Build Website #1400
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Website | |
on: | |
schedule: | |
- cron: "0 1,13 * * *" | |
workflow_dispatch: | |
jobs: | |
build: | |
name: Build Website | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Maximize build space | |
uses: easimon/maximize-build-space@v10 | |
with: | |
root-reserve-mb: 32768 # The Go cache (`~/.cache/go-build` and `~/go/pkg`) requires a lot of storage space. | |
remove-android: "true" | |
remove-docker-images: "true" | |
remove-dotnet: "true" | |
remove-haskell: "true" | |
- name: Set up Go 1.22 | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '1.22' | |
id: go | |
- name: Setup Hugo | |
uses: peaceiris/actions-hugo@v3 | |
with: | |
hugo-version: "0.126.1" | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v3 | |
- name: Create build folder | |
run: mkdir avd-repo | |
- name: Checkout public vuln-list-repo | |
uses: actions/checkout@v3 | |
with: | |
repository: aquasecurity/vuln-list | |
token: ${{ secrets.ORG_REPO_TOKEN }} | |
path: avd-repo/vuln-list | |
- name: Checkout public vuln-list-nvd-repo | |
uses: actions/checkout@v3 | |
with: | |
repository: aquasecurity/vuln-list-nvd | |
token: ${{ secrets.ORG_REPO_TOKEN }} | |
path: avd-repo/vuln-list-nvd | |
- name: Checkout public vuln-list-redhat-repo | |
uses: actions/checkout@v3 | |
with: | |
repository: aquasecurity/vuln-list-redhat | |
token: ${{ secrets.ORG_REPO_TOKEN }} | |
path: avd-repo/vuln-list-redhat | |
- name: Checkout public kube-hunter-repo | |
uses: actions/checkout@v3 | |
with: | |
repository: aquasecurity/kube-hunter | |
token: ${{ secrets.ORG_REPO_TOKEN }} | |
path: avd-repo/kube-hunter-repo | |
- name: Checkout public cloud-security-remediation-guides-repo | |
uses: actions/checkout@v3 | |
with: | |
repository: aquasecurity/cloud-security-remediation-guides | |
token: ${{ secrets.ORG_REPO_TOKEN }} | |
path: avd-repo/remediations-repo | |
- name: Checkout public tracee-repo | |
uses: actions/checkout@v3 | |
with: | |
repository: aquasecurity/tracee | |
token: ${{ secrets.ORG_REPO_TOKEN }} | |
path: avd-repo/tracee-repo | |
- name: Checkout public cloudsploit-repo | |
uses: actions/checkout@v3 | |
with: | |
repository: aquasecurity/cloudsploit | |
token: ${{ secrets.ORG_REPO_TOKEN }} | |
path: avd-repo/cloudsploit-repo | |
- name: Checkout public trivy-policies-repo | |
uses: actions/checkout@v3 | |
with: | |
repository: aquasecurity/trivy-policies | |
token: ${{ secrets.ORG_REPO_TOKEN }} | |
path: avd-repo/trivy-policies-repo | |
- name: Checkout public kube-bench-repo | |
uses: actions/checkout@v3 | |
with: | |
repository: aquasecurity/kube-bench | |
token: ${{ secrets.ORG_REPO_TOKEN }} | |
path: avd-repo/kube-bench-repo | |
- name: Checkout public chain-bench-repo | |
uses: actions/checkout@v3 | |
with: | |
repository: aquasecurity/chain-bench | |
token: ${{ secrets.ORG_REPO_TOKEN }} | |
path: avd-repo/chain-bench-repo | |
- name: Build generator | |
run: make md-clean md-build | |
- name: Sync avd-repo with latest changes from generator | |
run: make sync-all | |
- name: Build and Generate Markdown pages | |
run: make md-generate | |
## We have already created *.md files, so we can remove the repositories to save free space. | |
- name: Remove repositories | |
run: make remove-all-repos | |
- name: Generate Hugo website | |
run: make hugo-generate | |
- name: Copy assets | |
run: make copy-assets | |
- name: Deploy Search Index to MeiliSearch Instance | |
run: | | |
cd avd-repo | |
curl -H 'Content-Type: application/json' -H 'X-Meili-API-Key: ${{ secrets.SEARCHAPITOKEN }}' -X POST ${{ secrets.SEARCHAPIHOST }}/indexes/avd/documents?primaryKey=title --data @docs/searchindex.json | |
- name: Install AWS CLI | |
run: | | |
python3 -m venv .venv | |
source .venv/bin/activate | |
pip3 install awscli | |
- name: Sync changes to the bucket | |
run: aws s3 sync --no-progress --only-show-errors --size-only avd-repo/docs ${{ secrets.PROD_AVD_BUCKET }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.PROD_AVD_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.PROD_AVD_SECRET_ACCESS_KEY }} | |
AWS_REGION: us-east-1 | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
needs: ${{ toJson(needs) }} | |
job: ${{ toJson(job) }} | |
steps: ${{ toJson(steps) }} | |
keepalive-job: # needed to keep GitHub from disabling the actions due to inactivity | |
name: Keepalive Workflow | |
runs-on: ubuntu-latest | |
permissions: | |
actions: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: gautamkrishnar/keepalive-workflow@v2 | |
notify-on-teams: | |
name: Notify github actions status in MS teams | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: always() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
needs: ${{ toJson(needs) }} | |
job: ${{ toJson(job) }} | |
steps: ${{ toJson(steps) }} |