Update theme #193
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# GitHub Actions workflow: Builds the site and uploads it to the target server. | |
# | |
# For more details on workflows, see README.md. | |
# | |
# See also: https://gohugo.io/hosting-and-deployment/hosting-on-github/ | |
# | |
name: Build and Deploy | |
# When to run this workflow | |
# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows | |
# See: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#on | |
on: | |
# Trigger the workflow on push to the main branch (deploy to production). | |
push: | |
branches: [ main ] | |
# Trigger the workflow for any pull requests (deploy to preview, if "local" PR; don't deploy if PR from fork). | |
pull_request: | |
# Allow manual run of this workflow (https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow) | |
workflow_dispatch: | |
# Permissions for GITHUB_TOKEN for this workflow. | |
# See: https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token | |
permissions: | |
contents: read | |
env: | |
# Set "DEPLOY_STATE" to "production" if this workflow was triggered by a push to the main branch. | |
# Set "DEPLOY_STATE" to "preview" in any other case (i.e. pull requests). | |
DEPLOY_STAGE: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' && 'production' || 'preview' }} | |
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#concurrency | |
concurrency: | |
# Makes this workflow part of the "deploy" concurrency group. (Note that this text can be chosen arbitrarily.) | |
# NOTE: Unfortunately, we can't use "env.DEPLOY_STAGE" as "env." is not supported. | |
group: deploy-${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' && 'production' || 'preview' }} | |
# Do NOT cancel in-progress runs as we want to allow these deployments to complete. | |
cancel-in-progress: false | |
# NOTE: Jobs run in parallel by default. | |
# https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow | |
jobs: | |
build-and-deploy: | |
# Name the job | |
name: Build & Deploy | |
# Set the type of machine to run on | |
# See: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idruns-on | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Hugo CLI | |
run: sudo snap install hugo | |
# See: https://github.com/actions/setup-node | |
- name: Setup NodeJS environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 'latest' | |
# See: https://github.com/actions/checkout | |
- name: Clone Git repository | |
uses: actions/checkout@v4 | |
with: | |
lfs: true | |
submodules: true | |
# IMPORTANT: Fetch the whole history. This is how Hugo determines the (publish) dates for the articles!!! | |
fetch-depth: 0 | |
- name: Download node modules (assets) | |
run: npm install | |
working-directory: themes/devlog-theme/assets | |
- name: Download node modules (utils) | |
run: npm install | |
working-directory: themes/devlog-theme/_utils | |
- name: Build site (preview) | |
if: ${{ env.DEPLOY_STAGE == 'preview' }} | |
# NOTE: We don't use "--minify" here so that the output remains better readable/diffable. | |
run: hugo --destination ./public/ --printPathWarnings --logLevel info --panicOnWarning --buildDrafts --baseURL 'https://preview.manski.net' | |
env: | |
# Disable search engine crawling for the preview stage. | |
HUGO_PARAMS_robots: 'noindex,nofollow' | |
- name: Build site (production) | |
if: ${{ env.DEPLOY_STAGE == 'production' }} | |
run: hugo --destination ./public/ --printPathWarnings --logLevel info --panicOnWarning | |
- name: Beautify output | |
run: node beautify.js "../../../public" | |
working-directory: themes/devlog-theme/_utils | |
- name: Build search index | |
run: npx pagefind --site "../../../public" | |
working-directory: themes/devlog-theme/assets | |
# This creates ${{ steps.short-sha.outputs.sha }} to be used below. | |
# See: https://github.com/marketplace/actions/short-sha | |
- name: Provide short commit hash to workflow | |
id: short-sha | |
uses: benjlevesque/[email protected] | |
- name: Determine Hugo version | |
id: hugo-version | |
run: hugo version | sed -r 's/hugo v([0-9.]+).*/version=\1/' >> $GITHUB_OUTPUT | |
# | |
# Store generated files in a zip file in the workflow itself. This way outputs between two workflow runs can be compared, | |
# if necessary. | |
# | |
# NOTE: Artifacts are retained only up to 90 days at the moment. See: https://github.com/orgs/community/discussions/107115 | |
# | |
# See: https://github.com/actions/upload-artifact | |
- name: Add generated files to workflow run | |
uses: actions/upload-artifact@v4 | |
with: | |
# To make the artifacts easier to differentiate (i.e. when downloading them from different runs), | |
# we'll add the workflow run number to the name (this is the same number that's also shown in the | |
# GitHub UI - like 27 for run #27). | |
# | |
# NOTE: We also add some context information (like the commit SHA) to the file name to make it easier | |
# to identify what this artifact represents. | |
name: 'generated-files_#${{ github.run_number }}_sha-${{ steps.short-sha.outputs.sha }}_hugo-${{ steps.hugo-version.outputs.version }}' | |
path: ./public/ | |
if-no-files-found: error | |
# See: https://github.com/marketplace/actions/ftp-deploy | |
- name: Deploy site | |
uses: SamKirkland/[email protected] | |
env: | |
HAS_ACCESS_TO_SECRETS: ${{ secrets.ftp_username }} | |
# Only run this step if the workflow has access to the repository's secret. Only pull requests | |
# from within the repository itself have access. Pull requests from forks don't have access. | |
# See below. | |
if: ${{ env.HAS_ACCESS_TO_SECRETS }} | |
with: | |
# See: https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions | |
# IMPORTANT: Secrets are NOT available for pull requests from forked repositories!!! | |
# Meaning: We don't need to fear that a malicious pull request will overwrite our web site. | |
# See: https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow | |
server: ${{ secrets.ftp_server }} | |
username: ${{ secrets.ftp_username }} | |
password: ${{ secrets.ftp_password }} | |
# Use an encrypted FTP connection. | |
protocol: ftps | |
#log-level: verbose | |
# NOTE: This action actually compares file hashes to determine if a file needs to be uploaded. | |
local-dir: ./public/ | |
server-dir: ./www_${{ env.DEPLOY_STAGE }}/ | |
state-name: ../sync-state-${{ env.DEPLOY_STAGE }}.json | |
# NOTE: By default, "exclude" contains "node_modules". We have to remove this exclude rule because | |
# we use this to ship fontawesome. | |
# For default, see: https://github.com/marketplace/actions/ftp-deploy#exclude-files | |
# NOTE: Unfortunately, you don't seem to be able to clear the exclude options because it then will simply | |
# use the default value again. So we keep some common sense value (even though we don't actually need to | |
# exclude anything). | |
exclude: | | |
**/.git* | |
**/.git*/** |