Merge branch 'master' of https://github.com/OWASP/cornucopia #40
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build and Deploy The Cornucopia Website on Production | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| permissions: | |
| contents: read | |
| jobs: | |
| hardening: | |
| name: Hardening | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Make sure we have some code to test | |
| - name: Harden runner | |
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github-cloud.githubusercontent.com:443 | |
| github.com:443 | |
| motd.ubuntu.com:443 | |
| keys.openpgp.org:443 | |
| build-and-deploy-production: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| name: Install pnpm | |
| with: | |
| version: 10.0.0 | |
| run_install: false | |
| - name: Install Node.js | |
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version: 20.18.2 | |
| - name: Build | |
| working-directory: cornucopia.owasp.org | |
| run: | | |
| pnpm install # Install dependencies | |
| npm run build # Build production version | |
| - name: Deploy the website | |
| uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 | |
| with: | |
| workingDirectory: "cornucopia.owasp.org" | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| wranglerVersion: "4.18.0" | |
| command: pages deploy build --project-name=cornucopia | |
| env: | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| - name: Deploy the worker routes | |
| uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 | |
| with: | |
| workingDirectory: "cornucopia.owasp.org" | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| wranglerVersion: "4.65.0" | |
| command: deploy script/nonce-worker.js --config script/wrangler.toml --env production | |
| env: | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} |