mirror of
https://github.com/Stirling-Tools/Stirling-PDF.git
synced 2025-04-23 01:01:30 +00:00
2938fcc044
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.11.0 to 2.11.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.11.1</h2> <h2>What's Changed</h2> <ul> <li>cache: add support for GitHub Actions cache v2 by <a href="https://github.com/h0x0er"><code>@h0x0er</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/529">step-security/harden-runner#529</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.11.1">https://github.com/step-security/harden-runner/compare/v2...v2.11.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="c6295a65d1"><code>c6295a6</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/530">#530</a> from step-security/rc-19</li> <li><a href="3e118b145b"><code>3e118b1</code></a> Improve error handling</li> <li><a href="b38e918ba8"><code>b38e918</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/529">#529</a> from h0x0er/jatin/cache-fix</li> <li><a href="0664d30cda"><code>0664d30</code></a> cache: added support for cache v2</li> <li><a href="b131ca5ebf"><code>b131ca5</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/524">#524</a> from step-security/fix/security/GHSA-968p-4wvh-cqc8</li> <li><a href="2dc9579753"><code>2dc9579</code></a> Address vulnerabilities</li> <li><a href="f054d811b5"><code>f054d81</code></a> Update README (<a href="https://redirect.github.com/step-security/harden-runner/issues/522">#522</a>)</li> <li><a href="8a09271fed"><code>8a09271</code></a> Update Readme (<a href="https://redirect.github.com/step-security/harden-runner/issues/520">#520</a>)</li> <li><a href="6ec6af7d62"><code>6ec6af7</code></a> Update readme (<a href="https://redirect.github.com/step-security/harden-runner/issues/518">#518</a>)</li> <li><a href="539365ba33"><code>539365b</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/516">#516</a> from vorburger/patch-1</li> <li>Additional commits viewable in <a href="4d991eb9b9...c6295a65d1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
60 lines
1.8 KiB
YAML
60 lines
1.8 KiB
YAML
name: PR Deployment cleanup
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened, closed]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
env:
|
|
SERVER_IP: ${{ secrets.VPS_IP }} # Add this to your GitHub secrets
|
|
CLEANUP_PERFORMED: "false" # Add flag to track if cleanup occurred
|
|
|
|
jobs:
|
|
cleanup:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
if: github.event.action == 'closed'
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Set up SSH
|
|
run: |
|
|
mkdir -p ~/.ssh/
|
|
echo "${{ secrets.VPS_SSH_KEY }}" > ../private.key
|
|
sudo chmod 600 ../private.key
|
|
|
|
- name: Cleanup PR deployment
|
|
id: cleanup
|
|
run: |
|
|
ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH'
|
|
if [ -d "/stirling/PR-${{ github.event.pull_request.number }}" ]; then
|
|
echo "Found PR directory, proceeding with cleanup..."
|
|
|
|
# Stop and remove containers
|
|
cd /stirling/PR-${{ github.event.pull_request.number }}
|
|
docker-compose down || true
|
|
|
|
# Go back to root before removal
|
|
cd /
|
|
|
|
# Remove PR-specific directories
|
|
rm -rf /stirling/PR-${{ github.event.pull_request.number }}
|
|
|
|
# Remove the Docker image
|
|
docker rmi --no-prune ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ github.event.pull_request.number }} || true
|
|
|
|
echo "PERFORMED_CLEANUP"
|
|
else
|
|
echo "PR directory not found, nothing to clean up"
|
|
echo "NO_CLEANUP_NEEDED"
|
|
fi
|
|
ENDSSH
|