Merge pull request #13 from github-samples/dependabot/npm_and_yarn/je… #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to GitHub Pages | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| # Build job | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| contents: read | |
| steps: | |
| # Checkout the repository | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| # Install dependencies | |
| - name: Install dependencies | |
| run: npm ci | |
| # Generate SBOM from the dependencies (scanning the workspace directory) | |
| - name: Generate SBOM | |
| uses: anchore/sbom-action@9246b90769f852b3a8921f330c59e0b3f439d6e9 | |
| with: | |
| upload-artifact: false | |
| upload-release-assets: false | |
| format: 'spdx-json' | |
| output-file: 'sbom.spdx.json' | |
| # Build the site using the build script in package.json with data hydration enabled | |
| - name: Build site with data hydration | |
| run: npm run build | |
| env: | |
| VITE_ENABLE_DATA_HYDRATION: 'true' | |
| # Package the build into a tarball so it can be easily verified | |
| - name: Package the build | |
| run: tar -czf dist.tar.gz dist | |
| # Commented out, as the SBOM version includes more detail. | |
| # - name: Attest Build Provenance | |
| # uses: actions/attest-build-provenance@v1 | |
| # with: | |
| # subject-path: "dist.tar.gz" | |
| # Complete an attestation of the SBOM and the build | |
| - uses: actions/attest-sbom@bd218ad0dbcb3e146bd073d1d9c6d78e08aa8a0b | |
| with: | |
| subject-path: 'dist.tar.gz' | |
| sbom-path: 'sbom.spdx.json' | |
| # Publish the SBOM (Zipped per https://github.com/actions/upload-artifact?tab=readme-ov-file#zip-archives) | |
| - name: Publish the SBOM | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| name: sbom | |
| path: sbom.spdx.json | |
| # Publish the build | |
| # - name: Publish the build | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: github-pages | |
| # path: dist.tar.gz | |
| - name: "Deploy to GitHub Pages" | |
| uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa | |
| with: | |
| path: dist | |
| # Deploy job | |
| deploy: | |
| # Add a dependency to the build job | |
| needs: build | |
| # Grant GITHUB_TOKEN the permissions required to make a Pages deployment | |
| permissions: | |
| pages: write # to deploy to Pages | |
| id-token: write # to verify the deployment originates from an appropriate source | |
| # Deploy to the github-pages environment | |
| environment: | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| name: github-pages | |
| # Specify runner + deployment step | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # or specific "vX.X.X" version tag for this action |