.github/workflows/merge.yml

name: Merge

on:
  push:
    branches:
      - master
      - main

# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
  id-token: write
  contents: write

jobs:
  analysis:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pages: write
      id-token: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: Import Secrets
        id: secrets
        uses: hashicorp/vault-action@v2
        with:
          url: ${{ vars.VAULT_URL }}
          role: sonarqube
          method: jwt
          namespace: admin
          secrets: |
            secret/data/cicd/sonarqube/global  SONAR_TOKEN |SONAR_TOKEN ;
            secret/data/cicd/sonarqube/global  SONAR_HOST_URL | SONAR_HOST_URL;
      - uses: sonarsource/sonarqube-scan-action@master
        env:
          SONAR_TOKEN:  ${{ steps.secrets.outputs.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ steps.secrets.outputs.SONAR_HOST_URL }}


  techdocs: 
    name: Techdocs
    runs-on: ubuntu-latest
    env:
      ENTITY_NAMESPACE: 'default'
      ENTITY_KIND: 'component'
      ENTITY_NAME: 'figma-plugin'
    steps:
      - name: Checkout Repo
        uses: actions/checkout@v3

      - name: Build docs
        run: docker-compose run techdocs

      - name: Import Secrets
        id: secrets
        uses: hashicorp/vault-action@v2
        with:
          url: ${{ vars.VAULT_URL }}
          role: techdocs
          method: jwt
          namespace: admin
          secrets: |
           ${{ vars.TECHDOCS_VAULT_PATH }}  access_key | AWS_ACCESS_KEY_ID ;
           ${{ vars.TECHDOCS_VAULT_PATH }}  secret_key | AWS_SECRET_ACCESS_KEY ;
           ${{ vars.TECHDOCS_VAULT_PATH }}  security_token | AWS_SESSION_TOKEN ;

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
             aws-access-key-id: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
             aws-secret-access-key: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
             aws-session-token: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
             aws-region: eu-central-1
      - name: Copy files to the production website with the AWS CLI
        run: |
             aws s3 sync ./techdocs ${{ vars.TECHDOCS_S3_PATH }}/${ENTITY_NAMESPACE}/${ENTITY_KIND}/${ENTITY_NAME}/ --delete
     
      