prokop/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2026-05-06 19:44:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
90aa8b544232a845b139bd6396131f4cc8445b5c
thgtoa/.github/workflows/build-pdf.yml
T
nopeitsnothing 0b71c3f49a Overhaul the Hashing, scanning, release management 
...tool :)

Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
2026-04-18 22:03:40 -04:00

159 lines
4.9 KiB
YAML
Raw Blame History

name: 📖 Build, Scan & Release PDF
on:
workflow_dispatch:
inputs:
build_mode:
description: 'PDF build mode'
required: true
default: 'both'
type: choice
options:
- light
- dark
- both
release_mode:
description: 'Release update mode'
required: false
default: 'tag'
type: choice
options:
- tag
- latest
push:
branches:
- main
paths:
- "docs/**"
- "mkdocs.yml"
- "scripts/**"
- ".github/workflows/**"
permissions:
contents: write
id-token: write
jobs:
build:
name: Build PDFs (${{ inputs.build_mode || 'both' }})
runs-on: ubuntu-latest
steps:
- name: 🛠️ Checkout
uses: actions/checkout@v4
- name: 🐍 Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.13"
- name: 📦 Install MkDocs Material
run: pip install mkdocs-material
- name: Setup Chrome
uses: browser-actions/setup-chrome@v2
with:
chrome-version: 120
install-dependencies: true
install-chromedriver: true
- name: 🔑 Install GPG tools
run: |
sudo apt-get update
sudo apt-get install gnupg
- name: 🖨️ Build PDFs
env:
CI: true
run: python scripts/build_guide_pdf.py --${{ inputs.build_mode || 'both' }}
- name: 🔒 Sign PDFs with GPG key
env:
GPG_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
cd ${{ github.workspace }}
# Import GPG key
export GPG_TTY=$(tty)
echo "$GPG_KEY" | gpg --batch --import 2>/dev/null || true
# Verify the key was imported
if gpg --list-secret-keys &>/dev/null; then
# Sign the PDFs (detach signature)
gpg --batch --yes --armor --detach-sign --output export/thgtoa.pdf.sig export/thgtoa.pdf 2>/dev/null || true
gpg --batch --yes --armor --detach-sign --output export/thgtoa-dark.pdf.sig export/thgtoa-dark.pdf 2>/dev/null || true
# Create combined hash file and sign it
sha256sum export/thgtoa.pdf > export/thgtoa.pdf.sha256
sha256sum export/thgtoa-dark.pdf > export/thgtoa-dark.sha256
gpg --batch --yes --armor --detach-sign --output export/thgtoa.pdf.sig export/thgtoa.pdf.sha256 2>/dev/null || true
gpg --batch --yes --armor --detach-sign --output export/thgtoa-dark.pdf.sig export/thgtoa-dark.pdf.sha256 2>/dev/null || true
# Create individual hash files
sha256sum export/thgtoa.pdf > export/thgtoa.pdf.sha256
sha256sum export/thgtoa-dark.pdf > export/thgtoa-dark.pdf.sha256
fi
- name: 📤 Upload PDF artifacts
uses: actions/upload-artifact@v4
with:
name: pdf-artifacts-${{ inputs.build_mode || 'both' }}
path: |
export/*.pdf
export/*.sig
export/*.sha256
if-no-files-found: error
retention-days: 90
archive: false
scan-and-release:
name: Scan & Release
runs-on: ubuntu-latest
needs: build
if: always() && contains(needs.build.result, 'success')
steps:
- name: 🚀 Checkout
uses: actions/checkout@v4
- name: 🔽 Download PDF artifacts
uses: actions/download-artifact@v4
with:
pattern: pdf-artifacts
path: export/
merge-multiple: true
- name: 🦠 VirusTotal Scan & Release Update
env:
VT_API_KEY: ${{ secrets.VT_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
chmod +x scripts/pdf_release.sh
# Determine build mode from input or default to both
BUILD_MODE="${{ inputs.build_mode || 'both' }}"
RELEASE_MODE="${{ inputs.release_mode || 'tag' }}"
echo "Running PDF release script..."
echo "Build Mode: $BUILD_MODE"
echo "Release Mode: $RELEASE_MODE"
# Run the release script
./scripts/pdf_release.sh \
--build "$BUILD_MODE" \
--release "$RELEASE_MODE" \
--vt-api-key "$VT_API_KEY" \
--github-token "$GITHUB_TOKEN"
- name: 📊 Upload scan results artifact
uses: actions/upload-artifact@v4
with:
name: vt-scan-results-${{ inputs.build_mode || 'both' }}
path: |
export/virus-total-results.md
if-no-files-found: warn
retention-days: 30
Reference in New Issue View Git Blame Copy Permalink