11# =============================================================
2- # ClearVoice — GitHub Actions Deployment Workflow
2+ # ClearVoice - GitHub Actions Deployment Workflow
33#
4- # This workflow injects your API key from GitHub Secrets at
5- # build time, then deploys the site to GitHub Pages.
6- #
7- # HOW TO SET UP:
8- # 1. Go to your repo → Settings → Secrets and variables → Actions
4+ # HOW TO SET UP GITHUB SECRETS:
5+ # 1. Go to your repo -> Settings -> Secrets and variables -> Actions
96# 2. Click "New repository secret"
107# 3. Name: CLEARVOICE_API_KEY | Value: your Anthropic API key
11- # 4. Optionally add: CLEARVOICE_MODEL (default: claude-sonnet-4-5-20250929)
12- # 5. Push to main or trigger manually via "Run workflow"
8+ # 4. Optionally add Variables (not Secrets) for provider/model:
9+ # CLEARVOICE_PROVIDER (default: claude)
10+ # CLEARVOICE_MODEL (default: claude-sonnet-4-5-20250929)
11+ # 5. Push to main - the workflow runs automatically.
1312#
1413# SECURITY NOTE:
15- # The injected key will exist in the deployed GitHub Pages files.
16- # This is acceptable for personal/private projects, but be aware
17- # the key could be read by anyone who inspects your site's JS source.
18- # For team use, consider a backend proxy instead.
14+ # The injected key exists in the deployed GitHub Pages JS files.
15+ # Suitable for personal projects. For team use, use a backend proxy.
1916# =============================================================
2017
2118name : Deploy ClearVoice to GitHub Pages
2219
2320on :
2421 push :
2522 branches : [main]
26- workflow_dispatch : # Allow manual trigger from the Actions tab
23+ workflow_dispatch :
2724
2825permissions :
2926 contents : read
3027 pages : write
3128 id-token : write
3229
33- # Only one deployment runs at a time
3430concurrency :
35- group : " pages"
31+ group : pages
3632 cancel-in-progress : false
3733
3834jobs :
39- # ── Build ────────────────────────────────────────────────
35+
4036 build :
4137 runs-on : ubuntu-latest
4238 steps :
4339 - name : Checkout repository
4440 uses : actions/checkout@v4
4541
46- - name : Generate js/config.js with injected secrets
42+ - name : Inject API key into js/config.js
4743 env :
48- CV_API_KEY : ${{ secrets.CLEARVOICE_API_KEY }}
44+ CV_API_KEY : ${{ secrets.CLEARVOICE_API_KEY }}
4945 CV_PROVIDER : ${{ vars.CLEARVOICE_PROVIDER }}
50- CV_MODEL : ${{ vars.CLEARVOICE_MODEL }}
51- # Python is used for safe JSON string encoding of the API key
52- # (handles special characters like $, ", \, etc.)
53- run : |
54- python3 - <<'PYEOF'
55- import os, json
56-
57- api_key = os.environ.get("CV_API_KEY", "")
58- provider = os.environ.get("CV_PROVIDER", "claude") or "claude"
59- model = os.environ.get("CV_MODEL", "claude-sonnet-4-5-20250929") or "claude-sonnet-4-5-20250929"
60-
61- content = f"""// Auto-generated by GitHub Actions — DO NOT EDIT
62- // Regenerated on every push to main.
63- // To update : change the CLEARVOICE_API_KEY secret in repository settings.
64- window.CV_CONFIG = {{
65- apiKey : {json.dumps(api_key)},
66- provider : {json.dumps(provider)},
67- model : {json.dumps(model)},
68- }};
69- " " "
70- with open(" js/config.js", "w") as f:
71- f.write(content)
72-
73- if api_key :
74- print("✅ API key injected into js/config.js")
75- else :
76- print("⚠️ No CLEARVOICE_API_KEY secret found — deploying without key (users will configure manually)")
77- PYEOF
46+ CV_MODEL : ${{ vars.CLEARVOICE_MODEL }}
47+ run : python3 .github/scripts/inject_config.py
7848
7949 - name : Setup GitHub Pages
8050 uses : actions/configure-pages@v4
@@ -84,7 +54,6 @@ window.CV_CONFIG = {{
8454 with :
8555 path : " ."
8656
87- # ── Deploy ───────────────────────────────────────────────
8857 deploy :
8958 environment :
9059 name : github-pages
0 commit comments