python-nix-template/.github/workflows/deploy-docs.yaml at main · sciexp/python-nix-template · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: Deploy docs to Cloudflare

on:
  workflow_dispatch:
    inputs:
      debug_enabled:
        description: "Run with tmate.io debugging enabled"
        required: false
        type: string
        default: "false"
      branch:
        description: "Git branch or ref to checkout"
        required: true
        type: string
      sanitized_branch:
        description: "URL-safe branch name for preview alias (auto-computed if empty)"
        required: false
        type: string
        default: ""
      environment:
        description: "Deployment environment (preview or production)"
        required: false
        type: string
        default: "preview"
      force_run:
        description: "Force execution even if already successful"
        required: false
        type: string
        default: "false"
  workflow_call:
    inputs:
      debug_enabled:
        description: "Run with tmate.io debugging enabled"
        required: false
        type: string
        default: "false"
      branch:
        description: "Git branch or ref to checkout"
        required: true
        type: string
      sanitized_branch:
        description: "URL-safe branch name for preview alias (auto-computed if empty)"
        required: false
        type: string
        default: ""
      environment:
        description: "Deployment environment (preview or production)"
        required: false
        type: string
        default: "production"
      force_run:
        description: "Force execution even if already successful"
        required: false
        type: string
        default: "false"

defaults:
  run:
    shell: bash

permissions:
  contents: read
  deployments: write

jobs:
  deploy-docs:
    runs-on: ubuntu-latest
    environment:
      name: ${{ inputs.environment }}
      url: ${{ inputs.environment == 'preview' && format('https://b-{0}-python-nix-template.sciexp.workers.dev', inputs.sanitized_branch || inputs.branch) || 'https://python-nix-template.scientistexperience.net' }}
    permissions:
      contents: read
      deployments: write
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: ${{ inputs.branch }}
          fetch-depth: 0  # for git diff in composite action

      - name: Check execution cache
        id: cache
        uses: ./.github/actions/cached-ci-job
        with:
          check-name: preview-docs-deploy
          hash-sources: 'docs/**/* .github/actions/setup-nix/action.yml .github/workflows/deploy-docs.yaml justfile'
          force-run: ${{ inputs.force_run }}

      - name: Setup Nix
        if: steps.cache.outputs.should-run == 'true'
        uses: ./.github/actions/setup-nix
        with:
          installer: quick
          system: x86_64-linux

      - name: Setup tmate debug session
        if: inputs.debug_enabled == 'true' && steps.cache.outputs.should-run == 'true'
        uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 # v3

      - name: Deploy docs
        if: steps.cache.outputs.should-run == 'true'
        env:
          SOPS_AGE_KEY: ${{ secrets.CI_AGE_KEY }}
        run: |
          if [ "${{ inputs.environment }}" = "preview" ]; then
            nix develop --accept-flake-config -c just docs-deploy-preview "${{ inputs.sanitized_branch || inputs.branch }}"
          else
            nix develop --accept-flake-config -c just docs-deploy-production
          fi

      - name: Create job result marker
        if: success() && steps.cache.outputs.should-run == 'true' && steps.cache.outputs.cache-source == 'none'
        shell: bash
        run: |
          mkdir -p "${{ steps.cache.outputs.cache-path }}"
          cat > "${{ steps.cache.outputs.cache-path }}/marker" <<EOF
          {
            "success": true,
            "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
            "commit": "${{ github.sha }}",
            "cache_key": "${{ steps.cache.outputs.cache-key }}",
            "workflow_run_id": "${{ github.run_id }}",
            "environment": "${{ inputs.environment }}",
            "branch": "${{ inputs.branch }}"
          }
          EOF

      - name: Save job result to cache
        if: success() && steps.cache.outputs.should-run == 'true' && steps.cache.outputs.cache-source == 'none'
        uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5
        with:
          path: ${{ steps.cache.outputs.cache-path }}
          key: ${{ steps.cache.outputs.cache-key }}