Bump actions/checkout from 6.0.2 to 7.0.0 #456
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| # SPDX-FileCopyrightText: 2026 Kaito Udagawa <umireon@kaito.tokyo> | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Pages CI | |
| # file: .github/workflows/pages.yml | |
| # author: Kaito Udagawa <umireon@kaito.tokyo> | |
| # version: 1.1.0 | |
| # date: 2026-04-17 | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: '43 2 * * *' # Every day at 2:43 UTC | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| BUILD_PATH: pages | |
| jobs: | |
| build: | |
| name: Build Pages | |
| runs-on: ubuntu-slim | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Node | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version-file: ${{ env.BUILD_PATH }}/.node-version | |
| cache: npm | |
| cache-dependency-path: ${{ env.BUILD_PATH }}/package-lock.json | |
| - name: Setup Pages | |
| id: pages | |
| uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0 | |
| - name: Install dependencies | |
| shell: bash --noprofile --norc -euo pipefail {0} | |
| working-directory: ${{ env.BUILD_PATH }} | |
| run: npm ci | |
| - name: Build with Astro | |
| shell: bash --noprofile --norc -euo pipefail {0} | |
| working-directory: ${{ env.BUILD_PATH }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SITE: ${{ steps.pages.outputs.origin }} | |
| BASE: ${{ steps.pages.outputs.base_path }} | |
| PRODUCTION_BASE_URL: ${{ steps.pages.outputs.base_url }} | |
| run: | | |
| npx astro build --site "$SITE" --base "$BASE" | |
| node scripts/add-sri.mjs "$PRODUCTION_BASE_URL" dist | |
| node scripts/add-csp-hashes.mjs dist | |
| node scripts/generate-provenance.mjs "$PRODUCTION_BASE_URL" dist provenance.json | |
| mv provenance.json dist/provenance.json | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: pages-build | |
| path: ${{ env.BUILD_PATH }}/dist | |
| if-no-files-found: error | |
| deploy: | |
| name: Deploy Pages | |
| if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') | |
| needs: build | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| runs-on: ubuntu-slim | |
| timeout-minutes: 10 | |
| permissions: | |
| attestations: write | |
| contents: read | |
| id-token: write | |
| pages: write | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: pages-build | |
| path: dist | |
| # Establish chain of trust by attesting the provenance of the build artifact. | |
| - name: Attest site provenance | |
| id: attest | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 | |
| with: | |
| subject-path: dist/provenance.json | |
| - name: Copy attestation bundle | |
| env: | |
| BUNDLE_PATH: ${{ steps.attest.outputs.bundle-path }} | |
| shell: bash --noprofile --norc -euo pipefail {0} | |
| run: cp "$BUNDLE_PATH" dist/provenance.attestation.json | |
| - name: Upload artifact | |
| uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 | |
| with: | |
| path: dist | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0 |