parsons/.github/workflows/documentation.yml at caeee631229541f3b902127d7fd535091461e1ca · move-coop/parsons · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Documentation CI/CD

on:
  workflow_dispatch:
  pull_request:
  push:
    branches:
      - main
      - major-release
    tags:
      - 'v*'
permissions: read-all

env:
  CACHE_GLOBS: |
    **/pyproject.toml
    **/setup.py
    **/uv.lock
  ENDPOINT_WHITELIST: >-
    pypi.org:443
    github.com:443
    releases.astral.sh
    files.pythonhosted.org:443
    *.github.com:443
    *.githubusercontent.com:443

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: ${{ env.ENDPOINT_WHITELIST}}

      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
        with:
          # If it's a pull request, don't get full history.
          fetch-depth: ${{ github.event_name == 'pull_request' && 1 || 0 }}

      - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b
        with:
          python-version: 3.13
          activate-environment: true
          cache-dependency-glob: ${{ env.CACHE_GLOBS }}

      - run: >-
          uv sync
          --upgrade
          --no-default-groups
          --group docs
          --all-extras

      - name: configure git
        run: |
          git config user.name "github-actions"
          git config user.email "github-actions@github.com"

      - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae
        with:
          path: docs/html
          key: sphinx-${{ hashFiles('pyproject.toml', 'setup.py', 'requirements-dev.txt', 'docs/make.py', 'docs/conf.py') }}

      - run: make build_docs
        working-directory: docs

      - uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9
        with:
          path: docs/html/

  deploy:
    needs: build
    # Don't run this job on pull requests
    if: github.event_name != 'pull_request'

    runs-on: ubuntu-latest

    permissions:
      pages: write
      id-token: write

    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}

    steps:
      - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: ${{ env.ENDPOINT_WHITELIST}}

      - uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128