Skip to content
Website Deploy

ci: bump anchore/sbom-action from 0.20.0 to 0.23.1 #152

Sign in to view logs

ci: bump anchore/sbom-action from 0.20.0 to 0.23.1

ci: bump anchore/sbom-action from 0.20.0 to 0.23.1 #152

Workflow file for this run

.github/workflows/website.yml at a8a45f2
name: Website Deploy
on:
repository_dispatch:
types: [azd-web-core-updated]
workflow_dispatch: # Allow manual trigger
workflow_call: # Allow being called from release workflow
push:
branches:
- main
paths:
- 'web/**'
- '.github/workflows/website.yml'
pull_request:
types: [opened, synchronize, reopened, closed]
# No paths filter - generate preview site for all PRs
# Allow only one concurrent deployment per ref, cancel in-progress for the same ref
concurrency:
group: pages-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: write
pull-requests: write
packages: read
jobs:
# Build job - runs for all triggers except PR closed
build:
if: github.event.action != 'closed'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Setup pnpm
uses: pnpm/action-setup@5b4374b04084dc1f9032b52464284b769ac5059e # v4
with:
version: 9
- name: Setup Node.js
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: '20'
cache: 'pnpm'
cache-dependency-path: 'pnpm-lock.yaml'
registry-url: 'https://npm.pkg.github.com'
- name: Install dependencies
working-directory: web
run: pnpm install --frozen-lockfile
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build website (Production)
if: github.event_name != 'pull_request'
working-directory: web
run: pnpm build
- name: Build website (PR Preview)
if: github.event_name == 'pull_request'
working-directory: web
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
run: |
# Update astro.config.mjs for PR preview paths
sed -i "s|site: 'https://jongio.github.io/azd-exec/'|site: 'https://jongio.github.io/azd-exec/pr/${{ env.PR_NUMBER }}/'|g" astro.config.mjs
sed -i "s|base: '/azd-exec/'|base: '/azd-exec/pr/${{ env.PR_NUMBER }}/'|g" astro.config.mjs
pnpm build
- name: Upload production artifact
if: github.event_name != 'pull_request'
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: production-build
path: web/dist
retention-days: 1
- name: Upload PR preview artifact
if: github.event_name == 'pull_request'
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: pr-preview-${{ github.event.pull_request.number }}
path: web/dist
retention-days: 7
# Production deploy - on main branch push, workflow_call, or workflow_dispatch
deploy-production:
if: github.event_name != 'pull_request'
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout gh-pages
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
ref: gh-pages
fetch-depth: 0
- name: Download production artifact
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
name: production-build
path: _new_build
- name: Deploy to GitHub Pages
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
# Remove old production files (keep pr/ directory for previews)
find . -maxdepth 1 ! -name '.' ! -name '.git' ! -name 'pr' ! -name '_new_build' -exec rm -rf {} +
# Move new build files to root
mv _new_build/* .
rm -rf _new_build
# Add .nojekyll to prevent Jekyll processing (needed for _astro folder)
touch .nojekyll
# Commit and push
git add -A
git commit -m "Deploy production website" --allow-empty
git push origin gh-pages
# PR preview deploy - only on pull requests
deploy-preview:
if: github.event_name == 'pull_request' && github.event.action != 'closed'
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
ref: gh-pages
fetch-depth: 0
- name: Download PR preview artifact
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
name: pr-preview-${{ github.event.pull_request.number }}
path: pr/${{ github.event.pull_request.number }}
- name: Deploy PR preview
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
# Add .nojekyll to prevent Jekyll processing (needed for _astro folder)
touch .nojekyll
# Add the PR preview directory
git add .nojekyll pr/${{ env.PR_NUMBER }}
# Commit and push
git commit -m "Deploy PR #${{ env.PR_NUMBER }} preview" --allow-empty
git push origin gh-pages
- name: Comment PR with preview URL
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
with:
script: |
const prNumber = context.payload.pull_request.number;
const previewUrl = `https://jongio.github.io/azd-exec/pr/${prNumber}/`;
// Find existing comment
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber
});
const botComment = comments.find(comment =>
comment.user.type === 'Bot' &&
comment.body.includes('🚀 **Website Preview**')
);
const body = `🚀 **Website Preview**
Your PR preview is ready!
📎 **Preview URL:** ${previewUrl}
_This preview will be automatically cleaned up when the PR is closed._`;
if (botComment) {
// Update existing comment
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body
});
} else {
// Create new comment
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
body
});
}
# Cleanup PR preview when PR is closed
cleanup-preview:
if: github.event_name == 'pull_request' && github.event.action == 'closed'
runs-on: ubuntu-latest
steps:
- name: Checkout gh-pages
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
ref: gh-pages
fetch-depth: 0
- name: Remove PR preview
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
# Remove PR preview directory if it exists
if [ -d "pr/${{ env.PR_NUMBER }}" ]; then
git rm -rf pr/${{ env.PR_NUMBER }}
git commit -m "Cleanup PR #${{ env.PR_NUMBER }} preview"
git push origin gh-pages
echo "Cleaned up preview for PR #${{ env.PR_NUMBER }}"
else
echo "No preview found for PR #${{ env.PR_NUMBER }}"
fi
- name: Update PR comment
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
with:
script: |
const prNumber = context.payload.pull_request.number;
// Find existing comment
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber
});
const botComment = comments.find(comment =>
comment.user.type === 'Bot' &&
comment.body.includes('🚀 **Website Preview**')
);
if (botComment) {
const body = `🚀 **Website Preview**
~~Your PR preview was available here.~~
_Preview has been cleaned up as the PR was closed._`;
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body
});
}