Merge pull request #147 from sehlen-bsi/ci/package_documentation #701
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
schedule: | |
# Run this around 2:37am once every 6-ish days to keep the GitHub API | |
# cache warm. Otherwise we would run into an API rate limit whenever | |
# we resume working on the repository after a weeks-long break. | |
# | |
# Github Actions caches are evicted after one week of not being used. | |
- cron: '37 2 1,7,13,19,25,31 * *' | |
permissions: | |
contents: read | |
# implicitly all other scopes not listed become none | |
jobs: | |
pdf_creation: | |
strategy: | |
matrix: | |
element: | |
- {name: Crypto Documentation, dir: docs/cryptodoc, out_name: cryptodoc} | |
- {name: Audit Method Description, dir: docs/audit_method, out_name: audit_method} | |
- {name: Test Specification, dir: docs/testspec, out_name: testspec} | |
- {name: Architecture Overview, dir: docs/architecture, out_name: architecture} | |
name: Build PDF - ${{ matrix.element.name }} | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: ${{matrix.element.dir }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup Environment Configuration | |
uses: ./.github/actions/setup-environment | |
with: | |
env_file: ./config/botan.env | |
- name: Install Build Dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get -qq install python3-poetry texlive-latex-extra texlive-fonts-recommended tex-gyre texlive-lang-german latexmk | |
- name: Install Python Dependencies | |
run: poetry install --no-dev | |
- name: Build pdf | |
run: poetry run make latexpdf | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Botan ${{ env.BOTAN_VERSION }} ${{ matrix.element.name }} | |
path: ${{ matrix.element.dir }}/_build/latex/${{ matrix.element.out_name }}-*.pdf | |
url_check: | |
strategy: | |
matrix: | |
element: | |
- {name: Crypto Documentation, dir: docs/cryptodoc} | |
- {name: Audit Method Description, dir: docs/audit_method} | |
- {name: Test Specification, dir: docs/testspec} | |
- {name: Architecture, dir: docs/architecture} | |
name: Check source URLs - ${{ matrix.element.name }} | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: ${{matrix.element.dir }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup Environment Configuration | |
uses: ./.github/actions/setup-environment | |
with: | |
env_file: ./config/botan.env | |
- name: Install Build Dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get -qq install python3-poetry | |
- name: Install Python Dependencies | |
run: poetry install --no-dev | |
- name: Build with URL check enabled | |
run: poetry run make SPHINXOPTS="-D src_ref_check_url=True -W --keep-going" html | |
audit_generation: | |
name: Build PDF - Audit Report | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Fetch Audit Repository | |
uses: actions/checkout@v3 | |
with: | |
path: ./source | |
- name: Setup Environment Configuration | |
uses: ./source/.github/actions/setup-environment | |
with: | |
env_file: ./source/config/botan.env | |
- name: Fetch Botan Repository | |
uses: actions/checkout@v3 | |
with: | |
path: ./botan | |
repository: ${{ env.BOTAN_REPO }} | |
fetch-depth: 0 | |
- name: Install Build Dependencies | |
working-directory: source/docs/audit_report | |
run: | | |
sudo apt-get update | |
sudo apt-get -qq install python3-poetry texlive-latex-extra texlive-fonts-recommended tex-gyre latexmk | |
poetry install --no-dev | |
- name: Install GitHub webflow GPG public key | |
run: gpg --trusted-key 4AEE18F83AFDEB23 --import source/.github/resources/web-flow.gpg | |
- name: Handle the Audit Generator Cache | |
uses: actions/cache@v3 | |
with: | |
path: ./audit_generator_cache | |
key: audit_3.1-${{ github.run_id }} | |
restore-keys: audit_3.1 | |
- name: Verify Patch Coverage | |
working-directory: source/docs/audit_report | |
run: poetry run python3 -m genaudit.cli unrefed --yaml changes | |
env: | |
AUDIT_CACHE_LOCATION: ${{ github.workspace }}/audit_generator_cache | |
AUDIT_REPO_LOCATION: ${{ github.workspace }}/botan | |
BASIC_GH_TOKEN: ${{ github.token }} | |
- name: Build Document | |
working-directory: source/docs/audit_report | |
run: poetry run make latexpdf | |
env: | |
AUDIT_CACHE_LOCATION: ${{ github.workspace }}/audit_generator_cache | |
AUDIT_REPO_LOCATION: ${{ github.workspace }}/botan | |
BASIC_GH_TOKEN: ${{ github.token }} | |
- name: Query the API Rate Limit | |
run: ${{ github.workspace }}/source/.github/scripts/query_rate_limit.sh | |
if: always() | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
- name: Store Audit Generator Cache on Rate Limit Exceeded | |
uses: actions/cache/save@v3 | |
if: ${{ failure() && env.API_RATE_LIMIT_EXCEEDED == 'true' }} | |
with: | |
path: ./audit_generator_cache | |
key: audit_3.1-${{ github.run_id }} | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Botan ${{ env.BOTAN_VERSION }} Audit Report | |
path: source/docs/audit_report/_build/latex/*.pdf |