|
1 | | -name: Build and Deploy |
| 1 | +# SourceBans++ docs deploy workflow (cutover deliverable for issue #1333). |
| 2 | +# |
| 3 | +# This repo is the GitHub Pages deploy target for <https://sbpp.github.io/>. |
| 4 | +# The docs source lives in `sbpp/sourcebans-pp` under `docs/` (Astro Starlight); |
| 5 | +# this workflow checks that repo out, builds the site, and publishes via |
| 6 | +# GitHub's first-party `actions/deploy-pages`. |
| 7 | +# |
| 8 | +# Triggers: |
| 9 | +# - repository_dispatch (event type: docs-changed) — fired by |
| 10 | +# `.github/workflows/docs-deploy-trigger.yml` in `sbpp/sourcebans-pp` after a |
| 11 | +# push to main that touches `docs/**`. The dispatcher mints a short-lived |
| 12 | +# installation token via the org-owned `sbpp-docs-deploy` GitHub App |
| 13 | +# (Actions: write scope on this repo only) so we never need a PAT. |
| 14 | +# - workflow_dispatch — manual button in the Actions UI for forced redeploys. |
| 15 | +# - schedule (weekly Sunday) — safety net in case a dispatch is dropped, the |
| 16 | +# upstream source is unreachable at dispatch time, or a previous deploy |
| 17 | +# failed silently. |
| 18 | +# |
| 19 | +# MANUAL SETUP REQUIRED (see issue #1333 cutover steps; cannot be configured in |
| 20 | +# workflow YAML): |
| 21 | +# - Settings → Pages → Source must be set to "GitHub Actions" (UI-only). |
| 22 | +# - The `sbpp-docs-deploy` GitHub App must exist with `Actions: write` scope on |
| 23 | +# this repo, be installed on this repo, and have its App ID + private key |
| 24 | +# registered as `vars.DOCS_DEPLOY_APP_ID` + `secrets.DOCS_DEPLOY_APP_KEY` in |
| 25 | +# `sbpp/sourcebans-pp` (consumed by the dispatcher there — not by anything |
| 26 | +# here). |
| 27 | + |
| 28 | +name: Deploy docs to Pages |
2 | 29 |
|
3 | 30 | on: |
4 | | - push: |
5 | | - branches: |
6 | | - - main |
| 31 | + repository_dispatch: |
| 32 | + types: [docs-changed] |
7 | 33 | workflow_dispatch: |
| 34 | + schedule: |
| 35 | + # Weekly safety net at Sunday 05:17 UTC. Non-zero minute avoids GitHub's |
| 36 | + # top-of-hour cron congestion (per their scheduled-events docs). |
| 37 | + - cron: '17 5 * * 0' |
8 | 38 |
|
9 | 39 | permissions: |
10 | | - contents: write |
| 40 | + contents: read |
| 41 | + pages: write |
| 42 | + id-token: write |
11 | 43 |
|
| 44 | +# Allow only one concurrent deployment, but never cancel an in-flight one — |
| 45 | +# Pages deploys should always finish to avoid leaving the site in a |
| 46 | +# half-published state. Standard `actions/deploy-pages` convention. |
| 47 | +# |
| 48 | +# Group name matches the issue #1333 §6 spec (`pages-deploy`) rather than |
| 49 | +# GitHub's example default (`pages`). Since this is the only workflow in |
| 50 | +# this repo that touches Pages, either choice serializes the same set of |
| 51 | +# runs — we just track the spec verbatim so the cross-repo intent is |
| 52 | +# obvious to anyone diffing the cutover. |
12 | 53 | concurrency: |
13 | 54 | group: pages-deploy |
14 | 55 | cancel-in-progress: false |
15 | 56 |
|
16 | 57 | jobs: |
17 | | - deploy: |
18 | | - runs-on: ubuntu-latest |
19 | | - env: |
20 | | - HUGO_VERSION: 0.88.1 |
| 58 | + build-and-deploy: |
| 59 | + # Pinned (not `ubuntu-latest`) to match sibling |
| 60 | + # `sbpp/sourcebans-pp/.github/workflows/docs-build.yml` so the build |
| 61 | + # validation gate and the deploy run on byte-identical runner images. |
| 62 | + runs-on: ubuntu-24.04 |
| 63 | + # Belt-and-suspenders against an upstream npm/Astro hang. Sibling |
| 64 | + # `docs-screenshots.yml` uses 30; the deploy is build-only (no |
| 65 | + # docker-compose / Playwright), so 15 is comfortably above the |
| 66 | + # observed steady-state runtime. |
| 67 | + timeout-minutes: 15 |
| 68 | + environment: |
| 69 | + name: github-pages |
| 70 | + url: ${{ steps.deployment.outputs.page_url }} |
| 71 | + # All `run:` steps below operate inside `docs/`. `cache-dependency-path` |
| 72 | + # and `path:` inputs to `uses:` actions stay rooted at the workspace |
| 73 | + # because action inputs are interpreted relative to the workspace, not |
| 74 | + # the job's `working-directory` default. |
| 75 | + defaults: |
| 76 | + run: |
| 77 | + working-directory: docs |
| 78 | + |
21 | 79 | steps: |
22 | | - - name: Checkout |
23 | | - uses: actions/checkout@v4 |
| 80 | + - name: Checkout sourcebans-pp (docs source) |
| 81 | + # Precedence: dispatched runs (repository_dispatch from |
| 82 | + # `sourcebans-pp/.github/workflows/docs-deploy-trigger.yml`) |
| 83 | + # carry the source commit SHA in the client payload — pin to it |
| 84 | + # so two pushes A, B in quick succession don't race (A's deploy |
| 85 | + # would otherwise check out main and silently rebuild from B). |
| 86 | + # workflow_dispatch and schedule have no payload, so they fall |
| 87 | + # through to the floating `main` ref by design (manual reruns |
| 88 | + # and the weekly safety net both want the latest). |
| 89 | + uses: actions/checkout@v5 |
24 | 90 | with: |
25 | | - submodules: true |
26 | | - fetch-depth: 0 |
| 91 | + repository: sbpp/sourcebans-pp |
| 92 | + ref: ${{ github.event.client_payload.source_sha || 'main' }} |
27 | 93 |
|
28 | 94 | - name: Setup Node |
29 | | - uses: actions/setup-node@v4 |
30 | | - with: |
31 | | - node-version: lts/* |
32 | | - |
33 | | - - name: Setup Hugo |
34 | | - uses: peaceiris/actions-hugo@v3 |
| 95 | + uses: actions/setup-node@v5 |
35 | 96 | with: |
36 | | - hugo-version: ${{ env.HUGO_VERSION }} |
| 97 | + # Match sibling `sourcebans-pp/.github/workflows/docs-build.yml` |
| 98 | + # and the documented floor in `sourcebans-pp/docs/README.md` |
| 99 | + # ("Node 20 LTS or newer"). Asymmetry between the validation |
| 100 | + # gate and the deploy would mean a build that passes CI could |
| 101 | + # still fail here. |
| 102 | + node-version: '20' |
| 103 | + cache: 'npm' |
| 104 | + cache-dependency-path: docs/package-lock.json |
37 | 105 |
|
38 | 106 | - name: Install dependencies |
39 | | - run: | |
40 | | - npm install -g grunt-cli yarn |
41 | | - yarn set version latest |
42 | | - yarn install --no-lockfile |
43 | | -
|
44 | | - - name: Build content index |
45 | | - run: grunt content-index |
| 107 | + run: npm ci |
46 | 108 |
|
47 | 109 | - name: Build site |
48 | | - run: hugo --minify |
| 110 | + run: npm run build |
49 | 111 |
|
50 | | - - name: Deploy to GitHub Pages |
51 | | - uses: peaceiris/actions-gh-pages@v4 |
| 112 | + - name: Upload Pages artifact |
| 113 | + uses: actions/upload-pages-artifact@v5 |
52 | 114 | with: |
53 | | - github_token: ${{ secrets.GITHUB_TOKEN }} |
54 | | - publish_dir: ./public |
55 | | - publish_branch: master |
| 115 | + path: docs/dist |
| 116 | + |
| 117 | + - name: Deploy to GitHub Pages |
| 118 | + id: deployment |
| 119 | + uses: actions/deploy-pages@v5 |
0 commit comments