Auto-merge: scope the minted App token to least privilege #31
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Test | |
| on: | |
| # Verify every PR targeting main builds cleanly before it can be merged. | |
| pull_request: | |
| branches: [main] | |
| # Give feedback on feature branches too (main pushes are covered by Deploy). | |
| push: | |
| branches-ignore: [main] | |
| workflow_dispatch: | |
| # Cancel superseded runs on the same branch/PR. | |
| concurrency: | |
| group: build-test-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Least privilege: building the site only needs to read the repo. | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: npm ci + astro build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| - name: Install dependencies (clean, from lockfile) | |
| run: npm ci | |
| - name: Build site | |
| run: npm run build | |
| - name: Verify build output | |
| run: test -f dist/index.html && test -f dist/sitemap-index.xml |