Skip to content

Security scan pipeline update (#4177) #473

Security scan pipeline update (#4177)

Security scan pipeline update (#4177) #473

Workflow file for this run

name: Build Docs for the latest
on:
workflow_dispatch: # run on request (no need for PR)
push:
branches:
- develop
# Declare default permissions as read only.
permissions: read-all
jobs:
Build-Docs:
runs-on: ubuntu-20.04
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.10"
- name: Install tox
run: |
python -m pip install --require-hashes --no-deps -r .ci/requirements.txt
pip-compile --generate-hashes --output-file=/tmp/requirements.txt --extra=ci_tox pyproject.toml
python -m pip install --require-hashes --no-deps -r /tmp/requirements.txt
rm /tmp/requirements.txt
- name: Build-Docs
run: tox -e build-doc
- name: Create gh-pages branch
run: |
if [[ ${{github.event_name}} == 'workflow_dispatch' ]]; then
echo RELEASE_VERSION="test_build" >> $GITHUB_ENV
else
echo RELEASE_VERSION=${GITHUB_REF#refs/*/} >> $GITHUB_ENV
fi
echo SOURCE_NAME=${GITHUB_REF#refs/*/} >> $GITHUB_OUTPUT
echo SOURCE_BRANCH=${GITHUB_REF#refs/heads/} >> $GITHUB_OUTPUT
echo SOURCE_TAG=${GITHUB_REF#refs/tags/} >> $GITHUB_OUTPUT
existed_in_remote=$(git ls-remote --heads origin gh-pages)
if [[ -z ${existed_in_remote} ]]; then
echo "Creating gh-pages branch"
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git checkout --orphan gh-pages
git reset --hard
touch .nojekyll
git add .nojekyll
git commit -m "Initializing gh-pages branch"
git push origin gh-pages
git checkout ${{steps.branch_name.outputs.SOURCE_NAME}}
echo "Created gh-pages branch"
else
echo "Branch gh-pages already exists"
fi
- name: Commit docs to gh-pages branch
run: |
git fetch
git checkout gh-pages
mkdir -p /tmp/docs_build
cp -r docs/build/html/* /tmp/docs_build/
rm -rf ${{ env.RELEASE_VERSION }}/*
echo '<html><head><meta http-equiv="refresh" content="0; url=stable/" /></head></html>' > index.html
mkdir -p ${{ env.RELEASE_VERSION }}
cp -r /tmp/docs_build/* ./${{ env.RELEASE_VERSION }}
rm -rf /tmp/docs_build
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
if [[ ${{ env.RELEASE_VERSION }} != 'test_build' ]]; then
ln -sfn ${{ env.RELEASE_VERSION }} latest
fi
git add ./latest ${{ env.RELEASE_VERSION }}
git commit -m "Update documentation" -a || true
- name: Push changes
uses: ad-m/github-push-action@fcea09907c44d7a7a3331c9c04080d55d87c95fe # master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: gh-pages