ci: add build check to verify public/ is up to date#21
Conversation
Deploying megaeth-documentation with
|
| Latest commit: |
bc38e5f
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://c4a7f597.megaeth-documentation.pages.dev |
| Branch Preview URL: | https://william-ci-add-build-check.megaeth-documentation.pages.dev |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
|
Good addition — automating the One bug: the staleness check uses |
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
|
|
||
| - name: Check public/ is up to date | ||
| if [ -n "$(git status --porcelain public/ manifest/)" ]; then | ||
| if [ -n "$(git diff --name-only public/)" ]; then | ||
| echo "::error::public/ is out of date. Run 'make' locally and commit the output." | ||
| git diff --stat public/ | ||
| exit 1 | ||
| fi |
There was a problem hiding this comment.
The step is missing run: | — as written this is invalid YAML and the workflow will fail to parse. There are also two conflicting if conditions: the first (using git status --porcelain) is correct but unreachable; the second (using git diff) is what actually runs but misses untracked files (e.g. a newly added page).
| - name: Check public/ is up to date | |
| if [ -n "$(git status --porcelain public/ manifest/)" ]; then | |
| if [ -n "$(git diff --name-only public/)" ]; then | |
| echo "::error::public/ is out of date. Run 'make' locally and commit the output." | |
| git diff --stat public/ | |
| exit 1 | |
| fi | |
| - name: Check public/ is up to date | |
| run: | | |
| if [ -n "$(git status --porcelain public/ manifest/)" ]; then | |
| echo "::error::public/ is out of date. Run 'make' locally and commit the output." | |
| git status --short public/ manifest/ | |
| exit 1 | |
| fi |
|
The |
| types: [opened, synchronize, reopened] | ||
|
|
||
| jobs: | ||
| build-check: |
There was a problem hiding this comment.
The workflow is missing an explicit permissions block. Without it, the job inherits the repo's default permissions, which is broader than needed. Add least-privilege permissions:
| build-check: | |
| jobs: | |
| build-check: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| timeout-minutes: 5 |
|
Good addition — automating the One issue: the job is missing an explicit |
| fetch-depth: 1 | ||
|
|
||
| - name: Install Pandoc | ||
| run: sudo apt-get update && sudo apt-get install -y pandoc |
There was a problem hiding this comment.
Pandoc version mismatch will cause spurious failures.
apt-get install pandoc on Ubuntu 24.04 installs whatever version ships in the distro repos (currently 3.1.3), which likely differs from what contributors have locally. Different Pandoc versions can produce different HTML output even from identical Markdown, so the public/ diff check will fail for any contributor not using the exact same version.
Pin to a specific version, ideally the one contributors are expected to use:
| run: sudo apt-get update && sudo apt-get install -y pandoc | |
| - name: Install Pandoc | |
| run: | | |
| PANDOC_VERSION=3.6.4 | |
| wget -q "https://github.com/jgm/pandoc/releases/download/${PANDOC_VERSION}/pandoc-${PANDOC_VERSION}-1-amd64.deb" -O /tmp/pandoc.deb | |
| sudo dpkg -i /tmp/pandoc.deb |
(Adjust PANDOC_VERSION to match what the team uses locally — worth documenting in CLAUDE.md too.)
| run: make | ||
|
|
||
| - name: Check public/ is up to date | ||
| run: | |
There was a problem hiding this comment.
manifest/ is also committed (it's auto-generated and tracked per CLAUDE.md). Consider checking it too so stale manifest files don't slip through:
| run: | | |
| if [ -n "$(git status --porcelain public/ manifest/)" ]; then |
|
The approach is solid — run
|
1 participant
Summary
Add a CI check that runs
makeand verifies the committedpublic/directory matches the build output. Fails with a clear error message if a contributor forgot to runmakebefore committing.This replaces the manual "always run make before committing" requirement with an automated gate on PRs.