Skip to content

ci: add reo and update build docs workflow #2703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
moabu merged 4 commits into from
Mar 17, 2026
Merged

ci: add reo and update build docs workflow #2703

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5c3c225
ci: add reo and update build docs workflow
moabu Mar 16, 2026
91e0709
ci: address comments
moabu Mar 17, 2026
aac9d32
ci: address comments
moabu Mar 17, 2026
4c3511d
Merge branch 'main' into ci-update-build-docs
moabu Mar 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 13 additions & 17 deletions .github/workflows/activate-nightly-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,35 +15,31 @@ permissions:
jobs:
publish_binary_packages:
permissions:
contents: write # for Git to git push
contents: read
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
token: ${{ secrets.MOWORKFLOWTOKEN }}

- name: set nightly version
id: nightly
continue-on-error: false
if: ${{ github.event_name }} == 'schedule' || ${{ github.event.inputs.nightly }} == 'true'
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
env:
GH_TOKEN: ${{ secrets.MOWORKFLOWTOKEN }}
TARGET_BRANCH: ${{ github.event.inputs.branch }}
run: |
VERSION=`curl "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/' | cut -c2-`
echo $VERSION
curl -sSL https://github.com/cli/cli/releases/download/v${VERSION}/gh_${VERSION}_linux_amd64.tar.gz -o gh_${VERSION}_linux_amd64.tar.gz
tar xvf gh_${VERSION}_linux_amd64.tar.gz
sudo cp gh_${VERSION}_linux_amd64/bin/gh /usr/local/bin/
gh version
echo "${{ secrets.MOWORKFLOWTOKEN }}" | gh auth login --with-token
NIGHTLY_VERSION="nightly"
gh release delete ${NIGHTLY_VERSION} --cleanup-tag --yes || echo "${NIGHTLY_VERSION}" does not exist
gh release delete ${NIGHTLY_VERSION} --cleanup-tag --yes || echo "${NIGHTLY_VERSION}" does not exist
git push --delete origin ${NIGHTLY_VERSION} || echo "${NIGHTLY_VERSION}" does not exist
TARGET_BRANCH=${{ github.event.inputs.branch }}
gh release delete "${NIGHTLY_VERSION}" --cleanup-tag --yes || echo "${NIGHTLY_VERSION} does not exist"
git push --delete origin "${NIGHTLY_VERSION}" || echo "${NIGHTLY_VERSION} tag does not exist"
if [ -z "$TARGET_BRANCH" ]; then
TARGET_BRANCH="main"
fi
gh release create ${NIGHTLY_VERSION} --generate-notes --prerelease --title "${NIGHTLY_VERSION}" --target "${TARGET_BRANCH}"
fi
gh release create "${NIGHTLY_VERSION}" --generate-notes --prerelease --title "${NIGHTLY_VERSION}" --target "${TARGET_BRANCH}"
62 changes: 36 additions & 26 deletions .github/workflows/build-docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,25 +35,33 @@ permissions:
jobs:
build:
permissions:
contents: write # for Git to git push
contents: read
id-token: write # keyless Cosign signing via Sigstore OIDC
if: github.repository == 'GluuFederation/flex'
name: Deploy docs
runs-on: ubuntu-latest

steps:
- name: Harden Runner
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
token: ${{ secrets.MOWORKFLOWTOKEN }}

- name: Set up JDK 17
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
java-version: '17'
distribution: 'adopt'
cache: maven

- name: Set up Python 3.10
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.10"
cache: pip
Expand All @@ -64,12 +72,12 @@ jobs:
export PATH="$HOME/.local/bin:$PATH"
cp docs/pyproject.toml docs/poetry.lock ../
poetry install --no-root
cp mkdocs.yml ../
cp mkdocs.yml CHANGELOG.md ../

- name: Checkout flex ${{ github.event.inputs.version }}
if: >-
github.event_name == 'workflow_dispatch'
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: '${{ github.event.inputs.version }}'
fetch-depth: 0
Expand All @@ -80,22 +88,34 @@ jobs:
github.event_name == 'workflow_dispatch'
run: |
mv ../mkdocs.yml mkdocs.yml
cp ../CHANGELOG.md docs/CHANGELOG.md

- name: Copy generated chart from main
- name: Sync CHANGELOG to docs
if: github.event_name != 'workflow_dispatch'
run: |
helm package charts/gluu
helm package charts/gluu-all-in-one
cp gluu-*.tgz ../
cp CHANGELOG.md docs/CHANGELOG.md

- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
with:
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true

- name: Install Cosign
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0

- name: Package and sign Helm charts with Cosign
run: |
helm package charts/gluu/
helm package charts/gluu-all-in-one/
for chart in gluu-*.tgz; do
cosign sign-blob --yes --bundle "${chart}.sigstore.json" "$chart"
done
cp gluu-*.tgz gluu-*.tgz.sigstore.json ../

- name: Configure Git
run: |
git config --global user.name "mo-auto"
Expand All @@ -119,24 +139,18 @@ jobs:
git checkout -b cn-flex-update-auto-generated-docs
git pull origin cn-flex-update-auto-generated-docs || echo "Nothing to pull"
echo "Custom work on generating docs can go here."

# Run cn docs
sudo bash ./automation/docs/generated-cn-docs.sh . || echo "something went wrong with generating the cn docs"

git push --set-upstream origin cn-flex-update-auto-generated-docs
MESSAGE="fix(docs): autogenerate docs"
PR=$(gh pr create --body "Auto generated docs" --title "${MESSAGE}")
cd ../../

sudo rm -rf temp

- name: Use latest template overrides and Reo asset from main
- name: Use latest template overrides from main
if: github.event_name == 'workflow_dispatch' || github.event_name == 'release'
run: |
mkdir -p docs/overrides docs/assets/js
git show origin/main:mkdocs.yml > mkdocs.yml
git show origin/main:docs/overrides/main.html > docs/overrides/main.html
git show origin/main:docs/assets/js/reo.js > docs/assets/js/reo.js

- name: Enable Reo and Scarf tracking for versioned docs
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'release' && github.event.action == 'published')
Expand All @@ -150,7 +164,7 @@ jobs:
if: >-
github.event_name == 'workflow_dispatch'
run: |
poetry run mike deploy --push --force ${{ github.event.inputs.version }}
poetry run mike deploy --push --update-aliases ${{ github.event.inputs.version }}

- name: mike deploy head
if: contains(github.ref, 'refs/heads/main') && github.event_name != 'workflow_dispatch'
Expand Down Expand Up @@ -191,10 +205,9 @@ jobs:
STABLE=${{ steps.set_versions.outputs.STABLE }}
git checkout -f gh-pages
git pull origin gh-pages
# move generated chart from a previous step
mv ../gluu-*.tgz ./charts/
mv ../gluu-*.tgz ../gluu-*.tgz.sigstore.json ./charts/
cd ./charts
git add gluu-*.tgz && git update-index --refresh
git add gluu-*.tgz gluu-*.tgz.sigstore.json && git update-index --refresh
helm repo index .
git add index.yaml && git update-index --refresh
cd ..
Expand All @@ -204,14 +217,11 @@ jobs:
done
cd ${LATEST}
if [[ "${LATEST}" == "nightly" ]]; then
egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-janssen-version-stable/0.0.0-nightly/g"
egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-janssen-version/0.0.0-nightly/g"
egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-flex-version-stable/0.0.0-nightly/g"
egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-flex-version/0.0.0-nightly/g"
egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/v0.0.0-nightly/nightly/g"
else
egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-janssen-version/${LATEST:1}/g"
egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-flex-version/${LATEST:1}/g"
fi
git add . && git update-index --refresh
cd ..
Expand Down
13 changes: 10 additions & 3 deletions docs/overrides/main.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
{% extends "base.html" %}

{% block content %}
{{ super() }}
{% block outdated %}
You're not viewing the latest version.
<a href="{{ '../' ~ base_url }}">
<strong>Click here to go to latest.</strong>
</a>
{% endblock %}

{% block scripts %}
{{ super() }}

{% if config.extra.enable_scarf_pixel | default(false) %}
<img referrerpolicy="no-referrer-when-downgrade"
src="https://static.scarf.sh/a.png?x-pxid=2c347abc-a9b4-4c4b-bdc9-2682edbcc0c9"
Expand All @@ -15,5 +17,10 @@
{% if config.extra.enable_reo_flag | default(false) %}
<script src="{{ base_url }}/assets/js/reo.js" defer></script>
{% endif %}
{% endblock %}


{% block content %}
{{ super() }}
{% endblock %}

Loading