docs/.github/workflows/pull-request.yml at master · pulumi/docs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Pull Request
on:
  pull_request:
    branches:
      - master
      - 'release/**'
permissions:
      id-token: write # This is required for requesting the JWT
      contents: read # This is required for actions/checkout
jobs:
  buildSite:
    # Only run this job for events that originate on this repository.
    if: github.event.pull_request.head.repo.full_name == github.repository
    env:
      GOPATH: ${{ github.workspace }}/go
    name: Install deps and build site
    runs-on: ubuntu-latest
    environment: testing
    steps:
      - name: Fetch secrets from ESC
        id: esc-secrets
        uses: pulumi/esc-action@v2

      - uses: actions/checkout@v6

      - uses: actions/setup-node@v6
        with:
          node-version: '24.x'
          cache: 'yarn'
          cache-dependency-path: |
            yarn.lock
            infrastructure/yarn.lock
            theme/yarn.lock
            theme/stencil/yarn.lock

      - uses: peaceiris/actions-hugo@v3
        with:
          hugo-version: '0.157.0'
          extended: true

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v6
        with:
          role-to-assume: arn:aws:iam::571684982431:role/ContinuousDelivery
          role-session-name: docs-deploy
          role-duration-seconds: 7200
          aws-region: us-west-2

      - name: Install s5cmd v2.3.0 for fast S3 uploads
        run: |
          S5CMD_VERSION="2.3.0"
          S5CMD_SHA256="de0fdbfa3aceae55e069ba81a0fc17b2026567637603734a387b2fca06c299b4"
          curl -fsSL -o /tmp/s5cmd.tar.gz "https://github.com/peak/s5cmd/releases/download/v${S5CMD_VERSION}/s5cmd_${S5CMD_VERSION}_Linux-64bit.tar.gz"
          echo "${S5CMD_SHA256}  /tmp/s5cmd.tar.gz" | sha256sum -c -
          sudo tar -xz -C /usr/local/bin s5cmd -f /tmp/s5cmd.tar.gz
          rm /tmp/s5cmd.tar.gz

      - name: Install Vale (required by scripts/ensure.sh)
        run: |
          VALE_VERSION="3.14.1"
          VALE_SHA256="ff2b49ffaa9dcd246fd5008f03ff67746d2790b75bf4d3657e2fb9530fb96db3"
          curl -fsSL -o /tmp/vale.tar.gz "https://github.com/errata-ai/vale/releases/download/v${VALE_VERSION}/vale_${VALE_VERSION}_Linux_64-bit.tar.gz"
          echo "${VALE_SHA256}  /tmp/vale.tar.gz" | sha256sum -c -
          sudo tar -xz -C /usr/local/bin vale -f /tmp/vale.tar.gz
          rm /tmp/vale.tar.gz

      - name: Install Pulumi CLI
        uses: pulumi/actions@v7

      # Restore previously generated OpenGraph cards so the build-time generator
      # only re-renders pages that changed (manifest content-hash skip). The
      # cards are gitignored; this cache is their only persistence across runs.
      - name: Cache generated meta images
        uses: actions/cache@v4
        with:
          path: assets/images/generated
          key: meta-images-${{ github.sha }}
          restore-keys: |
            meta-images-

      - name: Build and deploy
        run: make ci_pull_request
        env:
          CDN_PULUMI_URN: ${{ vars.CDN_PULUMI_URN }}
          PULUMI_ACCESS_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_ACCESS_TOKEN }}
          PULUMI_STACK_NAME: ${{ vars.PULUMI_STACK_NAME }}
          DEPLOYMENT_ENVIRONMENT: ${{ vars.DEPLOYMENT_ENVIRONMENT }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PULUMI_BOT_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
          ALGOLIA_APP_ID: ${{ vars.ALGOLIA_APP_ID }}
          ALGOLIA_APP_SEARCH_KEY: ${{ vars.ALGOLIA_APP_SEARCH_KEY }}
          ALGOLIA_APP_ADMIN_KEY: ${{  steps.esc-secrets.outputs.ALGOLIA_APP_ADMIN_KEY }}
          NODE_OPTIONS: "--max_old_space_size=8192"

      - name: Archive test results
        uses: actions/upload-artifact@v7
        with:
          name: browser-test-results
          path: cypress/videos

      - name: Archive bucket metadata
        uses: actions/upload-artifact@v7
        with:
          name: origin-bucket-metadata
          path: origin-bucket-metadata.json
  notify:
    if: (startsWith(github.ref, 'refs/heads/release/') || github.ref == 'refs/heads/master' || (github.event_name == 'pull_request' && github.event.pull_request.user.login == 'pulumi-bot')) && failure()
    name: Send slack notification
    runs-on: ubuntu-latest
    needs: [buildSite]
    steps:
      - name: Fetch secrets from ESC
        id: esc-secrets
        uses: pulumi/esc-action@v2
      - name: Slack Notification
        uses: docker://sholung/action-slack-notify:v2.3.0
        env:
          SLACK_CHANNEL: docs-ops
          SLACK_COLOR: "#F54242"
          SLACK_MESSAGE: "build and deploy failure in pulumi/docs repo :meow_sad:"
          SLACK_USERNAME: docsbot
          SLACK_WEBHOOK: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
          SLACK_ICON: https://www.pulumi.com/logos/brand/avatar-on-white.png
env:
  ESC_ACTION_OIDC_AUTH: true
  ESC_ACTION_OIDC_ORGANIZATION: pulumi
  ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
  ESC_ACTION_ENVIRONMENT: github-secrets/pulumi-docs
  ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: false