clarify permissions on GitHub Actions (#218) #676
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Book | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - 'main' | |
| jobs: | |
| build: | |
| name: Build book | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: ./.github/actions/aqua | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - run: make book | |
| - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: book | |
| path: docs/book | |
| retention-days: 1 | |
| publish: | |
| name: Publish book on GitHub Pages | |
| runs-on: ubuntu-24.04 | |
| needs: build | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| ref: gh-pages | |
| # ignore helm chart index file and chart archive file. | |
| - run: ls | grep -v -E 'index.yaml|accurate-.*\.tgz' | xargs rm -rf | |
| - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: book | |
| - run: git add . | |
| - name: Check diff | |
| run: | | |
| diffs=$(git status -s) | |
| if [ "$diffs" = "" ]; then | |
| echo "NO_DIFF=1" >> $GITHUB_ENV | |
| else | |
| printf "%s\n" "$diffs" | |
| fi | |
| - name: Commit changes | |
| if: env.NO_DIFF != '1' | |
| run: | | |
| git config --global user.name 'Cybozu Neco' | |
| git config --global user.email 'cybozu-neco@users.noreply.github.com' | |
| git commit -m 'update' | |
| - name: Push to gh-pages | |
| if: github.ref == 'refs/heads/main' && env.NO_DIFF != '1' | |
| run: git push origin gh-pages |