-
Notifications
You must be signed in to change notification settings - Fork 81
71 lines (63 loc) · 2.1 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
name: TUF-on-CI publish
permissions: {}
on:
workflow_dispatch:
inputs:
ref:
type: string
required: false
jobs:
build:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- id: build-and-upload-repository
uses: theupdateframework/tuf-on-ci/actions/upload-repository@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0
with:
gh_pages: true
ref: ${{ inputs.ref }}
metadata_path: './'
deploy-to-pages:
permissions:
pages: write
id-token: write # for authenticating to GH Pages
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs: build
steps:
- name: Deploy TUF-on-CI repository to GitHub Pages
id: deployment
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
test-deployed-pages:
needs: deploy-to-pages
permissions:
issues: 'write' # for modifying Issues
id-token: 'write' # for signing with the GitHub Actions workflow identity
uses: ./.github/workflows/test.yml
deploy-to-gcs:
needs: [test-deployed-pages]
permissions:
id-token: 'write' # for authenticating with OIDC
uses: ./.github/workflows/deploy-to-gcs.yml
test-deployed-gcs:
needs: [deploy-to-gcs]
if: always() && !failure() && !cancelled()
permissions:
issues: 'write' # for modifying Issues
id-token: 'write' # for signing with the GitHub Actions workflow identity
uses: ./.github/workflows/test-gcs.yml
update-issue:
runs-on: ubuntu-latest
needs: [build, deploy-to-pages, test-deployed-pages, deploy-to-gcs, test-deployed-gcs]
if: always() && !cancelled()
permissions:
issues: 'write' # for modifying Issues
steps:
- name: Update the issue for the workflow
uses: theupdateframework/tuf-on-ci/actions/update-issue@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0
with:
token: ${{ secrets.TUF_ON_CI_TOKEN || secrets.GITHUB_TOKEN }}
success: ${{ !contains(needs.*.result, 'failure') }}