ci: deploy hashpad to GitHub Pages on hashpad.techquests.dev

[aanogueira]

Summary

• New workflow .github/workflows/deploy-pages.yml that stages the static HTML/asset files into _site/ and publishes to GitHub Pages on every push to main
• CNAME pins the subdomain hashpad.techquests.dev into the deploy artifact

Notes

• No build step — hashpad is plain HTML, no framework
• Dockerfile, Caddyfile, docker-compose.yml, deploy/, README.md, LICENSE are intentionally excluded from the artifact so only actual site files are served
• Existing Docker/Caddy deployment stays untouched; this just adds a second deployment target on Pages. Retiring the self-hosted setup is a follow-up if/when Pages becomes the canonical host

Pre-merge / post-merge requirements

• Repo Settings → Pages → Source = GitHub Actions
• Cloudflare DNS for techquests.dev:

  CNAME   hashpad   techquestsdev.github.io.    DNS only (gray cloud)
  

• Settings → Pages → Custom domain: hashpad.techquests.dev → Save
• Wait for Let's Encrypt cert, then tick "Enforce HTTPS"

Test plan

• Merge PR, watch Deploy Pages workflow succeed
• Confirm artifact contains index.html, 404.html, qr.html, all icons, manifest.json, CNAME
• Once DNS is set, browse to https://hashpad.techquests.dev/ and verify the site loads correctly

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 4 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/deploy-pages.yml

Package	Version	License	Issue Type
actions/checkout	6.*.*	Null	Unknown License
actions/configure-pages	5.*.*	Null	Unknown License
actions/deploy-pages	4.*.*	Null	Unknown License
actions/upload-pages-artifact	3.*.*	Null	Unknown License

Allowed Licenses:

MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	6.*.*	🟢 5.7	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches SAST 🟢 8 SAST tool detected but not run on all commits
actions/actions/configure-pages	5.*.*	🟢 6.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected SAST 🟢 7 SAST tool detected but not run on all commits Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches
actions/actions/deploy-pages	4.*.*	🟢 5.4	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches
actions/actions/upload-pages-artifact	3.*.*	🟢 5.8	Details Check Score Reason Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 5 6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches

Scanned Files

• .github/workflows/deploy-pages.yml