Skip to content

chore: bump step-security/harden-runner from 2.4.1 to 2.5.0 #275

chore: bump step-security/harden-runner from 2.4.1 to 2.5.0

chore: bump step-security/harden-runner from 2.4.1 to 2.5.0 #275

Workflow file for this run

name: generate_website
on:
push:
branches:
- master
paths:
- ".github/workflows/website.yaml"
- "website/**"
pull_request:
branches:
- master
paths:
- ".github/workflows/website.yaml"
- "website/**"
permissions:
contents: write
jobs:
build_and_deploy:
runs-on: ubuntu-latest
defaults:
run:
working-directory: website
steps:
- name: Harden Runner
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
with:
egress-policy: audit
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup Node
uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
with:
node-version: "16"
- name: Get yarn cache
id: yarn-cache
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- name: Cache dependencies
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ${{ steps.yarn-cache.outputs.dir }}
key: ${{ runner.os }}-website-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-website-
- run: yarn install --frozen-lockfile
- run: yarn build
# deploy only after PR is merged to master
- name: Deploy
if: github.ref == 'refs/heads/master' && github.event_name == 'push' && github.repository == 'open-policy-agent/gatekeeper-library'
uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./website/build
destination_dir: ./website