mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Still trying to fix the docs. (#1709)

Browse source 
* docs build/deploy fixes
* let us see if this makes the automerge less bad
This commit is contained in:
James Hodgkinson 2023-06-28 10:34:17 +10:00 committed by GitHub
parent 28c8e9df69
commit 69dfea3601
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 107 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
.github/workflows/dependabot_auto_merge.yml vendored
View file

@ -21,20 +21,13 @@ jobs:
alert-lookup: true alert-lookup: true
compat-lookup: true compat-lookup: true
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Approve a PR if not already approved
run: |
# sets the upstream metadata for `gh pr status`
gh pr checkout "$PR_URL"
if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
then gh pr review --approve "$PR_URL"
else echo "PR already approved, skipping additional approvals to minimize emails/notification noise.";
fi
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Enable auto-merge for Dependabot PRs - name: Enable auto-merge for Dependabot PRs
run: gh pr merge --auto --squash "$PR_URL" run: gh pr merge --auto --squash "$PR_URL"
env: env:
PR_URL: ${{github.event.pull_request.html_url}} PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Approve a PR if not already approved
run: scripts/dependabot_automerge_check.sh "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

101
.github/workflows/kanidm_book.yml vendored
View file

@ -19,41 +19,46 @@ permissions:
statuses: read statuses: read
pages: write pages: write
env:
ACTIONS_RUNNER_DEBUG: true
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
generate_tags: pre_deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
tags: ${{ steps.tags.outputs.tags}} latest: ${{ steps.branchname.outputs.latest }}
latest: ${{ steps.previoustag.outputs.tag }}
steps: steps:
- id: tags
name: pull tags
uses: oraad/get-tags-action@v1.0.0
with:
repo: ${{ github.repository }}
limit: 100
github-token: ${{ github.token }}
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- name: 'Get Previous tag' - name: Latest branch
id: previoustag run: |
uses: "WyriHaximus/github-action-get-previous-tag@v1" echo "latest=$(git branch -a | awk '{print $1}' | sort -t. -k3n,3 -k4n,4 | awk -F'/' '{print $NF}' | tail -n1)" >> $GITHUB_OUTPUT
id: branchname
- name: Move redirector page
run: |
mkdir docs
cp book/index_redirect.html ./docs/index.html
find ./docs > docs/manifest.txt
- name: Upload redirector artifact
# https://github.com/actions/upload-artifact
uses: actions/upload-artifact@v3
with: with:
prefix: v1 name: base
path: docs/index.html
fanout: fanout:
uses: './.github/workflows/kanidm_individual_book.yml' uses: './.github/workflows/kanidm_individual_book.yml'
needs: generate_tags needs: pre_deploy
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
# tag: ${{ fromJson(needs.generate_tags.outputs.tags) }}
tag: tag:
- ${{ needs.generate_tags.outputs.latest}} - ${{ needs.pre_deploy.outputs.latest}}
with: with:
tag: ${{ matrix.tag }} tag: ${{ matrix.tag }}
parent_id: ${{ github.ref }} parent_id: ${{ github.ref }}
@ -67,34 +72,61 @@ jobs:
environment: environment:
name: github-pages name: github-pages
url: ${{ steps.deployment.outputs.page_url }} url: ${{ steps.deployment.outputs.page_url }}
if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
needs: needs:
- pre_deploy
- fanout - fanout
- docs_master - docs_master
- generate_tags
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Download previously built docs - name: Setup Pages
uses: actions/download-artifact@v3 uses: actions/configure-pages@v3
with:
name: docs
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Setup Pages - name: Download base artifact
uses: actions/configure-pages@v3 uses: actions/download-artifact@v3
with:
name: base
path: ./docs/
env:
ACTIONS_RUNNER_DEBUG: true
- name: Download individual artifact
uses: actions/download-artifact@v3
with:
name: individual
path: ./docs/
env:
ACTIONS_RUNNER_DEBUG: true
# - name: Log more stuff
# run: |
# echo "Currently in $(pwd)"
# mkdir -p docs && find $(pwd) -ls > ./docs/manifest.txt
# env:
# ACTIONS_RUNNER_DEBUG: true
# - name: Upload docs dir as an artifact
# # https://github.com/actions/upload-artifact
# uses: actions/upload-artifact@v3
# with:
# name: logs
# path: docs/
- name: Extract the files - name: Extract the files
run: | run: |
find . -name '*.tar.gz' -exec tar zxf "{}" \; pwd
echo "doing find $(pwd) -ls maxdepth 2"
find $(pwd) -ls -maxdepth 2
echo "doing find tar.gz ls"
find $(pwd) -name '*.tar.gz' -ls
echo "extracting"
find $(pwd) -name '*.tar.gz' -ls -exec tar zxvf "{}" \;
echo "Carrying on..."
mkdir -p docs
cd docs && cp -R "$(git branch -a | awk '{print $1}' | sort -t. -k3n,3 -k4n,4 | awk -F'/' '{print $NF}' | tail -n1)/" stable && cd ..
ls -la docs/ ls -la docs/
cd docs && \ echo "Cleaning up docs archives"
ln -s ${{ needs.generate_tags.outputs.latest}}/ stable && \ rm docs/*.tar.gz
cd .. env:
cp book/index_redirect.html docs/index.html ACTIONS_RUNNER_DEBUG: true
ls -la docs/ - name: Upload pages artifacts
- name: Upload artifact
uses: actions/upload-pages-artifact@v1 uses: actions/upload-pages-artifact@v1
with: with:
# Upload entire repository # Upload entire repository
@ -102,3 +134,4 @@ jobs:
- name: Deploy to GitHub Pages - name: Deploy to GitHub Pages
id: deployment id: deployment
uses: actions/deploy-pages@v2 uses: actions/deploy-pages@v2
if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}

9
.github/workflows/kanidm_individual_book.yml vendored
View file

@ -14,7 +14,7 @@ name: "Github Pages - Branch"
env: env:
SCCACHE_GHA_ENABLED: "true" SCCACHE_GHA_ENABLED: "true"
RUSTC_WRAPPER: "sccache" RUSTC_WRAPPER: "sccache"
ACTIONS_RUNNER_DEBUG: true
jobs: jobs:
generate_mdbook: generate_mdbook:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -67,14 +67,17 @@ jobs:
cd .. cd ..
mv pykanidm/site ./docs/${{ inputs.tag }}/pykanidm mv pykanidm/site ./docs/${{ inputs.tag }}/pykanidm
continue-on-error: true continue-on-error: true
- name: archive things - name: archive things
run: | run: |
tar czvf ${{ inputs.tag }}.tar.gz ./docs/ tar czvf ${{ inputs.tag }}.tar.gz ./docs/
env:
ACTIONS_RUNNER_DEBUG: true
- name: Upload artifact - name: Upload artifact
# https://github.com/actions/upload-artifact # https://github.com/actions/upload-artifact
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: docs name: individual
path: ${{inputs.tag }}.tar.gz path: ${{inputs.tag }}.tar.gz
env:
ACTIONS_RUNNER_DEBUG: true

6
book/src/ssh_key_dist.md
View file

@ -63,7 +63,7 @@ If the account has SSH public keys you should see them listed, one per line.
To configure servers to accept these keys, you must change their /etc/ssh/sshd_config to contain the To configure servers to accept these keys, you must change their /etc/ssh/sshd_config to contain the
lines: lines:
``` ```text
PubkeyAuthentication yes PubkeyAuthentication yes
UsePAM yes UsePAM yes
AuthorizedKeysCommand /usr/bin/kanidm_ssh_authorizedkeys %u AuthorizedKeysCommand /usr/bin/kanidm_ssh_authorizedkeys %u
@ -78,7 +78,7 @@ management tool such as salt or ansible.
> **NOTICE:** With a working SSH key setup, you should also consider adding the following > **NOTICE:** With a working SSH key setup, you should also consider adding the following
> sshd\_config options as hardening. > sshd\_config options as hardening.
``` ```text
PermitRootLogin no PermitRootLogin no
PasswordAuthentication no PasswordAuthentication no
PermitEmptyPasswords no PermitEmptyPasswords no
@ -111,7 +111,7 @@ If the account has SSH public keys you should see them listed, one per line.
To configure servers to accept these keys, you must change their /etc/ssh/sshd\_config to contain To configure servers to accept these keys, you must change their /etc/ssh/sshd\_config to contain
the lines: the lines:
``` ```text
PubkeyAuthentication yes PubkeyAuthentication yes
UsePAM yes UsePAM yes
AuthorizedKeysCommand /usr/bin/kanidm_ssh_authorizedkeys_direct -D anonymous %u AuthorizedKeysCommand /usr/bin/kanidm_ssh_authorizedkeys_direct -D anonymous %u

26
scripts/dependabot_automerge_check.sh Executable file
View file

@ -0,0 +1,26 @@
#!/bin/bash
if [ -z "$1" ]; then
echo "Specify the PR URL"
exit 1
fi
PR_URL="$1"
# are we good?
CONCLUSIONS="$(gh pr status --json statusCheckRollup | jq '.currentBranch | .[] | .[] | select(.conclusion != "SUCCESS") | select(.conclusion != "NEUTRAL")| {status: .status, workfFlowName: .workFlowName, conclusion: .conclusion}')"
# check approval
APPROVED="$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)"
# sets the upstream metadata for `gh pr status`
gh pr checkout "$PR_URL"
if [ "${APPROVED}" != "APPROVED" ]; then
echo "PR not approved!"
exit 1
fi
if [ "$(echo "${CONCLUSIONS}" | wc -l)" -eq 0 ]; then
gh pr review --approve "$PR_URL"
else
echo "Already running or failed: ${CONCLUSIONS}";
fi