Add Hugo documentation site with Docsy theme #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| # Set permissions explicitly for security best practices | |
| permissions: | |
| contents: read # For checking out code | |
| packages: read # For pulling container images | |
| # Note: For PR builds, we don't need write permissions | |
| jobs: | |
| build: | |
| name: Build and Test Containers | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Create certificate file for build | |
| env: | |
| CA_BUNDLE: ${{ secrets.CA_BUNDLE }} | |
| CA_BUNDLE_PART1: ${{ secrets.CA_BUNDLE_PART1 }} | |
| CA_BUNDLE_PART2: ${{ secrets.CA_BUNDLE_PART2 }} | |
| CA_BUNDLE_PART3: ${{ secrets.CA_BUNDLE_PART3 }} | |
| CA_BUNDLE_PART4: ${{ secrets.CA_BUNDLE_PART4 }} | |
| CA_BUNDLE_PART5: ${{ secrets.CA_BUNDLE_PART5 }} | |
| CA_BUNDLE_PART6: ${{ secrets.CA_BUNDLE_PART6 }} | |
| CA_BUNDLE_PART7: ${{ secrets.CA_BUNDLE_PART7 }} | |
| CA_BUNDLE_PART8: ${{ secrets.CA_BUNDLE_PART8 }} | |
| CA_BUNDLE_PART9: ${{ secrets.CA_BUNDLE_PART9 }} | |
| run: | | |
| # Use the dedicated script to assemble certificates with validation | |
| ./scripts/assemble-certificates.sh --verify | |
| # Show the assembled certificate info | |
| ls -la certs/org/ | |
| - name: Prepare Dockerfiles | |
| run: | | |
| # Instead of relying on symlinks, directly reference the actual files | |
| echo "Using Dockerfile for full build" | |
| echo "Using Dockerfile.optimized for minimal build" | |
| - name: Build minimal container | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| # Directly use the actual Dockerfile.optimized instead of a symlink | |
| file: ./Dockerfile.optimized | |
| push: false | |
| tags: cac-builder:minimal-test | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| load: true | |
| - name: Test minimal container | |
| run: | | |
| docker run --rm cac-builder:minimal-test -c "mkdir -p /content/build && cd /content/build && cmake .. && echo 'Build environment test: SUCCESS'" | |
| - name: Build full container | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| # Directly use the actual Dockerfile instead of a symlink | |
| file: ./Dockerfile | |
| push: false | |
| tags: cac-builder:full-test | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| BUILD_TYPE=full | |
| load: true | |
| - name: Test full container | |
| run: | | |
| mkdir -p output | |
| docker run -v ${{ github.workspace }}/output:/output --rm cac-builder:full-test -c "ls /content/build/ssg-* && cp /content/build/ssg-rhel* /output/ 2>/dev/null || echo 'No content found, checking build environment'" | |
| - name: Verify output files (full build only) | |
| run: | | |
| ls -la output/ || echo "No output files found - this is expected in PR builds" |