parsons/.github/workflows/documentation.yml at fc4e4b7e15657cb832fad81f0a2ffa8b6ac8ab38 · move-coop/parsons · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: Documentation CI/CD

on:
  workflow_dispatch:
  pull_request:
  push:
    branches:
      - main
      - major-release

permissions: read-all

env:
  CACHE_GLOBS: |
    **/pyproject.toml
    **/requirements*.txt
    **/setup.py
    **/uv.lock
  ENDPOINT_WHITELIST: >-
    pypi.org:443
    github.com:443
    releases.astral.sh
    files.pythonhosted.org:443
    *.github.com:443
    *.githubusercontent.com:443

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: ${{ env.ENDPOINT_WHITELIST}}

      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
        with:
          # If it's a pull request, don't get full history.
          fetch-depth: ${{ github.event_name == 'pull_request' && 1 || 0 }}

      - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098
        with:
          python-version: 3.13
          activate-environment: true
          cache-dependency-glob: ${{ env.CACHE_GLOBS }}

      - run: >-
          uv sync
          --upgrade
          --no-default-groups
          --group docs

      - name: configure git
        run: |
          git config user.name "github-actions"
          git config user.email "github-actions@github.com"

      - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306
        with:
          path: docs/html
          key: >-
            uv run
            sphinx
            -${{ hashFiles('pyproject.toml') }}
            -${{ hashFiles('setup.py') }}
            -${{ hashFiles('requirements-dev.txt') }}
            -${{ hashFiles('docs/make.py') }}
            -${{ hashFiles('docs/conf.py') }}

      - run: make build_docs
        working-directory: docs

      - uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b
        with:
          path: docs/html/

  deploy:
    needs: build
    # Don't run this job on pull requests
    if: github.event_name != 'pull_request'

    runs-on: ubuntu-latest

    permissions:
      pages: write
      id-token: write

    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}

    steps:
      - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: ${{ env.ENDPOINT_WHITELIST}}

      - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e