Update dependencies to fix security vulnerabilities #1091
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy website | |
| on: | |
| push: | |
| # Trigger on new version tags (supports both 1.2 and 1.2.0 formats) | |
| tags: | |
| - "*.*.*" | |
| - "*.*" | |
| # Trigger on pushes to the main branch to update existing docs | |
| branches: | |
| - main | |
| pull_request: | |
| # Trigger on pull requests targeting the main branch | |
| branches: | |
| - main | |
| # Allow manual runs from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 # Fetch all history for versioning | |
| - name: Set up Pixi | |
| uses: prefix-dev/setup-pixi@v0.9.4 | |
| with: | |
| pixi-version: v0.68.1 | |
| cache: true | |
| - name: Configure Git | |
| run: | | |
| git config user.name github-actions | |
| git config user.email github-actions@github.com | |
| - name: Install website dependencies | |
| run: pixi run -e website site-install | |
| - name: Build documentation for PR Preview | |
| if: github.event_name == 'pull_request' | |
| run: pixi run -e website site-build | |
| - name: Upload artifact for pull request review | |
| if: github.event_name == 'pull_request' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: docs-preview | |
| path: website/build/ | |
| retention-days: 7 | |
| - name: Determine Version | |
| id: get_version | |
| if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') | |
| run: | | |
| if [[ "${{ github.ref_type }}" == "tag" ]]; then | |
| VERSION_NAME="${{ github.ref_name }}" | |
| echo "Triggered by tag push. Deploying new version: $VERSION_NAME" | |
| else | |
| echo "Triggered by branch/manual push. Finding latest tag to update..." | |
| VERSION_NAME=$(git describe --tags --abbrev=0) | |
| if [[ -z "$VERSION_NAME" ]]; then | |
| echo "::error::No tags found in history. Cannot determine version to update." | |
| exit 1 | |
| fi | |
| echo "Found latest version to update: $VERSION_NAME" | |
| fi | |
| echo "version=$VERSION_NAME" >> $GITHUB_OUTPUT | |
| if [[ "$VERSION_NAME" =~ ^[0-9]+\.[0-9]+\.[0-9]+- ]]; then | |
| echo "is_prerelease=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "is_prerelease=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Configure SSH | |
| if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.repository == 'barebaric/rayforge' | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.WEBSITE_DEPLOY_KEY }} | |
| - name: Add github.com to known_hosts | |
| if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.repository == 'barebaric/rayforge' | |
| run: ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| - name: Deploy Website | |
| if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.repository == 'barebaric/rayforge' | |
| env: | |
| DEPLOY_VERSION: ${{ steps.get_version.outputs.version }} | |
| DEPLOY_REPO_URL: git@github.com:barebaric/rayforge-website.git | |
| DEPLOY_BRANCH: main | |
| IS_TAGGED_RELEASE: ${{ github.ref_type == 'tag' }} | |
| IS_PRERELEASE: ${{ steps.get_version.outputs.is_prerelease }} | |
| run: pixi run -e website site-deploy |