ci: add zizmor pre-commit hook and fix issues #356
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Documentation Preview | |
on: | |
pull_request: | |
# allow repository maintainers to modify and test workflow | |
paths: | |
- ".github/workflows/docs.yaml" | |
pull_request_target: # zizmor: ignore[dangerous-triggers] | |
# enable runs for this workflow when labeled as documentation only | |
# prevent execution when the workflow itself is modified from a fork | |
types: | |
- labeled | |
- synchronize | |
paths: | |
- "docs/**" | |
jobs: | |
deploy: | |
name: Build & Deploy | |
runs-on: ubuntu-latest | |
if: > | |
(github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'impact/docs')) | |
|| (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) | |
permissions: | |
contents: read | |
pull-requests: write | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
repository: python-poetry/website | |
# use .github from pull request target instead of pull_request.head | |
# for pull_request_target trigger to avoid arbitrary code execution | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
path: poetry-github | |
sparse-checkout: .github | |
# only checkout docs from pull_request.head to not use something else by accident | |
# for pull_request_target trigger (security) | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
path: poetry-docs | |
ref: ${{ github.event.pull_request.head.sha }} | |
sparse-checkout: docs | |
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: "18" | |
- uses: ./poetry-github/.github/actions/bootstrap-poetry | |
- uses: ./poetry-github/.github/actions/poetry-install | |
with: | |
args: --no-root --only main | |
- name: website-build | |
run: | | |
# Rebuild the docs files from the PR checkout. | |
poetry run python bin/website build --local ./poetry-docs | |
# Build website assets (CSS/JS). | |
npm ci && npm run prod | |
# Build the static website. | |
npx hugo --minify --logLevel info | |
- uses: amondnet/vercel-action@16e87c0a08142b0d0d33b76aeaf20823c381b9b9 # v25.2.0 | |
with: | |
vercel-token: ${{ secrets.VERCEL_TOKEN }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }} | |
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }} | |
scope: python-poetry | |
github-comment: true | |
working-directory: public |