From 9999981e98be3eea6a613000284b62b73c0a54cc Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Sat, 30 Mar 2024 19:12:48 -0500 Subject: [PATCH] Use GitHub Actions instead of Netlify (#2462) --- .../{release.yml => build-offline.yml} | 85 ++++----------- .github/workflows/build.yml | 11 +- .github/workflows/deploy.yml | 98 ++++++++++++++--- .github/workflows/download-repo.yml | 10 +- .github/workflows/mirror.yml | 9 -- .github/workflows/pages.yml | 100 ----------------- .../{preview-pr.yml => publish-pr.yml} | 6 +- .github/workflows/publish-release.yml | 103 ++++++++++++++++++ 8 files changed, 223 insertions(+), 199 deletions(-) rename .github/workflows/{release.yml => build-offline.yml} (65%) delete mode 100644 .github/workflows/pages.yml rename .github/workflows/{preview-pr.yml => publish-pr.yml} (94%) create mode 100644 .github/workflows/publish-release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/build-offline.yml similarity index 65% rename from .github/workflows/release.yml rename to .github/workflows/build-offline.yml index ac67fd2307..cb449813af 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/build-offline.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2023 Jonah Aragon +# Copyright (c) 2024 Jonah Aragon # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to @@ -18,47 +18,33 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. -name: 📦 Releases +name: Build Offline Website on: - push: - tags: - - '*' + workflow_call: jobs: - production: - name: Push release to production + build: runs-on: ubuntu-latest - environment: - name: actions-ssh permissions: - contents: write + contents: read steps: - name: Checkout repository uses: actions/checkout@v4 with: - fetch-depth: '0' - ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} - submodules: 'true' - - - name: Push to production branch - run: | - git push origin HEAD:production - - build: - name: Create release packages - runs-on: ubuntu-latest - environment: - name: actions-ssh + persist-credentials: 'false' - steps: - - name: Checkout repository - uses: actions/checkout@v4 + - uses: actions/download-artifact@v4 with: - fetch-depth: '0' - ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} - submodules: 'true' + pattern: repo-* + path: modules + + - run: | + rmdir modules/mkdocs-material + mv modules/repo-mkdocs-material-insiders modules/mkdocs-material + rmdir theme/assets/brand + mv modules/repo-brand theme/assets/brand - name: Python setup uses: actions/setup-python@v5 @@ -82,14 +68,16 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} CARDS: false + CONTEXT: deploy-preview + NETLIFY: true run: | pipenv run mkdocs build --config-file config/mkdocs-offline.yml pipenv run mkdocs --version - - name: Package website - run: | - tar -czvf offline.tar.gz site - zip -r -q offline.zip site + - name: Package website + run: | + tar -czvf offline.tar.gz site + zip -r -q offline.zip site - name: Upload tar.gz file uses: actions/upload-artifact@v4 @@ -114,32 +102,5 @@ jobs: - name: Upload ZIM file uses: actions/upload-artifact@v4 with: - name: privacy_guides.zim - path: privacy_guides.zim - - release: - name: Create release notes - needs: build - runs-on: ubuntu-latest - permissions: - contents: write - - steps: - - uses: actions/download-artifact@v4 - with: - name: offline.tar.gz - - - uses: actions/download-artifact@v4 - with: - name: offline.zip - - - uses: actions/download-artifact@v4 - with: - name: privacy_guides.zim - - - name: Create release notes - uses: ncipollo/release-action@v1 - with: - generateReleaseNotes: true - token: ${{ secrets.REPO_TOKEN }} - artifacts: "offline.zip,offline.tar.gz,privacy_guides.zim" + name: offline-privacy_guides.zim + path: offline-privacy_guides.zim diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 02cc3a85c7..730cc609b8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,19 +53,20 @@ jobs: - uses: actions/download-artifact@v4 with: + pattern: repo-* path: modules - run: | rmdir modules/mkdocs-material - mv modules/mkdocs-material-insiders modules/mkdocs-material + mv modules/repo-mkdocs-material-insiders modules/mkdocs-material rmdir theme/assets/brand - mv modules/brand theme/assets/brand + mv modules/repo-brand theme/assets/brand - if: inputs.i18n run: | - cp -rl modules/i18n/i18n . - cp -rl modules/i18n/includes . - cp -rl modules/i18n/theme . + cp -rl modules/repo-i18n/i18n . + cp -rl modules/repo-i18n/includes . + cp -rl modules/repo-i18n/theme . - name: Python setup uses: actions/setup-python@v5 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 54f7502bc6..fa7adb82bf 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -18,31 +18,31 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. -name: Cleanup Artifacts +name: Deploy Website Build on: workflow_call: inputs: - netlify: + netlify_preview: type: boolean netlify_alias: type: string + netlify_production: + type: boolean + github_pages: + type: boolean outputs: - netlify_address: - value: ${{ jobs.netlify.outputs.address }} + netlify_preview_address: + value: ${{ jobs.netlify_preview.outputs.address }} secrets: NETLIFY_TOKEN: jobs: - netlify: - if: inputs.netlify + netlify_preview: + if: inputs.netlify_preview runs-on: ubuntu-latest outputs: - address: ${{ steps.deployment.outputs.address }} - - environment: - name: preview-netlify - url: ${{ steps.deployment.outputs.address }} + address: ${{ steps.address.outputs.address }} steps: - uses: actions/download-artifact@v4 @@ -60,13 +60,83 @@ jobs: - run: | npm install netlify-cli -g - - name: Limit length of Netlify alias to 12 + - if: inputs.netlify_preview + name: Limit length of Netlify alias to 12 run: echo "SHORT_ALIAS=`echo ${{ inputs.netlify_alias }} | cut -c1-12`" >> $GITHUB_ENV - - id: deployment + - if: inputs.netlify_preview + id: deployment env: NETLIFY_SITE_ID: ${{ vars.NETLIFY_SITE }} NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }} run: | netlify deploy --dir=site --alias=${{ env.SHORT_ALIAS }} - echo "address=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_OUTPUT" + echo "DEPLOYED_ADDRESS=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_ENV" + + - id: address + run: | + echo "address=$DEPLOYED_ADDRESS" >> "$GITHUB_OUTPUT" + + netlify: + if: inputs.netlify_production + runs-on: ubuntu-latest + + environment: + name: production + url: https://www.privacyguides.org + + steps: + - uses: actions/download-artifact@v4 + with: + pattern: site-build-* + merge-multiple: true + + - run: | + for file in *.tar.gz; do tar -zxf "$file"; done + wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml + ls -la site/ + + - uses: actions/setup-node@v4 + + - run: | + npm install netlify-cli -g + + - id: prod_deployment + env: + NETLIFY_SITE_ID: ${{ vars.PROD_NETLIFY_SITE }} + NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }} + run: | + netlify deploy --dir=site --prod-if-unlocked + + github_pages: + if: inputs.github_pages + runs-on: ubuntu-latest + + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + + # Grant GITHUB_TOKEN the permissions required to make a Pages deployment + permissions: + contents: read + pages: write # to deploy to Pages + id-token: write # to verify the deployment originates from an appropriate source + + steps: + - uses: actions/configure-pages@v5 + + - uses: actions/download-artifact@v4 + with: + pattern: site-build-* + merge-multiple: true + + - run: | + for file in *.tar.gz; do tar -zxf "$file"; done + ls -la site/ + + - uses: actions/upload-pages-artifact@v3 + with: + path: site + + - id: deployment + uses: actions/deploy-pages@main diff --git a/.github/workflows/download-repo.yml b/.github/workflows/download-repo.yml index 730d3f0ac9..cc80ef9df9 100644 --- a/.github/workflows/download-repo.yml +++ b/.github/workflows/download-repo.yml @@ -18,7 +18,7 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. -name: Download repository +name: Download Repository on: workflow_call: @@ -33,18 +33,16 @@ on: jobs: download: runs-on: ubuntu-latest - environment: - name: actions-ssh steps: - name: Checkout repository uses: actions/checkout@v4 with: repository: 'privacyguides/${{ inputs.repo }}' - path: ${{ inputs.repo }} + path: repo-${{ inputs.repo }} ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} - uses: actions/upload-artifact@v4 with: - name: ${{ inputs.repo }} - path: ${{ inputs.repo }} + name: repo-${{ inputs.repo }} + path: repo-${{ inputs.repo }} retention-days: 1 diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml index 0c71de907b..be05831ca7 100644 --- a/.github/workflows/mirror.yml +++ b/.github/workflows/mirror.yml @@ -29,9 +29,6 @@ concurrency: jobs: gitlab: runs-on: ubuntu-latest - environment: - name: actions-ssh - url: https://gitlab.com/privacyguides/privacyguides.org steps: - name: Mirror to GitLab uses: wearerequired/git-mirror-action@v1 @@ -43,9 +40,6 @@ jobs: codeberg: runs-on: ubuntu-latest - environment: - name: actions-ssh - url: https://codeberg.org/privacyguides/privacyguides.org steps: - name: Mirror to Codeberg uses: wearerequired/git-mirror-action@v1 @@ -57,9 +51,6 @@ jobs: sourcehut: runs-on: ubuntu-latest - environment: - name: actions-ssh - url: https://git.sr.ht/~jonaharagon/privacyguides.org steps: - name: Mirror to SourceHut uses: wearerequired/git-mirror-action@v1 diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml deleted file mode 100644 index f45243dbd8..0000000000 --- a/.github/workflows/pages.yml +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright (c) 2022-2024 Jonah Aragon - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -name: 🛠️ Deploy to GitHub Pages - -on: - workflow_dispatch: - release: - types: [published] - -# Allow one concurrent deployment -concurrency: - group: "pages" - cancel-in-progress: true - -env: - PYTHON_VERSION: 3.8 - -jobs: - build: - name: Build - - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: '0' - ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} - submodules: 'true' - - - name: Pages setup - uses: actions/configure-pages@v4 - - - name: Python setup - uses: actions/setup-python@v5 - with: - python-version: '3.8' - cache: 'pipenv' - - - name: Cache files - uses: actions/cache@v4.0.2 - with: - key: ${{ github.ref }} - path: .cache - - - name: Install Python dependencies - run: | - pip install pipenv - pipenv install - sudo apt install pngquant - - - name: Build website - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CARDS: true - run: | - pipenv run mkdocs build --config-file config/mkdocs.en.yml - pipenv run mkdocs --version - - - name: Package website - uses: actions/upload-pages-artifact@v3 - with: - path: site - - deploy: - name: Deploy - needs: build - - # Grant GITHUB_TOKEN the permissions required to make a Pages deployment - permissions: - pages: write # to deploy to Pages - id-token: write # to verify the deployment originates from an appropriate source - - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - - runs-on: ubuntu-latest - steps: - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@main diff --git a/.github/workflows/preview-pr.yml b/.github/workflows/publish-pr.yml similarity index 94% rename from .github/workflows/preview-pr.yml rename to .github/workflows/publish-pr.yml index a69bda3434..8829674977 100644 --- a/.github/workflows/preview-pr.yml +++ b/.github/workflows/publish-pr.yml @@ -18,7 +18,7 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. -name: Build Pull Request Preview +name: 📦 Publish Pull Request Preview on: pull_request_target: @@ -61,7 +61,7 @@ jobs: needs: build uses: ./.github/workflows/deploy.yml with: - netlify: true + netlify_preview: true netlify_alias: ${{ github.event.pull_request.head.sha }} secrets: NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} @@ -72,7 +72,7 @@ jobs: needs: deploy runs-on: ubuntu-latest env: - address: ${{ needs.deploy.outputs.netlify_address }} + address: ${{ needs.deploy.outputs.netlify_preview_address }} steps: - uses: thollander/actions-comment-pull-request@v2 diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml new file mode 100644 index 0000000000..7ffdf6b180 --- /dev/null +++ b/.github/workflows/publish-release.yml @@ -0,0 +1,103 @@ +# Copyright (c) 2021-2024 Jonah Aragon + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: 📦 Publish Release + +on: + push: + tags: + - '*' + +concurrency: + group: "pages" + cancel-in-progress: true + +permissions: + contents: write + pages: write + id-token: write + +jobs: + submodules: + strategy: + matrix: + repo: [mkdocs-material-insiders, brand, i18n] + uses: ./.github/workflows/download-repo.yml + with: + repo: ${{ matrix.repo }} + secrets: + ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }} + + build: + needs: submodules + strategy: + matrix: + lang: [es, fr, he, it, nl, ru, zh-Hant] + i18n: [true] + include: + - lang: en + i18n: false + permissions: + contents: read + uses: ./.github/workflows/build.yml + with: + ref: ${{ github.repository }} + repo: ${{ github.ref }} + lang: ${{ matrix.lang }} + i18n: ${{ matrix.i18n }} + + buildoffline: + needs: submodules + permissions: + contents: read + uses: ./.github/workflows/build-offline.yml + + release: + name: Create release notes + needs: buildoffline + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - uses: actions/download-artifact@v4 + with: + pattern: offline* + merge-multiple: true + + - name: Create release notes + uses: ncipollo/release-action@v1 + with: + generateReleaseNotes: true + token: ${{ secrets.REPO_TOKEN }} + artifacts: "offline.zip,offline.tar.gz,offline-privacy_guides.zim" + + deploy: + needs: build + uses: ./.github/workflows/deploy.yml + with: + netlify_production: true + github_pages: true + secrets: + NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} + + cleanup: + needs: [build, buildoffline] + uses: ./.github/workflows/cleanup.yml