Publish #24079
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish | |
on: | |
push: | |
branches: | |
- main | |
schedule: | |
# Every 30 minutes, Monday through Friday | |
- cron: '*/30 * * * 1-5' | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
publish: | |
runs-on: ubuntu-latest | |
permissions: | |
pages: write | |
id-token: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
disable-telemetry: true | |
- name: Check out repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Process config | |
env: | |
EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }} | |
APP_INSTALL_ID: 29980719 | |
run: |- | |
set -euo pipefail | |
function createJWT() { | |
local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local now_utc=$(date --utc +%s) | |
local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_') | |
echo "${header}.${payload}.${signature}" | |
} | |
export GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" https://api.github.com/app/installations/${APP_INSTALL_ID}/access_tokens | jq -r .token) | |
< ./config.yaml envsubst > config-with-token.yaml | |
cat config-with-token.yaml | |
- name: Run review-rot | |
uses: lcarva/review-rot-action/run@cb3c7455d9489ac76d1366076d19d1b91e9384a6 # main | |
with: | |
config: config-with-token.yaml | |
output: output.json | |
- name: Process data | |
run: |- | |
set -euo pipefail | |
echo '=== START OF FULL DATA ===' | |
cat output.json | |
echo '==== END OF FULL DATA ====' | |
mkdir web | |
< output.json ./filter-data.sh > web/data.json | |
echo '=== START OF FILTERED DATA ===' | |
cat web/data.json | |
echo '==== END OF FILTERED DATA ====' | |
- name: Fetch review-rot web | |
uses: lcarva/review-rot-action/web@cb3c7455d9489ac76d1366076d19d1b91e9384a6 # main | |
with: | |
output: web | |
- name: Configure pages | |
uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 | |
- name: Upload pages artifact | |
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 | |
with: | |
path: web | |
- name: Deploy pages | |
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 | |
id: deployment |