Removing Eddie's Twitter handle (#2997) #308
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Export Edu Documentation to GCS | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - 'content/**' | |
| - 'data/**' | |
| - '**.md' | |
| - '.github/workflows/export-edu-docs-to-gcs.yaml' | |
| schedule: | |
| - cron: '30 1 * * 0' # Weekly on Sundays at 1:30 AM (same as other repos) | |
| workflow_dispatch: | |
| permissions: | |
| contents: write # Required for repository dispatch events | |
| id-token: write # Required for workload identity federation | |
| jobs: | |
| export-docs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false # Don't persist auth token | |
| - name: Authenticate to Google Cloud | |
| uses: step-security/google-github-auth@57c51210cb4d85d8a5d39dc4c576c79bd693f914 # v3.0.1 | |
| with: | |
| workload_identity_provider: "projects/456977358484/locations/global/workloadIdentityPools/chainguard-academy/providers/chainguard-edu" | |
| service_account: "github-chainguard-academy@chainguard-academy.iam.gserviceaccount.com" | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 | |
| - name: Prepare documentation export | |
| run: | | |
| set -euo pipefail # Exit on error, undefined variable, or pipe failure | |
| echo "Preparing edu documentation export..." | |
| # Use mktemp for secure temp directory | |
| EXPORT_DIR=$(mktemp -d) | |
| trap "rm -rf $EXPORT_DIR" EXIT # Clean up on exit | |
| # Copy content directory (main documentation) | |
| if [ -d "content" ]; then | |
| echo "Copying and cleaning content directory..." | |
| # Create content directory structure | |
| find content -type d | while read dir; do | |
| mkdir -p "$EXPORT_DIR/$dir" | |
| done | |
| # Process each markdown file to remove HTML comments | |
| find content -name "*.md" -type f | while read file; do | |
| # Remove HTML comments and clean up empty lines | |
| sed -E 's/<!--[^>]*-->//g' "$file" | \ | |
| sed '/^[[:space:]]*$/N;/\n[[:space:]]*$/d' > "$EXPORT_DIR/$file" | |
| done | |
| echo "✓ Processed $(find content -name "*.md" -type f | wc -l) markdown files in content/" | |
| else | |
| echo "Warning: content directory not found" | |
| fi | |
| # Create a content index for reference | |
| echo "Creating content index..." | |
| find "$EXPORT_DIR" -name "*.md" -type f | \ | |
| sed "s|$EXPORT_DIR/||" | \ | |
| sort > "$EXPORT_DIR/content-index.txt" | |
| # Create metadata file with proper JSON escaping | |
| cat > "$EXPORT_DIR/metadata.json" << EOF | |
| { | |
| "repository": "chainguard-dev/edu", | |
| "export_time": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")", | |
| "commit": "${{ github.sha }}", | |
| "ref": "${{ github.ref }}", | |
| "triggered_by": "${{ github.event_name }}", | |
| "files_count": $(find "$EXPORT_DIR" -name "*.md" -type f | wc -l), | |
| "total_size": "$(du -sh "$EXPORT_DIR" | cut -f1)" | |
| } | |
| EOF | |
| # Validate JSON | |
| python3 -m json.tool "$EXPORT_DIR/metadata.json" > /dev/null | |
| # Display summary | |
| echo "" | |
| echo "Export Summary:" | |
| echo "---------------" | |
| echo "Total markdown files: $(find "$EXPORT_DIR" -name "*.md" -type f | wc -l)" | |
| echo "Total size: $(du -sh "$EXPORT_DIR" | cut -f1)" | |
| # Create tarball with restricted permissions | |
| cd "$(dirname "$EXPORT_DIR")" | |
| tar --owner=0 --group=0 --mode='u+rwX,go+rX,go-w' \ | |
| -czf /tmp/docs-export.tar.gz "$(basename "$EXPORT_DIR")" | |
| echo "" | |
| echo "Documentation bundle created:" | |
| ls -lh /tmp/docs-export.tar.gz | |
| - name: Upload to GCS | |
| run: | | |
| set -euo pipefail | |
| echo "Uploading edu documentation to GCS..." | |
| # Upload with specific content type and cache control | |
| gcloud storage cp /tmp/docs-export.tar.gz \ | |
| "gs://academy-all-docs/edu/docs-export.tar.gz" \ | |
| --project=chainguard-academy \ | |
| --content-type="application/gzip" \ | |
| --cache-control="no-cache" | |
| # Extract for metadata upload | |
| EXPORT_DIR=$(mktemp -d) | |
| trap "rm -rf $EXPORT_DIR" EXIT | |
| tar -xzf /tmp/docs-export.tar.gz -C "$EXPORT_DIR" --strip-components=1 | |
| # Upload metadata | |
| gcloud storage cp "$EXPORT_DIR/metadata.json" \ | |
| "gs://academy-all-docs/edu/metadata.json" \ | |
| --project=chainguard-academy \ | |
| --content-type="application/json" \ | |
| --cache-control="no-cache" | |
| # Upload content index | |
| gcloud storage cp "$EXPORT_DIR/content-index.txt" \ | |
| "gs://academy-all-docs/edu/content-index.txt" \ | |
| --project=chainguard-academy \ | |
| --content-type="text/plain" \ | |
| --cache-control="no-cache" | |
| echo "✓ Successfully uploaded edu documentation to GCS" | |
| - name: Trigger compilation workflow | |
| if: github.event_name == 'push' || github.event_name == 'schedule' | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| // Wait a moment to ensure all repos have uploaded if running on schedule | |
| if ('${{ github.event_name }}' === 'schedule') { | |
| await new Promise(resolve => setTimeout(resolve, 60000)); // Wait 1 minute | |
| } | |
| await github.rest.repos.createDispatchEvent({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| event_type: 'ai-docs-source-updated', | |
| client_payload: { | |
| repository: 'chainguard-dev/edu', | |
| commit: '${{ github.sha }}', | |
| source: 'edu' | |
| } | |
| }); | |
| console.log('Triggered AI docs compilation workflow'); |