Feat added pipeline hardening step #195
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Generate terraform docs | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '.github/**/*' | |
| - 'scripts/**/*' | |
| workflow_dispatch: | |
| permissions: | |
| contents: write # Required to update documentation in the repo | |
| pull-requests: write | |
| jobs: | |
| tf-docs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@v2.10.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@v4.2.2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| # Creates provider documentation for registry.terraform.io | |
| - name: Render terraform docs for microsoft365_provider | |
| uses: terraform-docs/gh-actions@v1.3.0 | |
| with: | |
| working-dir: examples/microsoft365_provider | |
| indention: 3 | |
| output-file: README.md | |
| output-method: inject | |
| git-push: "true" | |
| git-commit-message: "terraform-docs: automated action" | |
| - name: Render terraform docs for microsoft365_graph | |
| uses: terraform-docs/gh-actions@v1.3.0 | |
| with: | |
| working-dir: examples/ | |
| recursive: true | |
| recursive-path: microsoft365_graph/ | |
| output-file: README.md | |
| output-method: inject | |
| git-push: "true" | |
| git-commit-message: "terraform-docs: automated action" | |
| - name: Render terraform docs for microsoft365_graph_beta | |
| uses: terraform-docs/gh-actions@v1.3.0 | |
| with: | |
| working-dir: examples/ | |
| recursive: true | |
| recursive-path: microsoft365_graph_beta/ | |
| output-file: README.md | |
| output-method: inject | |
| git-push: "true" | |
| git-commit-message: "terraform-docs: automated action" | |
| go-docs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4.2.2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| # Creates provider documentation for godoc.org and pkg.go.dev | |
| - name: Generate Go Docs | |
| run: go generate ./... | |
| - name: Check for changes in generated Go docs | |
| id: go-gen-check | |
| run: | | |
| if [[ -n $(git status --porcelain) ]]; then | |
| echo "changes=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "changes=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Commit changes in Go docs | |
| if: steps.go-gen-check.outputs.changes == 'true' | |
| uses: stefanzweifel/git-auto-commit-action@v5.0.1 | |
| with: | |
| commit_message: "go generate: automated update" | |
| file_pattern: '**/*.go' | |
| commit_options: '--no-verify --signoff' | |
| commit_user_name: "GitHub Actions Bot" | |
| commit_user_email: "github-actions[bot]@users.noreply.github.com" | |
| commit_author: "GitHub Actions Bot <github-actions[bot]@users.noreply.github.com>" | |
| status_options: '--untracked-files=no' | |
| add_options: '-u' | |
| push_options: '--force' | |
| skip_dirty_check: false | |
| skip_fetch: true | |
| skip_checkout: true |