Skip to content

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 #617

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 #617

Workflow file for this run

name: Build and deploy (docs)
on:
workflow_call:
inputs:
environment:
description: "Deployment environment. Must be one of preview, dev, staging, or prod"
required: true
default: preview
type: string
secrets:
AZURE_CREDENTIALS_DOCS:
required: true
AZURE_KEY_VAULT_DOCS:
required: true
workflow_dispatch:
inputs:
environment:
description: "Environment to deploy to"
required: true
default: "preview"
type: choice
options:
- preview
- dev
- staging
- prod
hugo_theme_override:
description: "Override hugo theme (leave blank to use latest version)"
required: false
default: ""
type: string
pull_request:
branches:
- "*"
push:
branches:
- "main"
env:
FRONT_DOOR_USERNAME: ${{ secrets.FRONT_DOOR_USERNAME }}
FRONT_DOOR_PASSWORD: ${{ secrets.FRONT_DOOR_PASSWORD }}
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
jobs:
prod-check-branch:
runs-on: ubuntu-24.04
steps:
- name: Output variables
run: |
echo "Environment: ${{ inputs.environment }}"
echo "Branch: ${{ github.ref }}"
- name: Checks to see that main branch is selected if deploying to prod
if: ${{ inputs.environment == 'prod' && github.ref != 'refs/heads/main' }}
run: |
echo "Deployment to 'prod' can only be done from the 'main' branch."
exit 1
call-docs-build-push:
needs: prod-check-branch
uses: nginxinc/docs-actions/.github/workflows/docs-build-push.yml@9c59fab05a8131f4d691ba6ea2b6a119f3ef832a # v1.0.7
with:
production_url_path: ""
preview_url_path: "${{ vars.PREVIEW_URL_PATH }}"
docs_source_path: "public"
docs_build_path: "./"
doc_type: "hugo"
environment: ${{inputs.environment}}
force_hugo_theme_version: ${{inputs.hugo_theme_override}}
auto_deploy_branch: "main"
auto_deploy_env: "prod"
secrets:
AZURE_CREDENTIALS: ${{secrets.AZURE_CREDENTIALS_DOCS}}
AZURE_KEY_VAULT: ${{secrets.AZURE_KEY_VAULT_DOCS}}
lighthouseci:
if: github.event.pull_request
needs: call-docs-build-push
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.workflow_run.head_branch }}
- uses: actions/setup-node@v4
with:
node-version: 18
- name: Installing packages
run: npm install
- name: Generating lighthouse reports for PR and main...
run: |
node lighthouse-script.js
- name: Compare the artifacts for negative differences in performance
continue-on-error: true
run: |
FIELDS=("performance" "accessibility")
for FIELD in "${FIELDS[@]}"; do
PR_VALUE=$(cat lighthouse-reports/pr-report.json | jq -r ".categories.$FIELD.score")
MAIN_VALUE=$(cat lighthouse-reports/main-report.json | jq -r ".categories.$FIELD.score")
echo "$FIELD: PR - $PR_VALUE | Main - $MAIN_VALUE"
if [ $FIELD = "performance" ]; then
LOWER_BOUND=$(echo "$MAIN_VALUE - 0.05" | bc)
UPPER_BOUND=$(echo "$MAIN_VALUE + 0.05" | bc)
if (( $(echo "$PR_VALUE < $LOWER_BOUND" | bc -l) || $(echo "$PR_VALUE > $UPPER_BOUND" | bc -l) )); then
echo "Error: $FIELD score in PR ($PR_VALUE) is less than in MAIN ($MAIN_VALUE)"
exit 1
fi
else
if (( $(echo "$PR_VALUE < $MAIN_VALUE" | bc -l) )); then
echo "Error: $FIELD score in PR ($PR_VALUE) is less than in MAIN ($MAIN_VALUE)"
exit 1
fi
fi
done
- uses: actions/upload-artifact@v4
if: ${{ !cancelled() }}
with:
name: lighthouse-reports
path: lighthouse-reports/
retention-days: 30