-
Notifications
You must be signed in to change notification settings - Fork 0
173 lines (149 loc) · 7.89 KB
/
build-and-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
#
# GitHub Actions workflow: Builds the site and uploads it to the target server.
#
# For more details on workflows, see README.md.
#
# See also: https://gohugo.io/hosting-and-deployment/hosting-on-github/
#
name: Build and Deploy
# When to run this workflow
# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
# See: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#on
on:
# Trigger the workflow on push to the main branch (deploy to production).
push:
branches: [ main ]
# Trigger the workflow for any pull requests (deploy to preview, if "local" PR; don't deploy if PR from fork).
pull_request:
# Allow manual run of this workflow (https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow)
workflow_dispatch:
# Permissions for GITHUB_TOKEN for this workflow.
# See: https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
permissions:
contents: read
env:
# Set "DEPLOY_STATE" to "production" if this workflow was triggered by a push to the main branch.
# Set "DEPLOY_STATE" to "preview" in any other case (i.e. pull requests).
DEPLOY_STAGE: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' && 'production' || 'preview' }}
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#concurrency
concurrency:
# Makes this workflow part of the "deploy" concurrency group. (Note that this text can be chosen arbitrarily.)
# NOTE: Unfortunately, we can't use "env.DEPLOY_STAGE" as "env." is not supported.
group: deploy-${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' && 'production' || 'preview' }}
# Do NOT cancel in-progress runs as we want to allow these deployments to complete.
cancel-in-progress: false
# NOTE: Jobs run in parallel by default.
# https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow
jobs:
build-and-deploy:
# Name the job
name: Build & Deploy
# Set the type of machine to run on
# See: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idruns-on
runs-on: ubuntu-latest
steps:
- name: Install Hugo CLI
run: sudo snap install hugo
# See: https://github.com/actions/setup-node
- name: Setup NodeJS environment
uses: actions/setup-node@v4
with:
node-version: 'latest'
# See: https://github.com/actions/checkout
- name: Clone Git repository
uses: actions/checkout@v4
with:
lfs: true
submodules: true
# IMPORTANT: Fetch the whole history. This is how Hugo determines the (publish) dates for the articles!!!
fetch-depth: 0
# Use this to dump the complete "github" context for the build log.
# - name: Dump GitHub context
# env:
# GITHUB_CONTEXT: ${{ toJson(github) }}
# run: echo "$GITHUB_CONTEXT"
- name: Download node modules (assets)
run: npm install
working-directory: themes/devlog-theme/assets
- name: Download node modules (utils)
run: npm install
working-directory: themes/devlog-theme/_utils
- name: Build site (preview)
if: ${{ env.DEPLOY_STAGE == 'preview' }}
# NOTE: We don't use "--minify" here so that the output remains better readable/diffable.
run: hugo --destination ./public/ --printPathWarnings --logLevel info --panicOnWarning --buildDrafts --baseURL 'https://preview.manski.net'
env:
# Disable search engine crawling for the preview stage.
HUGO_PARAMS_robots: 'noindex,nofollow'
# For pull requests, the git branch name can't be determined by reading ".git/HEAD". So we have to specify it here explicitly.
HUGO_PARAMS_gitBranch: ${{ github.head_ref }}
- name: Build site (production)
if: ${{ env.DEPLOY_STAGE == 'production' }}
run: hugo --destination ./public/ --printPathWarnings --logLevel info --panicOnWarning
- name: Beautify output
run: node beautify.js "../../../public"
working-directory: themes/devlog-theme/_utils
- name: Build search index
run: npx pagefind --site "../../../public"
working-directory: themes/devlog-theme/_utils
# This creates ${{ steps.short-sha.outputs.sha }} to be used below.
# See: https://github.com/marketplace/actions/short-sha
- name: Provide short commit hash to workflow
id: short-sha
uses: benjlevesque/[email protected]
- name: Determine Hugo version
id: hugo-version
run: hugo version | sed -r 's/hugo v([0-9.]+).*/version=\1/' >> $GITHUB_OUTPUT
#
# Store generated files in a zip file in the workflow itself. This way outputs between two workflow runs can be compared,
# if necessary.
#
# NOTE: Artifacts are retained only up to 90 days at the moment. See: https://github.com/orgs/community/discussions/107115
#
# See: https://github.com/actions/upload-artifact
- name: Add generated files to workflow run
uses: actions/upload-artifact@v4
with:
# To make the artifacts easier to differentiate (i.e. when downloading them from different runs),
# we'll add the workflow run number to the name (this is the same number that's also shown in the
# GitHub UI - like 27 for run #27).
#
# NOTE: We also add some context information (like the commit SHA) to the file name to make it easier
# to identify what this artifact represents.
name: 'generated-files_#${{ github.run_number }}_sha-${{ steps.short-sha.outputs.sha }}_hugo-${{ steps.hugo-version.outputs.version }}'
path: ./public/
if-no-files-found: error
# See: https://github.com/marketplace/actions/ftp-deploy
- name: Deploy site
uses: SamKirkland/[email protected]
env:
HAS_ACCESS_TO_SECRETS: ${{ secrets.ftp_username }}
# Only run this step if the workflow has access to the repository's secret. Only pull requests
# from within the repository itself have access. Pull requests from forks don't have access.
# See below.
if: ${{ env.HAS_ACCESS_TO_SECRETS }}
with:
# See: https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions
# IMPORTANT: Secrets are NOT available for pull requests from forked repositories!!!
# Meaning: We don't need to fear that a malicious pull request will overwrite our web site.
# See: https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow
server: ${{ secrets.ftp_server }}
username: ${{ secrets.ftp_username }}
password: ${{ secrets.ftp_password }}
# Use an encrypted FTP connection.
protocol: ftps
#log-level: verbose
# NOTE: This action actually compares file hashes to determine if a file needs to be uploaded.
local-dir: ./public/
server-dir: ./www_${{ env.DEPLOY_STAGE }}/
state-name: ../sync-state-${{ env.DEPLOY_STAGE }}.json
# NOTE: By default, "exclude" contains "node_modules". We have to remove this exclude rule because
# we use this to ship fontawesome.
# For default, see: https://github.com/marketplace/actions/ftp-deploy#exclude-files
# NOTE: Unfortunately, you don't seem to be able to clear the exclude options because it then will simply
# use the default value again. So we keep some common sense value (even though we don't actually need to
# exclude anything).
exclude: |
**/.git*
**/.git*/**