-
Notifications
You must be signed in to change notification settings - Fork 0
95 lines (80 loc) · 2.81 KB
/
Copy pathdocs.yml
File metadata and controls
95 lines (80 loc) · 2.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Docs
# Buduje dokumentacje MkDocs Material w trybie --strict jako PR check,
# a na push do `dev` dodatkowo publikuje ja na GitHub Pages
# (https://iplweb.github.io/bpp/). RTD (bpp.readthedocs.io) biegnie
# rownolegle z tego samego mkdocs.yml; `site_url` wskazuje github.io,
# wiec canonical w obu buildach kieruje na Pages (brak konkurencji SEO).
# Workflow nie konsumuje zadnych nieZaufanych inputow (issue/PR titles,
# commit messages), wiec wzorce z https://github.blog/security/...
# nie maja tu zastosowania.
on:
push:
branches:
- dev
- master
paths:
- docs/**
- mkdocs.yml
- .readthedocs.yaml
- .github/workflows/docs.yml
pull_request:
branches:
- dev
paths:
- docs/**
- mkdocs.yml
- .readthedocs.yaml
- .github/workflows/docs.yml
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
build:
name: mkdocs build --strict
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.11"
cache: pip
cache-dependency-path: docs/requirements.txt
- name: Install MkDocs + plugins
run: pip install -r docs/requirements.txt
- name: Build docs (strict mode)
run: mkdocs build --strict --verbose
# Artefakt w formacie GitHub Pages (nazwa `github-pages`) — konsumuje
# go job `deploy`. Na PR-ach job `deploy` nie biegnie, ale artefakt
# i tak da sie pobrac do podejrzenia builda.
- name: Upload built site as Pages artifact
uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
with:
path: site/
deploy:
name: Deploy to GitHub Pages
# Publikujemy tylko z kanonicznego brancha `dev` i tylko na push —
# nigdy z PR-a ani z `master` (master sluzy buildowi obrazow Docker,
# nie dokumentacji).
if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
needs: build
runs-on: ubuntu-latest
timeout-minutes: 5
# Deploy potrzebuje szerszych uprawnien niz domyslne `contents: read`.
permissions:
pages: write
id-token: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
# Osobna grupa od workflow-owej: nie chcemy ubijac trwajacego deployu
# Pages w polowie (cancel-in-progress: false).
concurrency:
group: pages
cancel-in-progress: false
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0