Merge pull request #95 from chainguard-dev/add-sync

cpanato · web-flow · commit 8a87644fb47f · 2025-12-04T09:44:44.000-06:00
add job to sync contents to gcs bucket
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    groups:
+      actions:
+        update-types:
+          - "minor"
+          - "patch"
diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml
@@ -4,16 +4,12 @@ name: Deploy static content to Pages
 on:
   # Runs on pushes targeting the default branch
   push:
-    branches: ["main"]
-
+    branches:
+      - "main"
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
-permissions:
-  contents: read
-  pages: write
-  id-token: write
+permissions: {}
 
 # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
 # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
@@ -28,6 +24,13 @@ jobs:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
     runs-on: ubuntu-latest
+
+    # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
@@ -36,13 +39,16 @@ jobs:
 
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
       - name: Setup Pages
         uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+
       - name: Upload artifact
         uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
         with:
           # Upload entire repository
           path: '.'
+
       - name: Deploy to GitHub Pages
         id: deployment
         uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
diff --git a/.github/workflows/sync-prod-gcs.yaml b/.github/workflows/sync-prod-gcs.yaml
@@ -0,0 +1,47 @@
+name: Sync to PROD GCS
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'production/**'
+      - 'fonts/**'
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  sync-to-gcs:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: 'Github Actions Runner'
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: audit
+
+      - name: Checkout code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: step-security/google-github-auth@f0e5c257a9534a30b5df12f43329c1eb7b85a5be # v3.0.0
+        with:
+          service_account: "github-chainguard-academy@chainguard-academy.iam.gserviceaccount.com"
+          workload_identity_provider: "projects/456977358484/locations/global/workloadIdentityPools/chainguard-academy/providers/chainguard-edu"
+
+      - name: Setup G Cloud SDK
+        uses: 'google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db' # v2.0.11
+
+      - name: Sync production directory to GCS
+        run: |
+          gsutil -m rsync -r -d production/ gs://chainguard-courses-theme/production/
+
+      - name: Sync fonts directory to GCS
+        run: |
+          gsutil -m rsync -r -d fonts/ gs://chainguard-courses-theme/fonts/
