Skip to content
docs-sched-rebuild

Fix for the potential security vulnerability in Blossom GitHub workflow #279

Sign in to view logs

Fix for the potential security vulnerability in Blossom GitHub workflow

Fix for the potential security vulnerability in Blossom GitHub workflow #279

Workflow file for this run

.github/workflows/docs-sched-rebuild.yaml at 818ce25
name: docs-sched-rebuild
on:
push:
branches: [master]
tags:
- v*
workflow_dispatch:
jobs:
build:
runs-on: "ubuntu-latest"
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Python 3.8
uses: actions/setup-python@v4
with:
python-version: 3.8
- name: Install Ubuntu packages
run: |
sudo apt-get update -y
sudo apt-get install -y doxygen
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -r docs/requirements-doc.txt
- name: Report the versions to build
run: |
sphinx-multiversion -D 'exhale_args.containmentFolder=${sourcedir}/api' --dump-metadata docs/source docs/build/html | jq "keys"
- name: Building docs (multiversion)
run: |
sphinx-multiversion -D 'exhale_args.containmentFolder=${sourcedir}/api' docs/source docs/build/html
- name: Delete unnecessary files
run: |
find docs/build -name .doctrees -prune -exec rm -rf {} \;
find docs/build -name .buildinfo -exec rm {} \;
- name: Upload HTML
uses: actions/upload-artifact@v3
with:
name: html-build-artifact
path: docs/build/html
if-no-files-found: error
retention-days: 1
# Identify the dir for the HTML.
store-html:
needs: [build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: "gh-pages"
- name: Initialize Git configuration
run: |
git config user.name docs-sched-rebuild
git config user.email [email protected]
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: html-build-artifact
- name: Copy HTML directories
run: |
ls -asl
for i in `ls -d *`
do
echo "Git adding ${i}"
git add "${i}"
done
- name: Check or create dot-no-jekyll file
run: |
if [ -f ".nojekyll" ]; then
echo "The dot-no-jekyll file already exists."
exit 0
fi
touch .nojekyll
git add .nojekyll
- name: Check or create redirect page
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
resp=$(grep 'http-equiv="refresh"' index.html 2>/dev/null) || true
if [ -n "${resp}" ]; then
echo "The redirect file already exists."
exit 0
fi
# If any of these commands fail, fail the build.
def_branch=$(gh api "repos/${GITHUB_REPOSITORY}" --jq ".default_branch")
html_url=$(gh api "repos/${GITHUB_REPOSITORY}/pages" --jq ".html_url")
# Beware ugly quotation mark avoidance in the foll lines.
echo '<!DOCTYPE html>' > index.html
echo '<html>' >> index.html
echo ' <head>' >> index.html
echo ' <title>Redirect to documentation</title>' >> index.html
echo ' <meta charset="utf-8">' >> index.html
echo ' <meta http=equiv="refresh" content="3; URL='${html_url}${def_branch}'/index.html">' >> index.html
echo ' <link rel="canonical" href="'${html_url}${def_branch}'/index.html">' >> index.html
echo ' <script language="javascript">' >> index.html
echo ' function redirect() {' >> index.html
echo ' window.location.assign("'${html_url}${def_branch}'/index.html")' >> index.html
echo ' }' >> index.html
echo ' </script>' >> index.html
echo ' </head>' >> index.html
echo ' <body onload="redirect()">' >> index.html
echo ' <p>Please follow the link to the <a href="'${html_url}${def_branch}'/index.html">' >> index.html
echo ${def_branch}'</a> branch documentation.</p>' >> index.html
echo ' </body>' >> index.html
echo '</html>' >> index.html
git add index.html
- name: Commit changes to the GitHub Pages branch
run: |
git status
if git commit -m 'Pushing changes to GitHub Pages.'; then
git push -f
else
echo "Nothing changed."
fi