-
Notifications
You must be signed in to change notification settings - Fork 11
42 lines (37 loc) · 1.55 KB
/
docs.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
---
name: docs
'on':
push:
branches:
- main
paths:
- 'modules/**'
permissions:
contents: read
jobs:
website_update:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- APP_INSTALL_ID: 29980719
REPOSITORY: enterprise-contract/enterprise-contract.github.io
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
disable-telemetry: true
- name: Trigger website update
env:
EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }}
run: |
function createJWT() {
local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//)
local now_utc=$(date --utc +%s)
local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//)
local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_')
echo "${header}.${payload}.${signature}"
}
GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" https://api.github.com/app/installations/${{ matrix.APP_INSTALL_ID }}/access_tokens | jq -r .token) \
gh api repos/${{ matrix.REPOSITORY }}/dispatches -X POST --input <(echo '{"event_type":"update","client_payload":{}}')