Security bugfix for XSS window.location.href #56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Update Documentation | |
# Triggers the workflow on push or pull request events | |
on: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
documentation: | |
runs-on: ubuntu-latest | |
name: Test documentation and generate openapi html documentation | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.head_ref }} | |
- name: lint markdown files | |
uses: nosborn/[email protected] | |
with: | |
files: . | |
- name: lint yaml files | |
uses: ibiqlik/action-yamllint@v3 | |
# Check for changes in the server component of the Archimate model | |
- uses: dorny/paths-filter@v2 | |
id: changes | |
with: | |
filters: | | |
archi: | |
- 'docs/invite.archimate' | |
server: | |
- 'server/src/**' | |
# Generate the OpenApi spec json, only if the server component has changes | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
cache: 'maven' | |
if: steps.changes.outputs.server == 'true' | |
- name: Set up MySQL | |
uses: shogo82148/actions-setup-mysql@v1 | |
with: | |
mysql-version: '8.0' | |
if: steps.changes.outputs.server == 'true' | |
- name: Prepare database | |
run: | | |
mysql -uroot -h127.0.0.1 -e \ | |
"CREATE DATABASE access CHARACTER SET utf8mb4 \ | |
COLLATE utf8mb4_0900_ai_ci;" | |
mysql -uroot -h127.0.0.1 -e \ | |
"CREATE USER 'access'@'localhost' IDENTIFIED BY 'secret';"; | |
mysql -uroot -h127.0.0.1 -e \ | |
"GRANT ALL privileges ON access.* TO 'access'@'localhost';" | |
if: steps.changes.outputs.server == 'true' | |
- name: Generate openapi.json | |
run: cd server && mvn spring-boot:run & && sleep 10 && curl -q http://localhost:8080/ui/api-docs -o server/target/openapi.json && pkill -f java | |
if: steps.changes.outputs.server == 'true' | |
- name: Test api-specs with redoc-cli | |
uses: seeebiii/redoc-cli-github-action@v10 | |
with: | |
args: 'bundle server/target/openapi.json -t template.hbs -o docs/api/index.html' | |
if: steps.changes.outputs.server == 'true' | |
- name: check result | |
run: | | |
ls -al docs/api/ | |
test -f docs/api/index.html || (echo "Missing docs/api/index.html from previous step." && exit 1) | |
if: steps.changes.outputs.server == 'true' | |
- name: Commit files if the OpenAPI html has changed | |
run: | | |
git config user.name github-actions | |
git config user.email [email protected] | |
git add docs/api/index.html | |
git diff-index --quiet HEAD || git commit -m "Update github page" | |
if: steps.changes.outputs.server == 'true' | |
continue-on-error: true | |
# Generate a HTML page for the archmate model, only if the moder has changed | |
- name: Download Archi | |
run: | | |
curl "https://www.archimatetool.com/downloads/archi5.php?/5.1.0/Archi-Linux64-5.1.0.tgz" \ | |
-q -o /tmp/archi.tgz | |
tar -zxvf /tmp/archi.tgz -C /tmp/ | |
if: steps.changes.outputs.archi == 'true' | |
- name: Generate HTML report from Archimate model | |
run: | | |
xvfb-run /tmp/Archi/Archi -application com.archimatetool.commandline.app \ | |
-nosplash --consoleLog --loadModel ./docs/invite.archimate \ | |
--html.createReport "./docs/Archi/" | |
if: steps.changes.outputs.archi == 'true' | |
- name: Commit files if the Archimate html has changed | |
run: | | |
git config user.name github-actions | |
git config user.email [email protected] | |
git pull | |
git add docs/Archi/* | |
git diff-index --quiet HEAD || git commit -m "Update HTML export of Archimate file" | |
if: steps.changes.outputs.archi == 'true' | |
continue-on-error: true | |
- name: Push changes | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
branch: ${{ github.ref }} |