ci: add dependabot for GHA #408
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: "Blog" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - ci-testing* | |
| pull_request: | |
| branches: | |
| - main | |
| - ci-testing* | |
| jobs: | |
| build: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Install just | |
| uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@7edac99f961f18b581bbd960d59d049f04c0002f # v6.4.1 | |
| - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 | |
| - name: Install dependencies | |
| run: just setup-gha | |
| - name: Assert that our dependencies are reachable | |
| run: | | |
| uv run python --version | |
| uv run pelican --version | |
| sass --version | |
| - name: Build the page | |
| run: | | |
| just generate | |
| - name: Upload build artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: site-build | |
| path: output/ | |
| retention-days: 1 | |
| verify: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| check: | |
| - check-links | |
| - check-html | |
| - check-code | |
| - check-content | |
| - check-feeds | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Install just | |
| uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@7edac99f961f18b581bbd960d59d049f04c0002f # v6.4.1 | |
| - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 | |
| - name: Install dependencies | |
| run: just setup-gha | |
| - name: Download build artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: site-build | |
| path: output/ | |
| - name: Run verification checks | |
| run: just ${{ matrix.check }} | |
| deploy: | |
| # I am not blocking this on verify because I want the ability to publish | |
| # quick trash. | |
| needs: build | |
| # only run this when the action is push and the destination branch is main | |
| if: github.event_name == 'push' && github.ref_name == 'main' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| sparse-checkout: | | |
| justfile | |
| pyproject.toml | |
| uv.lock | |
| package.json | |
| package-lock.json | |
| sparse-checkout-cone-mode: false | |
| - name: Install just | |
| uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@7edac99f961f18b581bbd960d59d049f04c0002f # v6.4.1 | |
| - name: Install dependencies | |
| run: just setup-gha | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: arn:aws:iam::984616268605:role/ideas-deployer | |
| role-session-name: deploy-ideas | |
| mask-aws-account-id: false | |
| - name: Download build artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: site-build | |
| path: output/ | |
| - name: Publish the content | |
| run: | | |
| just upload | |
| - name: Invalidate the existing distribution | |
| run: | | |
| just invalidate | |
| - name: Tell me about it | |
| if: ${{ always() }} | |
| uses: umahmood/pushover-actions@5da31193f672e7418804bdb51836bdf20f393c8f # v1.1.0 | |
| env: | |
| PUSHOVER_TOKEN: ${{ secrets.PUSHOVER_API_TOKEN }} | |
| PUSHOVER_USER: ${{ secrets.PUSHOVER_USER_KEY }} | |
| with: | |
| status: ${{ job.status }} | |
| title: offby1.website update | |
| message: |- | |
| Site publication for offby1.website completed with status=${{ job.status }} | |
| url: https://offby1.website/ |