Skip to content
Deploy Preview

[PAN-OS Upgrade Assurance][122-advanced-routing-engine-support] documentation PREVIEW - do NOT MERGE #2741

Sign in to view logs

[PAN-OS Upgrade Assurance][122-advanced-routing-engine-support] documentation PREVIEW - do NOT MERGE

[PAN-OS Upgrade Assurance][122-advanced-routing-engine-support] documentation PREVIEW - do NOT MERGE #2741

Workflow file for this run

.github/workflows/deploy-preview.yml at 0fd1eb1
name: "Deploy Preview"
on:
pull_request_target:
branches: [ master ]
jobs:
precheck:
if: ${{ github.repository == 'PaloAltoNetworks/pan.dev' }}
name: Precheck
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
is-org-member-result: ${{ steps.is-org-member.outputs.is-org-member-result }}
steps:
- name: Check if actor is org member
id: is-org-member
run: |
if [[ "${{ github.actor }}" == "create-pr-on-fork-for-pan-dev[bot]" ]]; then
echo "is-org-member-result=true" >> "$GITHUB_OUTPUT"
exit 0
fi
status=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $GH_TOKEN" \
https://api.github.com/orgs/PaloAltoNetworks/members/${{ github.actor }})
if [ "$status" = "204" ]; then
echo "is-org-member-result=true" >> "$GITHUB_OUTPUT"
else
echo "is-org-member-result=false" >> "$GITHUB_OUTPUT"
fi
env:
GH_TOKEN: ${{ secrets.READ_ORG_PAT }}
analyze:
if: github.repository == 'PaloAltoNetworks/pan.dev' && needs.precheck.outputs.is-org-member-result == 'true'
name: Analyze
needs: precheck
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
strategy:
fail-fast: true
matrix:
language: [ 'javascript' ]
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Initialize CodeQL
uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3
analyze_unsafe:
if: github.repository == 'PaloAltoNetworks/pan.dev' && needs.precheck.outputs.is-org-member-result == 'false'
name: Analyze Unsafe
needs: precheck
runs-on: ubuntu-latest
environment: default
permissions:
contents: read
security-events: write
strategy:
fail-fast: true
matrix:
language: [ 'javascript' ]
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Initialize CodeQL
uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3
build:
name: Build
needs: [analyze, analyze_unsafe]
if: |
github.repository == 'PaloAltoNetworks/pan.dev' &&
!failure() && !cancelled() &&
(success('analyze') || success('analyze_unsafe'))
runs-on: pan-dev-runner-xl
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup node
uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
with:
node-version: '20'
cache: 'yarn'
- name: Get yarn cache
id: yarn-cache
run: echo "YARN_CACHE_DIR=$(yarn cache dir)" >> "${GITHUB_OUTPUT}"
- name: Install dependencies
run: yarn --prefer-offline
- name: Include netsec
if: contains(github.event.pull_request.labels.*.name, 'netsec')
run: |
echo "Including 'netsec' in build..."
if [[ -n "$PRODUCTS_INCLUDE" ]]; then
echo "PRODUCTS_INCLUDE=$PRODUCTS_INCLUDE,cdss,threat-vault,dns-security,iot,expedition,cloudngfw,cdl,panos,terraform,ansible,splunk,aiops-ngfw-bpa,email-dlp,dlp,prisma-airs" >> $GITHUB_ENV
else
echo "PRODUCTS_INCLUDE=cdss,threat-vault,dns-security,iot,expedition,cloudngfw,cdl,panos,terraform,ansible,splunk,aiops-ngfw-bpa,email-dlp,dlp,prisma-airs" >> $GITHUB_ENV
fi
- name: Include cloud
if: contains(github.event.pull_request.labels.*.name, 'cloud')
run: |
echo "Including 'cloud' in build..."
if [[ -n "$PRODUCTS_INCLUDE" ]]; then
echo "PRODUCTS_INCLUDE=$PRODUCTS_INCLUDE,prisma-cloud,compute" >> $GITHUB_ENV
else
echo "PRODUCTS_INCLUDE=prisma-cloud,compute" >> $GITHUB_ENV
fi
- name: Include sase
if: contains(github.event.pull_request.labels.*.name, 'sase')
run: |
echo "Including 'sase' in build..."
if [[ -n "$PRODUCTS_INCLUDE" ]]; then
echo "PRODUCTS_INCLUDE=$PRODUCTS_INCLUDE,sase,access,sdwan,scm" >> $GITHUB_ENV
else
echo "PRODUCTS_INCLUDE=sase,access,sdwan,scm" >> $GITHUB_ENV
fi
- name: Include contributing
if: contains(github.event.pull_request.labels.*.name, 'contributing')
run: |
echo "Including 'contributing' in build..."
if [[ -n "$PRODUCTS_INCLUDE" ]]; then
echo "PRODUCTS_INCLUDE=$PRODUCTS_INCLUDE,contributing" >> $GITHUB_ENV
else
echo "PRODUCTS_INCLUDE=contributing" >> $GITHUB_ENV
fi
- name: Output final PRODUCTS_INCLUDE
run: |
echo "Building the following products: $PRODUCTS_INCLUDE"
# needed for fetching Hashicorp blog feed
- name: Install Playwright
run: |
npx playwright install chromium
npx playwright install-deps chromium
- name: Cache Playwright
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
~/.cache/ms-playwright
key: ${{ runner.os }}-playwright-${{ hashFiles('package.json') }}
restore-keys: |
${{ runner.os }}-playwright-
- name: Build site
run: FEED_SOFT_FAIL=1 FEED_DEBUG=1 yarn build-github
- name: Zip build directory
run: |
if [ -d "build" ]; then
BUILD_DIR="build"
elif [ -d "websites/pan-dev/build" ]; then
BUILD_DIR="websites/pan-dev/build"
else
echo "Error: 'build' directory not found in current directory or in websites/pan-dev/"
exit 1
fi
echo "Build directory found at: $BUILD_DIR"
zip -r build.zip "$BUILD_DIR"
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: build
path: build.zip
deploy:
name: Deploy
needs: build
if: ${{ github.repository == 'PaloAltoNetworks/pan.dev' && !failure() && !cancelled() }}
runs-on: pan-dev-runner-lg
permissions:
contents: read
pull-requests: write
checks: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Setup node
uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
with:
node-version: '20'
cache: 'yarn'
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4
with:
name: build
- name: Unzip build artifact
run: |
unzip build.zip
if [ -d "build" ]; then
DEPLOY_DIR="."
elif [ -d "websites/pan-dev/build" ]; then
DEPLOY_DIR="websites/pan-dev"
else
echo "Error: 'build' directory not found in current directory or in websites/pan-dev/"
exit 1
fi
echo "Deploy directory found at: $DEPLOY_DIR"
echo "DEPLOY_DIR=$DEPLOY_DIR" >> $GITHUB_ENV
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5
with:
workload_identity_provider: ${{ secrets.WIF_PROVIDER }}
service_account: ${{ secrets.WIF_SERVICE_ACCOUNT }}
- name: Export Google Cloud Credentials
run: echo "GCP_SA_KEY=$(cat ${{ steps.auth.outputs.credentials_file_path }})" >> $GITHUB_ENV
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4
with:
name: build
- name: Deploy to Firebase
id: deploy_preview
uses: FirebaseExtended/action-hosting-deploy@e2eda2e106cfa35cdbcf4ac9ddaf6c4756df2c8c # v0.10.0
with:
repoToken: '${{ secrets.GITHUB_TOKEN }}'
firebaseServiceAccount: "${{ env.GCP_SA_KEY }}"
projectId: pan-dev-f1b58
expires: 30d
channelId: 'pr${{ github.event.number }}'
entryPoint: ${{ env.DEPLOY_DIR }}
env:
FIREBASE_CLI_PREVIEWS: hostingchannels