diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 99067def..64f5eee8 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -16,6 +16,9 @@ concurrency: jobs: docs: + permissions: + contents: read + packages: read runs-on: ubuntu-24.04 steps: - uses: envoyproxy/toolshed/actions/bind-mounts@598eacce15ab5f208102a2fd5669292868002701 # v0.4.0 @@ -41,15 +44,29 @@ jobs: path: examples - run: | export UID - echo 'load("@envoy_examples//bazel:env.bzl", "envoy_examples_env")' >> ../envoy/WORKSPACE - echo 'envoy_examples_env()' >> ../envoy/WORKSPACE + export GID=$(id -g) + + cat >> ../envoy/WORKSPACE << 'EOF' + load("@envoy_examples//bazel:env.bzl", "envoy_examples_env") + envoy_examples_env() + EOF + + cat > ../envoy/repo.bazelrc << 'EOF' + common --config=ci + common --config=rbe + common --config=bes + EOF + docker compose run docs working-directory: examples env: - BAZEL_BUILD_EXTRA_OPTIONS: >- - --override_repository=envoy_examples=../examples - --config=ci - --@rules_python//python/config_settings:bootstrap_impl=script BUILDKIT_PROGRESS: quiet COMPOSE_BAKE: true DOCKER_BUILDKIT: 1 + GITHUB_TOKEN: ${{ github.token }} + - name: Docs upload + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: docs + path: envoy/generated/docs + retention-days: 30 diff --git a/_docker/Dockerfile-docs b/_docker/Dockerfile-docs index 970a62c2..93b81db8 100644 --- a/_docker/Dockerfile-docs +++ b/_docker/Dockerfile-docs @@ -1 +1 @@ -FROM envoyproxy/envoy-build:llvm-a3be5281b88359ab536d052218a30a951c97d751@sha256:5e29f02effdc49483d1e8bc3093c54ed54fa8821bb4aa228d7b2f9769647d18e +FROM envoyproxy/envoy-build:devtools-86873047235e9b8232df989a5999b9bebf9db69c@sha256:6e7a82d4f1ba040f4ebef0c1aae00cdbd205ff7a1284c20cc20984fdfa4a91d8 diff --git a/docker-compose.yml b/docker-compose.yml index 222abf90..30b7471d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,20 +12,37 @@ services: - "${PWD}/_docker/docs-entrypoint-extra.sh:/entrypoint-extra.sh" - "${HOME}/.cache/envoy/examples:/home/envoybuild/.cache" working_dir: /workspace/envoy - command: - - bash - - -c - - | - ./ci/do_ci.sh docs environment: DOCS_BUILD_RST: "${DOCS_BUILD_RST:-}" BAZEL_BUILD_EXTRA_OPTIONS: >- ${BAZEL_BUILD_EXTRA_OPTIONS:- - --override_repository=envoy_examples=../examples - --@rules_python//python/config_settings:bootstrap_impl=script} - BUILD_UID: "${UID:-1000}" + --override_repository=envoy_examples=../examples} + USER_UID: "${UID:-1000}" + GROUP_UID: "${GID:-1000}" GITHUB_TOKEN: "${GITHUB_TOKEN:-}" + entrypoint: + - "/bin/bash" + - "-c" + - | + set -e + + usermod -u "$$USER_UID" envoybuild + groupmod -g "$$GROUP_UID" envoybuild + + chown envoybuild:envoybuild /home/envoybuild/.cache + chown envoybuild:envoybuild /workspace/envoy + chown envoybuild:envoybuild /workspace/envoy/generated + chown envoybuild:envoybuild /workspace/envoy/generated/docs + exec sudo -EH -u envoybuild "$@" + - "--" + command: + - /bin/bash + - -c + - | + set -e + git config --global --add safe.directory /workspace/envoy + exec ./ci/do_ci.sh docs examples: build: context: .