variables: - &golang_image 'golang:1.18' - &node_image 'node:18-alpine' - &when_path - "docs/**" - ".woodpecker/docs.yml" # since we generate docs for cli tool we have to watch this too - "cli/**" - "cmd/cli/**" pipeline: build-cli: image: *golang_image commands: - make docs when: path: *when_path build: image: *node_image directory: docs/ commands: - corepack enable - pnpm install --frozen-lockfile - pnpm build when: path: *when_path securitycheck: image: aquasec/trivy:latest commands: - trivy fs --exit-code 0 --skip-dirs node_modules/ --skip-dirs plugins/woodpecker-plugins/node_modules --severity UNKNOWN,LOW docs/ # TODO currently it is not fixable so just do not block currently - trivy fs --exit-code 0 --skip-dirs node_modules/ --skip-dirs plugins/woodpecker-plugins/node_modules --severity MEDIUM,HIGH,CRITICAL docs/ when: path: *when_path deploy-preview: image: woodpeckerci/plugin-surge-preview:next settings: path: "docs/build/" surge_token: from_secret: SURGE_TOKEN forge_type: github forge_url: "https://github.com" forge_repo_token: from_secret: GITHUB_TOKEN_SURGE when: event: pull_request path: *when_path # TODO: add step to remove preview again after PR is closed (waiting for #286) deploy: image: alpine:3.14.2 secrets: - BOT_PRIVATE_KEY commands: - apk add openssh-client git rsync - mkdir -p $HOME/.ssh - ssh-keyscan -t rsa github.com >> $HOME/.ssh/known_hosts - echo "$BOT_PRIVATE_KEY" > $HOME/.ssh/id_rsa - chmod 0600 $HOME/.ssh/id_rsa - git config --global user.email "woodpecker-bot@obermui.de" - git config --global user.name "woodpecker-bot" - git clone -b ${CI_REPO_DEFAULT_BRANCH} --single-branch git@github.com:woodpecker-ci/woodpecker-ci.github.io.git /repo # copy all docs files and delete all old ones, but leave CNAME and index.yaml untouched - rsync -r --exclude .git --exclude CNAME --exclude index.yaml --exclude README.md --delete docs/build/ /repo - cd /repo - git add . # exit successfully if nothing changed - test -n "$(git status --porcelain)" || exit 0 - git commit -m "Deploy website - based on ${CI_COMMIT_SHA}" - git push when: event: push branch: ${CI_REPO_DEFAULT_BRANCH} path: *when_path