Skip to content

Commit

Permalink
Update workflows to use actions that don't need organization secrets
Browse files Browse the repository at this point in the history
Each repository can only have 100 organization secrets and there are now more than 100 in our organization which causes inconsitent behavior.

Some repositories don't have the secrets they need assigned.

These composite actions use secrets stored in Vault that are available to all repositories.

- `publish-technical-documentation-next.yml` has been tested with https://github.com/grafana/writers-toolkit/blob/main/.github/workflows/publish-technical-documentation.yml.
- `publish-technical-documentation-release.yml` has been tested with https://github.com/grafana/backend-enterprise/blob/gem-release-2.13/.github/workflows/publish-technical-documentation-release.yml.

There is some copy-paste involved in the creation of these workflows. Please check:

For `publish-technical-documentation-next.yml`:

- [ ] The `on.push` `branches` and `paths` filters are correct for your repository.
- [ ] The `jobs.sync.if` repository matches your repository.
- [ ] The `jobs.sync.steps[1].with.website_directory` matches the directory you publish to in the website repository.

For `publish-technical-documentation-release.yml`:

- [ ] The `on.push` `branches`, `tags`, and `paths` filters are correct for your repository.
- [ ] The `jobs.sync.if` repository matches your repository.
- [ ] The `jobs.sync.steps[1].with.release_tag_regexp` regular expression matches your tags and captures major, minor, and patch versions from those tags.
- [ ] The `jobs.sync.steps[1].with.release_branch_regexp` regular expression matches your release branch names and captures major and minor versions from those branch names.
- [ ] The `jobs.sync.steps[1].with.release_branch_with_patch_regexp` regular expression matches your release branch names if they were to include a patch version, and that it would capture major, minor, and patch versions from those branch names.
- [ ] The `jobs.sync.steps[1].with.website_directory` matches the directory you publish to in the website repository.

Signed-off-by: Jack Baldry <[email protected]>
  • Loading branch information
jdbaldry committed Aug 28, 2024
1 parent eabae1a commit 70eb2ee
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 136 deletions.
57 changes: 10 additions & 47 deletions .github/workflows/publish-documentation-next.yml
Original file line number Diff line number Diff line change
@@ -1,58 +1,21 @@
name: "publish-technical-documentation-next"
name: publish-technical-documentation-next

on:
push:
branches:
- main
paths:
- 'docs/sources/**'
- "docs/sources/**"
workflow_dispatch:

jobs:
test:
runs-on: ubuntu-latest
steps:
- name: "Check out code"
uses: actions/checkout@v4
- name: "Build technical documentation"
run: >
docker run
--volume "${PWD}/docs/sources:/hugo/content/docs/agent/latest"
--env HUGO_REFLINKSERRORLEVEL=ERROR
--rm grafana/docs-base:latest
/bin/bash -c 'echo -e "---\\nredirectURL: /docs/agent/latest/\\ntype: redirect\\nversioned: true\\n---\\n" > /hugo/content/docs/agent/_index.md && make hugo'
sync:
if: github.repository == 'grafana/agent'
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
needs: test
steps:

- name: "Checkout Agent repo"
uses: actions/checkout@v4

- name: "Clone website-sync Action"
# WEBSITE_SYNC_TOKEN is a fine-grained GitHub Personal Access Token that expires.
# It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
# GitHub administrator to update the organization secret.
# The IT helpdesk can update the organization secret.
run: "git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.WEBSITE_SYNC_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync"

- name: "Publish to website repository (next)"
uses: ./.github/actions/website-sync
id: "publish_next"
with:
repository: grafana/website
branch: master
host: github.com
# PUBLISH_TO_WEBSITE_TOKEN is a fine-grained GitHub Personal Access Token that expires.
# It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
# GitHub administrator to update the organization secret.
# The IT helpdesk can update the organization secret.
github_pat: "grafanabot:${{ secrets.PUBLISH_TO_WEBSITE_TOKEN }}"
source_folder: docs/sources
target_folder: 'content/docs/agent/next'
allow_no_changes: true
- shell: bash
run: |
test -n "${{ steps.publish_next.outputs.commit_hash }}"
test -n "${{ steps.publish_next.outputs.working_directory }}"
- uses: actions/checkout@v4
- uses: grafana/writers-toolkit/publish-technical-documentation@publish-technical-documentation/v1
with:
website_directory: content/docs/agent
89 changes: 0 additions & 89 deletions .github/workflows/publish-documentation-versioned.yml

This file was deleted.

29 changes: 29 additions & 0 deletions .github/workflows/publish-technical-documentation-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: publish-technical-documentation-release

on:
push:
branches:
- "release-*"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
paths:
- "docs/sources/**"
workflow_dispatch:
jobs:
sync:
if: github.repository == 'grafana/agent'
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: grafana/writers-toolkit/publish-technical-documentation-release@publish-technical-documentation-release/v1
with:
release_tag_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
release_branch_regexp: "^release-v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
release_branch_with_patch_regexp: "^release-v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
website_directory: content/docs/agent
version_suffix: ""

0 comments on commit 70eb2ee

Please sign in to comment.