mirror of
https://github.com/immich-app/immich.git
synced 2025-05-24 01:12:58 -04:00
64000d9d76
* fix: set persist-credentials explicitly for checkout https://woodruffw.github.io/zizmor/audits/#artipacked * fix: minimize permissions scope for workflows https://woodruffw.github.io/zizmor/audits/#excessive-permissions * fix: remove potential template injections https://woodruffw.github.io/zizmor/audits/#template-injection * fix: only pass needed secrets in workflow_call https://woodruffw.github.io/zizmor/audits/#secrets-inherit * fix: push perm for single-arch build jobs I hadn't realised these push to the registry too :x * chore: fix formatting * fix: $ * fix: retag job quoting * feat: static analysis job for gha workflows * chore: fix formatting * fix: clear last zizmor checks * fix: broken merge --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
name: Docs destroy
|
|
on:
|
|
pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
|
|
types: [closed]
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Docs Destroy
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Destroy Docs Subdomain
|
|
env:
|
|
TF_VAR_prefix_name: 'pr-${{ github.event.number }}'
|
|
TF_VAR_prefix_event_type: 'pr'
|
|
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
|
|
TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
|
|
uses: gruntwork-io/terragrunt-action@9559e51d05873b0ea467c42bbabcb5c067642ccc # v2
|
|
with:
|
|
tg_version: '0.58.12'
|
|
tofu_version: '1.7.1'
|
|
tg_dir: 'deployment/modules/cloudflare/docs'
|
|
tg_command: 'destroy -refresh=false'
|
|
|
|
- name: Comment
|
|
uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3
|
|
with:
|
|
number: ${{ github.event.number }}
|
|
delete: true
|
|
body-include: '<!-- Docs PR URL -->'
|