jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 09:57:42 -05:00
Code Issues Projects Releases Wiki Activity
Files
main
docs/.github/workflows/moda-ci.yaml
Kevin Heis 02e2e2dacc Use DOCS_BOT_PAT_BASE (#55464)
2025-04-30 18:58:01 +00:00

104 lines
3.4 KiB
YAML
Raw Permalink Blame History

name: docs-internal Moda CI
# More info on CI actions setup can be found here:
# https://github.com/github/ops/blob/master/docs/playbooks/build-systems/moving-moda-apps-from-bp-to-actions.md
on:
workflow_dispatch:
push:
branches-ignore:
- 'gh-readonly-queue/**'
merge_group:
types: [checks_requested]
jobs:
##########################
# Generate Vault keys
##########################
set-vault-keys:
runs-on: ubuntu-latest
outputs:
modified_vault_keys: ${{ steps.modify_vault_keys.outputs.modified }}
steps:
- name: Set vault-keys output
id: modify_vault_keys
run: |
if [ -z "${{ vars.VAULT_KEYS }}" ]; then
# We want to add the DOCS_BOT_PAT_BASE to the list of keys
# so that builds fetch the secret from the docs-internal vault
# where --environment is "ci"
echo "modified=DOCS_BOT_PAT_BASE" >> $GITHUB_OUTPUT
else
echo "modified=${{ vars.VAULT_KEYS }},DOCS_BOT_PAT_BASE" >> $GITHUB_OUTPUT
fi
#############
# Moda jobs
#############
moda-config-bundle:
if: ${{ github.repository == 'github/docs-internal' }}
name: ${{ matrix.ci_job.job }}
needs: set-vault-keys
strategy:
fail-fast: false
matrix:
ci_job: [{ 'job': 'docs-internal-moda-config-bundle' }]
uses: github/internal-actions/.github/workflows/moda.yml@main
with:
ci-formatted-job-name: ${{ matrix.ci_job.job }}
vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }}
secrets:
dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}
datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
#############
# Docker Image jobs
#############
docker-image:
if: ${{ github.repository == 'github/docs-internal' }}
name: ${{ matrix.ci_job.job }}
needs: set-vault-keys
strategy:
fail-fast: false
matrix:
ci_job: [{ 'job': 'docs-internal-docker-image' }]
uses: github/internal-actions/.github/workflows/kube.yml@main
with:
ci-formatted-job-name: ${{ matrix.ci_job.job }}
vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }}
# Passes 'DOCS_BOT_PAT_BASE' secret from Vault to docker as --secret id=DOCS_BOT_PAT_BASE,src=<PAT value>
attest: true
docker-build-env-secrets: 'DOCS_BOT_PAT_BASE'
secrets:
dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}
datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
#############
# Docker Security jobs
#############
docker-security:
if: ${{ github.repository == 'github/docs-internal' }}
name: ${{ matrix.ci_job.job }}
needs: set-vault-keys
strategy:
fail-fast: false
matrix:
ci_job: [{ 'job': 'docs-internal-docker-security' }]
uses: github/internal-actions/.github/workflows/docker_security.yml@main
with:
ci-formatted-job-name: ${{ matrix.ci_job.job }}
vault-keys: ${{ needs.set-vault-keys.outputs.modified_vault_keys }}
# Passes 'DOCS_BOT_PAT_BASE' secret from Vault to docker as --secret id=DOCS_BOT_PAT_BASE,src=<PAT value>
docker-build-env-secrets: 'DOCS_BOT_PAT_BASE'
secrets:
dx-bot-token: ${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}
datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
permissions:
actions: read
checks: read
contents: read
statuses: read
id-token: write
attestations: write
Reference in New Issue View Git Blame Copy Permalink