marcusquinn
523574a93e
Resolves SonarCloud security hotspots S7636 in three workflow files: - code-quality.yml: CODACY_PROJECT_TOKEN moved to env block on check step - sonarcloud.yml: SONARCLOUD_GITHUB moved to env block on check step - sync-wiki.yml: GITHUB_TOKEN and context vars moved to env block on sync step Secrets are now passed as environment variables and referenced via $VAR rather than being expanded inline in run: shell blocks, which prevents secret values from appearing in workflow logs and resolves the hotspots. Closes #106
58 lines
1.5 KiB
YAML
58 lines
1.5 KiB
YAML
name: Sync Wiki - Update GitHub wiki from .wiki directory
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- '.wiki/**'
|
|
|
|
jobs:
|
|
sync-wiki:
|
|
name: Sync Wiki to GitHub
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Checkout source code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Configure Git
|
|
run: |
|
|
git config --global user.name "GitHub Actions"
|
|
git config --global user.email "actions@github.com"
|
|
|
|
- name: Clone wiki repository
|
|
run: |
|
|
git clone https://github.com/${{ github.repository }}.wiki.git wiki
|
|
|
|
- name: Sync wiki content
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GITHUB_ACTOR: ${{ github.actor }}
|
|
GITHUB_REPOSITORY: ${{ github.repository }}
|
|
run: |
|
|
# Remove all files from wiki repository except .git
|
|
find wiki -mindepth 1 -maxdepth 1 -not -name '.git' -exec rm -rf {} \;
|
|
|
|
# Copy .wiki content to wiki repository
|
|
cp -r .wiki/* wiki/
|
|
|
|
# Go to wiki repository
|
|
cd wiki
|
|
|
|
# Add all changes
|
|
git add .
|
|
|
|
# Check if there are changes to commit
|
|
if git diff --staged --quiet; then
|
|
echo "No changes to commit"
|
|
exit 0
|
|
fi
|
|
|
|
# Commit changes
|
|
git commit -m "Sync wiki from source repository"
|
|
|
|
# Push changes
|
|
git push https://$GITHUB_ACTOR:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.wiki.git
|