mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 04:27:02 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

Still trying to fix the docs. (#1709)

Browse source 
* docs build/deploy fixes
* let us see if this makes the automerge less bad
This commit is contained in:
James Hodgkinson 2023-06-28 10:34:17 +10:00 committed by GitHub
parent 28c8e9df69
commit 69dfea3601
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 107 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
.github/workflows/dependabot_auto_merge.yml vendored
View file

@ -21,20 +21,13 @@ jobs:
alert-lookup: true
compat-lookup: true
- uses: actions/checkout@v3
- name: Approve a PR if not already approved
run: |
# sets the upstream metadata for `gh pr status`
gh pr checkout "$PR_URL"
if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
then gh pr review --approve "$PR_URL"
else echo "PR already approved, skipping additional approvals to minimize emails/notification noise.";
fi
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Enable auto-merge for Dependabot PRs
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Approve a PR if not already approved
run: scripts/dependabot_automerge_check.sh "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

101
.github/workflows/kanidm_book.yml vendored
View file

@ -19,41 +19,46 @@ permissions:
statuses: read
pages: write
env:
ACTIONS_RUNNER_DEBUG: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
generate_tags:
pre_deploy:
runs-on: ubuntu-latest
outputs:
tags: ${{ steps.tags.outputs.tags}}
latest: ${{ steps.previoustag.outputs.tag }}
latest: ${{ steps.branchname.outputs.latest }}
steps:
- id: tags
name: pull tags
uses: oraad/get-tags-action@v1.0.0
with:
repo: ${{ github.repository }}
limit: 100
github-token: ${{ github.token }}
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: 'Get Previous tag'
id: previoustag
uses: "WyriHaximus/github-action-get-previous-tag@v1"
- name: Latest branch
run: |
echo "latest=$(git branch -a | awk '{print $1}' | sort -t. -k3n,3 -k4n,4 | awk -F'/' '{print $NF}' | tail -n1)" >> $GITHUB_OUTPUT
id: branchname
- name: Move redirector page
run: |
mkdir docs
cp book/index_redirect.html ./docs/index.html
find ./docs > docs/manifest.txt
- name: Upload redirector artifact
# https://github.com/actions/upload-artifact
uses: actions/upload-artifact@v3
with:
prefix: v1
name: base
path: docs/index.html
fanout:
uses: './.github/workflows/kanidm_individual_book.yml'
needs: generate_tags
needs: pre_deploy
strategy:
fail-fast: false
matrix:
# tag: ${{ fromJson(needs.generate_tags.outputs.tags) }}
tag:
- ${{ needs.generate_tags.outputs.latest}}
- ${{ needs.pre_deploy.outputs.latest}}
with:
tag: ${{ matrix.tag }}
parent_id: ${{ github.ref }}
@ -67,34 +72,61 @@ jobs:
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
needs:
- pre_deploy
- fanout
- docs_master
- generate_tags
runs-on: ubuntu-latest
steps:
- name: Download previously built docs
uses: actions/download-artifact@v3
with:
name: docs
- name: Setup Pages
uses: actions/configure-pages@v3
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Pages
uses: actions/configure-pages@v3
- name: Download base artifact
uses: actions/download-artifact@v3
with:
name: base
path: ./docs/
env:
ACTIONS_RUNNER_DEBUG: true
- name: Download individual artifact
uses: actions/download-artifact@v3
with:
name: individual
path: ./docs/
env:
ACTIONS_RUNNER_DEBUG: true
# - name: Log more stuff
# run: |
# echo "Currently in $(pwd)"
# mkdir -p docs && find $(pwd) -ls > ./docs/manifest.txt
# env:
# ACTIONS_RUNNER_DEBUG: true
# - name: Upload docs dir as an artifact
# # https://github.com/actions/upload-artifact
# uses: actions/upload-artifact@v3
# with:
# name: logs
# path: docs/
- name: Extract the files
run: |
find . -name '*.tar.gz' -exec tar zxf "{}" \;
pwd
echo "doing find $(pwd) -ls maxdepth 2"
find $(pwd) -ls -maxdepth 2
echo "doing find tar.gz ls"
find $(pwd) -name '*.tar.gz' -ls
echo "extracting"
find $(pwd) -name '*.tar.gz' -ls -exec tar zxvf "{}" \;
echo "Carrying on..."
mkdir -p docs
cd docs && cp -R "$(git branch -a | awk '{print $1}' | sort -t. -k3n,3 -k4n,4 | awk -F'/' '{print $NF}' | tail -n1)/" stable && cd ..
ls -la docs/
cd docs && \
ln -s ${{ needs.generate_tags.outputs.latest}}/ stable && \
cd ..
cp book/index_redirect.html docs/index.html
ls -la docs/
- name: Upload artifact
echo "Cleaning up docs archives"
rm docs/*.tar.gz
env:
ACTIONS_RUNNER_DEBUG: true
- name: Upload pages artifacts
uses: actions/upload-pages-artifact@v1
with:
# Upload entire repository
@ -102,3 +134,4 @@ jobs:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v2
if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}

9
.github/workflows/kanidm_individual_book.yml vendored
View file

@ -14,7 +14,7 @@ name: "Github Pages - Branch"
env:
SCCACHE_GHA_ENABLED: "true"
RUSTC_WRAPPER: "sccache"
ACTIONS_RUNNER_DEBUG: true
jobs:
generate_mdbook:
runs-on: ubuntu-latest
@ -67,14 +67,17 @@ jobs:
cd ..
mv pykanidm/site ./docs/${{ inputs.tag }}/pykanidm
continue-on-error: true
- name: archive things
run: |
tar czvf ${{ inputs.tag }}.tar.gz ./docs/
env:
ACTIONS_RUNNER_DEBUG: true
- name: Upload artifact
# https://github.com/actions/upload-artifact
uses: actions/upload-artifact@v3
with:
name: docs
name: individual
path: ${{inputs.tag }}.tar.gz
env:
ACTIONS_RUNNER_DEBUG: true

6
book/src/ssh_key_dist.md
View file

@ -63,7 +63,7 @@ If the account has SSH public keys you should see them listed, one per line.
To configure servers to accept these keys, you must change their /etc/ssh/sshd_config to contain the
lines:
```
```text
PubkeyAuthentication yes
UsePAM yes
AuthorizedKeysCommand /usr/bin/kanidm_ssh_authorizedkeys %u
@ -78,7 +78,7 @@ management tool such as salt or ansible.
> **NOTICE:** With a working SSH key setup, you should also consider adding the following
> sshd\_config options as hardening.
```
```text
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
@ -111,7 +111,7 @@ If the account has SSH public keys you should see them listed, one per line.
To configure servers to accept these keys, you must change their /etc/ssh/sshd\_config to contain
the lines:
```
```text
PubkeyAuthentication yes
UsePAM yes
AuthorizedKeysCommand /usr/bin/kanidm_ssh_authorizedkeys_direct -D anonymous %u

26
scripts/dependabot_automerge_check.sh Executable file
View file

@ -0,0 +1,26 @@
#!/bin/bash
if [ -z "$1" ]; then
echo "Specify the PR URL"
exit 1
fi
PR_URL="$1"
# are we good?
CONCLUSIONS="$(gh pr status --json statusCheckRollup | jq '.currentBranch | .[] | .[] | select(.conclusion != "SUCCESS") | select(.conclusion != "NEUTRAL")| {status: .status, workfFlowName: .workFlowName, conclusion: .conclusion}')"
# check approval
APPROVED="$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)"
# sets the upstream metadata for `gh pr status`
gh pr checkout "$PR_URL"
if [ "${APPROVED}" != "APPROVED" ]; then
echo "PR not approved!"
exit 1
fi
if [ "$(echo "${CONCLUSIONS}" | wc -l)" -eq 0 ]; then
gh pr review --approve "$PR_URL"
else
echo "Already running or failed: ${CONCLUSIONS}";
fi