search

ansible-collections / community.hashi_vault

Ansible collection for managing and working with HashiCorp Vault.
https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/index.html
GNU General Public License v3.0
81 stars 61 forks source link

docs - docs-build all with approval #150

Closed briantist closed 3 years ago

briantist commented 3 years ago
SUMMARY

This adds a new workflow that uses a custom github "environment" so that running this workflow requires approval. This workflow is very similar to the existing docs build, the difference is that it uses the entire PR contents, and not just the docs/docsite.

As described in #138 , that's a security risk when running via pull_request_target, because the workflow has access to secrets and an elevated GitHub token.

That's where pre-approval comes in: this workflow will not run until someone has reviewed the PR and then allows this workflow to run.

The existing docsite-only workflow will still run, automatically, so PR authors can get quick feedback on those changes, and (after review) full docs rendering that includes plugin and module doc changes is still possible before a PR is merged, to the benefit of both PR authors and reviewers/maintainers.

See it in action

A sample PR against this branch can be seen in #149 .

ISSUE TYPE
COMPONENT NAME

docs build

ADDITIONAL INFORMATION

This is not necessarily in the best end state. It is a lot of copy-paste from the other docs-build. Many of these steps should be generalized out and made into composite actions, and then they can be DRYed up a but. But I feel the advantage of getting this in place early outweighs some duplication. It will be cleaned up over time.

codecov[bot] commented 3 years ago

Codecov Report

Merging #150 (fe7c39b) into main (8bc10e0) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #150   +/-   ##
=======================================
  Coverage   89.24%   89.24%           
=======================================
  Files          34       34           
  Lines        1348     1348           
  Branches      102      102           
=======================================
  Hits         1203     1203           
  Misses        135      135           
  Partials       10       10
Flag Coverage Δ
env_docker-default 89.24% <ø> (ø)
integration 71.23% <ø> (ø)
py2.6 34.96% <ø> (ø)
py2.7 80.78% <ø> (ø)
py3.10 88.35% <ø> (ø)
py3.5 81.08% <ø> (ø)
py3.6 81.08% <ø> (ø)
py3.7 81.08% <ø> (ø)
py3.8 88.35% <ø> (ø)
py3.9 88.35% <ø> (ø)
sanity 35.18% <ø> (ø)
target_ansible-doc 36.01% <ø> (ø)
target_auth_approle 84.21% <ø> (ø)
target_auth_jwt 86.95% <ø> (ø)
target_auth_none 100.00% <ø> (ø)
target_auth_token 73.33% <ø> (ø)
target_connection_options 73.78% <ø> (ø)
target_controller 67.74% <ø> (ø)
target_import 34.48% <ø> (ø)
target_lookup_hashi_vault 78.75% <ø> (ø)
target_module_utils 87.92% <ø> (ø)
units 86.64% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 8bc10e0...fe7c39b. Read the comment docs.

webknjaz commented 3 years ago

@briantist FYI this is something you may want to consider turning into a Composite Action for reusability.

briantist commented 3 years ago

@briantist FYI this is something you may want to consider turning into a Composite Action for reusability.

Agreed, it's already on my list! Have talked about it in IRC, and it's also in the "Additional Information" section in this PR :)