build: make Python requirements compilation script portable with Dock… #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docs - Deploy | |
| on: | |
| workflow_dispatch: {} | |
| push: | |
| branches: [ main ] | |
| permissions: | |
| contents: read | |
| # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. | |
| # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. | |
| concurrency: | |
| group: github-pages | |
| cancel-in-progress: false | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 5 | |
| steps: | |
| # Firewall rules: | |
| # -> "*.github.com": Standard interactions with GitHub | |
| # -> "*.pypi.org" & "files.pythonhosted.org": Downloading Python packages | |
| - name: Harden runner | |
| uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| github.com:443 | |
| api.github.com:443 | |
| pypi.org:443 | |
| files.pythonhosted.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 # Required by MkDocs' revisioning feature | |
| - name: Setup Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: 3.13 | |
| - name: Install MkDocs Material | |
| run: pip install --require-hashes --requirement docs/user-guide/requirements.txt | |
| - name: Copy License | |
| run: cp LICENSE.md docs/user-guide/src/license.md | |
| - name: Build Site | |
| working-directory: docs/user-guide/ | |
| env: | |
| MKDOCS_GIT_COMMITTERS_APIKEY: ${{ github.token }} # Avoid exceeding the GitHub API rate limits | |
| run: mkdocs build --strict | |
| - name: Upload artifact | |
| uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 | |
| with: | |
| path: docs/user-guide/site/ | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 15 | |
| needs: build | |
| permissions: | |
| pages: write # Required to deploy to GitHub Pages | |
| id-token: write # To verify the deployment originates from an appropriate source | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| steps: | |
| # Firewall rules: | |
| # -> "*.github.com": Standard interactions with GitHub | |
| # -> "api.github.com": Required for GitHub Pages deployment | |
| - name: Harden runner | |
| uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| github.com:443 | |
| api.github.com:443 | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e #v4.0.5 |