-
Notifications
You must be signed in to change notification settings - Fork 0
260 lines (239 loc) · 11.3 KB
/
docs.yml
File metadata and controls
260 lines (239 loc) · 11.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
# =============================================================================
# CI/CD Workflow: OpenSIN Documentation Build & Deploy
# =============================================================================
# This workflow builds the VitePress documentation site using bun (not npm!)
# and deploys to Cloudflare Pages on the main branch.
#
# BUN-ONLY MANDATE (AGENTS.md): npm is permanently banned.
# Global Brain hooks (PRIORITY -100.0) sync before/after every run.
#
# Secrets required (set in GitHub repo settings):
# - CLOUDFLARE_API_TOKEN: Cloudflare Pages API token
# - CLOUDFLARE_ACCOUNT_ID: Cloudflare account ID
# =============================================================================
name: Docs Build & Deploy
on:
push:
branches: [main, fix/docs-modernize-standards]
paths-ignore:
- 'worktrees/**'
- '.worktrees/**'
- '*.wt/**'
pull_request:
branches: [main]
paths-ignore:
- 'worktrees/**'
- '.worktrees/**'
- '*.wt/**'
# =============================================================================
# Environment variables — Bun version pinned for reproducibility
# =============================================================================
env:
BUN_VERSION: "1.3.12"
NODE_VERSION: "22"
# =============================================================================
# Job definitions
# =============================================================================
jobs:
# ---------------------------------------------------------------------------
# Job: build
# Purpose: Install dependencies with bun, run VitePress build, verify output
# ---------------------------------------------------------------------------
build:
name: VitePress Build (bun)
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
# -----------------------------------------------------------------------
# STEP 1: Global Brain sync BEFORE run (PRIORITY -100.0 mandate)
# Loads active context from the persistent brain before each OpenCode run
# -----------------------------------------------------------------------
- name: Global Brain sync before run
run: |
echo "=== PCPM Before-Run Hook ==="
BRAIN_CLI="/Users/jeremy/dev/global-brain/src/cli.js"
if [ -f "$BRAIN_CLI" ]; then
node "$BRAIN_CLI" orchestrate \
--project opensin-docs \
--project-root "$PWD" \
2>/dev/null || true
echo "Global Brain sync completed"
else
echo "Global Brain sync skipped on non-local runner"
fi
# -----------------------------------------------------------------------
# STEP 2: Checkout with full history for proper submodule handling
# -----------------------------------------------------------------------
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
# -----------------------------------------------------------------------
# STEP 3: Install Bun (required — npm permanently banned per AGENTS.md)
# -----------------------------------------------------------------------
- name: Install Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: "${{ env.BUN_VERSION }}"
# -----------------------------------------------------------------------
# STEP 4: Install dependencies ONLY using bun (AGENTS.md CI/CD mandate)
# Bun is ~90% faster and uses 10x less RAM than npm
# -----------------------------------------------------------------------
- name: Install dependencies (bun ONLY — npm banned per AGENTS.md)
run: bun install
# -----------------------------------------------------------------------
# STEP 5: Lint check — verify NO npm patterns in source code
# This ensures the BUN-ONLY mandate is enforced across all source files
# -----------------------------------------------------------------------
- name: Lint check (no npm patterns)
run: |
echo "=== BUN-ONLY Verification ==="
NPM_PATTERNS=$(grep -RInE "npm install|npm run|package-lock|npx |bunx " . \
--include="*.md" \
--include="*.json" \
--include="*.yml" \
--include="*.yaml" \
--include="*.sh" \
--exclude-dir=node_modules \
--exclude-dir=.git \
--exclude-dir=worktrees \
--exclude-dir=.worktrees \
--exclude-dir='*.wt' \
--exclude-dir=.vitepress \
--exclude-dir=.github \
--exclude=AGENTS.md \
2>/dev/null | grep -v "node_modules" || true)
if [ -n "$NPM_PATTERNS" ]; then
echo "FAIL: Found npm patterns:"
echo "$NPM_PATTERNS"
exit 1
else
echo "PASS: No npm patterns found — BUN-ONLY verified"
fi
# -----------------------------------------------------------------------
# STEP 6: Build VitePress documentation site
# -----------------------------------------------------------------------
- name: Build docs
run: |
echo "=== VitePress Build ==="
bun ./scripts/build-docs.mjs
# -----------------------------------------------------------------------
# STEP 7: Verify build output exists
# VitePress outputs to .vitepress/dist/ — this must exist for deploy
# -----------------------------------------------------------------------
- name: Verify build output exists
run: |
echo "=== Build Verification ==="
if [ -d "docs/.vitepress/dist" ] && [ -f "docs/.vitepress/dist/index.html" ]; then
echo "PASS: Build output verified"
echo " Dist size: $(du -sh docs/.vitepress/dist | cut -f1)"
echo " Files: $(find docs/.vitepress/dist -type f | wc -l)"
else
echo "FAIL: Build output missing or incomplete"
echo " docs/.vitepress/dist exists: $(test -d docs/.vitepress/dist && echo YES || echo NO)"
ls -la docs/.vitepress/ 2>/dev/null || echo "No docs/.vitepress dir"
exit 1
fi
# -----------------------------------------------------------------------
# STEP 8: Global Brain sync AFTER successful build (PRIORITY -100.0)
# Extracts knowledge from the completed session back into the brain
# -----------------------------------------------------------------------
- name: Global Brain sync after run
if: success()
run: |
echo "=== PCPM After-Run Hook ==="
BRAIN_CLI="/Users/jeremy/dev/global-brain/src/cli.js"
if [ -f "$BRAIN_CLI" ]; then
node "$BRAIN_CLI" extract-knowledge \
--project opensin-docs \
--project-root "$PWD" \
2>/dev/null || true
echo "Post-run knowledge extraction completed"
else
echo "Post-run knowledge extraction skipped on non-local runner"
fi
# -----------------------------------------------------------------------
# STEP 9: Upload build artifacts for deploy job
# Artifacts are needed because build and deploy are separate jobs
# -----------------------------------------------------------------------
- name: Upload build artifacts
if: github.ref == 'refs/heads/main'
uses: actions/upload-pages-artifact@v3
with:
path: docs/.vitepress/dist
# ---------------------------------------------------------------------------
# Job: deploy
# Purpose: Deploy built docs to Cloudflare Pages (main branch only)
# ---------------------------------------------------------------------------
deploy:
name: Cloudflare Pages Deploy
if: github.ref == 'refs/heads/main'
needs: build
runs-on: ubuntu-latest
timeout-minutes: 10
environment:
name: production
url: https://docs.opensin.ai
permissions:
contents: read
deployments: write
steps:
# -----------------------------------------------------------------------
# STEP 1: Download build artifacts from the build job
# -----------------------------------------------------------------------
- name: Download built artifacts
uses: actions/download-artifact@v4
with:
name: github-pages
path: docs/.vitepress/dist
# -----------------------------------------------------------------------
# STEP 2: Validate required Cloudflare secrets exist
# Fail fast with explicit diagnostics instead of surfacing a vague deploy error.
# -----------------------------------------------------------------------
- name: Validate Cloudflare secrets
run: |
if [ -z "${{ secrets.CLOUDFLARE_API_TOKEN }}" ]; then
echo "::error::CLOUDFLARE_API_TOKEN is missing or empty in repository secrets."
exit 1
fi
if [ -z "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}" ]; then
echo "::error::CLOUDFLARE_ACCOUNT_ID is missing or empty in repository secrets."
exit 1
fi
echo "PASS: Cloudflare secrets are present"
# -----------------------------------------------------------------------
# STEP 3: Verify Cloudflare authentication and Pages access BEFORE deploy
# 403 here means invalid token, wrong account id, or insufficient Pages scope.
# -----------------------------------------------------------------------
- name: Test Cloudflare authentication and permissions
run: |
HTTP_CODE=$(curl -sS -o /tmp/cf_pages_projects.json -w "%{http_code}" \
-X GET "https://api.cloudflare.com/client/v4/accounts/${{ secrets.CLOUDFLARE_ACCOUNT_ID }}/pages/projects" \
-H "Authorization: Bearer ${{ secrets.CLOUDFLARE_API_TOKEN }}")
if [ "$HTTP_CODE" -ne 200 ]; then
echo "::error::Cloudflare API returned HTTP $HTTP_CODE while listing Pages projects."
echo "::error::403 indicates an invalid/expired token, wrong account id, or missing Pages permissions."
echo "::error::Required minimum scopes: Account Settings: Read and Pages: Edit on the target account."
cat /tmp/cf_pages_projects.json
exit 1
fi
if ! grep -q '"name":"opensin-docs"' /tmp/cf_pages_projects.json; then
echo "::warning::Cloudflare auth succeeded, but the 'opensin-docs' Pages project was not found in the account listing."
echo "::warning::Verify CLOUDFLARE_ACCOUNT_ID points to the account that owns the Pages project."
else
echo "PASS: Cloudflare authentication and Pages project access verified"
fi
# -----------------------------------------------------------------------
# STEP 4: Deploy to Cloudflare Pages
# Uses Cloudflare Pages action for deployment (direct artifact upload, not npm)
# -----------------------------------------------------------------------
- name: Deploy to Cloudflare Pages
uses: cloudflare/pages-action@v1
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
projectName: opensin-docs
directory: docs/.vitepress/dist
gitHubToken: ${{ secrets.GITHUB_TOKEN }}
branch: main