Add GitHub Actions workflow for Pages deployment

[nuoomnoy02]

This workflow automates the deployment of static content to GitHub Pages on push to the main branch or manually via the Actions tab.

Description

Type of Change

• Bug fix
• Documentation update
• Other (please describe):

---

⚠️ Want to Add a New Prompt?

Please don't edit prompts.csv directly!

Instead, visit prompts.chat and:

1. Login with GitHub - Click the login button and authenticate with your GitHub account
2. Create your prompt - Use the prompt editor to add your new prompt
3. Submit - Your prompt will be reviewed and a GitHub Action will automatically create a commit on your behalf

This ensures proper attribution, formatting, and keeps the repository in sync. You'll also appear on the Contributors page!

---

Additional Notes

Summary by CodeRabbit

• Chores
  • Added GitHub Pages deployment workflow configuration for automated static content publishing and distribution
  • Configured automatic triggering on main branch updates combined with manual workflow execution capabilities
  • Established comprehensive deployment infrastructure including repository access controls, permission boundaries, artifact upload management, and concurrent process handling
  • Configured deployment environment setup and status information exposure for monitoring

[vercel]

@nuoomnoy02 is attempting to deploy a commit to the fkadev Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow is introduced to automate static content deployment to GitHub Pages. The workflow triggers on main branch pushes and manual dispatch, executing sequential steps to checkout code, configure Pages, upload artifacts, and deploy.

Changes

Cohort / File(s)	Summary
GitHub Pages Deployment Workflow .github/workflows/static.yml	Adds automated GitHub Actions workflow with configured permissions (contents read, pages write, id-token write) and concurrency settings. Executes checkout, Pages configuration, artifact upload, and deployment steps with page URL exposure.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 To Pages so grand, a workflow takes flight,
With branches and artifacts, deployed just right!
Static content dancing in GitHub's embrace,
Automated deploys at a sustainable pace! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the main change: adding a GitHub Actions workflow for Pages deployment, which matches the workflow file content.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/static.yml:
- Around line 36-40: Replace the insecure upload of the entire repo (the upload
step using actions/upload-pages-artifact@v3 with path: '.') so only the build
output is published: add/ensure a build step (e.g., run npm ci && npm run build)
that emits a known output directory (e.g., dist or public), and change the
Upload artifact step (name: Upload artifact / uses:
actions/upload-pages-artifact@v3) to point to that output directory instead of
'.' to avoid exposing .git and other sensitive files.
- Around line 33-43: Update the GitHub Actions workflow to use the newer action
versions: change the step using actions/checkout@v4 to the current major
(actions/checkout@v6 or a specific v6.0.2 tag) and change the step using
actions/upload-pages-artifact@v3 to the newer v4
(actions/upload-pages-artifact@v4 or v4.0.0); leave actions/configure-pages@v5
and actions/deploy-pages@v4 as-is. Locate the steps referring to
actions/checkout and actions/upload-pages-artifact in the static.yml workflow
and update their version references accordingly, then run/validate the workflow
to ensure no breaking changes affect checkout or artifact upload behavior.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 00462d9 and af06cc3.

📒 Files selected for processing (1)

• .github/workflows/static.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the latest release tags for the GitHub Actions used in the workflow

echo "=== Checking actions/checkout ==="
gh api repos/actions/checkout/releases/latest --jq '.tag_name' 2>/dev/null || echo "Failed to fetch"

echo "=== Checking actions/configure-pages ==="
gh api repos/actions/configure-pages/releases/latest --jq '.tag_name' 2>/dev/null || echo "Failed to fetch"

echo "=== Checking actions/upload-pages-artifact ==="
gh api repos/actions/upload-pages-artifact/releases/latest --jq '.tag_name' 2>/dev/null || echo "Failed to fetch"

echo "=== Checking actions/deploy-pages ==="
gh api repos/actions/deploy-pages/releases/latest --jq '.tag_name' 2>/dev/null || echo "Failed to fetch"

Repository: f/prompts.chat

Length of output: 729

---

🌐 Web query:

latest release actions/checkout GitHub Action v4 v5

💡 Result:

• Latest actions/checkout v5.x release: v5.0.1 (released Nov 17, 15:57 UTC) [1]
• Latest actions/checkout v4.x release: v4.3.1 (released Nov 17, 16:06 UTC) [2]

Also note: actions/checkout has moved beyond v5—the current latest major is v6 (latest tag shown: v6.0.2). [3]

---

🌐 Web query:

latest release actions/configure-pages GitHub Action v5 v6

💡 Result:

As of February 26, 2026, the latest release of actions/configure-pages is v5.0.0 (released March 30, 2024). The floating major tag v5 points to that same release. There is no v6 release/tag published for this action. [1][2]

---

🌐 Web query:

latest release actions/upload-pages-artifact GitHub Action v3 v4

💡 Result:

• actions/upload-pages-artifact@v4 (latest v4 major tag): v4.0.0 — released Aug 14, 2025. [1]
• actions/upload-pages-artifact@v3 (latest v3 major tag): v3.0.1 — released Feb 7, 2024. [1]

Sources: GitHub tags list for the repository (shows both the major tags v3/v4 and the latest corresponding semver releases). [1]

References
[1] https://github.com/actions/upload-pages-artifact/tags

---

🌐 Web query:

latest release actions/deploy-pages GitHub Action v4 v5

💡 Result:

• Latest actions/deploy-pages major: v4 (major tag v4 currently points to v4.0.5). (github.com)
• Latest v4.x release: v4.0.5 (released March 18, 2024). (github.com)
• v5 status: There is no v5 tag/release in the repository’s releases/tags as of today. (github.com)

Citations:

• 1: https://github.com/actions/deploy-pages/tags
• 2: https://github.com/actions/deploy-pages/releases/tag/v4.0.5
• 3: https://github.com/actions/deploy-pages/tags

---

Update actions/checkout to v5 or v6 and actions/upload-pages-artifact to v4.

The workflow uses outdated action versions:

• actions/checkout@v4: Latest is v6.0.2; v4.3.1 is the latest v4.x release
• actions/upload-pages-artifact@v3: Latest is v4.0.0 (released Aug 14, 2025); v3.0.1 is the latest v3.x release
• actions/configure-pages@v5: Already on the latest release (v5.0.0)
• actions/deploy-pages@v4: Already on the latest release (v4.0.5)

Update checkout and upload-pages-artifact to benefit from bug fixes and improvements in newer versions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/static.yml around lines 33 - 43, Update the GitHub Actions
workflow to use the newer action versions: change the step using
actions/checkout@v4 to the current major (actions/checkout@v6 or a specific
v6.0.2 tag) and change the step using actions/upload-pages-artifact@v3 to the
newer v4 (actions/upload-pages-artifact@v4 or v4.0.0); leave
actions/configure-pages@v5 and actions/deploy-pages@v4 as-is. Locate the steps
referring to actions/checkout and actions/upload-pages-artifact in the
static.yml workflow and update their version references accordingly, then
run/validate the workflow to ensure no breaking changes affect checkout or
artifact upload behavior.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Security risk: Uploading entire repository exposes sensitive files.

Using path: '.' deploys the entire repository contents to GitHub Pages, including:

• .git directory (full commit history, potentially containing secrets from past commits)
• Configuration files (.env, .gitignore, etc.)
• Any sensitive or unintended files

Typically, you should deploy only the build output directory (e.g., dist, build, public). If this project has a build step, add it before the upload and specify the output directory.

🛡️ Proposed fix to specify a dedicated output directory

       - name: Upload artifact
         uses: actions/upload-pages-artifact@v3
         with:
-          # Upload entire repository
-          path: '.'
+          # Upload only the build output directory
+          path: './dist'

If a build step is required, add it before the upload:

      - name: Build
        run: npm ci && npm run build

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Upload artifact
	uses: actions/upload-pages-artifact@v3
	with:
	# Upload entire repository
	path: '.'
	- name: Upload artifact
	uses: actions/upload-pages-artifact@v3
	with:
	# Upload only the build output directory
	path: './dist'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/static.yml around lines 36 - 40, Replace the insecure
upload of the entire repo (the upload step using
actions/upload-pages-artifact@v3 with path: '.') so only the build output is
published: add/ensure a build step (e.g., run npm ci && npm run build) that
emits a known output directory (e.g., dist or public), and change the Upload
artifact step (name: Upload artifact / uses: actions/upload-pages-artifact@v3)
to point to that output directory instead of '.' to avoid exposing .git and
other sensitive files.