Pin GitHub Actions to commit SHAs with version tag comments #1677
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GitHub Pages | |
| on: | |
| push: | |
| jobs: | |
| # BUILD | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| submodules: true | |
| - name: Setup Pages | |
| uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 | |
| - name: Setup Hugo | |
| uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 | |
| with: | |
| hugo-version: '0.148.1' | |
| extended: true | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: 22 | |
| cache: 'npm' | |
| cache-dependency-path: package-lock.json | |
| registry-url: 'https://npm.fontawesome.com/' | |
| - name: NPM install | |
| run: | | |
| npm config set "@awesome.me:registry" https://npm.fontawesome.com/ | |
| npm ci --ignore-scripts | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.FONTAWESOME_AUTH_TOKEN }} | |
| - name: Build production | |
| run: hugo --minify --destination public/prod | |
| - name: Build staging | |
| run: hugo --baseURL=https://staging.cryptomator.org/ --environment=staging --minify --destination public/staging | |
| - name: Add robots.txt for staging | |
| run: 'echo -e "User-agent: *\nDisallow: /" > public/staging/robots.txt' | |
| - name: Upload Prod Pages artifact | |
| uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 | |
| with: | |
| name: prod-site | |
| path: ./public/prod | |
| - name: Upload Staging artifacts | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: staging-site | |
| path: ./public/staging | |
| # DEPLOY PROD | |
| deploy-prod: | |
| if: github.ref == 'refs/heads/main' | |
| name: Deploy Prod to GitHub Pages | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| permissions: # Grant GITHUB_TOKEN the permissions required to make a Pages deployment | |
| pages: write # to deploy to Pages | |
| id-token: write # to verify the deployment originates from an appropriate source | |
| steps: | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 | |
| with: | |
| artifact_name: prod-site | |
| environment: # Deploy to the github-pages environment | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| # DEPLOY STAGING | |
| deploy-staging: | |
| if: github.ref == 'refs/heads/develop' | |
| name: Deploy Staging to GitHub Pages | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| steps: | |
| - name: Download build | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| name: staging-site | |
| path: ./public | |
| - name: Deploy to Staging Repository | |
| uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3 | |
| with: | |
| personal_token: ${{ secrets.CRYPTOBOT_DEPLOY_STAGING_WEBSITE }} | |
| external_repository: cryptomator/staging.cryptomator.github.io | |
| publish_dir: ./public | |
| publish_branch: main | |
| cname: staging.cryptomator.org | |