loosen rbac for get cert - avoid checking every DNS in SAN (#444) #180
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy | |
on: | |
push: | |
branches: | |
- master | |
tags: | |
- '*' | |
jobs: | |
build-and-deploy-docs: | |
name: Build and publish docs | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v1 | |
- name: Setup python 3.10 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.10.15 | |
- name: Install virtualenv | |
run: pip install virtualenv | |
- name: Install xmlsec | |
run: sudo apt-get update -y && sudo apt-get install -y libxmlsec1-dev pkg-config | |
- name: Build docs | |
run: make docs | |
- name: Remove docs folder, so github will ignore it | |
run: rm -rf docs | |
- name: Deploy docs | |
uses: JamesIves/github-pages-deploy-action@releases/v3 | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
BASE_BRANCH: master # The branch the action should deploy from. | |
BRANCH: gh-pages # The branch the action should deploy to. | |
FOLDER: generated/docs # The folder the action should deploy. | |
build-and-publish-python-module: | |
name: Build and publish python module to pypi | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v1 | |
- name: Setup python 3.10 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.10.15 | |
- name: Add wheel dependency | |
run: pip install wheel | |
- name: Generate dist | |
run: python setup.py sdist bdist_wheel | |
- name: Publish to PyPI | |
if: startsWith(github.event.ref, 'refs/tags') | |
uses: pypa/gh-action-pypi-publish@master | |
with: | |
user: __token__ | |
password: ${{ secrets.pypi_password }} | |
build-and-publish-to-ghcr: | |
# Explicitly grant the `secrets.GITHUB_TOKEN` permissions. | |
permissions: | |
# Grant the ability to write to GitHub Packages (push Docker images to | |
# GitHub Container Registry). | |
packages: write | |
name: Build and publish Docker images to GitHub Container Registry | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ghcr.io/${{ github.repository }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
# This is the user that triggered the Workflow. In this case, it will | |
# either be the user whom created the Release or manually triggered | |
# the workflow_dispatch. | |
username: ${{ github.actor }} | |
# `secrets.GITHUB_TOKEN` is a secret that's automatically generated by | |
# GitHub Actions at the start of a workflow run to identify the job. | |
# This is used to authenticate against GitHub Container Registry. | |
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
# for more detailed information. | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v3 | |
with: | |
file: Dockerfile | |
context: . | |
push: true # push the image to ghcr | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |