-
Notifications
You must be signed in to change notification settings - Fork 14
151 lines (128 loc) · 4.68 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Deploy Hugo Site to GitHub Pages
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, closed]
jobs:
check-fork-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code with full history
uses: actions/checkout@v2
with:
fetch-depth: 1 # Use shallow clone to speed up checkout
- name: Check if PR is from a fork and if deploy.yml was modified
run: |
if [[ "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then
echo "PR is from a fork. Fetching deploy.yml from the main repository."
git fetch origin main --depth=1 # Fetch the main branch
git checkout origin/main -- .github/workflows/deploy.yml # Checkout only deploy.yml
MODIFIED_FILES=$(git diff --name-only HEAD .github/workflows/deploy.yml)
if echo "$MODIFIED_FILES" | grep -q ".github/workflows/deploy.yml"; then
echo "Deploy.yml was modified in a PR from a fork. Aborting workflow."
exit 1
fi
fi
build:
runs-on: ubuntu-latest
needs: check-fork-and-deploy
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '20.16.0'
cache: 'npm'
- name: Cache Hugo & Node modules
uses: actions/cache@v2
with:
path: |
~/.hugo_cache
node_modules
key: ${{ runner.os }}-hugo-${{ hashFiles('**/hugo.toml') }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-hugo-
${{ runner.os }}-npm-
- name: Install Hugo
uses: peaceiris/actions-hugo@v3
with:
hugo-version: latest
- name: Install dependencies
run: |
if [ -f package-lock.json ]; then
npm ci # Faster installation when lockfile exists
else
npm install
fi
- name: Build TailwindCSS
run: npm run build-tw
- name: Build Hugo site for PR Preview
if: github.event_name == 'pull_request' && github.event.action != 'closed'
env:
HUGO_ENVIRONMENT: production
HUGO_BASEURL: "https://infuse.quest/pr-${{ github.event.pull_request.number }}/"
run: hugo --minify -d ./public
- name: Build Hugo site for Main Deployment
if: github.ref == 'refs/heads/main'
env:
HUGO_ENVIRONMENT: production
run: hugo --minify -d ./public
- name: Create CNAME file
if: github.ref == 'refs/heads/main'
run: echo 'infuse.quest' > public/CNAME
- name: Build Pagefind index
run: npx pagefind --site "public"
- name: Deploy Main Site to GitHub Pages
if: github.ref == 'refs/heads/main'
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./public
deploy-pr-preview:
if: github.event_name == 'pull_request' && github.event.action != 'closed'
runs-on: ubuntu-latest
needs: build
steps:
- name: Decode GitHub App private key
run: |
echo "${{ secrets.INFUSE_DEPLOY_SECRET }}" > private-key.pem
- name: Generate JWT for GitHub App
run: |
npm install jsonwebtoken
node -e "
const jwt = require('jsonwebtoken');
const fs = require('fs');
const privateKey = fs.readFileSync('private-key.pem', 'utf8');
const token = jwt.sign({}, privateKey, {
algorithm: 'RS256',
expiresIn: '10m',
issuer: '1077537',
});
console.log(token);
" > jwt.token
- name: Fetch GitHub App Installation Token
run: |
JWT=$(cat jwt.token)
INSTALLATION_ID=$(curl -s -H "Authorization: Bearer $JWT" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/app/installations | jq -r '.[0].id')
INSTALLATION_TOKEN=$(curl -s -X POST \
-H "Authorization: Bearer $JWT" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/app/installations/$INSTALLATION_ID/access_tokens | jq -r '.token')
echo "INSTALLATION_TOKEN=${INSTALLATION_TOKEN}" >> $GITHUB_ENV
cleanup:
if: github.event_name == 'pull_request' && github.event.action == 'closed'
runs-on: ubuntu-latest
steps:
- name: Remove Preview Deployment
uses: peaceiris/actions-gh-pages@v3
with:
personal_token: ${{ env.INSTALLATION_TOKEN }}
destination_dir: pr-${{ github.event.pull_request.number }}
remove_files: true