Skip to content

feature: Secure your fleet, NGINX One #3533

feature: Secure your fleet, NGINX One

feature: Secure your fleet, NGINX One #3533

Workflow file for this run

name: Build and deploy (docs)
on:
repository_dispatch:
types: [trigger-preview-build]
workflow_call:
inputs:
environment:
description: "Deployment environment. Must be one of preview, dev, staging, or prod"
required: true
default: preview
type: string
secrets:
AZURE_CREDENTIALS_DOCS:
required: true
AZURE_KEY_VAULT_DOCS:
required: true
workflow_dispatch:
inputs:
environment:
description: "Environment to deploy to"
required: true
default: "preview"
type: choice
options:
- preview
- dev
- staging
- prod
hugo_theme_override:
description: "Override hugo theme (leave blank to use latest version)"
required: false
default: ""
type: string
pull_request:
branches:
- "**"
push:
branches:
- "main"
env:
FRONT_DOOR_USERNAME: ${{ secrets.FRONT_DOOR_USERNAME }}
FRONT_DOOR_PASSWORD: ${{ secrets.FRONT_DOOR_PASSWORD }}
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
jobs:
prod-check-branch:
runs-on: ubuntu-24.04
steps:
- name: Output variables
run: |
echo "Environment: ${{ inputs.environment || github.event.client_payload.environment }}"
echo "Branch: ${{ github.ref }}"
- name: Checks to see that main branch is selected if deploying to prod
if: ${{ inputs.environment == 'prod' && github.ref != 'refs/heads/main' }}
run: |
echo "Deployment to 'prod' can only be done from the 'main' branch."
exit 1
call-docs-build-push:
needs: prod-check-branch
uses: nginxinc/docs-actions/.github/workflows/docs-build-push.yml@04ed2db338ee08cc560a327f412684d0c8260de2 # v1.0.11
with:
production_url_path: ""
preview_url_path: "${{ vars.PREVIEW_URL_PATH }}"
docs_source_path: "public"
docs_build_path: "./"
doc_type: "hugo"
environment: ${{ inputs.environment || github.event.client_payload.environment }}
force_hugo_theme_version: ${{inputs.hugo_theme_override}}
auto_deploy_branch: "main"
auto_deploy_env: "prod"
secrets:
AZURE_CREDENTIALS: ${{secrets.AZURE_CREDENTIALS_DOCS}}
AZURE_KEY_VAULT: ${{secrets.AZURE_KEY_VAULT_DOCS}}
trigger-theme-slack-notification:
if: github.event_name == 'repository_dispatch'
needs: call-docs-build-push
runs-on: ubuntu-latest
permissions: read-all
steps:
- name: Send notification
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
with:
status: custom
custom_payload: |
{
username: 'Github',
mention: 'channel',
attachments: [{
title: `New theme release - ${{ github.event.client_payload.release_name }}`,
color: '#009223',
fields: [
{
title: 'Tag',
value: `${{ github.event.client_payload.tag_name }}`,
short: true
},
{
title: 'Author',
value: `${{ github.event.client_payload.author }}`,
short: true
},
{
title: 'Description',
value: `${{ github.event.client_payload.description }}`,
short: false
},
{
title: 'Preview URL',
value: `${{ env.PREVIEW_URL }}`,
short: true
}]
}]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_FRIENDS_OF_DOCS }}
PREVIEW_URL: ${{ needs.call-docs-build-push.outputs.PREVIEW_URL }}
lighthouseci:
if: github.event.pull_request
needs: call-docs-build-push
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.workflow_run.head_branch }}
- uses: actions/setup-node@v4
with:
node-version: 18
- name: Installing packages
run: npm install
- name: Generating lighthouse reports for PR and main...
run: |
node lighthouse-script.js
- name: Compare the artifacts for negative differences in performance
continue-on-error: true
run: |
FIELDS=("performance" "accessibility")
for FIELD in "${FIELDS[@]}"; do
PR_VALUE=$(cat lighthouse-reports/pr-report.json | jq -r ".categories.$FIELD.score")
MAIN_VALUE=$(cat lighthouse-reports/main-report.json | jq -r ".categories.$FIELD.score")
echo "$FIELD: PR - $PR_VALUE | Main - $MAIN_VALUE"
if [ $FIELD = "performance" ]; then
LOWER_BOUND=$(echo "$MAIN_VALUE - 0.05" | bc)
UPPER_BOUND=$(echo "$MAIN_VALUE + 0.05" | bc)
if (( $(echo "$PR_VALUE < $LOWER_BOUND" | bc -l) || $(echo "$PR_VALUE > $UPPER_BOUND" | bc -l) )); then
echo "Error: $FIELD score in PR ($PR_VALUE) is less than in MAIN ($MAIN_VALUE)"
exit 1
fi
else
if (( $(echo "$PR_VALUE < $MAIN_VALUE" | bc -l) )); then
echo "Error: $FIELD score in PR ($PR_VALUE) is less than in MAIN ($MAIN_VALUE)"
exit 1
fi
fi
done
- uses: actions/upload-artifact@v4
if: ${{ !cancelled() }}
with:
name: lighthouse-reports
path: lighthouse-reports/
retention-days: 30