privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-07-03 01:52:39 +00:00
Code Issues Activity

Use GitHub Actions instead of Netlify (#2462)

Browse Source 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
Jonah Aragon
2024-03-30 19:12:48 -05:00
parent 0b43cb1fc7
commit fc19f44c18
27 changed files with 514 additions and 1426 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
.github/workflows/release.yml → .github/workflows/build-offline.yml vendored
View File

@ -1,4 +1,4 @@
# Copyright (c) 2021-2023 Jonah Aragon <jonah@triplebit.net>
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
@ -18,47 +18,36 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 📦 Releases
name: Build Offline Website
on:
push:
tags:
- '*'
workflow_call:
permissions:
contents: read
jobs:
production:
name: Push release to production
runs-on: ubuntu-latest
environment:
name: actions-ssh
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: '0'
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
submodules: 'true'
- name: Push to production branch
run: |
git push origin HEAD:production
build:
name: Create release packages
runs-on: ubuntu-latest
environment:
name: actions-ssh
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: '0'
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
submodules: 'true'
persist-credentials: 'false'
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Python setup
uses: actions/setup-python@v5
@ -66,11 +55,13 @@ jobs:
python-version: '3.8'
cache: 'pipenv'
- name: Cache files
uses: actions/cache@v4.0.2
- uses: actions/cache/restore@v4.0.2
with:
key: ${{ github.ref }}
key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
restore-keys: |
site-cache-${{ github.repository }}-en-${{ github.ref }}-
site-cache-${{ github.repository }}-en-
- name: Install Python dependencies
run: |
@ -91,6 +82,11 @@ jobs:
tar -czvf offline.tar.gz site
zip -r -q offline.zip site
- uses: actions/cache/save@v4.0.2
with:
key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
- name: Upload tar.gz file
uses: actions/upload-artifact@v4
with:
@ -114,32 +110,5 @@ jobs:
- name: Upload ZIM file
uses: actions/upload-artifact@v4
with:
name: privacy_guides.zim
path: privacy_guides.zim
release:
name: Create release notes
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/download-artifact@v4
with:
name: offline.tar.gz
- uses: actions/download-artifact@v4
with:
name: offline.zip
- uses: actions/download-artifact@v4
with:
name: privacy_guides.zim
- name: Create release notes
uses: ncipollo/release-action@v1
with:
generateReleaseNotes: true
token: ${{ secrets.REPO_TOKEN }}
artifacts: "offline.zip,offline.tar.gz,privacy_guides.zim"
name: offline-privacy_guides.zim
path: offline-privacy_guides.zim

67
.github/workflows/build.yml vendored
View File

@ -30,22 +30,27 @@ on:
required: true
type: string
lang:
required: true
type: string
i18n:
required: true
default: en
context:
type: string
default: deploy-preview
continue-on-error:
type: boolean
default: true
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
continue-on-error: ${{ inputs.i18n }}
continue-on-error: ${{ inputs.continue-on-error }}
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
@ -53,52 +58,62 @@ jobs:
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rmdir modules/mkdocs-material
mv modules/mkdocs-material-insiders modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rmdir theme/assets/brand
mv modules/brand theme/assets/brand
mv modules/repo-brand theme/assets/brand
- if: inputs.i18n
- if: inputs.lang != 'en'
run: |
cp -rl modules/i18n/i18n .
cp -rl modules/i18n/includes .
cp -rl modules/i18n/theme .
cp -rl modules/repo-i18n/i18n .
cp -rl modules/repo-i18n/includes .
cp -rl modules/repo-i18n/theme .
- name: Python setup
uses: actions/setup-python@v5
- uses: actions/setup-python@v5
with:
python-version: '3.8'
cache: 'pipenv'
- name: Cache files
uses: actions/cache@v4.0.2
- uses: actions/cache/restore@v4.0.2
with:
key: ${{ inputs.ref }}
key: site-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
restore-keys: |
site-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-
site-cache-${{ inputs.repo }}-${{ inputs.lang }}-
site-cache-${{ github.repository }}-${{ inputs.lang }}
- name: Install Python dependencies
run: |
- run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Build website
env:
- if: inputs.lang != 'en'
uses: falti/dotenv-action@v1.1
with:
path: includes/strings.${{ inputs.lang }}.env
export-variables: true
- env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CARDS: false
CONTEXT: deploy-preview
NETLIFY: true
CONTEXT: ${{ inputs.context }}
PRODUCTION: true
run: |
pipenv run mkdocs build --config-file config/mkdocs.${{ inputs.lang }}.yml
cp -r static/* site/
pipenv run mkdocs --version
tar -czvf site-build-${{ inputs.lang }}.tar.gz site
- name: Upload tar.gz file
uses: actions/upload-artifact@v4
- uses: actions/cache/save@v4.0.2
with:
key: site-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
- uses: actions/upload-artifact@v4
with:
name: site-build-${{ inputs.lang }}.tar.gz
path: site-build-${{ inputs.lang }}.tar.gz

20
.github/workflows/cleanup.yml vendored
View File

@ -24,26 +24,10 @@ on:
workflow_call:
jobs:
brand:
cleanup:
runs-on: ubuntu-latest
steps:
- uses: geekyeggo/delete-artifact@v5
with:
name: brand
failOnError: false
i18n:
runs-on: ubuntu-latest
steps:
- uses: geekyeggo/delete-artifact@v5
with:
name: i18n
failOnError: false
mkdocs-material-insiders:
runs-on: ubuntu-latest
steps:
- uses: geekyeggo/delete-artifact@v5
with:
name: mkdocs-material-insiders
name: repo-*
failOnError: false

123
.github/workflows/deploy.yml vendored
View File

@ -18,31 +18,35 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Cleanup Artifacts
name: Deploy Website Build
on:
workflow_call:
inputs:
netlify:
netlify_preview:
type: boolean
netlify_alias:
type: string
netlify_production:
type: boolean
github_pages:
type: boolean
outputs:
netlify_address:
value: ${{ jobs.netlify.outputs.address }}
netlify_preview_address:
value: ${{ jobs.netlify_preview.outputs.address }}
secrets:
NETLIFY_TOKEN:
jobs:
netlify:
if: inputs.netlify
netlify_preview:
if: inputs.netlify_preview
runs-on: ubuntu-latest
outputs:
address: ${{ steps.deployment.outputs.address }}
environment:
name: preview-netlify
url: ${{ steps.deployment.outputs.address }}
permissions:
contents: read
outputs:
address: ${{ steps.address.outputs.address }}
steps:
- uses: actions/download-artifact@v4
@ -60,13 +64,104 @@ jobs:
- run: |
npm install netlify-cli -g
- name: Limit length of Netlify alias to 12
- if: inputs.netlify_preview
name: Limit length of Netlify alias to 12
run: echo "SHORT_ALIAS=`echo ${{ inputs.netlify_alias }} | cut -c1-12`" >> $GITHUB_ENV
- id: deployment
- if: inputs.netlify_preview
id: deployment
env:
NETLIFY_SITE_ID: ${{ vars.NETLIFY_SITE }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
run: |
netlify deploy --dir=site --alias=${{ env.SHORT_ALIAS }}
echo "address=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_OUTPUT"
echo "DEPLOYED_ADDRESS=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_ENV"
- id: address
run: |
echo "address=$DEPLOYED_ADDRESS" >> "$GITHUB_OUTPUT"
netlify_production:
if: inputs.netlify_production
runs-on: ubuntu-latest
permissions:
contents: read
environment:
name: production
url: https://www.privacyguides.org
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml
ls -la site/
- uses: actions/setup-node@v4
- run: |
npm install netlify-cli -g
- id: prod_deployment
env:
NETLIFY_SITE_ID: ${{ vars.PROD_NETLIFY_SITE }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
run: |
netlify deploy --dir=site --prod-if-unlocked
github_pages:
if: inputs.github_pages
runs-on: ubuntu-latest
concurrency:
group: "pages"
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment
permissions:
contents: read
pages: write # to deploy to Pages
id-token: write # to verify the deployment originates from an appropriate source
steps:
- uses: actions/configure-pages@v5
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
ls -la site/
- uses: 1arp/create-a-file-action@0.4.4
with:
path: site
file: index.html
content: |
<html lang="en">
<head>
<title>Redirecting to English site...</title>
<meta
http-equiv="refresh"
content="0; URL=./en/"
/>
</head>
</html>
- uses: actions/upload-pages-artifact@v3
with:
path: site
- id: deployment
uses: actions/deploy-pages@main

10
.github/workflows/download-repo.yml vendored
View File

@ -18,7 +18,7 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Download repository
name: Download Repository
on:
workflow_call:
@ -33,18 +33,16 @@ on:
jobs:
download:
runs-on: ubuntu-latest
environment:
name: actions-ssh
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: 'privacyguides/${{ inputs.repo }}'
path: ${{ inputs.repo }}
path: repo-${{ inputs.repo }}
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
- uses: actions/upload-artifact@v4
with:
name: ${{ inputs.repo }}
path: ${{ inputs.repo }}
name: repo-${{ inputs.repo }}
path: repo-${{ inputs.repo }}
retention-days: 1

100
.github/workflows/pages.yml vendored
View File

@ -1,100 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 🛠️ Deploy to GitHub Pages
on:
workflow_dispatch:
release:
types: [published]
# Allow one concurrent deployment
concurrency:
group: "pages"
cancel-in-progress: true
env:
PYTHON_VERSION: 3.8
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: '0'
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
submodules: 'true'
- name: Pages setup
uses: actions/configure-pages@v4
- name: Python setup
uses: actions/setup-python@v5
with:
python-version: '3.8'
cache: 'pipenv'
- name: Cache files
uses: actions/cache@v4.0.2
with:
key: ${{ github.ref }}
path: .cache
- name: Install Python dependencies
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Build website
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CARDS: true
run: |
pipenv run mkdocs build --config-file config/mkdocs.en.yml
pipenv run mkdocs --version
- name: Package website
uses: actions/upload-pages-artifact@v3
with:
path: site
deploy:
name: Deploy
needs: build
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment
permissions:
pages: write # to deploy to Pages
id-token: write # to verify the deployment originates from an appropriate source
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@main

9
.github/workflows/mirror.yml → .github/workflows/publish-mirror.yml vendored
View File

@ -29,9 +29,6 @@ concurrency:
jobs:
gitlab:
runs-on: ubuntu-latest
environment:
name: actions-ssh
url: https://gitlab.com/privacyguides/privacyguides.org
steps:
- name: Mirror to GitLab
uses: wearerequired/git-mirror-action@v1
@ -43,9 +40,6 @@ jobs:
codeberg:
runs-on: ubuntu-latest
environment:
name: actions-ssh
url: https://codeberg.org/privacyguides/privacyguides.org
steps:
- name: Mirror to Codeberg
uses: wearerequired/git-mirror-action@v1
@ -57,9 +51,6 @@ jobs:
sourcehut:
runs-on: ubuntu-latest
environment:
name: actions-ssh
url: https://git.sr.ht/~jonaharagon/privacyguides.org
steps:
- name: Mirror to SourceHut
uses: wearerequired/git-mirror-action@v1

35
.github/workflows/preview-pr.yml → .github/workflows/publish-pr.yml vendored
View File

@ -18,17 +18,23 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Build Pull Request Preview
name: 📦 Publish Pull Request Preview
on:
pull_request_target:
concurrency:
group: ${{github.event.pull_request.head.ref}}
cancel-in-progress: true
permissions:
pull-requests: write
contents: read
pages: write
id-token: write
jobs:
downloadSubmodules:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand, i18n]
@ -39,14 +45,14 @@ jobs:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
build:
needs: downloadSubmodules
needs: submodule
strategy:
matrix:
lang: [es, fr, he, it, nl, ru, zh-Hant]
i18n: [true]
allow-error: [true]
include:
- lang: en
i18n: false
allow-error: false
fail-fast: false
permissions:
contents: read
@ -55,13 +61,17 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
lang: ${{ matrix.lang }}
i18n: ${{ matrix.i18n }}
continue-on-error: ${{ matrix.allow-error }}
deploy:
needs: build
permissions:
contents: read
pages: write
id-token: write
uses: ./.github/workflows/deploy.yml
with:
netlify: true
netlify_preview: true
netlify_alias: ${{ github.event.pull_request.head.sha }}
secrets:
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
@ -72,13 +82,18 @@ jobs:
needs: deploy
runs-on: ubuntu-latest
env:
address: ${{ needs.deploy.outputs.netlify_address }}
address: ${{ needs.deploy.outputs.netlify_preview_address }}
steps:
- uses: thollander/actions-comment-pull-request@v2
- uses: thollander/actions-comment-pull-request@v2.5.0
with:
message: |
This is a test :eyes: ${{ env.address }}
### <span aria-hidden="true">✅</span> Your preview is ready!
| Name | Link |
| :---: | ---- |
| <span aria-hidden="true">🔨</span> Latest commit | ${{ github.event.pull_request.head.sha }} |
| <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
comment_tag: deployment
cleanup:

97
.github/workflows/publish-release.yml vendored Normal file
View File

@ -0,0 +1,97 @@
# Copyright (c) 2021-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 📦 Publish Release
on:
push:
tags:
- '*'
permissions:
contents: write
pages: write
id-token: write
jobs:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand, i18n]
uses: ./.github/workflows/download-repo.yml
with:
repo: ${{ matrix.repo }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
build:
needs: submodule
strategy:
matrix:
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
permissions:
contents: read
uses: ./.github/workflows/build.yml
with:
ref: ${{ github.repository }}
repo: ${{ github.ref }}
lang: ${{ matrix.lang }}
context: production
continue-on-error: false
buildoffline:
needs: submodule
permissions:
contents: read
uses: ./.github/workflows/build-offline.yml
release:
name: Create release notes
needs: buildoffline
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/download-artifact@v4
with:
pattern: offline*
merge-multiple: true
- name: Create release notes
uses: ncipollo/release-action@v1
with:
generateReleaseNotes: true
artifacts: "offline.zip,offline.tar.gz,offline-privacy_guides.zim"
makeLatest: true
deploy:
needs: build
uses: ./.github/workflows/deploy.yml
with:
netlify_production: true
github_pages: true
secrets:
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
cleanup:
if: ${{ always() }}
needs: [build, buildoffline]
uses: ./.github/workflows/cleanup.yml

0
.github/workflows/crowdin-upload.yml → .github/workflows/upload-crowdin.yml vendored
View File