docs/.github/workflows/sync-security-docs.yml at main · cosmos/docs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# .github/workflows/sync-security-docs.yml
name: Sync Security Documentation

on:
  # Run weekly on Mondays at 9am UTC
  schedule:
    - cron: '0 9 * * 1'

  # Allow manual trigger
  workflow_dispatch:

jobs:
  sync-security-docs:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write

    steps:
      - name: Checkout docs repo
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '18'

      - name: Run security docs sync
        run: |
          node scripts/versioning/sync-security-docs.js

      - name: Check for changes
        id: check-changes
        run: |
          if git diff --quiet sdk/v0.53/security/; then
            echo "has_changes=false" >> $GITHUB_OUTPUT
            echo "No changes detected"
          else
            echo "has_changes=true" >> $GITHUB_OUTPUT
            echo "Changes detected in security documentation"
          fi

      - name: Create Pull Request
        if: steps.check-changes.outputs.has_changes == 'true'
        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: 'docs: sync security documentation from cosmos/security'
          title: '🔒 Sync Security Documentation'
          body: |
            ## Security Documentation Update

            This PR updates the security documentation by syncing content from the [cosmos/security](https://github.com/cosmos/security) repository.

            ### Updated Pages
            - Security and Maintenance Policy (`sdk/v0.53/security/security-policy.mdx`)
            - Bug Bounty Program (`sdk/v0.53/security/bug-bounty.mdx`)
            - Security Audits (`sdk/v0.53/security/audits.mdx`)

            ### Review Checklist
            - [ ] Verify content accuracy
            - [ ] Check for broken links
            - [ ] Confirm formatting is correct

            ---
            *This PR was automatically generated by the security docs sync workflow.*
          branch: sync-security-docs
          delete-branch: true
          labels: |
            documentation
            security
            automated

      - name: Summary
        run: |
          if [[ "${{ steps.check-changes.outputs.has_changes }}" == "true" ]]; then
            echo "✅ Security documentation updated. PR created for review."
          else
            echo "✅ Security documentation is up to date. No changes needed."
          fi