feat: add SBOM generation and attestation to on-merge workflow #60
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Documentation | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - 'docs/**' | |
| - 'internal/language/**' | |
| - 'cmd/docgen/**' | |
| - '.github/workflows/docs.yml' | |
| pull_request: | |
| branches: [ main ] | |
| paths: | |
| - 'docs/**' | |
| - 'internal/language/**' | |
| - 'cmd/docgen/**' | |
| - '.github/workflows/docs.yml' | |
| workflow_dispatch: | |
| # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. | |
| # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. | |
| concurrency: | |
| group: "pages" | |
| cancel-in-progress: false | |
| jobs: | |
| # Build job | |
| build: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: docs | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.26.1' | |
| - name: Generate language plugin doc includes | |
| working-directory: . | |
| run: go generate ./internal/language/... | |
| - name: Setup Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| cache-dependency-path: 'docs/requirements.txt' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: Setup Pages | |
| id: pages | |
| uses: actions/configure-pages@v4 | |
| - name: Build documentation | |
| run: | | |
| make html SPHINXOPTS="--keep-going" | |
| # Create .nojekyll file to serve files starting with underscores | |
| touch _build/html/.nojekyll | |
| - name: Upload artifact | |
| uses: actions/upload-pages-artifact@v3 | |
| with: | |
| path: docs/_build/html | |
| # Deployment job (only for main branch) | |
| deploy: | |
| if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v4 | |
| # Link checker job (for PRs and main) | |
| linkcheck: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: docs | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| cache-dependency-path: 'docs/requirements.txt' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: Check links | |
| run: make linkcheck | |
| continue-on-error: true |