scripts: ossf scorecard pindeps: docs: Add usage #12
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: RFCs | |
| on: | |
| push: | |
| paths: | |
| - 'docs/rfc/**' | |
| - '.github/workflows/rfc.yml' | |
| permissions: | |
| contents: read | |
| jobs: | |
| htmlize: | |
| permissions: | |
| contents: write # for Git to git push | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: [3.7] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Checkout full upstream repo | |
| run: | | |
| git remote set-url origin https://github.com/intel/dffml | |
| git fetch --prune --unshallow | |
| git fetch --depth=1 origin +refs/tags/*:refs/tags/* | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "DFFML CI/CD" | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Get pip cache | |
| id: pip-cache | |
| run: | | |
| python -c "from pip._internal.locations import USER_CACHE_DIR; print('::set-output name=dir::' + USER_CACHE_DIR)" | |
| - name: pip cache | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| path: ${{ steps.pip-cache.outputs.dir }} | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/setup.py') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| set -x | |
| python -m pip install -U setuptools pip wheel | |
| python -m pip install "https://github.com/ietf-tools/rfc2html/archive/refs/heads/main.zip#egg=rfc2html" | |
| - name: Make HTML RFCs | |
| shell: python -u {0} | |
| run: | | |
| import rfc2html | |
| for path in pathlib.Path("docs", "rfc").glob("*.txt"): | |
| print("Writing", path) | |
| path.with_suffix(".html").write_text( | |
| rfc2html.markup(path.read_text()) | |
| ) | |
| - name: Copy git repo | |
| env: | |
| SSH_DFFML_GH_PAGES: ${{ secrets.SSH_DFFML_GH_PAGES }} | |
| run: | | |
| set -x | |
| TEMP_DIRS=() | |
| function cleanup_temp_dirs() { | |
| if [ "x${NO_RM_TEMP}" != "x" ]; then | |
| return | |
| fi | |
| for temp_dir in ${TEMP_DIRS[@]}; do | |
| rm -rf "${temp_dir}" | |
| done | |
| } | |
| # Clean up temporary directories on exit | |
| trap cleanup_temp_dirs EXIT | |
| release_docs="$(mktemp -d)" | |
| TEMP_DIRS+=("${release_docs}") | |
| git clone https://github.com/intel/dffml -b gh-pages \ | |
| "${release_docs}/gh-pages-branch" | |
| rm -rf "${release_docs}/gh-pages-branch/rfcs" | |
| cp -r docs/rfcs "${release_docs}/gh-pages-branch" | |
| cd "${release_docs}/gh-pages-branch" | |
| git config user.name 'Alice' | |
| git config user.email '[email protected]' | |
| git add -A | |
| git commit -sam "docs: rfc: $(date)" | |
| ssh_key_dir="$(mktemp -d)" | |
| TEMP_DIRS+=("${ssh_key_dir}") | |
| mkdir -p ~/.ssh | |
| chmod 700 ~/.ssh | |
| python -c "import pathlib, base64, os; keyfile = pathlib.Path(\"${ssh_key_dir}/github\").absolute(); keyfile.write_bytes(b''); keyfile.chmod(0o600); keyfile.write_bytes(base64.b32decode(os.environ['SSH_DFFML_GH_PAGES']))" | |
| ssh-keygen -y -f "${ssh_key_dir}/github" > "${ssh_key_dir}/github.pub" | |
| export GIT_SSH_COMMAND="${GIT_SSH_COMMAND} -o IdentityFile=${ssh_key_dir}/github" | |
| git remote set-url origin [email protected]:intel/dffml | |
| git push -f |