Add GitHub Actions workflow to deploy Storybook to GitHub Pages#1648
Conversation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds a dedicated GitHub Actions workflow to build the frontend Storybook static site and deploy it to GitHub Pages on pushes to main (and via manual dispatch).
Changes:
- Introduces a
storybook.ymlworkflow triggered onpushtomainandworkflow_dispatch - Builds Storybook from
frontend/and uploadsfrontend/storybook-staticas a Pages artifact - Deploys the uploaded artifact to the
github-pagesenvironment usingactions/deploy-pages
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| permissions: | ||
| contents: read | ||
| pages: write | ||
| id-token: write |
There was a problem hiding this comment.
Workflow-level permissions grants pages: write and id-token: write to the build job, even though only the deploy job needs to publish to Pages. This increases the blast radius if a dependency/script in the build step is compromised. Consider reducing the top-level permissions to the minimum (e.g., contents: read) and setting pages: write + id-token: write only on the deploy job (or even just the single deployment step) via job-level permissions:.
No description provided.