From cc90896be8a71f985ebf177e89ccf00c6227dae2 Mon Sep 17 00:00:00 2001 From: Tony Date: Mon, 19 Jan 2026 12:57:46 -0600 Subject: [PATCH] restructure workflows --- .github/workflows/ci-docs.yml | 43 ++++++++++++ .github/workflows/deploy-main-pages.yml | 78 +++++++++++++++++++++ .github/workflows/deploy-rc-pages.yml | 91 +++++++++++++++++++++++++ .github/workflows/prerelease-docs.yml | 82 ++++++++++++++++++++++ .github/workflows/release-docs.yml | 83 ++++++++++++++++++---- 5 files changed, 362 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/ci-docs.yml create mode 100644 .github/workflows/deploy-main-pages.yml create mode 100644 .github/workflows/deploy-rc-pages.yml create mode 100644 .github/workflows/prerelease-docs.yml diff --git a/.github/workflows/ci-docs.yml b/.github/workflows/ci-docs.yml new file mode 100644 index 0000000..e191ec8 --- /dev/null +++ b/.github/workflows/ci-docs.yml @@ -0,0 +1,43 @@ +name: CI - Docs build check + +on: + pull_request: + branches: [release-candidate] + push: + branches: [release-candidate] + workflow_dispatch: + +permissions: + contents: read + +jobs: + build-check: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + cache: "pip" + cache-dependency-path: mkdocs/requirements.txt + + - name: Install dependencies + run: | + set -euo pipefail + pip install -r mkdocs/requirements.txt + + - name: MkDocs build + run: | + set -euo pipefail + + MKDOCS_STRICT="${MKDOCS_STRICT:-true}" + STRICT_FLAG="" + if [ "${MKDOCS_STRICT}" = "true" ]; then + STRICT_FLAG="--strict" + fi + + OFFLINE=true mkdocs build ${STRICT_FLAG} -f mkdocs/mkdocs.yml \ No newline at end of file diff --git a/.github/workflows/deploy-main-pages.yml b/.github/workflows/deploy-main-pages.yml new file mode 100644 index 0000000..01c9694 --- /dev/null +++ b/.github/workflows/deploy-main-pages.yml @@ -0,0 +1,78 @@ +name: Deploy main to GitHub Pages (stable) + +on: + push: + branches: [main] + workflow_dispatch: + +permissions: + contents: write + + +jobs: + deploy-main-pages: + if: ${{ env.ENABLE_DEPLOY == 'true' && env.ACT != 'true' }} + runs-on: ubuntu-latest + + steps: + - name: Checkout (main) + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + cache: "pip" + cache-dependency-path: mkdocs/requirements.txt + + - name: Install dependencies + run: | + set -euo pipefail + pip install -r mkdocs/requirements.txt + + - name: Build (MKDOCS_STRICT) + run: | + set -euo pipefail + + MKDOCS_STRICT="${MKDOCS_STRICT:-true}" + STRICT_FLAG="" + if [ "${MKDOCS_STRICT}" = "true" ]; then + STRICT_FLAG="--strict" + fi + + OFFLINE=true mkdocs build ${STRICT_FLAG} -f mkdocs/mkdocs.yml -d site_build + + - name: Checkout gh-pages branch + run: | + set -euo pipefail + git fetch origin gh-pages:gh-pages || true + if git show-ref --verify --quiet refs/heads/gh-pages; then + git switch gh-pages + else + git switch --orphan gh-pages + rm -rf ./* + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git commit --allow-empty -m "Initialize gh-pages" + fi + + - name: Publish stable site to root (preserve rc/) + run: | + set -euo pipefail + + mkdir -p _keep + if [ -d rc ]; then cp -a rc _keep/; fi + + rm -rf ./* + if [ -d _keep/rc ]; then mv _keep/rc ./rc; fi + rm -rf _keep + + cp -a ../site_build/. . + + git add -A + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git commit -m "Deploy stable site from main" || echo "No changes to commit" + git push origin gh-pages \ No newline at end of file diff --git a/.github/workflows/deploy-rc-pages.yml b/.github/workflows/deploy-rc-pages.yml new file mode 100644 index 0000000..ebf9f4d --- /dev/null +++ b/.github/workflows/deploy-rc-pages.yml @@ -0,0 +1,91 @@ +name: Deploy RC preview to GitHub Pages + +on: + push: + tags: + - "v*-rc.*" + workflow_dispatch: + +permissions: + contents: write + + +jobs: + deploy-rc-pages: + if: ${{ env.ENABLE_DEPLOY == 'true' && env.CI_PROVIDER == 'github' && env.ACT != 'true' }} + runs-on: ubuntu-latest + + steps: + - name: Checkout (tag) + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Ensure tag commit is on release-candidate + run: | + set -euo pipefail + git fetch origin release-candidate:refs/remotes/origin/release-candidate + if ! git merge-base --is-ancestor "${GITHUB_SHA}" "origin/release-candidate"; then + echo "ERROR: Tagged commit ${GITHUB_SHA} is not on release-candidate. Refusing RC deploy." + exit 1 + fi + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + cache: "pip" + cache-dependency-path: mkdocs/requirements.txt + + - name: Install dependencies + run: | + set -euo pipefail + pip install -r mkdocs/requirements.txt + + - name: Build (MKDOCS_STRICT) + run: | + set -euo pipefail + + MKDOCS_STRICT="${MKDOCS_STRICT:-true}" + STRICT_FLAG="" + if [ "${MKDOCS_STRICT}" = "true" ]; then + STRICT_FLAG="--strict" + fi + + OFFLINE=true mkdocs build ${STRICT_FLAG} -f mkdocs/mkdocs.yml -d site_build + + - name: Checkout gh-pages branch + run: | + set -euo pipefail + git fetch origin gh-pages:gh-pages || true + if git show-ref --verify --quiet refs/heads/gh-pages; then + git switch gh-pages + else + git switch --orphan gh-pages + rm -rf ./* + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git commit --allow-empty -m "Initialize gh-pages" + fi + + - name: Publish RC preview under /rc// + run: | + set -euo pipefail + REF="${{ github.ref_name }}" + mkdir -p "rc/${REF}" + rm -rf "rc/${REF:?}/"* || true + cp -a ../site_build/. "rc/${REF}/" + + mkdir -p rc + if [ ! -f rc/index.html ]; then + cat > rc/index.html << 'EOF' +RC Previews +

RC Previews

Browse rc/<tag>/

+EOF + fi + + git add -A + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git commit -m "Deploy RC preview ${REF}" || echo "No changes to commit" + git push origin gh-pages \ No newline at end of file diff --git a/.github/workflows/prerelease-docs.yml b/.github/workflows/prerelease-docs.yml new file mode 100644 index 0000000..bef7a51 --- /dev/null +++ b/.github/workflows/prerelease-docs.yml @@ -0,0 +1,82 @@ +name: Pre-release - Build and publish docs + +on: + push: + tags: + - "v*-rc.*" + workflow_dispatch: + +permissions: + contents: write + +jobs: + prerelease: + runs-on: ubuntu-latest + + steps: + - name: Checkout (tag) + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Ensure tag commit is on release-candidate + run: | + set -euo pipefail + git fetch origin release-candidate:refs/remotes/origin/release-candidate + if ! git merge-base --is-ancestor "${GITHUB_SHA}" "origin/release-candidate"; then + echo "ERROR: Tagged commit ${GITHUB_SHA} is not on release-candidate. Refusing prerelease." + exit 1 + fi + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + cache: "pip" + cache-dependency-path: mkdocs/requirements.txt + + - name: Install dependencies + run: | + set -euo pipefail + pip install -r mkdocs/requirements.txt + + - name: CI gate (MKDOCS_STRICT) + run: | + set -euo pipefail + + MKDOCS_STRICT="${MKDOCS_STRICT:-true}" + STRICT_FLAG="" + if [ "${MKDOCS_STRICT}" = "true" ]; then + STRICT_FLAG="--strict" + fi + + OFFLINE=true mkdocs build ${STRICT_FLAG} -f mkdocs/mkdocs.yml + + - name: Build artifact (non-strict) + env: + MKDOCS_STRICT: "false" + run: | + set -euo pipefail + + MKDOCS_STRICT="${MKDOCS_STRICT:-true}" + STRICT_FLAG="" + if [ "${MKDOCS_STRICT}" = "true" ]; then + STRICT_FLAG="--strict" + fi + + mkdir -p "${RUNNER_TEMP}/dist" + OFFLINE=true mkdocs build ${STRICT_FLAG} -f mkdocs/mkdocs.yml -d "${RUNNER_TEMP}/dist/${{ github.ref_name }}" + + - name: Zip artifact + run: | + set -euo pipefail + cd "${RUNNER_TEMP}/dist" + zip -r "${{ github.ref_name }}.zip" "./${{ github.ref_name }}" + + - name: Publish prerelease (skip on act) + if: ${{ env.ENABLE_RELEASE == 'true' && env.ACT != 'true' }} + uses: softprops/action-gh-release@v2 + with: + prerelease: true + files: | + ${{ runner.temp }}/dist/${{ github.ref_name }}.zip \ No newline at end of file diff --git a/.github/workflows/release-docs.yml b/.github/workflows/release-docs.yml index ef42c0e..8781fae 100644 --- a/.github/workflows/release-docs.yml +++ b/.github/workflows/release-docs.yml @@ -1,29 +1,82 @@ -name: Build and publish CMBA rulebooks (Gitea) +name: Release - Build and publish docs on: push: tags: - "v*" + workflow_dispatch: + +permissions: + contents: write jobs: - build-release: + release: + if: ${{ !contains(github.ref_name, '-rc.') }} runs-on: ubuntu-latest + steps: - - name: Checkout - uses: actions/checkout@v6 - - uses: actions/setup-python@v6 + - name: Checkout (tag) + uses: actions/checkout@v4 with: - python-version: '3.13' - - name: Install Dependencies - run: pip install -r mkdocs/requirements.txt - - name: Build Docs + fetch-depth: 0 + + - name: Ensure tag commit is on main run: | - mkdir $RUNNER_TEMP/dist - mkdocs build -f mkdocs/mkdocs.yml -d $RUNNER_TEMP/${{ github.ref_name }} - zip -r $RUNNER_TEMP/dist/${{ github.ref_name }}.zip $RUNNER_TEMP/${{ github.ref_name }} - - name: Release - if: ${{ !env.ACT }} + set -euo pipefail + git fetch origin main:refs/remotes/origin/main + if ! git merge-base --is-ancestor "${GITHUB_SHA}" "origin/main"; then + echo "ERROR: Tagged commit ${GITHUB_SHA} is not on main. Refusing release." + exit 1 + fi + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + cache: "pip" + cache-dependency-path: mkdocs/requirements.txt + + - name: Install dependencies + run: | + set -euo pipefail + pip install -r mkdocs/requirements.txt + + - name: CI gate (MKDOCS_STRICT) + run: | + set -euo pipefail + + MKDOCS_STRICT="${MKDOCS_STRICT:-true}" + STRICT_FLAG="" + if [ "${MKDOCS_STRICT}" = "true" ]; then + STRICT_FLAG="--strict" + fi + + OFFLINE=true mkdocs build ${STRICT_FLAG} -f mkdocs/mkdocs.yml + + - name: Build artifact (non-strict) + env: + MKDOCS_STRICT: "false" + run: | + set -euo pipefail + + MKDOCS_STRICT="${MKDOCS_STRICT:-true}" + STRICT_FLAG="" + if [ "${MKDOCS_STRICT}" = "true" ]; then + STRICT_FLAG="--strict" + fi + + mkdir -p "${RUNNER_TEMP}/dist" + OFFLINE=true mkdocs build ${STRICT_FLAG} -f mkdocs/mkdocs.yml -d "${RUNNER_TEMP}/dist/${{ github.ref_name }}" + + - name: Zip artifact + run: | + set -euo pipefail + cd "${RUNNER_TEMP}/dist" + zip -r "${{ github.ref_name }}.zip" "./${{ github.ref_name }}" + + - name: Publish release (skip on act; allowed on gitea) + if: ${{ env.ENABLE_RELEASE == 'true' && env.ACT != 'true' }} uses: softprops/action-gh-release@v2 with: files: | - $RUNNER_TEMP/dist/*.zip \ No newline at end of file + ${{ runner.temp }}/dist/${{ github.ref_name }}.zip \ No newline at end of file