chore: get rid of unsafe-inline #1220
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: π Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| manual_run: | |
| description: 'Manually run' | |
| required: true | |
| type: choice | |
| default: 'true' | |
| options: | |
| - 'true' | |
| - 'false' | |
| jobs: | |
| changes: | |
| name: π Determine deployable changes | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [20] | |
| outputs: | |
| DEPLOYABLE: ${{steps.changes.outputs.DEPLOYABLE}} | |
| DEPLOYABLE_MANUAL: ${{ inputs.manual_run }} | |
| steps: | |
| - name: β¬οΈ Checkout repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: '50' | |
| - name: β Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: π Determine deployable changes | |
| id: changes | |
| run: | | |
| echo "DEPLOYABLE=$(node ./other/is-deployable.cjs)" >> $GITHUB_OUTPUT | |
| - name: β Deployable | |
| run: | | |
| echo "DEPLOYABLE: ${{ steps.changes.outputs.DEPLOYABLE }}" | |
| lint: | |
| name: ⬣ ESLint | |
| needs: [changes] | |
| if: | |
| needs.changes.outputs.DEPLOYABLE == 'true' || | |
| needs.changes.outputs.DEPLOYABLE_MANUAL == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: π Cancel Previous Runs | |
| uses: styfle/[email protected] | |
| - name: β¬οΈ Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v2 | |
| with: | |
| version: 10.6.3 | |
| - name: Install Node ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: π₯ Download deps | |
| run: pnpm install --frozen-lockfile | |
| - name: π¬ Lint | |
| run: pnpm run lint | |
| typecheck: | |
| name: Κ¦ :TypeScript | |
| needs: [changes] | |
| if: | |
| needs.changes.outputs.DEPLOYABLE == 'true' || | |
| needs.changes.outputs.DEPLOYABLE_MANUAL == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: π Cancel Previous Runs | |
| uses: styfle/[email protected] | |
| - name: β¬οΈ Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v2 | |
| with: | |
| version: 10.6.3 | |
| - name: Install Node ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: π₯ Download deps | |
| run: pnpm install --frozen-lockfile | |
| - name: π Type check | |
| run: npm run typecheck | |
| deploy: | |
| name: π Deploy | |
| runs-on: ubuntu-latest | |
| needs: [changes, lint, typecheck] | |
| # only build/deploy main branch on pushes | |
| if: | |
| ${{ (needs.changes.outputs.DEPLOYABLE == 'true') && (github.ref == | |
| 'refs/heads/main') && (github.event_name == 'push') }} || | |
| (needs.changes.outputs.DEPLOYABLE_MANUAL == 'true') | |
| steps: | |
| - name: π Cancel Previous Runs | |
| uses: styfle/[email protected] | |
| - name: β¬οΈ Checkout repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: '50' | |
| - name: π Read app name | |
| uses: SebRollen/[email protected] | |
| id: app_name | |
| with: | |
| file: 'fly.toml' | |
| field: 'app' | |
| - name: π Setup Fly | |
| uses: superfly/flyctl-actions/[email protected] | |
| - name: π Deploy Production | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| run: | |
| flyctl deploy --remote-only --build-arg COMMIT_SHA=${{ github.sha }} | |
| --app ${{ steps.app_name.outputs.value }} | |
| env: | |
| FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }} | |
| - name: π₯¬ Refresh Content | |
| run: node ./other/refresh-content.cjs | |
| env: | |
| REFRESH_CACHE_SECRET: ${{ secrets.REFRESH_CACHE_SECRET }} | |
| NODE_ENV: production | |
| - name: Cloudflare Purge Cache | |
| uses: jakejarvis/[email protected] | |
| env: | |
| # Zone is required by both authentication methods | |
| CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }} | |
| CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }} | |
| refresh: | |
| name: π₯¬ Refresh Content | |
| if: | |
| needs.changes.outputs.DEPLOYABLE != 'true' && | |
| needs.changes.outputs.DEPLOYABLE_MANUAL != 'true' | |
| needs: [changes] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: β¬οΈ Checkout repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: '50' | |
| - name: β Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| cache: npm | |
| cache-dependency-path: ./package.json | |
| node-version: 20 | |
| - name: π₯¬ Refresh Content | |
| run: node ./other/refresh-content.cjs | |
| env: | |
| REFRESH_CACHE_SECRET: ${{ secrets.REFRESH_CACHE_SECRET }} | |
| NODE_ENV: production | |
| purge: | |
| name: π¨ Purge Cache | |
| if: | |
| needs.changes.outputs.DEPLOYABLE != 'true' && | |
| needs.changes.outputs.DEPLOYABLE_MANUAL != 'true' | |
| runs-on: ubuntu-latest | |
| needs: [changes, refresh] | |
| steps: | |
| - name: Cloudflare Purge Cache | |
| uses: jakejarvis/[email protected] | |
| env: | |
| # Zone is required by both authentication methods | |
| CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }} | |
| CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }} | |
| notify: | |
| name: π Notify Taran | |
| runs-on: ubuntu-latest | |
| needs: [purge, deploy] | |
| # this will fire the notify job if purge or deploy have happened | |
| if: | | |
| always() | |
| && contains(needs.*.result, 'success') | |
| && !contains(needs.*.result, 'failure') | |
| steps: | |
| - name: ntfy_action | |
| uses: niniyas/ntfy-action@master | |
| with: | |
| url: https://ntfy.sh | |
| topic: ${{ secrets.NOTIFY_TOPIC }} | |
| details: Finished deploying github action |