Update ci.yml #71
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: ['push', 'pull_request'] | |
| jobs: | |
| ci: | |
| name: CI | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # to upload assets to releases | |
| attestations: write # to upload assets attestation for build provenance | |
| id-token: write # grant additional permission to attestation action to mint the OIDC token permission | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| cache: 'pip' | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 'lts/*' | |
| cache: 'npm' | |
| - name: Set up PR environment | |
| if: github.event.number != null | |
| run: echo "PULL_REQUEST_ID=${{ github.event.number }}" >> $GITHUB_ENV | |
| - name: Install npm dependencies | |
| run: npm ci | |
| - name: Install pip dependencies | |
| run: pip install -r requirements.txt -r scripts/pdf/requirements.txt | |
| - name: Test | |
| run: npm test | |
| - name: Build | |
| run: bash scripts/build.sh | |
| - name: Build PDF | |
| working-directory: ./scripts/pdf | |
| run: | | |
| bash build-pdf.sh | |
| - name: Check for generated files | |
| id: check-files | |
| run: | | |
| echo "zip_exists=$(if [[ $(find language_archives -name '*.zip' | wc -l) -gt 0 ]]; then echo true; else echo false; fi)" >> $GITHUB_ENV | |
| echo "pdf_exists=$(if [[ $(find scripts/pdf -name '*.pdf' | wc -l) -gt 0 ]]; then echo true; else echo false; fi)" >> $GITHUB_ENV | |
| echo "checksums_exists=$(if [[ -f 'tldr.sha256sums' ]]; then echo true; else echo false; fi)" >> $GITHUB_ENV | |
| - name: Attest generated Zip files | |
| if: env.zip_exists == 'true' | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: 'language_archives/**/*.zip' | |
| - name: Attest generated PDF files | |
| if: env.pdf_exists == 'true' | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: 'scripts/pdf/**/*.pdf' | |
| - name: Attest the generated checksums file | |
| if: env.checksums_exists == 'true' | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: 'tldr.sha256sums' | |
| - name: Deploy | |
| run: bash scripts/deploy.sh | |
| env: | |
| DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |