Skip to content

disable keyring per default #358

disable keyring per default

disable keyring per default #358

Workflow file for this run

name: Documentation Preview
on:
pull_request:
# allow repository maintainers to modify and test workflow
paths:
- ".github/workflows/docs.yaml"
pull_request_target: # zizmor: ignore[dangerous-triggers]
# enable runs for this workflow when labeled as documentation only
# prevent execution when the workflow itself is modified from a fork
types:
- labeled
- synchronize
paths:
- "docs/**"
jobs:
deploy:
name: Build & Deploy
runs-on: ubuntu-latest
if: >
(github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'impact/docs'))
|| (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
persist-credentials: false
repository: python-poetry/website
# use .github from pull request target instead of pull_request.head
# for pull_request_target trigger to avoid arbitrary code execution
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
persist-credentials: false
path: poetry-github
sparse-checkout: .github
# only checkout docs from pull_request.head to not use something else by accident
# for pull_request_target trigger (security)
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
persist-credentials: false
path: poetry-docs
ref: ${{ github.event.pull_request.head.sha }}
sparse-checkout: docs
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: "18"
- uses: ./poetry-github/.github/actions/bootstrap-poetry
- uses: ./poetry-github/.github/actions/poetry-install
with:
args: --no-root --only main
- name: website-build
run: |
# Rebuild the docs files from the PR checkout.
poetry run python bin/website build --local ./poetry-docs
# Build website assets (CSS/JS).
npm ci && npm run prod
# Build the static website.
npx hugo --minify --logLevel info
- uses: amondnet/vercel-action@16e87c0a08142b0d0d33b76aeaf20823c381b9b9 # v25.2.0
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
scope: python-poetry
github-comment: true
working-directory: public