Fix script loading order and config injection #16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to GitHub Pages | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Pages | |
| uses: actions/configure-pages@v4 | |
| - name: Prepare HTML | |
| run: | | |
| # Add meta tags for security | |
| sed -i '/<head>/a \ | |
| <meta http-equiv="Content-Security-Policy" content="default-src * '\''unsafe-inline'\''; connect-src https://api.github.com; script-src * '\''unsafe-inline'\''; style-src * '\''unsafe-inline'\'';">' index.html | |
| # Add config before other scripts | |
| sed -i '/<script src="js\/api.js">/i \ | |
| <script>\ | |
| window.config = {\ | |
| apiKey: "${{ secrets.API_KEY }}",\ | |
| orgName: "Krypto-Hashers-Community"\ | |
| };\ | |
| console.log("Config loaded successfully");\ | |
| </script>' index.html | |
| - name: Upload artifact | |
| uses: actions/upload-pages-artifact@v3 | |
| with: | |
| path: '.' | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v4 |