ci(pages): scoped auto-deploy of landing → gh-pages #42
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| name: Deploy landing → gh-pages | ||
|
|
||
| # Publishes ONLY the landing files (index.html + assets/) from main onto the | ||
| # curated gh-pages branch. | ||
| # | ||
| # gh-pages is hand-assembled, NOT a mirror of main: it carries forge/, forms/, | ||
| # qdrant-features/, docs/, CNAME (memex.quest) and .nojekyll that do NOT exist | ||
| # on main. So this job is deliberately SCOPED — it only overlays index.html and | ||
| # assets/, and never deletes anything else. The "checkout from main" step is | ||
| # additive/update-only, so all curated content survives every deploy. | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main] | ||
| paths: | ||
| - index.html | ||
| - assets/** | ||
| workflow_dispatch: {} | ||
|
|
||
| permissions: | ||
| contents: write | ||
|
|
||
| # Never run two deploys at once; queue them so a push is never interrupted. | ||
| concurrency: | ||
| group: deploy-landing-gh-pages | ||
| cancel-in-progress: false | ||
|
|
||
| jobs: | ||
| deploy: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout (all branches, full history) | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Overlay index.html + assets/ onto gh-pages | ||
| run: | | ||
| set -euo pipefail | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | ||
|
|
||
| git switch gh-pages | ||
|
|
||
| # `git checkout <ref> -- <path>` writes ONLY the paths present in that | ||
| # ref's tree and never deletes files that exist solely on gh-pages. | ||
| # That makes this purely additive: forge/, forms/, qdrant-features/, | ||
| # docs/, CNAME and .nojekyll are left exactly as curated. | ||
| git checkout origin/main -- index.html assets | ||
|
There was a problem hiding this comment.
On a push that deletes or renames a file under Useful? React with 👍 / 👎. |
||
|
|
||
| git add index.html assets | ||
| if git diff --cached --quiet; then | ||
| echo "Landing already in sync with main — nothing to deploy." | ||
| exit 0 | ||
| fi | ||
|
|
||
| git commit -m "deploy(landing): sync index.html + assets from ${GITHUB_SHA:0:7}" | ||
| git push origin gh-pages | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
액션을 SHA로 고정하여 보안 태세를 개선하세요.
현재
actions/checkout@v4는 변경 가능한 태그를 사용합니다. 공급망 공격을 방지하려면 특정 커밋 SHA로 고정하는 것이 권장됩니다.🔒 SHA 고정 제안
참고: 최신 v4 릴리스의 SHA를 확인하려면 actions/checkout 릴리스를 참조하세요.
🧰 Tools
🪛 zizmor (1.25.2)
[error] 33-33: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🤖 Prompt for AI Agents