Merge pull request #48 from lcarva/HACBS-2564 #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: docs | |
| 'on': | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'modules/**' | |
| permissions: | |
| contents: read | |
| jobs: | |
| website_update: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - APP_INSTALL_ID: 29980719 | |
| REPOSITORY: enterprise-contract/enterprise-contract.github.io | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 | |
| with: | |
| egress-policy: audit | |
| disable-telemetry: true | |
| - name: Trigger website update | |
| env: | |
| EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }} | |
| run: | | |
| function createJWT() { | |
| local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
| local now_utc=$(date --utc +%s) | |
| local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
| local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_') | |
| echo "${header}.${payload}.${signature}" | |
| } | |
| GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" https://api.github.com/app/installations/${{ matrix.APP_INSTALL_ID }}/access_tokens | jq -r .token) \ | |
| gh api repos/${{ matrix.REPOSITORY }}/dispatches -X POST --input <(echo '{"event_type":"update","client_payload":{}}') |