name: Get the list of tagged revisions (for cache)
id: get-revisions
run: |
echo revisions_hash=$(make --silent list-tags | sha256sum) >> $GITHUB_OUTPUT
shell: bash
- name: Get the list of prototype branches (for cache)
id: get-prototype-branches
run: |
{
# Wildcards after a stable tag prefix like v* for v1.0.0 will not work, so generate outputs for content and data paths for next step
branches="$(make --silent list-prototype-branches PROTOTYPE_BRANCHES_PREFIX=$PREFIX)"
echo branches="$branches"
[[ -n "${branches-}" ]] && echo content_paths="$(printf "site/content/models/%s " $branches)"
[[ -n "${branches-}" ]] && echo data_paths="$(printf "site/content/data/%s " $branches)"
# Be forewarned, printf -- has a special meaning so we must encode the first - as \055 in -- to avoid errors
# Explanation: https://unix.stackexchange.com/a/658388
[[ -n "${branches-}" ]] && echo linkcheck_exclude_path_arg=$(printf "\055-exclude-path='site/public/models/%s' " $branches)
# Prototype branch content may change so hash branch name and current commit hash for its HEAD as restore key part
echo branches_hash="$(cd "${OSCAL_DIR}"; git ls-remote origin $PREFIX | sha256sum | cut -d ' ' -f 1)"
} >> $GITHUB_OUTPUT
shell: bash
- name: Cache generated content for existing tags
uses: actions/cache@v3
with:
# explicitly do not cache develop as they are likely to change
path: |
site/content/models/v*/
site/data/models/v*/
key: cache-models-${{ hashFiles('site/archetypes/**') }}-${{ hashFiles('support/*.sh') }}-${{ steps.get-revisions.outputs.revisions_hash }}
# A new tagged revision will invalidate the primary cache key
# See https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache
restore-keys: |
cache-models-${{ hashFiles('site/archetypes/**') }}-${{ hashFiles('support/*.sh') }}
- name: Cache generated content for existing prototype-branches
uses: actions/cache@v3
if: steps.get-prototype-branches.outputs.branches != ''
with:
path: |
${{ steps.get-prototype-branches.outputs.content_paths }}
${{ steps.get-prototype-branches.outputs.data_paths }}
key: cache-prototype-branches-${{ hashFiles('site/archetypes/**') }}-${{ hashFiles('support/*.sh') }}-${{ steps.get-prototype-branches.outputs.branches_hash }}
# Cache lychee results (e.g. to avoid hitting rate limits)
- name: Restore lychee cache
uses: actions/cache@v3
with:
path: .lycheecache
key: cache-lychee-${{ github.sha }}
restore-keys: cache-lychee-
#
# Debug
#
- name: Debug
run: |
echo ${{format('REVISIONS=''{0}''', github.event.inputs.revisions)}}
echo ${{format('PROTOTYPE_BRANCHES_PREFIX=''{0}''', github.event.inputs.prefix)}}
echo ${{format('Env github.ref=''{0}''', github.ref)}}
echo ${{format('Env github.event_name=''{0}''', github.event_name)}}
echo ${{format('Env github.event.inputs.ignore_linkcheck=''{0}''', github.event.inputs.ignore_linkcheck)}}
make environment
#
# Build
#
- name: Build
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
# GHA runners have 2 CPUs
run: |
make site \
${{ github.event.inputs.revisions != '' && format('REVISIONS=''{0}''', github.event.inputs.revisions) || '' }} \
${{ github.event.inputs.revisions == '' && github.event.inputs.prefix && format('PROTOTYPE_BRANCHES_PREFIX=''{0}''', github.event.inputs.prefix) || '' }}
#
# Checks (and check plumbing)
#
- name: Link Check
id: linkcheck
run: |
make linkcheck LYCHEE_EXTRA_FLAGS='--github-token ${{ secrets.GITHUB_TOKEN }} \
${{ steps.get-prototype-branches.outputs.linkcheck_exclude_path_arg && format('{0}', steps.get-prototype-branches.outputs.linkcheck_exclude_path_arg) || '' }}'
- name: Upload linkcheck report
uses: actions/upload-artifact@v3
with:
name: linkcheck-report
path: lychee_report.md
retention-days: 5
- name: Comment broken links
uses: marocchino/sticky-pull-request-comment@v2
with:
path: lychee_report.md
skip_unchanged: true
if: github.event_name == 'pull_request'
#
# Deployment
#
- name: Deploy
uses: peaceiris/actions-gh-pages@068dc23d9710f1ba62e86896f84735d869951305
# Deploy if on main branch and EITHER the linkcheck succeeds or ignore_linkcheck has been flipped
# crucially ignore periodic checks
if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && (steps.linkcheck.outcome == 'success' || github.event.inputs.ignore_linkcheck)
with:
personal_token: ${{ secrets.COMMIT_TOKEN }}
enable_jekyll: false
publish_dir: ./site/public
publish_branch: nist-pages
user_name: OSCAL GitHub Actions Bot
user_email: [email protected]
commit_message: Deploying website [ci deploy]