From 2edbba55ae1f6f0a644dc796007dc9b374dc3931 Mon Sep 17 00:00:00 2001 From: Gwynne Raskind Date: Fri, 3 Nov 2023 13:27:05 -0500 Subject: [PATCH] Switch to OIDC tokens (#30) * Delete .github/workflows/projectboard.yml * Switch to OIDC token * Update build-and-deploy-docs-workflow.yml * Update deploy-api-docs.yml * Update theme-settings.json * Create dependabot.yml --- .github/dependabot.yml | 10 ++++ .../build-and-deploy-docs-workflow.yml | 50 +++++++++---------- .github/workflows/deploy-api-docs.yml | 29 +++++------ .github/workflows/projectboard.yml | 11 ---- theme-settings.json | 4 +- 5 files changed, 51 insertions(+), 53 deletions(-) create mode 100644 .github/dependabot.yml delete mode 100644 .github/workflows/projectboard.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..998a0eb --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + groups: + dependencies: + patterns: + - "*" diff --git a/.github/workflows/build-and-deploy-docs-workflow.yml b/.github/workflows/build-and-deploy-docs-workflow.yml index d08832d..a97663a 100644 --- a/.github/workflows/build-and-deploy-docs-workflow.yml +++ b/.github/workflows/build-and-deploy-docs-workflow.yml @@ -1,5 +1,7 @@ name: Shared Build DocC docs and Deploy - +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true on: workflow_call: inputs: @@ -35,47 +37,43 @@ on: description: "The paths to invalidate in CloudFront, e.g. '/vapor /xctvapor'." jobs: - build-docs: runs-on: ubuntu-latest - container: swiftlang/swift:nightly-5.9-jammy@sha256:2a862801753871b00f7fd424f2b47d75338e7a50d819cd34a425aef6a1bce56d + permissions: { id-token: write, contents: read } steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: repository: ${{ inputs.repository || github.repository }} fetch-depth: 0 - - name: Install curl and awscliv2 - run: | - apt-get update && apt-get install -y curl - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - ./aws/install - - name: Download Files + - name: Install latest Swift + uses: vapor/swiftly-action@v0.1 + with: + toolchain: latest + - name: Download files run: | curl -sL \ - https://raw.githubusercontent.com/vapor/api-docs/main/generate-package-api-docs.swift -o generate-package-api-docs.swift \ - https://raw.githubusercontent.com/vapor/api-docs/main/theme-settings.json -o theme-settings.json - - name: Builds Docs - env: - PACKAGE: ${{ inputs.package_name }} - MODULES: ${{ inputs.modules }} - run: swift generate-package-api-docs.swift ${PACKAGE} ${MODULES} - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + "https://raw.githubusercontent.com/vapor/api-docs/main/generate-package-api-docs.swift" \ + -o generate-package-api-docs.swift \ + "https://raw.githubusercontent.com/vapor/api-docs/main/theme-settings.json" \ + -o theme-settings.json + - name: Build docs + run: | + swift generate-package-api-docs.swift "${INPUT_PACKAGE_NAME}" ${INPUT_MODULES} + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.API_DOCS_DEPLOYER_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.API_DOCS_DEPLOYER_AWS_SECRET_ACCESS_KEY }} + role-to-assume: arn:aws:iam::177420307256:role/GithubOIdP-Role-zJ3kkJbhrNkr aws-region: 'eu-west-2' - name: Deploy to S3 and invalidate CloudFront env: + S3_BUCKET_URL: ${{ secrets.VAPOR_API_DOCS_S3_BUCKET_URL }} DISTRIBUTION_ID: ${{ secrets.VAPOR_API_DOCS_DISTRIBUTION_ID }} - INVALIDATE_PATHS: ${{ inputs.pathsToInvalidate }} run: | aws --no-cli-pager s3 sync \ - ./public s3://vapor-api-docs-site \ + ./public "${S3_BUCKET_URL}" \ --no-progress \ --acl public-read aws --no-cli-pager cloudfront create-invalidation \ - --distribution-id ${DISTRIBUTION_ID} \ - --paths ${INVALIDATE_PATHS} + --distribution-id "${DISTRIBUTION_ID}" \ + --paths "${INPUT_PATHSTOINVALIDATE}" diff --git a/.github/workflows/deploy-api-docs.yml b/.github/workflows/deploy-api-docs.yml index c9cbc8b..ec90776 100644 --- a/.github/workflows/deploy-api-docs.yml +++ b/.github/workflows/deploy-api-docs.yml @@ -1,4 +1,7 @@ -name: deploy-api-docs +name: API Docs website deploy +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true on: push: branches: @@ -8,23 +11,20 @@ jobs: deploy: name: Build and deploy runs-on: ubuntu-latest - container: swiftlang/swift:nightly-5.9-jammy@sha256:2a862801753871b00f7fd424f2b47d75338e7a50d819cd34a425aef6a1bce56d + permissions: { id-token: write, contents: read } steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 + - name: Install latest Swift + uses: vapor/swiftly-action@v0.1 + with: + toolchain: latest - name: Build site run: swift generate-api-docs.swift - - name: Install curl and awscliv2 - run: | - apt-get update && apt-get upgrade -y && apt-get install -y curl - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - ./aws/install - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.API_DOCS_DEPLOYER_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.API_DOCS_DEPLOYER_AWS_SECRET_ACCESS_KEY }} + role-to-assume: arn:aws:iam::177420307256:role/GithubOIdP-Role-zJ3kkJbhrNkr aws-region: 'eu-west-2' - name: Deploy to AWS CloudFormation uses: aws-actions/aws-cloudformation-github-deploy@v1 @@ -39,12 +39,13 @@ jobs: AcmCertificateArn=${{ secrets.API_DOCS_CERTIFICATE_ARN }} - name: Deploy to S3 and invalidate CloudFront env: + S3_BUCKET_URL: ${{ secrets.VAPOR_API_DOCS_S3_BUCKET_URL }} DISTRIBUTION_ID: ${{ secrets.VAPOR_API_DOCS_DISTRIBUTION_ID }} run: | aws --no-cli-pager s3 sync \ - ./public s3://vapor-api-docs-site \ + ./public "${S3_BUCKET_URL}" \ --no-progress \ --acl public-read aws --no-cli-pager cloudfront create-invalidation \ - --distribution-id ${DISTRIBUTION_ID} \ + --distribution-id "${DISTRIBUTION_ID}" \ --paths '/*' diff --git a/.github/workflows/projectboard.yml b/.github/workflows/projectboard.yml deleted file mode 100644 index a0e6d98..0000000 --- a/.github/workflows/projectboard.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: issue-to-project-board-workflow -on: - # Trigger when an issue gets labeled or deleted - issues: - types: [reopened, closed, labeled, unlabeled, assigned, unassigned] - -jobs: - update_project_boards: - name: Update project boards - uses: vapor/ci/.github/workflows/update-project-boards-for-issue.yml@reusable-workflows - secrets: inherit diff --git a/theme-settings.json b/theme-settings.json index f3d1955..0f7f5ec 100644 --- a/theme-settings.json +++ b/theme-settings.json @@ -18,10 +18,10 @@ }, "color": { "fill": { - "dark": "rgb(20, 20, 22)", + "dark": "rgb(0, 0, 0)", "light": "rgb(255, 255, 255)" }, - "documentation-intro-fill": "radial-gradient(circle at top, var(--color-documentation-intro-accent) 15%, rgb(17, 17, 17) 100%)", + "documentation-intro-fill": "radial-gradient(circle at top, var(--color-documentation-intro-accent) 15%, #000 100%)", "documentation-intro-accent": "rgb(204, 204, 204)" }, "icons": {