mnahkies · mnahkies · May 31, 2025 · May 31, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -59,15 +59,6 @@ jobs:
 
       - name: Check for uncommitted changes
         run: ./scripts/assert-clean-working-directory.sh
-
-      - name: Publish documentation
-        if: github.ref == 'refs/heads/main'
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/$GITHUB_REPOSITORY
-          yarn lerna run publish:gh-pages --scope '@nahkies/openapi-code-generator-documentation'
-
 # TODO: figure out how to do this safely, eg: no risk of external contributors exfiltrating publish secret.
 #    - name: Configure Git User
 #      run: |

diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml
@@ -0,0 +1,51 @@
+name: Publish Docs
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  publish_docs:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [24.x]
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          registry-url: "https://registry.npmjs.org"
+          node-version: ${{ matrix.node-version }}
+
+      - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        id: yarn-cache
+        with:
+          path: .yarn
+          key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+
+      - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        id: nextjs-cache
+        with:
+          path: packages/documentation/.next/cache
+          key: ${{ runner.os }}-nextjs-${{ hashFiles('yarn.lock') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
+          restore-keys: |
+            ${{ runner.os }}-nextjs-${{ hashFiles('yarn.lock') }}-
+
+      - run: corepack enable
+
+      - run: yarn --immutable
+      - run: yarn ci-build
+      - name: Publish documentation
+        if: github.ref == 'refs/heads/main'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/$GITHUB_REPOSITORY
+          yarn lerna run publish:gh-pages --scope '@nahkies/openapi-code-generator-documentation'
@@ -1,2 +1,4 @@
 name: Publish Docs
+permissions:
+  contents: write
 on:
@@ -1,2 +1,4 @@
 name: Publish Docs
+permissions:
+  contents: write
 on: