New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a workflow to build and deploy docs site #8126
Conversation
@parkr Will Jekyllbot be able to provide an access token to have GitHub Actions publish our docs site on its behalf..? |
GitHub provides a |
@iBug Honestly, I didn't know about |
I think the GITHUB_TOKEN provided by Actions doesn't allow page builds to be triggered, so I'd have to add a PAT to the secrets for this repo. |
@parkr This is no longer the case. I couldn't find the exact timestamp for the change but I can assure you about this. I've been building my GitHub Pages website for months without problems. @ashmaroli Sorry I forgot to mention: The Another thing to note is that when being used to push / pull from repositories, the token must be combined with its owner (i.e. Code: git clone --depth=1 --branch=gh-pages --single-branch --no-checkout \
"https://${GITHUB_ACTOR}:${{ secrets.GITHUB_TOKEN }}@github.com/${GITHUB_REPOSITORY}.git" test * I'm unsure if this is still a problem now, but I had problems with this in the past. |
That's great @parkr! I think you can provide Jekyllbot's Token for security purposes. |
That makes sense. |
Update: Here's another source stating that @ashmaroli: This is a purely preferential setting. Because git config user.name "${GIT_USER:-GitHub}"
git config user.email "${GIT_EMAIL:-noreply@github.com}" BTW, the identity
|
I think adding a @jekyllbot PAT might be a bit scary. It's hard to lock down to a given repo. Maybe what I'll do is create a deploy key for this repo – would that work? I agree that the token should not be usable by contributors to overwrite jekyllrb.com 😱 |
The latest run aborted with the following:
That could be a good sign indicating that PRs can't push to our repo. |
@parkr No worries. As I said above:
I'd say this is the best option unless you have extra requirements (authenticating another repository etc.). This special token is created every time a workflow runs and is valid for only one hour. Confident to say, GitHub has taken all the security considerations you ever need to. Using a deploy key is definitely OK, but it adds complexity. |
Merging this manually to |
@ashmaroli You need not. Merging this into another branch is also OK as long as it's in the target repository. |
@ashmaroli I just tested in my repository, specifying the user as Use the following URL for the remote repository, however,
UpdateThings are getting nasty now. My repositories are also failing to push with Looks like it's related to this issue: https://www.githubstatus.com/incidents/6tcfpztf6j9m |
@iBug and was |
@ashmaroli Sorry I was wrong. See the update in the above comment. I'm currently waiting for the GitHub problem to resolve. I think it's the cause of the push failure. Anyway, I'm going to sleep now (1:20 AM in UTC+8). Hope things will be settled when I wake up. |
Summary
Implement a workflow to build our documentation site with the current repository state yet served via GitHub Pages.
(Use an in-house module instead of third-party action for greater control over the process)
TODO (after the idea is accepted):
JEKYLL_PAT
token (preferably getjekyllbot
to step in).push
event and write togh-pages
.