|
1 | 1 | # ============================================================================= |
2 | | -# CI — k3s-lab lint, tests & security |
| 2 | +# CI / CD — k3s-lab lint, tests, security & docs dispatch |
3 | 3 | # |
4 | 4 | # Runs on every push and PR to main. |
5 | 5 | # Does NOT require a real cluster — all checks are static/offline. |
6 | 6 | # |
7 | 7 | # Jobs (reusable workflows from KevinDeBenedetti/github-workflows): |
8 | | -# shell-ci — shellcheck + yamllint + bats (via ci-shell.yml) |
| 8 | +# shell-ci — shellcheck + actionlint + bats (via ci-shell.yml) |
9 | 9 | # kubernetes — kubeconform + .env.example check (via ci-kubernetes.yml) |
10 | 10 | # security — Gitleaks secret scanning (via security.yml) |
| 11 | +# docs — trigger kevindebenedetti.github.io rebuild (push to main only) |
11 | 12 | # ============================================================================= |
12 | 13 | name: CI / CD |
13 | 14 |
|
|
17 | 18 | pull_request: |
18 | 19 | branches: [main] |
19 | 20 |
|
| 21 | +concurrency: |
| 22 | + group: ci-cd-${{ github.workflow }}-${{ github.ref }} |
| 23 | + cancel-in-progress: ${{ github.event_name == 'pull_request' }} |
| 24 | + |
20 | 25 | jobs: |
21 | 26 |
|
22 | 27 | # ─── Shell linting + BATS tests ─────────────────────────────────────────── |
|
63 | 68 | run-python-audit: false |
64 | 69 | run-secret-scan: true |
65 | 70 | run-codeql: false |
| 71 | + |
| 72 | + # ─── Docs dispatch (push to main only) ─────────────────────────────────── |
| 73 | + # Triggers a rebuild of kevindebenedetti.github.io after all CI jobs pass. |
| 74 | + # Requires PAT_TOKEN secret (fine-grained PAT with actions:write on the hub repo). |
| 75 | + docs: |
| 76 | + needs: [shell-ci, kubernetes, security] |
| 77 | + if: github.event_name == 'push' && github.ref == 'refs/heads/main' |
| 78 | + uses: KevinDeBenedetti/github-workflows/.github/workflows/dispatch-docs.yml@main |
| 79 | + secrets: |
| 80 | + PAT_TOKEN: ${{ secrets.PAT_TOKEN }} |
0 commit comments